v0.3.6: 恢复丢失的11个模块 + 接线基础设施
恢复内容: - quark驱动拆解为7个子模块 (quark-api/auth/share/storage/cleanup/rename/ad-cleanup) - 工具模块: utils/crypto, utils/logger, utils/proxy-agent - 配置校验: config/startup-validator - 接线: main.ts(checkStartup), credential.service.ts(加密Cookie), admin.routes.ts(代理测试) - quark.driver.ts 从1533行巨兽瘦身到130行壳子
This commit is contained in:
104
source_clean/src/config/startup-validator.ts
Normal file
104
source_clean/src/config/startup-validator.ts
Normal file
@@ -0,0 +1,104 @@
|
||||
/**
|
||||
* Startup configuration validator.
|
||||
*
|
||||
* Validates critical config items before server start.
|
||||
* All issues are warnings in staging — only COOKIE_ENCRYPTION_KEY missing
|
||||
* and admin password using defaults will be flagged.
|
||||
*/
|
||||
import config from '../config';
|
||||
|
||||
interface ValidationError {
|
||||
key: string;
|
||||
message: string;
|
||||
severity: 'error' | 'warn';
|
||||
}
|
||||
|
||||
export function validateConfig(): ValidationError[] {
|
||||
const errors: ValidationError[] = [];
|
||||
const isProd = config.nodeEnv === 'production';
|
||||
|
||||
// ─── JWT Secret ───
|
||||
const DEFAULT_JWT_SECRETS = [
|
||||
'cloudsearch-jwt-secret-dev',
|
||||
'your-super-secret-jwt-key-change-me',
|
||||
'',
|
||||
];
|
||||
if (DEFAULT_JWT_SECRETS.includes(config.jwtSecret)) {
|
||||
errors.push({
|
||||
key: 'JWT_SECRET',
|
||||
message: '使用了默认 JWT Secret,生产部署前应修改(openssl rand -hex 32)',
|
||||
severity: isProd ? 'warn' : 'warn',
|
||||
});
|
||||
}
|
||||
|
||||
// ─── Admin Password ───
|
||||
const weakPasswords = ['admin123', 'admin', 'password', '123456', ''];
|
||||
if (weakPasswords.includes(config.adminPassword)) {
|
||||
errors.push({
|
||||
key: 'ADMIN_PASSWORD',
|
||||
message: `使用了默认管理员密码,生产部署前应设置强密码`,
|
||||
severity: isProd ? 'warn' : 'warn',
|
||||
});
|
||||
}
|
||||
|
||||
// ─── Cookie Encryption ───
|
||||
if (!process.env.COOKIE_ENCRYPTION_KEY) {
|
||||
errors.push({
|
||||
key: 'COOKIE_ENCRYPTION_KEY',
|
||||
message: '未设置网盘 Cookie 加密密钥!Cookie 将以明文存储。生产环境强烈建议设置。\n' +
|
||||
'生成: openssl rand -hex 32',
|
||||
severity: 'warn',
|
||||
});
|
||||
}
|
||||
|
||||
// ─── CORS ───
|
||||
const corsOrigin = process.env.CORS_ORIGIN || '';
|
||||
if (isProd && (!corsOrigin || corsOrigin === 'https://your-production-domain.com')) {
|
||||
errors.push({
|
||||
key: 'CORS_ORIGIN',
|
||||
message: '生产环境未配置真实的 CORS_ORIGIN,临时允许所有来源请求',
|
||||
severity: 'warn',
|
||||
});
|
||||
}
|
||||
|
||||
// ─── Port conflict check (best-effort) ───
|
||||
if (config.port < 1024 && (process as any).getuid?.() !== 0) {
|
||||
errors.push({
|
||||
key: 'PORT',
|
||||
message: `端口 ${config.port} 需要 root 权限(<1024),建议使用 9527 或更高端口`,
|
||||
severity: 'warn',
|
||||
});
|
||||
}
|
||||
|
||||
return errors;
|
||||
}
|
||||
|
||||
/**
|
||||
* Print validation results and return whether startup should proceed.
|
||||
* Returns false only if 'error' severity issues found in production.
|
||||
* In staging, warnings are printed but startup continues.
|
||||
*/
|
||||
export function checkStartup(): boolean {
|
||||
const errors = validateConfig();
|
||||
const isProd = config.nodeEnv === 'production';
|
||||
|
||||
if (errors.length === 0) {
|
||||
console.log('[Config] ✅ 所有配置检查通过');
|
||||
return true;
|
||||
}
|
||||
|
||||
console.log('[Config] ── 配置检查结果 ──');
|
||||
for (const err of errors) {
|
||||
const prefix = err.severity === 'error' ? '❌' : '⚠️';
|
||||
console.log(`[Config] ${prefix} [${err.severity.toUpperCase()}] ${err.key}: ${err.message}`);
|
||||
}
|
||||
|
||||
const criticalErrors = errors.filter(e => e.severity === 'error');
|
||||
if (criticalErrors.length > 0 && isProd) {
|
||||
console.error('[Config] 🛑 生产环境存在严重配置错误,拒绝启动。请修复后重试。');
|
||||
return false;
|
||||
}
|
||||
|
||||
console.log(`[Config] ✅ 继续启动(${errors.length} 个警告)`);
|
||||
return true;
|
||||
}
|
||||
Reference in New Issue
Block a user