v0.3.13: Cookie解密修复 + 配置统一化

修复:
- credential.service.ts: 5个getter函数统一解密cookie (解决夸克连接失败)
- decryptCookie从extractCookieUid嵌套作用域提到模块顶层
- testCloudConnection/getAndValidateCredential添加解密调用
- 去掉docker run的COOKIE_ENCRYPTION_KEY(回退默认key与旧数据一致)

配置统一化:
- config/index.ts新增: corsOrigin/cookieEncryptionKey/logLevel/appVersionFile/uploadDir
- main.ts: CORS_ORIGIN/REDIS_URL/uploads改用config而非raw process.env
- middleware/cache.ts: REDIS_URL改用config
- docker-compose.env: 完整环境变量模板(18个变量)
This commit is contained in:
2026-05-17 15:07:38 +08:00
parent 1e0d408dd2
commit eebf4b6c97
7 changed files with 456 additions and 14 deletions

View File

@@ -20,7 +20,7 @@ const app = express();
app.set('trust proxy', true);
// CORS — 生产环境必须配置真实域名(空值或占位符用 * 并打警告日志)
const corsOrigin = process.env.CORS_ORIGIN || '';
const corsOrigin = config.corsOrigin;
const isPlaceholder = !corsOrigin || corsOrigin === 'https://your-domain.com';
if (config.nodeEnv === 'production' && isPlaceholder) {
console.error('[FATAL] CORS_ORIGIN 未配置或使用了占位符 https://your-domain.com生产环境必须设置真实域名。应用拒绝启动。');
@@ -56,7 +56,7 @@ app.use(express.static(frontendDist));
app.use(rateLimiter);
// ============ Routes ============
app.use('/api/uploads', express.static('/app/uploads'));
app.use('/api/uploads', express.static(config.uploadDir));
app.use('/api', routes);
// ============ Health Check增强版覆盖 Redis / PanSou / VideoParser 状态) ============