25a608eaeb
后端: 1. 登录注册补齐极验行为验证与跨域入口:gateway 新增 `/user/captcha/register`,登录/注册先做 GeeTest 初始化与二次校验,再进入 user/auth RPC;补充验证码失败/初始化失败/服务不可用响应码,并新增可配置 CORS middleware 适配分域部署。 2. 容器部署配置入口收口:`bootstrap.LoadConfig` 支持 `SMARTFLOW_CONFIG_FILE` 与环境变量覆盖,`config.example.yaml` / `config.docker.yaml` 补齐 geetest 与容器内服务地址,网关新增配置列表解析,便于 compose 场景直接挂载配置启动。 3. LLM outbox 与助手时间线稳定性修正:`cmd/llm` 显式绑定 llm 自身 topic/group,避免误入 agent consumer group;agent timeline 在 Redis 热缓存未落 MySQL 时改用 `seq` 兜底临时 id,避免前端历史回放撞 key。 前端: 4. 认证页接入极验并补齐提交前校验:新增 GeeTest 脚本加载与实例封装,登录/注册面板支持 challenge 初始化、切换面板重挂载、失败提示与提交前校验,认证 API/types 同步透传 geetest 三元组。 5. 前端部署基址与网关对接收口:Axios `baseURL`、Vue Router `history base` 与 Vite `base/dev proxy` 改为读取环境变量,新增 `frontend/.env.example`,支持子路径部署、容器内反向代理和本地联调共存。 6. 助手与工作台展示细节修正:AssistantPanel 历史重建优先使用真实 timeline id、缺失时退回 `seq` 保证消息主键唯一;首页主面板改为纵向可滚动并补底部留白,避免内容截断。 仓库: 7. 整站容器化交付链路补齐并重写说明文档:新增后端/前端 Dockerfile、`.dockerignore`、前端 Nginx 代理、`docker-compose.full.yml`、`.env.full.example` 与镜像打包/导入脚本,README 改写数据库/路由/部署章节,并新增 `docs/容器化部署说明.md` 说明离线镜像分发方案。
148 lines
3.4 KiB
Go
148 lines
3.4 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
type CORSOptions struct {
|
|
AllowedOrigins []string
|
|
AllowedMethods []string
|
|
AllowedHeaders []string
|
|
ExposedHeaders []string
|
|
AllowCredentials bool
|
|
MaxAge time.Duration
|
|
}
|
|
|
|
func CORSMiddleware(opts CORSOptions) gin.HandlerFunc {
|
|
origins := normalizeHeaderValues(opts.AllowedOrigins)
|
|
if len(origins) == 0 {
|
|
return func(c *gin.Context) {
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
methods := normalizeHeaderValuesWithDefaults(opts.AllowedMethods, []string{
|
|
http.MethodGet,
|
|
http.MethodPost,
|
|
http.MethodPut,
|
|
http.MethodPatch,
|
|
http.MethodDelete,
|
|
http.MethodOptions,
|
|
})
|
|
headers := normalizeHeaderValuesWithDefaults(opts.AllowedHeaders, []string{
|
|
"Authorization",
|
|
"Content-Type",
|
|
"Accept",
|
|
"Origin",
|
|
"X-Requested-With",
|
|
"Idempotency-Key",
|
|
})
|
|
exposedHeaders := normalizeHeaderValues(opts.ExposedHeaders)
|
|
maxAge := opts.MaxAge
|
|
if maxAge <= 0 {
|
|
maxAge = 12 * time.Hour
|
|
}
|
|
|
|
return func(c *gin.Context) {
|
|
origin := strings.TrimSpace(c.GetHeader("Origin"))
|
|
if origin == "" {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
allowedOrigin := matchAllowedOrigin(origin, origins)
|
|
if allowedOrigin == "" {
|
|
if c.Request.Method == http.MethodOptions {
|
|
c.AbortWithStatus(http.StatusForbidden)
|
|
return
|
|
}
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
setVaryHeader(c.Writer.Header(), "Origin")
|
|
c.Header("Access-Control-Allow-Origin", allowedOrigin)
|
|
if opts.AllowCredentials && allowedOrigin != "*" {
|
|
c.Header("Access-Control-Allow-Credentials", "true")
|
|
}
|
|
if len(exposedHeaders) > 0 {
|
|
c.Header("Access-Control-Expose-Headers", strings.Join(exposedHeaders, ", "))
|
|
}
|
|
|
|
if c.Request.Method == http.MethodOptions {
|
|
setVaryHeader(c.Writer.Header(), "Access-Control-Request-Method")
|
|
setVaryHeader(c.Writer.Header(), "Access-Control-Request-Headers")
|
|
c.Header("Access-Control-Allow-Methods", strings.Join(methods, ", "))
|
|
c.Header("Access-Control-Allow-Headers", strings.Join(headers, ", "))
|
|
c.Header("Access-Control-Max-Age", formatMaxAgeSeconds(maxAge))
|
|
c.AbortWithStatus(http.StatusNoContent)
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func matchAllowedOrigin(origin string, allowedOrigins []string) string {
|
|
for _, allowedOrigin := range allowedOrigins {
|
|
if allowedOrigin == "*" {
|
|
return "*"
|
|
}
|
|
if strings.EqualFold(origin, allowedOrigin) {
|
|
return origin
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func normalizeHeaderValues(values []string) []string {
|
|
seen := make(map[string]struct{}, len(values))
|
|
normalized := make([]string, 0, len(values))
|
|
for _, value := range values {
|
|
trimmed := strings.TrimSpace(value)
|
|
if trimmed == "" {
|
|
continue
|
|
}
|
|
key := strings.ToLower(trimmed)
|
|
if _, exists := seen[key]; exists {
|
|
continue
|
|
}
|
|
seen[key] = struct{}{}
|
|
normalized = append(normalized, trimmed)
|
|
}
|
|
return normalized
|
|
}
|
|
|
|
func normalizeHeaderValuesWithDefaults(values []string, defaults []string) []string {
|
|
normalized := normalizeHeaderValues(values)
|
|
if len(normalized) > 0 {
|
|
return normalized
|
|
}
|
|
return normalizeHeaderValues(defaults)
|
|
}
|
|
|
|
func setVaryHeader(header http.Header, value string) {
|
|
existing := header.Values("Vary")
|
|
for _, entry := range existing {
|
|
for _, part := range strings.Split(entry, ",") {
|
|
if strings.EqualFold(strings.TrimSpace(part), value) {
|
|
return
|
|
}
|
|
}
|
|
}
|
|
header.Add("Vary", value)
|
|
}
|
|
|
|
func formatMaxAgeSeconds(maxAge time.Duration) string {
|
|
seconds := int(maxAge / time.Second)
|
|
if seconds < 0 {
|
|
seconds = 0
|
|
}
|
|
return strconv.Itoa(seconds)
|
|
}
|