fix: 修正 RustFS 连接地址，移除硬编码密钥

- 修正 RustFS 端点地址为 192.168.1.154:9000（对应服务器实际部署） - 移除 config.go 中硬编码的 AccessKey/SecretKey 默认值，改为环境变量传入 - 移除 middleware/auth.go 中硬编码的 API_KEY_VALUE 常量，改为参数注入 - 新增 Config.AuthAPIKey 字段，通过 AUTH_API_KEY 环境变量配置 - 移除 login.html 页面上的密钥格式提示，防止信息泄露 - docker-compose.yml 补全 RustFS 连接所需的环境变量 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-05 16:35:46 +08:00 · 2026-05-05 16:35:46 +08:00 · 9efd78aaff
commit 9efd78aaff
parent 58cfd917c1
5 changed files with 18 additions and 14 deletions
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -44,7 +44,7 @@ func main() {
 	uploadPartHandler := handlers.NewUploadPartHandler(s3Repo)
 	completeMultipartHandler := handlers.NewCompleteMultipartHandler(s3Repo)
 	deleteFileHandler := handlers.NewDeleteFileHandler(s3Repo)
-	loginHandler := handlers.NewLoginHandler(middleware.API_KEY_VALUE)
+	loginHandler := handlers.NewLoginHandler(cfg.AuthAPIKey)

 	// Register Handlers
 	mediator.Register[handlers.UploadFileCommand, string](m, uploadHandler)
@ -93,7 +93,7 @@ func main() {

 	// API授权中间件组
 	api := r.Group("/")
-	api.Use(middleware.AuthMiddleware())
+	api.Use(middleware.AuthMiddleware(cfg.AuthAPIKey))
 	{
 		// File operations
 		api.POST("/files/upload", fileEndpoint.UploadFile)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,6 +9,11 @@ services:
    restart: unless-stopped
    environment:
      - GIN_MODE=release
+      - RUSTFS_ENDPOINT_URL=http://192.168.1.154:9000
+      - RUSTFS_ACCESS_KEY_ID=rustfsadmin
+      - RUSTFS_SECRET_ACCESS_KEY=rustfsadmin123
+      - RUSTFS_REGION=us-east-1
+      - AUTH_API_KEY=rustfsadmin123
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/swagger/index.html"]
      interval: 30s
--- a/internal/common/config.go
+++ b/internal/common/config.go
@ -8,15 +8,17 @@ type Config struct {
 	RustFSSecretAccessKey string
 	RustFSRegion          string
 	ServerPort            string
+	AuthAPIKey            string
 }

 func LoadConfig() *Config {
 	return &Config{
-		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.22:20060"), // Default to docker-compose port
-		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", "xiangning"),                // Default from user input
-		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", "xn001624."),            // Default from user input
-		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),                       // Default region
+		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.154:9000"),
+		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", ""),
+		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", ""),
+		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),
 		ServerPort:            getEnv("SERVER_PORT", "8080"),
+		AuthAPIKey:            getEnv("AUTH_API_KEY", ""),
 	}
 }

--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@ -6,19 +6,16 @@ import (
 	"github.com/gin-gonic/gin"
 )

-const (
-	API_KEY_HEADER = "X-API-Key"
-	API_KEY_VALUE  = "xn001624."
-)
+const API_KEY_HEADER = "X-API-Key"

 // AuthMiddleware 验证API密钥的中间件
-func AuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware(apiKey string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 从请求头中获取API密钥
-		apiKey := c.GetHeader(API_KEY_HEADER)
+		key := c.GetHeader(API_KEY_HEADER)

 		// 验证密钥是否正确
-		if apiKey != API_KEY_VALUE {
+		if key != apiKey {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"code":    http.StatusUnauthorized,
 				"message": "未授权：请在请求头中提供有效的API密钥",
--- a/web/login.html
+++ b/web/login.html
@ -130,7 +130,7 @@
                    </div>
                    <div class="form-text text-muted mt-2">
                        <i class="fas fa-info-circle me-1"></i>
-                        密钥格式: xn001624.
+                        请输入管理员分配的 API 密钥
                    </div>
                </div>