mirror of
https://github.com/Awuqing/BackupX.git
synced 2026-05-28 03:29:35 +08:00
17f4ec63ae
* fix(server): 后端直接托管 Web 控制台,修复无 nginx 时 404 (#62) 问题 #62:在未安装 nginx 的服务器上,访问 :8340/ 返回 "route not found"(404),Web 控制台完全无法打开;同时 systemd 服务以 backupx 用户启动时因无权读取 root:root 0640 的配置文件 而反复退出(exit 1)。 修复: - 后端新增 SPA 静态托管:自动探测前端目录(./web、./web/dist、 /opt/backupx/web 等,或 server.web_root 显式指定),命中后直接 提供静态文件与 index.html 回退,无需额外 nginx 反向代理即可访问 控制台。/api、/health、/metrics、/install 等保留前缀仍返回结构化 JSON 404,不会被 SPA 回退污染(沿用 issue #46 的约定)。 - 含 ".." 的请求路径由文件服务层直接拒绝,叠加 filepath.Rel 容器 校验,杜绝目录穿越。 - install.sh 以 backupx:backupx 安装配置文件并显式 chown,修复历史 版本 root:root 0640 导致服务无法读取配置而启动失败的问题;安装 完成提示同步说明可直接通过 :8340 访问,并给出 journalctl 排查命令。 - 新增 spa_test.go 覆盖目录探测、保留前缀判定、SPA 回退与穿越防护。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(security): 修复邮件头注入,加固 webhook 与整数转换 CodeQL 静态扫描在 main 上的真实告警修复: - 邮件通知(email.go):From/To/Subject 头部此前直接拼接用户可控 内容(备份任务名会进入 Subject),存在 SMTP 头注入风险(可注入 Bcc 等额外头部或伪造正文)。新增 buildRawMessage/sanitizeHeaderValue 剔除头部值中的 CR/LF;正文保持原样。新增 email_test.go 覆盖。 - webhook 通知(webhook.go):Validate 增加 URL 解析与 http/https 协议校验,杜绝 file://、gopher:// 等可用于 SSRF 的协议。 - 整数转换(auth_service.go、storage_target_handler.go、 backup_record_handler.go):将 ParseUint 的 bitSize 由 64 改为 0 (即 uint 宽度),消除 uint64→uint 的潜在截断(32 位平台上为越界 拒绝而非静默截断),并清除 go/incorrect-integer-conversion 告警。 注:archive.go/file_runner.go 的 zipslip 告警为误报(已有 HasPrefix 容器校验且不解压符号链接);node FS 浏览与 webhook 目标主机由设计上 的鉴权用户控制,不在本次行为变更范围内。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
390 lines
19 KiB
Go
390 lines
19 KiB
Go
package http
|
||
|
||
import (
|
||
"context"
|
||
"errors"
|
||
stdhttp "net/http"
|
||
|
||
"backupx/server/internal/apperror"
|
||
"backupx/server/internal/config"
|
||
"backupx/server/internal/metrics"
|
||
"backupx/server/internal/repository"
|
||
"backupx/server/internal/security"
|
||
"backupx/server/internal/service"
|
||
"backupx/server/pkg/response"
|
||
"github.com/gin-gonic/gin"
|
||
"go.uber.org/zap"
|
||
"gorm.io/gorm"
|
||
)
|
||
|
||
type RouterDependencies struct {
|
||
// Context 控制 handler 启动的后台协程(如 ipLimiter GC)的生命周期。
|
||
// app 应传入随进程退出可取消的 ctx;若为 nil 则退化为 context.Background()。
|
||
Context context.Context
|
||
Config config.Config
|
||
Version string
|
||
Logger *zap.Logger
|
||
AuthService *service.AuthService
|
||
SystemService *service.SystemService
|
||
StorageTargetService *service.StorageTargetService
|
||
BackupTaskService *service.BackupTaskService
|
||
BackupExecutionService *service.BackupExecutionService
|
||
BackupRecordService *service.BackupRecordService
|
||
RestoreService *service.RestoreService
|
||
VerificationService *service.VerificationService
|
||
ReplicationService *service.ReplicationService
|
||
TaskTemplateService *service.TaskTemplateService
|
||
TaskExportService *service.TaskExportService
|
||
SearchService *service.SearchService
|
||
EventBroadcaster *service.EventBroadcaster
|
||
UserService *service.UserService
|
||
ApiKeyService *service.ApiKeyService
|
||
NotificationService *service.NotificationService
|
||
DashboardService *service.DashboardService
|
||
SettingsService *service.SettingsService
|
||
NodeService *service.NodeService
|
||
AgentService *service.AgentService
|
||
DatabaseDiscoveryService *service.DatabaseDiscoveryService
|
||
AuditService *service.AuditService
|
||
JWTManager *security.JWTManager
|
||
UserRepository repository.UserRepository
|
||
SystemConfigRepo repository.SystemConfigRepository
