fix: 修正 RustFS 连接地址，移除硬编码密钥

- 修正 RustFS 端点地址为 192.168.1.154:9000（对应服务器实际部署）
- 移除 config.go 中硬编码的 AccessKey/SecretKey 默认值，改为环境变量传入
- 移除 middleware/auth.go 中硬编码的 API_KEY_VALUE 常量，改为参数注入
- 新增 Config.AuthAPIKey 字段，通过 AUTH_API_KEY 环境变量配置
- 移除 login.html 页面上的密钥格式提示，防止信息泄露
- docker-compose.yml 补全 RustFS 连接所需的环境变量

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

cmd/server/main.go

@@ -44,7 +44,7 @@ func main() {
 	uploadPartHandler := handlers.NewUploadPartHandler(s3Repo)
 	completeMultipartHandler := handlers.NewCompleteMultipartHandler(s3Repo)
 	deleteFileHandler := handlers.NewDeleteFileHandler(s3Repo)
-	loginHandler := handlers.NewLoginHandler(middleware.API_KEY_VALUE)
+	loginHandler := handlers.NewLoginHandler(cfg.AuthAPIKey)
 
 	// Register Handlers
 	mediator.Register[handlers.UploadFileCommand, string](m, uploadHandler)
@@ -93,7 +93,7 @@ func main() {
 
 	// API授权中间件组
 	api := r.Group("/")
-	api.Use(middleware.AuthMiddleware())
+	api.Use(middleware.AuthMiddleware(cfg.AuthAPIKey))
 	{
 		// File operations
 		api.POST("/files/upload", fileEndpoint.UploadFile)

docker-compose.yml

@@ -9,6 +9,11 @@ services:
     restart: unless-stopped
     environment:
       - GIN_MODE=release
+      - RUSTFS_ENDPOINT_URL=http://192.168.1.154:9000
+      - RUSTFS_ACCESS_KEY_ID=rustfsadmin
+      - RUSTFS_SECRET_ACCESS_KEY=rustfsadmin123
+      - RUSTFS_REGION=us-east-1
+      - AUTH_API_KEY=rustfsadmin123
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/swagger/index.html"]
       interval: 30s

internal/common/config.go

@@ -8,15 +8,17 @@ type Config struct {
 	RustFSSecretAccessKey string
 	RustFSRegion          string
 	ServerPort            string
+	AuthAPIKey            string
 }
 
 func LoadConfig() *Config {
 	return &Config{
-		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.22:20060"), // Default to docker-compose port
+		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.154:9000"),
-		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", "xiangning"),                // Default from user input
+		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", ""),
-		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", "xn001624."),            // Default from user input
+		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", ""),
-		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),                       // Default region
+		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),
 		ServerPort:            getEnv("SERVER_PORT", "8080"),
+		AuthAPIKey:            getEnv("AUTH_API_KEY", ""),
 	}
 }
 

internal/middleware/auth.go

@@ -6,19 +6,16 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-const (
+const API_KEY_HEADER = "X-API-Key"
-	API_KEY_HEADER = "X-API-Key"
-	API_KEY_VALUE  = "xn001624."
-)
 
 // AuthMiddleware 验证API密钥的中间件
-func AuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware(apiKey string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 从请求头中获取API密钥
-		apiKey := c.GetHeader(API_KEY_HEADER)
+		key := c.GetHeader(API_KEY_HEADER)
 
 		// 验证密钥是否正确
-		if apiKey != API_KEY_VALUE {
+		if key != apiKey {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"code":    http.StatusUnauthorized,
 				"message": "未授权：请在请求头中提供有效的API密钥",

web/login.html

@@ -130,7 +130,7 @@
                     </div>
                     <div class="form-text text-muted mt-2">
                         <i class="fas fa-info-circle me-1"></i>
-                        密钥格式: xn001624.
+                        请输入管理员分配的 API 密钥
                     </div>
                 </div>