From 1614eebc47913cf81bd3d47977809f4f4535d09c Mon Sep 17 00:00:00 2001
From: jxxghp <jxxghp@gmail.com>
Date: Tue, 29 Apr 2025 14:53:04 +0800
Subject: [PATCH] fix

---
 app/api/endpoints/system.py | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/app/api/endpoints/system.py b/app/api/endpoints/system.py
index 1c5ba8c2..6d0c1dbf 100644
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -171,20 +171,17 @@ def cache_img(
 
 
 @router.get("/global", summary="查询非敏感系统设置", response_model=schemas.Response)
-def get_global_setting(request: Request):
+def get_global_setting(token: str):
     """
-    查询非敏感系统设置（仅允许本地调用，无需鉴权）
+    查询非敏感系统设置（默认鉴权）
     """
-    # 检查请求来源是否为本地地址
-    client_host = request.client.host
-    if client_host not in {"127.0.0.1", "::1"}:
-        raise HTTPException(status_code=403, detail="Access forbidden: Only local requests are allowed")
+    if token != "moviepilot":
+        raise HTTPException(status_code=403, detail="Forbidden")
 
     # FIXME: 新增敏感配置项时要在此处添加排除项
     info = settings.dict(
         exclude={"SECRET_KEY", "RESOURCE_SECRET_KEY", "API_TOKEN", "TMDB_API_KEY", "TVDB_API_KEY", "FANART_API_KEY",
-                 "COOKIECLOUD_KEY", "COOKIECLOUD_PASSWORD", "GITHUB_TOKEN", "REPO_GITHUB_TOKEN", "U115_APP_ID",
-                 "ALIPAN_APP_ID", }
+                 "COOKIECLOUD_KEY", "COOKIECLOUD_PASSWORD", "GITHUB_TOKEN", "REPO_GITHUB_TOKEN"}
     )
     # 追加用户唯一ID和订阅分享管理权限
     info.update({