diff --git a/.env.example b/.env.example
index 9a5c421a..0832167e 100644
--- a/.env.example
+++ b/.env.example
@@ -1,6 +1,5 @@
GRPC_PORT=5500
-BACK_PORT=5600
-PORT=5700
+BACK_PORT=5700
LOG_LEVEL='info'
diff --git a/.github/workflows/build_docker_image.yml b/.github/workflows/build-docker-image.yml
similarity index 100%
rename from .github/workflows/build_docker_image.yml
rename to .github/workflows/build-docker-image.yml
diff --git a/.umirc.ts b/.umirc.ts
index a0e057f1..cb14fbeb 100644
--- a/.umirc.ts
+++ b/.umirc.ts
@@ -17,7 +17,7 @@ export default defineConfig({
publicPath: process.env.NODE_ENV === 'production' ? './' : '/',
proxy: {
[`${baseUrl}api`]: {
- target: 'http://127.0.0.1:5600/',
+ target: 'http://127.0.0.1:5700/',
changeOrigin: true,
ws: true,
pathRewrite: { [`^${baseUrl}api`]: '/api' },
diff --git a/back/app.ts b/back/app.ts
index 35042d0c..0859140c 100644
--- a/back/app.ts
+++ b/back/app.ts
@@ -96,7 +96,9 @@ class Application {
}
private setupMiddlewares() {
- this.app.use(helmet());
+ this.app.use(helmet({
+ contentSecurityPolicy: false,
+ }));
this.app.use(cors(config.cors));
this.app.use(compression());
this.app.use(monitoringMiddleware);
diff --git a/back/config/index.ts b/back/config/index.ts
index 090349ac..7e4d1623 100644
--- a/back/config/index.ts
+++ b/back/config/index.ts
@@ -29,7 +29,7 @@ interface Config {
}
const config: Config = {
- port: parseInt(process.env.BACK_PORT || '5600', 10),
+ port: parseInt(process.env.BACK_PORT || '5700', 10),
grpcPort: parseInt(process.env.GRPC_PORT || '5500', 10),
nodeEnv: process.env.NODE_ENV || 'development',
isDevelopment: process.env.NODE_ENV === 'development',
diff --git a/back/loaders/express.ts b/back/loaders/express.ts
index aa3d0ef6..b677489a 100644
--- a/back/loaders/express.ts
+++ b/back/loaders/express.ts
@@ -9,6 +9,7 @@ import rewrite from 'express-urlrewrite';
import { errors } from 'celebrate';
import { serveEnv } from '../config/serverEnv';
import { IKeyvStore, shareStore } from '../shared/store';
+import path from 'path';
export default ({ app }: { app: Application }) => {
app.set('trust proxy', 'loopback');
@@ -19,12 +20,16 @@ export default ({ app }: { app: Application }) => {
app.use(bodyParser.json({ limit: '50mb' }));
app.use(bodyParser.urlencoded({ limit: '50mb', extended: true }));
+ const frontendPath = path.join(config.rootPath, 'static/dist');
+ app.use(express.static(frontendPath));
+
app.use(
expressjwt({
secret: config.jwt.secret,
algorithms: ['HS384'],
}).unless({
- path: [...config.apiWhiteList, /^\/open\//],
+ // 使用正则表达式排除非API路径,只对/api/和/open/路径应用JWT验证
+ path: [...config.apiWhiteList, /^\/$/, /^\/(?!api\/)(?!open\/).*/]
}),
);
@@ -39,6 +44,10 @@ export default ({ app }: { app: Application }) => {
});
app.use(async (req: Request, res, next) => {
+ if (!['/open/', '/api/'].some((x) => req.path.startsWith(x))) {
+ return next();
+ }
+
const headerToken = getToken(req);
if (req.path.startsWith('/open/')) {
const apps = await shareStore.getApps();
@@ -110,10 +119,15 @@ export default ({ app }: { app: Application }) => {
app.use(rewrite('/open/*', '/api/$1'));
app.use(config.api.prefix, routes());
- app.use((req, res, next) => {
- const err: any = new Error('Not Found');
- err['status'] = 404;
- next(err);
+ app.get('*', (req, res, next) => {
+ const indexPath = path.join(frontendPath, 'index.html');
+ res.sendFile(indexPath, (err) => {
+ if (err) {
+ const err: any = new Error('Not Found');
+ err['status'] = 404;
+ next(err);
+ }
+ });
});
app.use(errors());
diff --git a/docker/310.Dockerfile b/docker/310.Dockerfile
