v0.3.13: Cookie解密修复 + 配置统一化
修复: - credential.service.ts: 5个getter函数统一解密cookie (解决夸克连接失败) - decryptCookie从extractCookieUid嵌套作用域提到模块顶层 - testCloudConnection/getAndValidateCredential添加解密调用 - 去掉docker run的COOKIE_ENCRYPTION_KEY(回退默认key与旧数据一致) 配置统一化: - config/index.ts新增: corsOrigin/cookieEncryptionKey/logLevel/appVersionFile/uploadDir - main.ts: CORS_ORIGIN/REDIS_URL/uploads改用config而非raw process.env - middleware/cache.ts: REDIS_URL改用config - docker-compose.env: 完整环境变量模板(18个变量)
This commit is contained in:
@@ -20,7 +20,7 @@ const app = express();
|
||||
app.set('trust proxy', true);
|
||||
|
||||
// CORS — 生产环境必须配置真实域名(空值或占位符用 * 并打警告日志)
|
||||
const corsOrigin = process.env.CORS_ORIGIN || '';
|
||||
const corsOrigin = config.corsOrigin;
|
||||
const isPlaceholder = !corsOrigin || corsOrigin === 'https://your-domain.com';
|
||||
if (config.nodeEnv === 'production' && isPlaceholder) {
|
||||
console.error('[FATAL] CORS_ORIGIN 未配置或使用了占位符 https://your-domain.com,生产环境必须设置真实域名。应用拒绝启动。');
|
||||
@@ -56,7 +56,7 @@ app.use(express.static(frontendDist));
|
||||
app.use(rateLimiter);
|
||||
|
||||
// ============ Routes ============
|
||||
app.use('/api/uploads', express.static('/app/uploads'));
|
||||
app.use('/api/uploads', express.static(config.uploadDir));
|
||||
app.use('/api', routes);
|
||||
|
||||
// ============ Health Check(增强版:覆盖 Redis / PanSou / VideoParser 状态) ============
|
||||
|
||||
Reference in New Issue
Block a user