From 9efd78aaff454ddfc21b6634d965eef10869fef3 Mon Sep 17 00:00:00 2001
From: root <1772105645@qq.com>
Date: Tue, 5 May 2026 16:35:46 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E6=AD=A3=20RustFS=20=E8=BF=9E?=
 =?UTF-8?q?=E6=8E=A5=E5=9C=B0=E5=9D=80=EF=BC=8C=E7=A7=BB=E9=99=A4=E7=A1=AC?=
 =?UTF-8?q?=E7=BC=96=E7=A0=81=E5=AF=86=E9=92=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修正 RustFS 端点地址为 192.168.1.154:9000（对应服务器实际部署）
- 移除 config.go 中硬编码的 AccessKey/SecretKey 默认值，改为环境变量传入
- 移除 middleware/auth.go 中硬编码的 API_KEY_VALUE 常量，改为参数注入
- 新增 Config.AuthAPIKey 字段，通过 AUTH_API_KEY 环境变量配置
- 移除 login.html 页面上的密钥格式提示，防止信息泄露
- docker-compose.yml 补全 RustFS 连接所需的环境变量

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 cmd/server/main.go          |  4 ++--
 docker-compose.yml          |  5 +++++
 internal/common/config.go   | 10 ++++++----
 internal/middleware/auth.go | 11 ++++-------
 web/login.html              |  2 +-
 5 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/cmd/server/main.go b/cmd/server/main.go
index 879f0b9..219689b 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -44,7 +44,7 @@ func main() {
 	uploadPartHandler := handlers.NewUploadPartHandler(s3Repo)
 	completeMultipartHandler := handlers.NewCompleteMultipartHandler(s3Repo)
 	deleteFileHandler := handlers.NewDeleteFileHandler(s3Repo)
-	loginHandler := handlers.NewLoginHandler(middleware.API_KEY_VALUE)
+	loginHandler := handlers.NewLoginHandler(cfg.AuthAPIKey)
 
 	// Register Handlers
 	mediator.Register[handlers.UploadFileCommand, string](m, uploadHandler)
@@ -93,7 +93,7 @@ func main() {
 
 	// API授权中间件组
 	api := r.Group("/")
-	api.Use(middleware.AuthMiddleware())
+	api.Use(middleware.AuthMiddleware(cfg.AuthAPIKey))
 	{
 		// File operations
 		api.POST("/files/upload", fileEndpoint.UploadFile)
diff --git a/docker-compose.yml b/docker-compose.yml
index 4076fec..c9f82a9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,11 @@ services:
     restart: unless-stopped
     environment:
       - GIN_MODE=release
+      - RUSTFS_ENDPOINT_URL=http://192.168.1.154:9000
+      - RUSTFS_ACCESS_KEY_ID=rustfsadmin
+      - RUSTFS_SECRET_ACCESS_KEY=rustfsadmin123
+      - RUSTFS_REGION=us-east-1
+      - AUTH_API_KEY=rustfsadmin123
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/swagger/index.html"]
       interval: 30s
diff --git a/internal/common/config.go b/internal/common/config.go
index e735b34..759660f 100644
--- a/internal/common/config.go
+++ b/internal/common/config.go
@@ -8,15 +8,17 @@ type Config struct {
 	RustFSSecretAccessKey string
 	RustFSRegion          string
 	ServerPort            string
+	AuthAPIKey            string
 }
 
 func LoadConfig() *Config {
 	return &Config{
-		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.22:20060"), // Default to docker-compose port
-		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", "xiangning"),                // Default from user input
-		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", "xn001624."),            // Default from user input
-		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),                       // Default region
+		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.154:9000"),
+		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", ""),
+		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", ""),
+		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),
 		ServerPort:            getEnv("SERVER_PORT", "8080"),
+		AuthAPIKey:            getEnv("AUTH_API_KEY", ""),
 	}
 }
 
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
index 1b5d078..0007d37 100644
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -6,19 +6,16 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-const (
-	API_KEY_HEADER = "X-API-Key"
-	API_KEY_VALUE  = "xn001624."
-)
+const API_KEY_HEADER = "X-API-Key"
 
 // AuthMiddleware 验证API密钥的中间件
-func AuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware(apiKey string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 从请求头中获取API密钥
-		apiKey := c.GetHeader(API_KEY_HEADER)
+		key := c.GetHeader(API_KEY_HEADER)
 
 		// 验证密钥是否正确
-		if apiKey != API_KEY_VALUE {
+		if key != apiKey {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"code":    http.StatusUnauthorized,
 				"message": "未授权：请在请求头中提供有效的API密钥",
diff --git a/web/login.html b/web/login.html
index 916e32b..195d05c 100644
--- a/web/login.html
+++ b/web/login.html
@@ -130,7 +130,7 @@
                     </div>
                     <div class="form-text text-muted mt-2">
                         <i class="fas fa-info-circle me-1"></i>
-                        密钥格式: xn001624.
+                        请输入管理员分配的 API 密钥
                     </div>
                 </div>