index 8cd0f640..8a092081 100644
--- a/docker/310.Dockerfile
+++ b/docker/310.Dockerfile
@@ -39,7 +39,6 @@ RUN set -x \
tzdata \
perl \
openssl \
- nginx \
nodejs \
jq \
openssh \
@@ -84,6 +83,6 @@ COPY --from=builder /tmp/build/node_modules/. /ql/node_modules/
WORKDIR ${QL_DIR}
HEALTHCHECK --interval=5s --timeout=2s --retries=20 \
- CMD curl -sf --noproxy '*' http://127.0.0.1:5600/api/health || exit 1
+ CMD curl -sf --noproxy '*' http://127.0.0.1:5700/api/health || exit 1
ENTRYPOINT ["./docker/docker-entrypoint.sh"]
diff --git a/docker/Dockerfile b/docker/Dockerfile
index ae8d8cb1..6617b4ee 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -39,7 +39,6 @@ RUN set -x \
tzdata \
perl \
openssl \
- nginx \
nodejs \
jq \
openssh \
@@ -84,6 +83,6 @@ COPY --from=builder /tmp/build/node_modules/. /ql/node_modules/
WORKDIR ${QL_DIR}
HEALTHCHECK --interval=5s --timeout=2s --retries=20 \
- CMD curl -sf --noproxy '*' http://127.0.0.1:5600/api/health || exit 1
+ CMD curl -sf --noproxy '*' http://127.0.0.1:5700/api/health || exit 1
ENTRYPOINT ["./docker/docker-entrypoint.sh"]
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
index be275a27..b06b9abb 100755
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -14,26 +14,20 @@ log_with_style() {
log_with_style "INFO" "🚀 1. 检测配置文件..."
import_config "$@"
-make_dir /etc/nginx/conf.d
-make_dir /run/nginx
-init_nginx
fix_config
pm2 l &>/dev/null
-log_with_style "INFO" "🔄 2. 启动 nginx..."
-nginx -s reload 2>/dev/null || nginx -c /etc/nginx/nginx.conf
-
-log_with_style "INFO" "⚙️ 3. 启动 pm2 服务..."
+log_with_style "INFO" "⚙️ 2. 启动 pm2 服务..."
reload_pm2
if [[ $AutoStartBot == true ]]; then
- log_with_style "INFO" "🤖 4. 启动 bot..."
+ log_with_style "INFO" "🤖 3. 启动 bot..."
nohup ql bot >$dir_log/bot.log 2>&1 &
fi
if [[ $EnableExtraShell == true ]]; then
- log_with_style "INFO" "🛠️ 5. 执行自定义脚本..."
+ log_with_style "INFO" "🛠️ 4. 执行自定义脚本..."
nohup ql extra >$dir_log/extra.log 2>&1 &
fi
diff --git a/docker/front.conf b/docker/front.conf
deleted file mode 100644
index 1fe4c9ff..00000000
--- a/docker/front.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-upstream baseApi {
- server 0.0.0.0:5600;
-}
-
-map $http_upgrade $connection_upgrade {
- default keep-alive;
- 'websocket' upgrade;
-}
-
-server {
- IPV4_CONFIG
- IPV6_CONFIG
- ssl_session_timeout 5m;
-
- location QL_BASE_URLapi/ {
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://baseApi/api/;
- proxy_buffering off;
- proxy_redirect default;
- proxy_connect_timeout 1800;
- proxy_send_timeout 1800;
- proxy_read_timeout 1800;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
-
- location QL_BASE_URLopen/ {
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://baseApi/open/;
- proxy_buffering off;
- proxy_redirect default;
- proxy_connect_timeout 1800;
- proxy_send_timeout 1800;
- proxy_read_timeout 1800;
- }
-
- gzip on;
- gzip_static on;
- gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript;
- gzip_proxied any;
- gzip_vary on;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.0;
- QL_ROOT_CONFIG
-
- location QL_BASE_URL_LOCATION {
- QL_ALIAS_CONFIG
- index index.html index.htm;
- try_files $uri QL_BASE_URLindex.html;
- }
-
- location ~ .*\.(html)$ {
- add_header Cache-Control no-cache;
- }
-}
diff --git a/docker/nginx.conf b/docker/nginx.conf
deleted file mode 100644
index 4d954137..00000000
--- a/docker/nginx.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-user root;
-worker_processes auto;
-pcre_jit on;
-error_log /var/log/nginx/error.log warn;
-include /etc/nginx/modules/*.conf;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- server_tokens off;