|
||
InstallTokenService *service.InstallTokenService
|
||
MasterExternalURL string
|
||
// DB 注入给健康检查端点做 liveness/readiness 探测。
|
||
DB *gorm.DB
|
||
// Metrics 注入给 /metrics 端点;为 nil 时端点返回 503。
|
||
Metrics *metrics.Metrics
|
||
}
|
||
|
||
func NewRouter(deps RouterDependencies) *gin.Engine {
|
||
gin.SetMode(deps.Config.Server.Mode)
|
||
engine := gin.New()
|
||
engine.Use(gin.Recovery())
|
||
engine.Use(CORSMiddleware())
|
||
engine.Use(requestLogger(deps.Logger))
|
||
|
||
authHandler := NewAuthHandler(deps.AuthService)
|
||
systemHandler := NewSystemHandler(deps.SystemService)
|
||
storageTargetHandler := NewStorageTargetHandler(deps.StorageTargetService, deps.AuditService)
|
||
backupTaskHandler := NewBackupTaskHandler(deps.BackupTaskService, deps.AuditService)
|
||
backupRunHandler := NewBackupRunHandler(deps.BackupExecutionService, deps.AuditService)
|
||
backupRecordHandler := NewBackupRecordHandler(deps.BackupRecordService, deps.RestoreService, deps.AuditService)
|
||
restoreRecordHandler := NewRestoreRecordHandler(deps.RestoreService, deps.AuditService)
|
||
verificationHandler := NewVerificationHandler(deps.VerificationService, deps.AuditService)
|
||
replicationHandler := NewReplicationHandler(deps.ReplicationService, deps.AuditService)
|
||
taskTemplateHandler := NewTaskTemplateHandler(deps.TaskTemplateService, deps.AuditService)
|
||
userHandler := NewUserHandler(deps.UserService, deps.AuditService)
|
||
apiKeyHandler := NewApiKeyHandler(deps.ApiKeyService, deps.AuditService)
|
||
// apiKeyAuth:给 AuthMiddleware 注入 API Key 验证能力。
|
||
// 为 nil 时中间件仅支持 JWT,不影响向后兼容。
|
||
var apiKeyAuth ApiKeyAuthenticator
|
||
if deps.ApiKeyService != nil {
|
||
apiKeyAuth = deps.ApiKeyService
|
||
}
|
||
notificationHandler := NewNotificationHandler(deps.NotificationService)
|
||
dashboardHandler := NewDashboardHandler(deps.DashboardService)
|
||
settingsHandler := NewSettingsHandler(deps.SettingsService, deps.AuditService)
|
||
auditHandler := NewAuditHandler(deps.AuditService)
|
||
|
||
api := engine.Group("/api")
|
||
{
|
||
auth := api.Group("/auth")
|
||
{
|
||
auth.GET("/setup/status", authHandler.SetupStatus)
|
||
auth.POST("/setup", authHandler.Setup)
|
||
auth.POST("/login", authHandler.Login)
|
||
auth.POST("/otp/send", authHandler.SendLoginOTP)
|
||
auth.POST("/webauthn/login/options", authHandler.BeginWebAuthnLogin)
|
||
auth.POST("/logout", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.Logout)
|
||
auth.GET("/profile", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.Profile)
|
||
auth.PUT("/password", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.ChangePassword)
|
||
auth.POST("/2fa/setup", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.PrepareTwoFactor)
|
||
auth.POST("/2fa/enable", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.EnableTwoFactor)
|
||
auth.POST("/2fa/recovery-codes", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.RegenerateRecoveryCodes)
|
||
auth.DELETE("/2fa", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.DisableTwoFactor)
|
||
auth.PUT("/otp/config", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.ConfigureOTP)
|
||
auth.POST("/webauthn/register/options", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.BeginWebAuthnRegistration)
|
||
auth.POST("/webauthn/register/finish", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.FinishWebAuthnRegistration)
|
||
