eef909c5dd
- 添加 getCorsConfig() 函数支持灵活的 CORS 配置 - 支持三种模式:禁用 CORS、白名单、允许所有来源 - 环境变量可覆盖 config.json 配置 (CORS_ENABLED, CORS_ALLOW_ALL, CORS_ORIGINS) - config.json 默认使用白名单模式,仅允许 localhost - 动态验证 Origin 头,不在白名单的请求不设置 CORS 头 - 添加 Vary: Origin 头支持 CDN 缓存 安全改进: - 生产环境默认 allow_all=false,避免 CORS 通配符 - 白名单模式下,未授权来源的请求会被浏览器拒绝 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
# 认证配置(按优先级选择其一)
|
||
|
||
# 方式1:使用固定API密钥(推荐生产环境,最高优先级)
|
||
FACTORY_API_KEY=your_factory_api_key_here
|
||
|
||
# 方式2:使用refresh token自动刷新(次优先级)
|
||
DROID_REFRESH_KEY=your_refresh_token_here
|
||
|
||
# refresh token 请求超时与重试(可选)
|
||
DROID_REFRESH_TIMEOUT_MS=15000
|
||
DROID_REFRESH_RETRIES=2
|
||
DROID_REFRESH_RETRY_BASE_MS=500
|
||
|
||
# 阿里云日志服务配置
|
||
SLS_ENABLED=false
|
||
ALIYUN_ACCESS_KEY_ID=your_access_key_id
|
||
ALIYUN_ACCESS_KEY_SECRET=your_access_key_secret
|
||
ALIYUN_SLS_ENDPOINT=cn-hangzhou.log.aliyuncs.com
|
||
ALIYUN_SLS_PROJECT=your_project_name
|
||
ALIYUN_SLS_LOGSTORE=your_logstore_name
|
||
|
||
# Deploy Configuration (sync-accounts.sh)
|
||
SYNC_SERVER=user@your-server.com
|
||
SYNC_REMOTE_PATH=/opt/droid2api
|
||
DEPLOY_TYPE=docker-compose
|
||
DOCKER_SERVICE_NAME=droid2api
|
||
PM2_APP_NAME=droid2api
|
||
|
||
# Cloudflare Tunnel Configuration (Optional)
|
||
# Get token from: https://one.dash.cloudflare.com/ -> Networks -> Tunnels
|
||
TUNNEL_TOKEN=
|
||
|
||
# CORS Configuration (Optional, overrides config.json)
|
||
# CORS_ENABLED=true
|
||
# CORS_ALLOW_ALL=false
|
||
# CORS_ORIGINS=https://app1.com,https://app2.com
|