refactor: 去掉 /api/v1/access/status,改为 401 触发登录页#417
refactor: 去掉 /api/v1/access/status,改为 401 触发登录页#417hjyssg wants to merge 1 commit intonodejs-backendfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 524d10b774
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (url === "/health" || url.startsWith("/docs")) return true; | ||
| if (url.startsWith(`${config.API_V1_STR}/utils/health-check/`)) return true; | ||
| if (url === `${config.API_V1_STR}/access/login`) return true; |
There was a problem hiding this comment.
When ACCESS_PASSWORD is set, the new onRequest guard rejects every path that is not explicitly exempted here, but the exemption list does not include / or static asset paths like /assets/*. In deployments where this backend serves the frontend bundle (configured later in this file), the initial HTML/JS requests are answered with 401 before the app can execute showLoginPage(), so users cannot reach the login UI at all and are effectively locked out.
Useful? React with 👍 / 👎.
1 participant
Motivation
GET /api/v1/access/status,简化启动探测逻辑。401时直接进入登录流程以减少额外请求。Description
GET /api/v1/access/status,在白名单中移除了access/status并保留access/login,新增POST /api/v1/access/login登录接口与基于 Cookie 的简单认证 (shigureader_access),并通过onRequest全局钩子在ACCESS_PASSWORD生效时对请求做401拦截(文件:backendnode/src/app.ts)。ACCESS_PASSWORD配置项加入backendnode/src/config.ts。@fastify/cookie并更新backendnode/package.json/package-lock.json以支持 Cookie 操作。access/status的逻辑,改为在全局fetch包装器与OpenAPI响应拦截器中捕获401(排除/api/v1/access/login)并展示内置登录页;登录页提交到POST /api/v1/access/login,登录成功后window.location.reload()(文件:frontend/src/main.tsx)。backendnode/tests/integration/api.integration.test.ts),包含未带 Cookie 被拒绝与登录后可访问两种场景。Testing
npm --prefix backendnode run build,构建通过。npm --prefix frontend run build,构建失败,原因为分支上已有的前端类型错误(qs类型缺失 与 read 页面类型不匹配),与本次鉴权逻辑变更无直接关系。Codex Task