From 979054546cfd74009258ac7a256d628ea3c10beb Mon Sep 17 00:00:00 2001 From: dekun Date: Sat, 30 May 2026 15:55:37 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gate_order_executor/app/main.py | 9 ++-- .../deploy/ecosystem.config.cjs | 1 + nav_embed.py | 17 +++++++ onchain_scout_gate/app/web.py | 27 +++++++++-- .../deploy/ecosystem.config.cjs | 1 + onchain_scout_gate/templates/login.html | 47 ++++++++++++++++++- 6 files changed, 92 insertions(+), 10 deletions(-) diff --git a/gate_order_executor/app/main.py b/gate_order_executor/app/main.py index e152681..e6053cd 100644 --- a/gate_order_executor/app/main.py +++ b/gate_order_executor/app/main.py @@ -156,17 +156,18 @@ try: _root = _Path(__file__).resolve().parent.parent.parent if str(_root) not in sys.path: sys.path.insert(0, str(_root)) - from nav_embed import install_nav_embed + from nav_embed import install_nav_embed, nav_session_middleware_kwargs install_nav_embed(app) + _sess_kw = nav_session_middleware_kwargs() except Exception: - pass + _sess_kw = {"same_site": "lax", "https_only": False} app.add_middleware( SessionMiddleware, secret_key=settings.app.session_secret, max_age=60 * 60 * 24 * 7, - same_site="lax", - https_only=False, + same_site=_sess_kw.get("same_site", "lax"), + https_only=bool(_sess_kw.get("https_only", False)), ) app.mount("/static", StaticFiles(directory=str(root_dir / "static")), name="static") diff --git a/gate_order_executor/deploy/ecosystem.config.cjs b/gate_order_executor/deploy/ecosystem.config.cjs index 39c99b4..0305861 100644 --- a/gate_order_executor/deploy/ecosystem.config.cjs +++ b/gate_order_executor/deploy/ecosystem.config.cjs @@ -35,6 +35,7 @@ module.exports = { // 本地导航 iframe 嵌入(勿写进 config.yaml,须在此或 pm2 ecosystem) // NAV_ALLOW_EMBED: "true", // NAV_EMBED_ORIGINS: "http://192.168.8.6:5070", + // NAV_EMBED_SESSION: "1", }, }, ], diff --git a/nav_embed.py b/nav_embed.py index 461ee9b..05730b8 100644 --- a/nav_embed.py +++ b/nav_embed.py @@ -18,6 +18,23 @@ def nav_embed_origins() -> str: return (os.getenv("NAV_EMBED_ORIGINS") or "*").strip() or "*" +def nav_session_middleware_kwargs() -> dict: + """ + LocalNav 等跨站 iframe 内登录须 SameSite=None + Secure(仅 HTTPS 站点有效)。 + NAV_EMBED_SESSION=1 强制开启;auto 时在配置了 NAV_EMBED_ORIGINS 时开启。 + """ + raw = (os.getenv("NAV_EMBED_SESSION") or "auto").strip().lower() + if raw in ("0", "false", "no", "off"): + return {"same_site": "lax", "https_only": False} + if raw in ("1", "true", "yes", "on"): + return {"same_site": "none", "https_only": True} + if raw == "auto": + origins = nav_embed_origins() + if origins and origins != "*": + return {"same_site": "none", "https_only": True} + return {"same_site": "lax", "https_only": False} + + def install_nav_embed(app) -> None: if not nav_embed_allowed(): return diff --git a/onchain_scout_gate/app/web.py b/onchain_scout_gate/app/web.py index c627a44..a09396d 100644 --- a/onchain_scout_gate/app/web.py +++ b/onchain_scout_gate/app/web.py @@ -186,18 +186,19 @@ def create_app(settings: Settings) -> FastAPI: _root = _Path(__file__).resolve().parent.parent.parent if str(_root) not in sys.path: sys.path.insert(0, str(_root)) - from nav_embed import install_nav_embed + from nav_embed import install_nav_embed, nav_session_middleware_kwargs install_nav_embed(app) + _sess_kw = nav_session_middleware_kwargs() except Exception: - pass + _sess_kw = {"same_site": "lax", "https_only": False} app.add_middleware(GZipMiddleware, minimum_size=800) app.add_middleware( SessionMiddleware, secret_key=settings.app.session_secret, max_age=60 * 60 * 24 * 7, - same_site="lax", - https_only=False, + same_site=_sess_kw.get("same_site", "lax"), + https_only=bool(_sess_kw.get("https_only", False)), ) root_dir = Path(__file__).resolve().parent.parent templates = Jinja2Templates(directory=str(root_dir / "templates")) @@ -318,6 +319,24 @@ def create_app(settings: Settings) -> FastAPI: return RedirectResponse("/dashboard", status_code=302) return templates.TemplateResponse("login.html", {"request": request, "error": "用户名或密码错误"}) + @app.post("/api/auth/login") + async def api_auth_login(request: Request) -> JSONResponse: + if not settings.auth.enabled: + return JSONResponse({"ok": True, "redirect": "/dashboard"}) + try: + body = await request.json() + except Exception: + return JSONResponse({"ok": False, "detail": "请求格式错误"}, status_code=400) + username = str(body.get("username") or "").strip() + password = str(body.get("password") or "") + ok_user = username == app.state.auth_user + ok_pass = _hash_password(password) == app.state.auth_password_hash + if ok_user and ok_pass: + request.session["logged_in"] = True + request.session["username"] = username + return JSONResponse({"ok": True, "redirect": "/dashboard"}) + return JSONResponse({"ok": False, "detail": "用户名或密码错误"}, status_code=401) + @app.get("/logout") async def logout(request: Request) -> RedirectResponse: request.session.clear() diff --git a/onchain_scout_gate/deploy/ecosystem.config.cjs b/onchain_scout_gate/deploy/ecosystem.config.cjs index d31e83a..3182357 100644 --- a/onchain_scout_gate/deploy/ecosystem.config.cjs +++ b/onchain_scout_gate/deploy/ecosystem.config.cjs @@ -34,6 +34,7 @@ module.exports = { // 本地导航 iframe 嵌入(勿写进 config.yaml,须在此或 pm2 ecosystem) // NAV_ALLOW_EMBED: "true", // NAV_EMBED_ORIGINS: "http://192.168.8.6:5070", + // NAV_EMBED_SESSION: "1", }, }, ], diff --git a/onchain_scout_gate/templates/login.html b/onchain_scout_gate/templates/login.html index e7e47af..9b0a97b 100644 --- a/onchain_scout_gate/templates/login.html +++ b/onchain_scout_gate/templates/login.html @@ -24,14 +24,57 @@
SECURE CHANNEL
> AUTHENTICATE

MATRIX // GATE USDT PERP FUNNEL · 未授权区域禁止访问

-
+
-
{{ error }}
+
{{ error }}
+