fix: AppAuthMiddleware 类定义移到 add_middleware 调用之前
Nexus CI/CD / test (push) Waiting to run
Nexus CI/CD / deploy (push) Blocked by required conditions
Nexus Pre-commit Checks / quick-check (push) Waiting to run

Python 模块级代码顺序执行,类必须先定义再引用。
之前 add_middleware(AppAuthMiddleware) 在第404行但类定义在第495行,
导致 NameError 服务启动失败。同时修复 _is_install_mode → is_install_mode。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-05-30 03:01:08 +08:00
parent f5bea6f0d2
commit 730b665306
+56 -55
View File
@@ -398,60 +398,6 @@ class SecurityHeadersMiddleware:
await self.app(scope, receive, send_with_headers)
app.add_middleware(SecurityHeadersMiddleware)
# AppAuth: protect /app/ HTML pages behind refresh-cookie (standalone, before JWT/DB/CORS)
app.add_middleware(AppAuthMiddleware)
# F2a-10 / F2d-02: global JWT gate for all /api/* (inside DbSession — uses request.state.db)
app.add_middleware(JwtAuthMiddleware)
# D7: DB session leak fix middleware (must be added BEFORE CORS so it wraps all requests)
app.add_middleware(DbSessionMiddleware)
# CORS — restrict to actual frontend origin (ECC security fix: was allow_origins=["*"])
app.add_middleware(
CORSMiddleware,
allow_origins=[o.strip() for o in settings.CORS_ORIGINS.split(",") if o.strip()] if settings.CORS_ORIGINS else ["http://localhost:8600"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Register all API routers
# D2: Install wizard (always registered — works in both modes)
app.include_router(install_router)
# Normal API routers (require full app init)
app.include_router(servers_router)
app.include_router(auth_router)
app.include_router(agent_router)
app.include_router(scripts_router)
app.include_router(settings_router)
app.include_router(schedule_router)
app.include_router(preset_router)
app.include_router(ssh_key_preset_router)
app.include_router(audit_router)
app.include_router(alert_history_router)
app.include_router(retry_router)
# WebSocket + Health check routers (new in v6.0)
app.include_router(websocket_router)
app.include_router(health_router)
# Asset management (Platform, Node, SSH Sessions, Command Logs)
app.include_router(assets_router)
# Web SSH Terminal
app.include_router(webssh_router)
# Sync Engine v2 (Step 4)
app.include_router(sync_v2_router)
# Global Search
app.include_router(search_router)
# ── AppAuth: protect /app/ pages behind refresh-cookie auth ──
# Public /app/ paths that anyone can access without login
@@ -516,7 +462,7 @@ class AppAuthMiddleware:
await self.app(scope, receive, send)
return
if _is_install_mode():
if is_install_mode():
await self.app(scope, receive, send)
return
@@ -553,6 +499,61 @@ class AppAuthMiddleware:
await self.app(scope, receive, send)
app.add_middleware(SecurityHeadersMiddleware)
# AppAuth: protect /app/ HTML pages behind refresh-cookie (standalone, before JWT/DB/CORS)
app.add_middleware(AppAuthMiddleware)
# F2a-10 / F2d-02: global JWT gate for all /api/* (inside DbSession — uses request.state.db)
app.add_middleware(JwtAuthMiddleware)
# D7: DB session leak fix middleware (must be added BEFORE CORS so it wraps all requests)
app.add_middleware(DbSessionMiddleware)
# CORS — restrict to actual frontend origin (ECC security fix: was allow_origins=["*"])
app.add_middleware(
CORSMiddleware,
allow_origins=[o.strip() for o in settings.CORS_ORIGINS.split(",") if o.strip()] if settings.CORS_ORIGINS else ["http://localhost:8600"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Register all API routers
# D2: Install wizard (always registered — works in both modes)
app.include_router(install_router)
# Normal API routers (require full app init)
app.include_router(servers_router)
app.include_router(auth_router)
app.include_router(agent_router)
app.include_router(scripts_router)
app.include_router(settings_router)
app.include_router(schedule_router)
app.include_router(preset_router)
app.include_router(ssh_key_preset_router)
app.include_router(audit_router)
app.include_router(alert_history_router)
app.include_router(retry_router)
# WebSocket + Health check routers (new in v6.0)
app.include_router(websocket_router)
app.include_router(health_router)
# Asset management (Platform, Node, SSH Sessions, Command Logs)
app.include_router(assets_router)
# Web SSH Terminal
app.include_router(webssh_router)
# Sync Engine v2 (Step 4)
app.include_router(sync_v2_router)
# Global Search
app.include_router(search_router)
# ── Custom 404: return blank HTML to hide backend identity ──
@app.exception_handler(StarletteHTTPException)
async def custom_http_exception_handler(request: Request, exc: StarletteHTTPException):