🚑️ 🔒 Refactor password check logic: streamline conditions for password handling in auth flow

nicejade · nicejade · commit 8ffe9db4ca74 · 2026-02-14T00:05:07.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -36,3 +36,5 @@ yarn-error.log*
 *.njsproj
 *.sln
 *.sw*
+
+CHANGELOG.md
diff --git a/client/src/helper/auth.ts b/client/src/helper/auth.ts
@@ -11,7 +11,6 @@ export const initializeAuth = async () => {
     const { canBeReset, allowPassword, havePassword, needPassword } = (await checkPassword()) as any
     isResettable.set(canBeReset)
     isAuthenticated.set(!needPassword)
-    /* 「设置探矿」密码区展示条件：允许开启密码 || 已经设置密码 */
     isPasswordAllowed.set(allowPassword || havePassword)
   } catch (error) {
     console.error('Failed to check password status:', error)
diff --git a/server/src/controllers/password.ts b/server/src/controllers/password.ts
@@ -5,8 +5,12 @@ import { createSession, validateSession } from '../models/session'
 export const checkPassword = async (request: FastifyRequest) => {
   const canBeReset = process.env.CAN_BE_RESET === 'true'
   const allowPassword = process.env.ALLOW_PASSWORD === 'true'
-
   const havePassword = !!(await Password.findOne({ where: {} }))
+
+  if (!allowPassword) {
+    return { allowPassword, needPassword: false, havePassword, canBeReset }
+  }
+
   const sessionId = request.cookies.sessionId
   if (sessionId) {
     const isValid = await validateSession(sessionId)
