This commit is contained in:
dekun
2026-05-30 15:40:43 +08:00
parent 0a42bd4de9
commit 1f8d2e64e7
4 changed files with 92 additions and 0 deletions
+12
View File
@@ -149,6 +149,18 @@ async def _lifespan(_app: FastAPI):
app = FastAPI(title="Gate Order Executor", version="0.2.0", lifespan=_lifespan)
try:
import sys
from pathlib import Path as _Path
_root = _Path(__file__).resolve().parent.parent.parent
if str(_root) not in sys.path:
sys.path.insert(0, str(_root))
from nav_embed import install_nav_embed
install_nav_embed(app)
except Exception:
pass
app.add_middleware(
SessionMiddleware,
secret_key=settings.app.session_secret,
+34
View File
@@ -0,0 +1,34 @@
"""允许本地导航(LocalNav)iframe 内嵌本服务。环境变量 NAV_ALLOW_EMBED / NAV_EMBED_ORIGINS。"""
from __future__ import annotations
import os
def nav_embed_allowed() -> bool:
return (os.getenv("NAV_ALLOW_EMBED") or "true").strip().lower() in (
"1",
"true",
"yes",
"on",
)
def nav_embed_origins() -> str:
return (os.getenv("NAV_EMBED_ORIGINS") or "*").strip() or "*"
def install_nav_embed(app) -> None:
if not nav_embed_allowed():
return
origins = nav_embed_origins()
@app.middleware("http")
async def _nav_embed_frame_headers(request, call_next):
response = await call_next(request)
if origins == "*":
response.headers["Content-Security-Policy"] = "frame-ancestors *"
else:
parts = " ".join(o.strip() for o in origins.split(",") if o.strip())
response.headers["Content-Security-Policy"] = f"frame-ancestors 'self' {parts}"
return response
+12
View File
@@ -179,6 +179,18 @@ def create_app(settings: Settings) -> FastAPI:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="unauthorized")
app = FastAPI(title="MATRIX FUNNEL", version="2.1.0")
try:
import sys
from pathlib import Path as _Path
_root = _Path(__file__).resolve().parent.parent.parent
if str(_root) not in sys.path:
sys.path.insert(0, str(_root))
from nav_embed import install_nav_embed
install_nav_embed(app)
except Exception:
pass
app.add_middleware(GZipMiddleware, minimum_size=800)
app.add_middleware(
SessionMiddleware,
+34
View File
@@ -423,6 +423,40 @@ pm2 save
---
## 13. 接入本地导航(LocalNav
**扫描端 / 执行器一般在本仓库所在云服务器**;办公室或家里的 [LocalNav](https://git.bz121.com/dekun/LocalNav) 通过 HTTPS 链接触发 iframe 内嵌(不是把 gate_scout 装在本机)。
| 服务 | 云主机端口 | 面板路径 |
|------|------------|----------|
| 扫描端 | 8088 | `/dashboard` |
| 执行器 | 8090 | `/dashboard` |
**云上(PM2 / systemd 环境变量)** — 允许本地导航页嵌入:
```env
NAV_ALLOW_EMBED=true
NAV_EMBED_ORIGINS=http://192.168.8.6:5070
```
**本机 LocalNav `.env`** — 指向云地址(子域名反代示例):
```env
NAV_SEED_GATE_SCOUT=1
NAV_GATE_SCOUT_UPDATE=1
NAV_GATE_SCOUT_SCHEME=https
NAV_GATE_SCOUT_SCOUT_HOST=scout.example.com
NAV_GATE_EXECUTOR_HOST=exec.example.com
NAV_GATE_SCOUT_PORT=443
NAV_GATE_EXECUTOR_PORT=443
```
重启 LocalNav 后左侧出现 **「Gate 扫单」**。若之前误配成 `127.0.0.1`,设 `NAV_GATE_SCOUT_UPDATE=1` 再重启即可覆盖。
公网须 **Nginx HTTPS 反代** + `auth.enabled: true`**不要**对公网裸奔 8088/8090。
---
## 相关文档
| 文档 | 路径 |