-
- client_max_body_size 4096m;
- client_body_buffer_size 20m;
-
- keepalive_timeout 65;
-
- sendfile on;
-
- tcp_nodelay on;
-
- ssl_prefer_server_ciphers on;
-
- ssl_session_cache shared:SSL:2m;
-
- gzip on;
- gzip_static on;
- gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript;
- gzip_proxied any;
- gzip_vary on;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.0;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/package.json b/package.json
index 9bec3428..8c2dbc9e 100644
--- a/package.json
+++ b/package.json
@@ -97,7 +97,7 @@
"@keyv/sqlite": "^4.0.1",
"proper-lockfile": "^4.1.2",
"compression": "^1.7.4",
- "helmet": "^6.0.1"
+ "helmet": "^8.1.0"
},
"devDependencies": {
"moment": "2.30.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 5177ec06..50cce37f 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -63,8 +63,8 @@ dependencies:
specifier: ^2.0.3
version: 2.0.3
helmet:
- specifier: ^6.0.1
- version: 6.2.0
+ specifier: ^8.1.0
+ version: 8.1.0
hpagent:
specifier: ^1.2.0
version: 1.2.0
@@ -3873,7 +3873,7 @@ packages:
resolution: {integrity: sha512-ONIn/nSNQA57yRge3oaMQESef/6QhoeX7llWeDli0UZIfz8TQMkfNPTXA8VnnyeA1WUjG2pGqdjEIueYonMdfQ==}
deprecated: This is a stub types definition. helmet provides its own type definitions, so you do not need this installed.
dependencies:
- helmet: 6.2.0
+ helmet: 8.1.0
dev: true
/@types/hoist-non-react-statics@3.3.5:
@@ -8467,9 +8467,9 @@ packages:
hasBin: true
dev: true
- /helmet@6.2.0:
- resolution: {integrity: sha512-DWlwuXLLqbrIOltR6tFQXShj/+7Cyp0gLi6uAb8qMdFh/YBBFbKSgQ6nbXmScYd8emMctuthmgIa7tUfo9Rtyg==}
- engines: {node: '>=14.0.0'}
+ /helmet@8.1.0:
+ resolution: {integrity: sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==}
+ engines: {node: '>=18.0.0'}
/history@5.3.0:
resolution: {integrity: sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==}
diff --git a/shell/api.sh b/shell/api.sh
index 4d5b5c25..93f1f481 100755
--- a/shell/api.sh
+++ b/shell/api.sh
@@ -41,7 +41,7 @@ add_cron_api() {
fi
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" \
@@ -76,7 +76,7 @@ update_cron_api() {
fi
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \
-X 'PUT' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
@@ -108,7 +108,7 @@ update_cron_command_api() {
fi
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \
-X 'PUT' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
@@ -133,7 +133,7 @@ del_cron_api() {
local ids="$1"
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \
-X 'DELETE' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
@@ -163,7 +163,7 @@ update_cron() {
local runningTime="${6:-0}"
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons/status?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons/status?t=$currentTimeStamp" \
-X 'PUT' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
@@ -190,7 +190,7 @@ notify_api() {
local content="$2"
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/system/notify?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/system/notify?t=$currentTimeStamp" \
-X 'PUT' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
@@ -215,7 +215,7 @@ find_cron_api() {
local params="$1"
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons/detail?$params&t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons/detail?$params&t=$currentTimeStamp" \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" \
@@ -239,7 +239,7 @@ update_auth_config() {
local tip="$2"
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/open/system/auth/reset?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/open/system/auth/reset?t=$currentTimeStamp" \