auth.GET("/webauthn/credentials", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.ListWebAuthnCredentials)
|
||
auth.DELETE("/webauthn/credentials/:id", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.DeleteWebAuthnCredential)
|
||
auth.GET("/trusted-devices", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.ListTrustedDevices)
|
||
auth.DELETE("/trusted-devices/:id", AuthMiddleware(deps.JWTManager, apiKeyAuth), authHandler.RevokeTrustedDevice)
|
||
}
|
||
|
||
system := api.Group("/system")
|
||
system.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
system.GET("/info", systemHandler.Info)
|
||
system.GET("/update-check", systemHandler.CheckUpdate)
|
||
|
||
storageTargets := api.Group("/storage-targets")
|
||
storageTargets.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
// 静态路由必须在参数路由 /:id 之前注册,避免 Gin 路由冲突
|
||
storageTargets.GET("", storageTargetHandler.List)
|
||
storageTargets.POST("", RequireNotViewer(), storageTargetHandler.Create)
|
||
storageTargets.POST("/test", RequireNotViewer(), storageTargetHandler.TestConnection)
|
||
storageTargets.POST("/google-drive/auth-url", RequireNotViewer(), storageTargetHandler.StartGoogleDriveOAuth)
|
||
storageTargets.POST("/google-drive/complete", RequireNotViewer(), storageTargetHandler.CompleteGoogleDriveOAuth)
|
||
storageTargets.GET("/google-drive/callback", storageTargetHandler.HandleGoogleDriveCallback)
|
||
rcloneHandler := NewRcloneHandler()
|
||
storageTargets.GET("/rclone/backends", rcloneHandler.ListBackends)
|
||
// 参数路由
|
||
storageTargets.GET("/:id", storageTargetHandler.Get)
|
||
storageTargets.PUT("/:id", RequireNotViewer(), storageTargetHandler.Update)
|
||
storageTargets.DELETE("/:id", RequireNotViewer(), storageTargetHandler.Delete)
|
||
storageTargets.PUT("/:id/star", RequireNotViewer(), storageTargetHandler.ToggleStar)
|
||
storageTargets.POST("/:id/test", RequireNotViewer(), storageTargetHandler.TestSavedConnection)
|
||
storageTargets.GET("/:id/usage", storageTargetHandler.GetUsage)
|
||
storageTargets.GET("/:id/google-drive/profile", storageTargetHandler.GoogleDriveProfile)
|
||
|
||
backupTasks := api.Group("/backup/tasks")
|
||
backupTasks.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
backupTasks.GET("", backupTaskHandler.List)
|
||
backupTasks.GET("/tags", backupTaskHandler.ListTags)
|
||
backupTasks.GET("/:id", backupTaskHandler.Get)
|
||
backupTasks.POST("", RequireNotViewer(), backupTaskHandler.Create)
|
||
backupTasks.PUT("/:id", RequireNotViewer(), backupTaskHandler.Update)
|
||
backupTasks.DELETE("/:id", RequireNotViewer(), backupTaskHandler.Delete)
|
||
backupTasks.PUT("/:id/toggle", RequireNotViewer(), backupTaskHandler.Toggle)
|
||
backupTasks.POST("/:id/run", RequireNotViewer(), backupRunHandler.Run)
|
||
backupTasks.POST("/batch/toggle", RequireNotViewer(), backupTaskHandler.BatchToggle)
|
||
backupTasks.POST("/batch/delete", RequireNotViewer(), backupTaskHandler.BatchDelete)
|
||
backupTasks.POST("/batch/run", RequireNotViewer(), backupRunHandler.BatchRun)
|
||
// 任务配置导入/导出(集群迁移 & 灾备)
|
||
if deps.TaskExportService != nil {
|
||
taskExportHandler := NewTaskExportHandler(deps.TaskExportService, deps.AuditService)
|
||
backupTasks.GET("/export", taskExportHandler.Export)
|
||
backupTasks.POST("/import", RequireNotViewer(), taskExportHandler.Import)
|
||
}
|
||
if deps.VerificationService != nil {
|
||
backupTasks.POST("/:id/verify", RequireNotViewer(), verificationHandler.TriggerByTask)
