From 2b4d001b5add2837e21fcbba4bc7687449b454d4 Mon Sep 17 00:00:00 2001
From: Dreamwxz <82244600+Dreamwxz@users.noreply.github.com>
Date: Wed, 6 May 2026 10:06:55 +0800
Subject: [PATCH] =?UTF-8?q?=E9=98=B2=E7=88=AC=E8=99=AB=E6=A3=80=E6=9F=A5?=
 =?UTF-8?q?=E8=B7=B3=E8=BF=87=E8=AE=A4=E8=AF=81=E7=94=A8=E6=88=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/webui/middleware/anti_crawler.py | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/webui/middleware/anti_crawler.py b/src/webui/middleware/anti_crawler.py
index 59bf1599..690b79be 100644
--- a/src/webui/middleware/anti_crawler.py
+++ b/src/webui/middleware/anti_crawler.py
@@ -683,6 +683,27 @@ class AntiCrawlerMiddleware(BaseHTTPMiddleware):
 
         return False
 
+    def _has_valid_auth(self, request: Request) -> bool:
+        """
+        检查请求是否携带有效的认证 Cookie
+
+        已认证用户跳过防爬虫检查，避免正常登录用户被频率限制误拦截。
+
+        Args:
+            request: 请求对象
+
+        Returns:
+            如果认证 Cookie 有效则返回 True
+        """
+        # 延迟导入避免循环依赖（anti_crawler → auth → security → config）
+        from src.webui.core.auth import COOKIE_NAME, is_token_valid
+
+        cookie_value = request.cookies.get(COOKIE_NAME)
+        if not cookie_value:
+            return False
+
+        return is_token_valid(cookie_value)
+
     async def dispatch(self, request: Request, call_next):
         """
         处理请求
@@ -740,6 +761,10 @@ class AntiCrawlerMiddleware(BaseHTTPMiddleware):
         if self._is_ip_allowed(client_ip):
             return await call_next(request)
 
+        # 检查是否为已认证用户（有有效的 maibot_session Cookie）
+        if self._has_valid_auth(request):
+            return await call_next(request)
+
         # 获取 User-Agent
         user_agent = request.headers.get("User-Agent")