xiaokang/lotteryFront
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03faed1db62d7d95cd72a3249410646099db02db
lotteryFront/middleware.ts
kang 03faed1db6 feat: 更新 API 路径配置并优化环境变量管理 
- 修改 .env.example,更新玩家端本地配置说明,新增直连 Laravel 和局域网 IP 访问配置项,提升开发灵活性。
- 更新 middleware.ts,使用新的 LOTTERY_API_V1_BASE 常量构建 API 请求路径,简化代码结构。
- 在 next.config.ts 中引入 parseAllowedDevOrigins 函数,动态解析允许的开发来源,增强安全性。
- 重构多个 API 模块,移除 API_V1_PREFIX,直接使用相对路径,简化 API 调用逻辑,提高可维护性。
2026-05-29 10:28:43 +08:00

49 lines
1.4 KiB
TypeScript
Raw Blame History

import { NextResponse, type NextRequest } from "next/server";
import { LOTTERY_API_V1_BASE } from "./src/api/paths";
import { generateCSP, nonCspSecurityHeaders } from "./src/lib/csp-config";
type RuntimeOriginsEnvelope = {
code?: number;
data?: {
iframe_allowed_origins?: unknown;
};
};
async function loadRuntimeOrigins(request: NextRequest): Promise<string[]> {
try {
const url = new URL(`${LOTTERY_API_V1_BASE}/integration/runtime-origins`, request.url);
const response = await fetch(url, {
headers: { Accept: "application/json" },
cache: "no-store",
});
if (!response.ok) return [];
const payload = (await response.json()) as RuntimeOriginsEnvelope;
const origins = payload.data?.iframe_allowed_origins;
if (!Array.isArray(origins)) return [];
return origins.filter((origin): origin is string => typeof origin === "string");
} catch {
return [];
}
}
export async function middleware(request: NextRequest): Promise<NextResponse> {
const response = NextResponse.next();
const runtimeOrigins = await loadRuntimeOrigins(request);
response.headers.set("Content-Security-Policy", generateCSP(runtimeOrigins));
for (const header of nonCspSecurityHeaders) {
response.headers.set(header.key, header.value);
}
return response;
}
export const config = {
matcher: ["/((?!api|_next/static|_next/image|favicon.ico|.*\\..*).*)"],
};
Reference in New Issue View Git Blame Copy Permalink