|
||
}
|
||
|
||
backupRecords := api.Group("/backup/records")
|
||
backupRecords.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
backupRecords.GET("", backupRecordHandler.List)
|
||
backupRecords.GET("/:id", backupRecordHandler.Get)
|
||
backupRecords.GET("/:id/logs/stream", backupRecordHandler.StreamLogs)
|
||
backupRecords.GET("/:id/download", backupRecordHandler.Download)
|
||
backupRecords.POST("/:id/restore", RequireNotViewer(), backupRecordHandler.Restore)
|
||
backupRecords.POST("/batch-delete", RequireNotViewer(), backupRecordHandler.BatchDelete)
|
||
backupRecords.DELETE("/:id", RequireNotViewer(), backupRecordHandler.Delete)
|
||
|
||
// 恢复记录独立命名空间:列表/详情/SSE 日志流。
|
||
// 创建恢复仍然走 POST /backup/records/:id/restore(以源备份记录为触发点)。
|
||
if deps.RestoreService != nil {
|
||
restoreRecords := api.Group("/restore/records")
|
||
restoreRecords.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
restoreRecords.GET("", restoreRecordHandler.List)
|
||
restoreRecords.GET("/:id", restoreRecordHandler.Get)
|
||
restoreRecords.GET("/:id/logs/stream", restoreRecordHandler.StreamLogs)
|
||
}
|
||
|
||
// 备份复制记录(3-2-1 规则)
|
||
if deps.ReplicationService != nil {
|
||
replicationRecords := api.Group("/replication/records")
|
||
replicationRecords.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
replicationRecords.GET("", replicationHandler.List)
|
||
replicationRecords.GET("/:id", replicationHandler.Get)
|
||
backupRecords.POST("/:id/replicate", RequireNotViewer(), replicationHandler.TriggerByRecord)
|
||
}
|
||
|
||
// 任务模板(批量创建)
|
||
if deps.TaskTemplateService != nil {
|
||
templates := api.Group("/task-templates")
|
||
templates.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
templates.GET("", taskTemplateHandler.List)
|
||
templates.GET("/:id", taskTemplateHandler.Get)
|
||
templates.POST("", RequireNotViewer(), taskTemplateHandler.Create)
|
||
templates.PUT("/:id", RequireNotViewer(), taskTemplateHandler.Update)
|
||
templates.DELETE("/:id", RequireNotViewer(), taskTemplateHandler.Delete)
|
||
templates.POST("/:id/apply", RequireNotViewer(), taskTemplateHandler.Apply)
|
||
}
|
||
|
||
// 备份验证/演练记录
|
||
if deps.VerificationService != nil {
|
||
verifyRecords := api.Group("/verify/records")
|
||
verifyRecords.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
verifyRecords.GET("", verificationHandler.List)
|
||
verifyRecords.GET("/:id", verificationHandler.Get)
|
||
verifyRecords.GET("/:id/logs/stream", verificationHandler.StreamLogs)
|
||
// 基于备份记录的验证入口:与 restore 对称
|
||
backupRecords.POST("/:id/verify", RequireNotViewer(), verificationHandler.TriggerByRecord)
|
||
}
|
||
dashboard := api.Group("/dashboard")
|
||
dashboard.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
dashboard.GET("/stats", dashboardHandler.Stats)
|
||
dashboard.GET("/timeline", dashboardHandler.Timeline)
|
||
dashboard.GET("/sla", dashboardHandler.SLA)
|
||
dashboard.GET("/cluster", dashboardHandler.Cluster)
|
||
dashboard.GET("/breakdown", dashboardHandler.Breakdown)
|
||
dashboard.GET("/node-performance", dashboardHandler.NodePerformance)
|
||
|
||
notifications := api.Group("/notifications")
|
||
notifications.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
notifications.GET("", notificationHandler.List)
|
||
notifications.GET("/:id", notificationHandler.Get)
|
||
notifications.POST("", RequireNotViewer(), notificationHandler.Create)
|
||
