From 60aab8f95d0e416c39ed2cff29e00a0c181ebae4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 22 Dec 2025 14:55:32 +0000
Subject: [PATCH] Add clarifying comments and improve code readability

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
---
 back/loaders/express.ts | 4 ++++
 src/utils/http.tsx      | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/back/loaders/express.ts b/back/loaders/express.ts
index 97aa3253..12f28342 100644
--- a/back/loaders/express.ts
+++ b/back/loaders/express.ts
@@ -29,6 +29,8 @@ export default ({ app }: { app: Application }) => {
   }
 
   // Create base-URL-aware whitelist for JWT
+  // When baseUrl is empty, paths remain as-is (e.g., '/api/user/login')
+  // When baseUrl is set, paths are prefixed (e.g., '/qinglong/api/user/login')
   const jwtWhitelist = config.apiWhiteList.map(path => `${config.baseUrl}${path}`);
   // Exclude non-API/non-open paths from JWT requirement
   // When baseUrl is set: exclude paths that don't start with baseUrl/api/ or baseUrl/open/
@@ -84,6 +86,8 @@ export default ({ app }: { app: Application }) => {
       }
     }
 
+    // req.path already includes the full path with baseUrl
+    // e.g., when baseUrl=/qinglong and request is /qinglong/api/user/login, req.path=/qinglong/api/user/login
     const originPath = req.path;
     if (
       !headerToken &&
diff --git a/src/utils/http.tsx b/src/utils/http.tsx
index cdb026a7..13be8dc6 100644
--- a/src/utils/http.tsx
+++ b/src/utils/http.tsx
@@ -93,8 +93,9 @@ const apiWhiteListBase = [
 ];
 
 // Only modify paths if baseUrl is set and not the default '/'
+// Frontend baseUrl always ends with '/', so we remove leading '/' from paths
 const apiWhiteList = config.baseUrl && config.baseUrl !== '/'
-  ? apiWhiteListBase.map(path => `${config.baseUrl}${path.replace(/^\//, '')}`)
+  ? apiWhiteListBase.map(path => `${config.baseUrl}${path.substring(1)}`)
   : apiWhiteListBase;