feat(plugin): add API_TOKEN validation for plugin API registration

app/api/endpoints/plugin.py

@@ -4,7 +4,7 @@ from fastapi import APIRouter, Depends, Header
 
 from app import schemas
 from app.core.plugin import PluginManager
-from app.core.security import verify_token
+from app.core.security import verify_token, verify_apitoken
 from app.db.systemconfig_oper import SystemConfigOper
 from app.db.user_oper import get_current_active_superuser
 from app.helper.plugin import PluginHelper
@@ -23,6 +23,10 @@ def register_plugin_api(plugin_id: str = None):
             if r.path == api.get("path"):
                 router.routes.remove(r)
                 break
+        # 检查是否允许匿名访问，如果不允许匿名访问，则添加 API_TOKEN 验证
+        allow_anonymous = api.pop("allow_anonymous", False)
+        if not allow_anonymous:
+            api.setdefault("dependencies", []).append(Depends(verify_apitoken))
         router.add_api_route(**api)
 
 

app/core/plugin.py

@@ -426,7 +426,8 @@ class PluginManager(metaclass=Singleton):
             "endpoint": self.xxx,
             "methods": ["GET", "POST"],
             "summary": "API名称",
-            "description": "API说明"
+            "description": "API说明",
+            "allow_anonymous": false
         }]
         """
         ret_apis = []