notifications.PUT("/:id", RequireNotViewer(), notificationHandler.Update)
|
||
notifications.DELETE("/:id", RequireNotViewer(), notificationHandler.Delete)
|
||
notifications.POST("/test", RequireNotViewer(), notificationHandler.Test)
|
||
notifications.POST("/:id/test", RequireNotViewer(), notificationHandler.TestSaved)
|
||
|
||
settings := api.Group("/settings")
|
||
settings.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
settings.GET("", settingsHandler.Get)
|
||
settings.PUT("", RequireRole("admin"), settingsHandler.Update)
|
||
|
||
// 用户管理(admin 专属)
|
||
if deps.UserService != nil {
|
||
users := api.Group("/users")
|
||
users.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth), RequireRole("admin"))
|
||
users.GET("", userHandler.List)
|
||
users.POST("", userHandler.Create)
|
||
users.PUT("/:id", userHandler.Update)
|
||
users.POST("/:id/2fa/reset", userHandler.ResetTwoFactor)
|
||
users.DELETE("/:id", userHandler.Delete)
|
||
}
|
||
|
||
// API Key 管理(admin 专属)
|
||
if deps.ApiKeyService != nil {
|
||
apiKeys := api.Group("/api-keys")
|
||
apiKeys.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth), RequireRole("admin"))
|
||
apiKeys.GET("", apiKeyHandler.List)
|
||
apiKeys.POST("", apiKeyHandler.Create)
|
||
apiKeys.PUT("/:id/toggle", apiKeyHandler.Toggle)
|
||
apiKeys.DELETE("/:id", apiKeyHandler.Revoke)
|
||
}
|
||
|
||
auditLogs := api.Group("/audit-logs")
|
||
auditLogs.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
auditLogs.GET("", auditHandler.List)
|
||
auditLogs.GET("/export", auditHandler.Export)
|
||
|
||
// 实时事件 SSE 流(Dashboard 自刷新、桌面告警)
|
||
if deps.EventBroadcaster != nil {
|
||
eventsHandler := NewEventsHandler(deps.EventBroadcaster)
|
||
events := api.Group("/events")
|
||
events.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
events.GET("/stream", eventsHandler.Stream)
|
||
}
|
||
|
||
// 全局搜索
|
||
if deps.SearchService != nil {
|
||
searchHandler := NewSearchHandler(deps.SearchService)
|
||
searchGroup := api.Group("/search")
|
||
searchGroup.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
searchGroup.GET("", searchHandler.Search)
|
||
}
|
||
|
||
if deps.DatabaseDiscoveryService != nil {
|
||
databaseHandler := NewDatabaseHandler(deps.DatabaseDiscoveryService)
|
||
database := api.Group("/database")
|
||
database.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
database.POST("/discover", databaseHandler.Discover)
|
||
}
|
||
|
||
nodeHandler := NewNodeHandler(deps.NodeService, deps.AuditService, deps.InstallTokenService, deps.UserRepository, deps.MasterExternalURL)
|
||
nodes := api.Group("/nodes")
|
||
nodes.Use(AuthMiddleware(deps.JWTManager, apiKeyAuth))
|
||
nodes.GET("", nodeHandler.List)
|
||
nodes.GET("/:id", nodeHandler.Get)
|
||
nodes.POST("", RequireRole("admin"), nodeHandler.Create)
|
||
nodes.PUT("/:id", RequireRole("admin"), nodeHandler.Update)
|
||
nodes.DELETE("/:id", RequireRole("admin"), nodeHandler.Delete)
|
||
nodes.GET("/:id/fs/list", nodeHandler.ListDirectory)
|
||
nodes.POST("/batch", RequireRole("admin"), nodeHandler.BatchCreate)
|
||
nodes.POST("/:id/install-tokens", RequireRole("admin"), nodeHandler.CreateInstallToken)
|
||
nodes.POST("/:id/rotate-token", RequireRole("admin"), nodeHandler.RotateToken)
|
||
nodes.GET("/:id/install-script-preview", RequireRole("admin"), nodeHandler.PreviewScript)
|
||
|
||
// Agent API(token 认证,无需 JWT)
|
||
if deps.AgentService != nil {
|
||
