From c79702eba8406a112fb01a7dc8f2a62a29488f0b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 7 Dec 2025 05:27:07 +0000
Subject: [PATCH] Address code review feedback: protect types.js endpoint and
 improve code readability

Co-authored-by: qaiu <29825328+qaiu@users.noreply.github.com>
---
 web-front/src/views/Playground.vue                       | 8 +++++++-
 .../java/cn/qaiu/lz/web/controller/PlaygroundApi.java    | 9 ++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/web-front/src/views/Playground.vue b/web-front/src/views/Playground.vue
index 22ed46d..5fe85b4 100644
--- a/web-front/src/views/Playground.vue
+++ b/web-front/src/views/Playground.vue
@@ -21,7 +21,7 @@
       <span style="margin-left: 10px;">正在检查访问权限...</span>
     </div>
 
-    <div v-if="!loading && !authChecking && !authed" class="playground-auth-overlay">
+    <div v-if="shouldShowAuthUI" class="playground-auth-overlay">
       <div class="playground-auth-card">
         <div class="auth-icon">
           <el-icon :size="50"><Lock /></el-icon>
@@ -787,6 +787,11 @@ async function parseById(
     const editorTheme = computed(() => {
       return isDarkMode.value ? 'vs-dark' : 'vs';
     });
+    
+    // 计算属性：是否需要显示密码输入界面
+    const shouldShowAuthUI = computed(() => {
+      return !loading.value && !authChecking.value && !authed.value;
+    });
 
     // 编辑器配置
     const editorOptions = {
@@ -1613,6 +1618,7 @@ curl "${baseUrl}/json/parser?url=${encodeURIComponent(exampleUrl)}"</pre>
       testing,
       isDarkMode,
       editorTheme,
+      shouldShowAuthUI,
       editorOptions,
       // 加载和认证
       loading,
diff --git a/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java b/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java
index d7a6f22..3abdebd 100644
--- a/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java
+++ b/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java
@@ -311,10 +311,17 @@ public class PlaygroundApi {
     /**
      * 获取types.js文件内容
      *
+     * @param ctx 路由上下文
      * @param response HTTP响应
      */
     @RouteMapping(value = "/types.js", method = RouteMethod.GET)
-    public void getTypesJs(HttpServerResponse response) {
+    public void getTypesJs(RoutingContext ctx, HttpServerResponse response) {
+        // 权限检查
+        if (!checkAuth(ctx)) {
+            ResponseUtil.fireJsonResultResponse(response, JsonResult.error("未授权访问"));
+            return;
+        }
+        
         try (InputStream inputStream = getClass().getClassLoader()
                 .getResourceAsStream("custom-parsers/types.js")) {