From 30788648af946195614bebc6e21857afd9d2ec7a Mon Sep 17 00:00:00 2001
From: zzlgreat <zzlgreat@gmail.com>
Date: Fri, 7 Nov 2025 22:12:23 +0800
Subject: [PATCH] =?UTF-8?q?agent=E5=8A=9F=E8=83=BD=E5=BC=80=E5=8F=91?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0MCP=E5=90=8E=E7=AB=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mcp_server.py                | 14 ++++++++++++--
 src/views/AgentChat/index.js | 20 +++++++++++++++-----
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/mcp_server.py b/mcp_server.py
index 35156b5b..e9b0f8b8 100644
--- a/mcp_server.py
+++ b/mcp_server.py
@@ -1549,13 +1549,23 @@ async def agent_chat(request: AgentChatRequest):
     logger.info(f"Agent chat: {request.message} (user: {request.user_id})")
 
     # ==================== 权限检查 ====================
-    # 仅允许 max 用户使用
-    if request.user_id != "max":
+    # 仅允许 max 用户使用（支持多种格式：字符串 "max"、数字 1、或 nickname 为 "max"）
+    is_max_user = (
+        request.user_id == "max" or
+        request.user_id == "1" or
+        request.user_id == 1 or
+        request.user_nickname == "max"
+    )
+
+    if not is_max_user:
+        logger.warning(f"权限检查失败 - user_id: {request.user_id}, nickname: {request.user_nickname}")
         raise HTTPException(
             status_code=403,
             detail="很抱歉，「价小前投研」功能目前仅对特定用户开放。如需使用，请联系管理员。"
         )
 
+    logger.info(f"权限检查通过 - user_id: {request.user_id}, nickname: {request.user_nickname}")
+
     # ==================== 会话管理 ====================
     # 如果没有提供 session_id，创建新会话
     session_id = request.session_id or str(uuid.uuid4())
diff --git a/src/views/AgentChat/index.js b/src/views/AgentChat/index.js
index 29d7097c..d5147143 100644
--- a/src/views/AgentChat/index.js
+++ b/src/views/AgentChat/index.js
@@ -114,7 +114,7 @@ const AgentChatV3 = () => {
     setIsLoadingSessions(true);
     try {
       const response = await axios.get('/mcp/agent/sessions', {
-        params: { user_id: user.id, limit: 50 },
+        params: { user_id: String(user.id), limit: 50 },
       });
 
       if (response.data.success) {
@@ -220,8 +220,16 @@ const AgentChatV3 = () => {
   const handleSendMessage = async () => {
     if (!inputValue.trim() || isProcessing) return;
 
-    // 权限检查
-    if (user?.id !== 'max') {
+    // 权限检查 - 检查 username 或 id
+    const isMaxUser = user?.username === 'max' || user?.id === 'max' || user?.id === 1;
+
+    if (!isMaxUser) {
+      logger.warn('AgentChat', '权限检查失败', {
+        userId: user?.id,
+        username: user?.username,
+        userObject: user
+      });
+
       toast({
         title: '权限不足',
         description: '「价小前投研」功能目前仅对特定用户开放。如需使用，请联系管理员。',
@@ -232,6 +240,8 @@ const AgentChatV3 = () => {
       return;
     }
 
+    logger.info('AgentChat', '权限检查通过', { userId: user?.id, username: user?.username });
+
     const userMessage = {
       type: MessageTypes.USER,
       content: inputValue,
@@ -266,8 +276,8 @@ const AgentChatV3 = () => {
             isUser: m.type === MessageTypes.USER,
             content: m.content,
           })),
-        user_id: user?.id || 'anonymous',
-        user_nickname: user?.nickname || '匿名用户',
+        user_id: user?.id ? String(user.id) : 'anonymous',
+        user_nickname: user?.nickname || user?.username || '匿名用户',
         user_avatar: user?.avatar || '',
         session_id: currentSessionId,
       });