import fs from 'node:fs' import path from 'node:path' import { fileURLToPath } from 'node:url' import cookieParser from 'cookie-parser' import express from 'express' import session from 'express-session' const __dirname = path.dirname(fileURLToPath(import.meta.url)) const root = path.resolve(__dirname, '..') const distPath = path.join(root, '.vitepress', 'dist') const authExamplePath = path.join(__dirname, 'auth.config.example.json') const authConfigPath = path.join(__dirname, 'auth.config.json') const PORT = 12100 function loadAuthConfig() { if (!fs.existsSync(authConfigPath)) { fs.copyFileSync(authExamplePath, authConfigPath) console.warn( '[auth] 已生成 server/auth.config.json,请修改默认用户名和密码后重启服务。', ) } const raw = fs.readFileSync(authConfigPath, 'utf8') const config = JSON.parse(raw) if (!config.username || !config.password) { throw new Error('server/auth.config.json 缺少 username 或 password') } if (!config.sessionSecret || config.sessionSecret === 'please-change-this-session-secret') { console.warn('[auth] 建议在 server/auth.config.json 中设置独立的 sessionSecret') } return config } const authConfig = loadAuthConfig() const app = express() app.set('trust proxy', 1) app.use(express.json()) app.use(express.urlencoded({ extended: false })) app.use(cookieParser()) app.use( session({ name: 'dao_de_jing.sid', secret: authConfig.sessionSecret || 'dao-de-jing-default-secret', resave: false, saveUninitialized: false, cookie: { httpOnly: true, maxAge: 7 * 24 * 60 * 60 * 1000, sameSite: 'lax', }, }), ) function isAuthenticated(req) { return Boolean(req.session?.user) } function authGuard(req, res, next) { if (req.path === '/login' || req.path.startsWith('/api/login')) { return next() } if (isAuthenticated(req)) { return next() } if (req.path.startsWith('/api/')) { return res.status(401).json({ message: '未登录' }) } const redirect = encodeURIComponent(req.originalUrl || '/') return res.redirect(`/login?redirect=${redirect}`) } app.get('/login', (req, res) => { if (isAuthenticated(req)) { const redirect = req.query.redirect || '/' return res.redirect(String(redirect)) } return res.sendFile(path.join(__dirname, 'public', 'login.html')) }) app.post('/api/login', (req, res) => { const { username, password } = req.body || {} if (username === authConfig.username && password === authConfig.password) { req.session.user = { username } return res.json({ ok: true }) } return res.status(401).json({ message: '用户名或密码错误' }) }) app.post('/api/logout', authGuard, (req, res) => { req.session.destroy(() => { res.clearCookie('dao_de_jing.sid') res.json({ ok: true }) }) }) app.get('/api/me', authGuard, (req, res) => { res.json({ user: req.session.user }) }) app.use(authGuard) if (!fs.existsSync(distPath)) { console.error( '未找到构建产物 .vitepress/dist,请先运行: npm run build', ) process.exit(1) } app.use(express.static(distPath, { index: false })) app.get('*', (req, res, next) => { if (req.path.includes('.')) { return next() } const rel = req.path.replace(/^\//, '').replace(/\/$/, '') || 'index' const candidates = [ path.join(distPath, `${rel}.html`), path.join(distPath, rel, 'index.html'), path.join(distPath, '404.html'), ] for (const candidate of candidates) { if (fs.existsSync(candidate)) { return res.sendFile(candidate) } } return next() }) app.listen(PORT, '0.0.0.0', () => { console.log(`DAO DE JING 站点已启动: http://0.0.0.0:${PORT}`) console.log('登录页: /login') })