From 1a51f39a59762e4730e11729391745c9c342dff1 Mon Sep 17 00:00:00 2001
From: Unitwk <Unitwk@outlook.com>
Date: Thu, 18 Apr 2024 10:57:14 +0800
Subject: [PATCH] Fix: API UUID Err

---
 panel/src/app/routers/instance_admin_router.ts | 3 ++-
 panel/src/app/service/passport_service.ts      | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/panel/src/app/routers/instance_admin_router.ts b/panel/src/app/routers/instance_admin_router.ts
index b2f01c7b..24d23826 100755
--- a/panel/src/app/routers/instance_admin_router.ts
+++ b/panel/src/app/routers/instance_admin_router.ts
@@ -24,7 +24,8 @@ router.get(
     try {
       const daemonId = String(ctx.query.daemonId);
       const instanceUuid = String(ctx.query.uuid);
-      if (!isHaveInstanceByUuid(getUserUuid(ctx), daemonId, instanceUuid)) return;
+      if (!isHaveInstanceByUuid(getUserUuid(ctx), daemonId, instanceUuid))
+        throw new Error($t("TXT_CODE_permission.forbidden"));
       const remoteService = RemoteServiceSubsystem.getInstance(daemonId);
       const result = await new RemoteRequest(remoteService).request("instance/detail", {
         instanceUuid
diff --git a/panel/src/app/service/passport_service.ts b/panel/src/app/service/passport_service.ts
index 7948c579..4760442b 100755
--- a/panel/src/app/service/passport_service.ts
+++ b/panel/src/app/service/passport_service.ts
@@ -148,7 +148,7 @@ export function getUserUuid(ctx: Koa.ParameterizedContext): string {
   if (isApiRequest(ctx)) {
     const user = getUuidByApiKey(getApiKey(ctx));
     if (user && user.uuid) {
-      return user.userName;
+      return user.uuid;
     } else {
       return "";
     }