-X 'PUT' \
-H "Accept: application/json" \
-H "Authorization: Bearer ${__ql_token__}" \
diff --git a/shell/check.sh b/shell/check.sh
index 6c6657cd..fd2cd6c9 100755
--- a/shell/check.sh
+++ b/shell/check.sh
@@ -20,10 +20,6 @@ copy_dep() {
echo -e "---> 复制一份 $file_notify_js_sample 为 $file_notify_js\n"
cp -fv $file_notify_js_sample $file_notify_js
echo -e "---> 通知文件复制完成\n"
-
- echo -e "---> 2. 复制nginx配置文件\n"
- init_nginx
- echo -e "---> 配置文件复制完成\n"
}
pm2_log() {
@@ -34,18 +30,6 @@ pm2_log() {
tail -n 300 "$panelError"
}
-check_nginx() {
- local nginxPid=$(ps -eo pid,command | grep nginx | grep -v grep)
- echo -e "=====> 检测nginx服务\n$nginxPid"
- if [[ $nginxPid ]]; then
- echo -e "\n=====> nginx服务正常\n"
- nginx -s reload
- else
- echo -e "\n=====> nginx服务异常,重新启动nginx\n"
- nginx -c /etc/nginx/nginx.conf
- fi
-}
-
check_ql() {
local api=$(curl -s --noproxy "*" "http://0.0.0.0:5700")
echo -e "\n=====> 检测面板\n\n$api\n"
@@ -58,7 +42,7 @@ check_pm2() {
pm2_log
local currentTimeStamp=$(date +%s)
local api=$(
- curl -s --noproxy "*" "http://0.0.0.0:5600/api/system?t=$currentTimeStamp" \
+ curl -s --noproxy "*" "http://0.0.0.0:5700/api/system?t=$currentTimeStamp" \
-H 'Accept: */*' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36' \
-H 'Referer: http://0.0.0.0:5700/crontab' \
@@ -78,7 +62,6 @@ main() {
reset_env
copy_dep
check_ql
- check_nginx
check_pm2
reload_pm2
echo -e "\n=====> 检测结束\n"
diff --git a/shell/share.sh b/shell/share.sh
index 6c9bae89..235d0bd9 100755
--- a/shell/share.sh
+++ b/shell/share.sh
@@ -48,8 +48,6 @@ export file_notify_py=$dir_scripts/notify.py
export file_notify_js=$dir_scripts/sendNotify.js
export file_test_js=$dir_scripts/ql_sample.js
export file_test_py=$dir_scripts/ql_sample.py
-export nginx_app_conf=$dir_root/docker/front.conf
-export nginx_conf=$dir_root/docker/nginx.conf
export dep_notify_py=$dir_dep/notify.py
export dep_notify_js=$dir_dep/sendNotify.js
@@ -211,10 +209,6 @@ fix_config() {
cp -f $file_test_py_sample $file_test_py
fi
- if [[ -s /etc/nginx/conf.d/default.conf ]]; then
- cat /dev/null >/etc/nginx/conf.d/default.conf
- fi
-
if [[ ! -s $dep_notify_js ]]; then
cp -f $file_notify_js_sample $dep_notify_js
fi
@@ -334,44 +328,6 @@ format_timestamp() {
fi
}
-init_nginx() {
- cp -f $nginx_conf /etc/nginx/nginx.conf
- cp -f $nginx_app_conf /etc/nginx/conf.d/front.conf
- local location_url="/"
- local aliasStr=""
- local rootStr=""
- if [[ $ql_base_url != "/" ]]; then
- if [[ $ql_base_url != /* ]]; then
- ql_base_url="/$ql_base_url"
- fi
- if [[ $ql_base_url != */ ]]; then
- ql_base_url="$ql_base_url/"
- fi
- location_url="^~${ql_base_url%*/}"
- aliasStr="alias ${dir_static}/dist;"
- if ! grep -q "" "${dir_static}/dist/index.html"; then
- awk -v text="" '/temp.html
- mv temp.html "${dir_static}/dist/index.html"
- fi
- else
- rootStr="root ${dir_static}/dist;"
- fi
- sed -i "s,QL_ALIAS_CONFIG,${aliasStr},g" /etc/nginx/conf.d/front.conf
- sed -i "s,QL_ROOT_CONFIG,${rootStr},g" /etc/nginx/conf.d/front.conf
- sed -i "s,QL_BASE_URL_LOCATION,${location_url},g" /etc/nginx/conf.d/front.conf
- sed -i "s,QL_BASE_URL,${ql_base_url},g" /etc/nginx/conf.d/front.conf
-
- local ipv6=$(ip a | grep inet6)
- local ipv6Str=""
- if [[ $ipv6 ]]; then
- ipv6Str="listen [::]:${ql_port} ipv6only=on;"
- fi
-
- local ipv4Str="listen ${ql_port};"
- sed -i "s,IPV6_CONFIG,${ipv6Str},g" /etc/nginx/conf.d/front.conf
- sed -i "s,IPV4_CONFIG,${ipv4Str},g" /etc/nginx/conf.d/front.conf
-}
-
get_env_array() {
exported_variables=()
while IFS= read -r line; do