修改后端结构

2025-10-04 21:18:35 +08:00
parent cd9367800a
commit f5c3b26479
3 changed files with 136 additions and 116 deletions
--- a/server/middleware/cors.go
+++ b/server/middleware/cors.go
@@ -1,40 +1,54 @@
 package middleware

 import (
+	"fmt"
 	"net/http"

 	"github.com/JACKYMYPERSON/hldrCenter/config"
 	"github.com/gin-gonic/gin"
 )

-func CorsMiddleware(cfg *config.ServerConfig) gin.HandlerFunc {
+func CorsMiddleware(serverConfig *config.ServerConfig) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 处理跨域请求头
+		// 1. 打印配置的允许源（调试用，确认配置是否正确加载）
+		fmt.Printf("允许的前端源：%v\n", serverConfig.AllowedOrigins)
+
+		// 2. 获取请求的Origin头
 		origin := c.Request.Header.Get("Origin")
-		if origin != "" && isAllowedOrigin(origin, cfg.AllowedOrigins) {
-			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
+		fmt.Printf("当前请求源：%s\n", origin) // 调试用
+
+		// 3. 宽松的跨域匹配逻辑
+		allowOrigin := ""
+		if len(serverConfig.AllowedOrigins) > 0 {
+			for _, allowed := range serverConfig.AllowedOrigins {
+				// 支持通配符*，或精确匹配
+				if allowed == "*" || allowed == origin {
+					allowOrigin = origin
+					break
+				}
+			}
 		}

-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization")
-		c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		// 4. 即使没有匹配到，也可以临时设置为*（仅测试用，生产环境需删除）
+		// if allowOrigin == "" {
+		// 	allowOrigin = "*"
+		// }

-		// 处理预检请求
+		// 5. 设置核心跨域头
+		if allowOrigin != "" {
+			c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
+		}
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization")
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Max-Age", "86400") // 24小时缓存预检请求
+
+		// 6. 处理OPTIONS预检请求
 		if c.Request.Method == "OPTIONS" {
-			c.AbortWithStatus(http.StatusOK)
+			c.AbortWithStatus(http.StatusNoContent) // 使用204更规范
 			return
 		}

 		c.Next()
 	}
 }
-
-// 检查来源是否在允许的列表中
-func isAllowedOrigin(origin string, allowedOrigins []string) bool {
-	for _, allowed := range allowedOrigins {
-		if allowed == "*" || allowed == origin {
-			return true
-		}
-	}
-	return false
-}