agentHandler := NewAgentHandler(deps.AgentService, deps.NodeService, deps.RestoreService)
|
||
agent := api.Group("/agent")
|
||
agent.POST("/heartbeat", agentHandler.Heartbeat)
|
||
agent.POST("/commands/poll", agentHandler.Poll)
|
||
agent.POST("/commands/:id/result", agentHandler.SubmitCommandResult)
|
||
agent.GET("/tasks/:id", agentHandler.GetTaskSpec)
|
||
agent.POST("/records/:id", agentHandler.UpdateRecord)
|
||
agent.GET("/restores/:id/spec", agentHandler.GetRestoreSpec)
|
||
agent.POST("/restores/:id", agentHandler.UpdateRestore)
|
||
|
||
// Agent v1(安装脚本探活用),仅 Self 端点
|
||
v1Agent := api.Group("/v1/agent")
|
||
v1Agent.GET("/self", agentHandler.Self)
|
||
} else {
|
||
// 未启用 Agent 服务时,保留原有 heartbeat 端点以兼容
|
||
api.POST("/agent/heartbeat", nodeHandler.Heartbeat)
|
||
}
|
||
}
|
||
|
||
// 健康检查端点(公开、无认证、低开销)
|
||
// K8s/Swarm/Nomad 等编排系统使用这些端点做 liveness/readiness 探测。
|
||
healthHandler := NewHealthHandler(deps.DB, deps.Version)
|
||
engine.GET("/health", healthHandler.Live)
|
||
engine.GET("/ready", healthHandler.Ready)
|
||
// 在 /api 下也暴露一份,方便反向代理按 path 前缀统一路由
|
||
engine.GET("/api/health", healthHandler.Live)
|
||
engine.GET("/api/ready", healthHandler.Ready)
|
||
|
||
// Prometheus /metrics 端点(公开、无认证;内网/反向代理授权即可)。
|
||
// 业内通行做法:/metrics 通常由 Prometheus pull 抓取,不走 API Key。
|
||
if deps.Metrics != nil {
|
||
engine.GET("/metrics", gin.WrapH(deps.Metrics.Handler()))
|
||
}
|
||
|
||
// 公开安装路由(不走 JWT 中间件)。
|
||
// 同时注册到 / 和 /api 前缀下:
|
||
// - /install/:token 保留历史 URL,兼容旧 nginx 部署
|
||
// - /api/install/:token 新 URL,自动走反向代理的 /api/ 转发规则
|
||
//
|
||
// Issue #46:用户的 nginx 只转发 /api/,/install/* 被 SPA fallback 到 index.html,
|
||
// 返回 HTML 被 sh 解释成 "Syntax error"。使用 /api/install/ 可避开此问题。
|
||
if deps.InstallTokenService != nil {
|
||
gcCtx := deps.Context
|
||
if gcCtx == nil {
|
||
gcCtx = context.Background()
|
||
}
|
||
installHandler := NewInstallHandler(gcCtx, deps.InstallTokenService, deps.AuditService, deps.MasterExternalURL)
|
||
engine.GET("/install/:token", installHandler.Script)
|
||
engine.GET("/install/:token/compose.yml", installHandler.Compose)
|
||
engine.GET("/api/install/:token", installHandler.Script)
|
||
engine.GET("/api/install/:token/compose.yml", installHandler.Compose)
|
||
}
|
||
|
||
// 未匹配路由处理:
|
||
// - 找到前端产物目录时,托管 SPA(静态文件 + index.html 回退),
|
||
// 使后端在无 nginx 反向代理时也能直接提供 Web 控制台(issue #62);
|
||
// - 未找到前端目录时退化为纯 API 服务,统一返回结构化 JSON 404。
|
||
apiNotFound := func(c *gin.Context) {
|
||
response.Error(c, apperror.New(stdhttp.StatusNotFound, "NOT_FOUND", "接口不存在", errors.New("route not found")))
|
||
}
|
||
if webRoot := resolveWebRoot(deps.Config.Server.WebRoot); webRoot != "" {
|
||
if deps.Logger != nil {
|
||
deps.Logger.Info("serving web frontend", zap.String("web_root", webRoot))
|
||
}
|
||
engine.NoRoute(spaFileServer(webRoot, apiNotFound))
|
||
} else {
|
||
if deps.Logger != nil {
|
||
deps.Logger.Warn("web frontend directory not found; serving API only",
|
||
zap.String("hint", "set server.web_root in config, or place the built frontend at ./web"))
|
||
}
|
||
engine.NoRoute(apiNotFound)
|
||
}
|
||
|
||
return engine
|
||
}
|
||
|
||
func requestLogger(logger *zap.Logger) gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
c.Next()
|
||
logger.Info("http request",
|
||
zap.String("method", c.Request.Method),
|
||
zap.String("path", c.Request.URL.Path),
|
||
zap.Int("status", c.Writer.Status()),
|
||
zap.String("client_ip", c.ClientIP()),
|
||
)
|
||
}
|
||
}
|