f

2026-04-21 22:36:48 +08:00
commit 488c695fdf
748 changed files with 266838 additions and 0 deletions
--- a/internal/shared/middleware/cors.go
+++ b/internal/shared/middleware/cors.go
@@ -0,0 +1,142 @@
+package middleware
+
+import (
+	"strings"
+	"hyapi-server/internal/config"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+)
+
+// CORSMiddleware CORS中间件
+type CORSMiddleware struct {
+	config *config.Config
+}
+
+// NewCORSMiddleware 创建CORS中间件
+func NewCORSMiddleware(cfg *config.Config) *CORSMiddleware {
+	return &CORSMiddleware{
+		config: cfg,
+	}
+}
+
+// GetName 返回中间件名称
+func (m *CORSMiddleware) GetName() string {
+	return "cors"
+}
+
+// GetPriority 返回中间件优先级
+func (m *CORSMiddleware) GetPriority() int {
+	return 95 // 在PanicRecovery(100)之后，SecurityHeaders(85)之前执行
+}
+
+// Handle 返回中间件处理函数
+func (m *CORSMiddleware) Handle() gin.HandlerFunc {
+	if !m.config.Development.EnableCors {
+		// 如果没有启用CORS，返回空处理函数
+		return func(c *gin.Context) {
+			c.Next()
+		}
+	}
+
+	// 获取CORS配置
+	origins := m.getAllowedOrigins()
+	methods := m.getAllowedMethods()
+	headers := m.getAllowedHeaders()
+
+	config := cors.Config{
+		AllowAllOrigins: false,
+		AllowOrigins:    origins,
+		AllowMethods:    methods,
+		AllowHeaders:    headers,
+		ExposeHeaders: []string{
+			"Content-Length",
+			"Content-Type",
+			"X-Request-ID",
+			"X-Response-Time",
+			"Access-Control-Allow-Origin",
+			"Access-Control-Allow-Methods",
+			"Access-Control-Allow-Headers",
+		},
+		AllowCredentials: true,
+		MaxAge:           86400, // 24小时
+		// 增加Chrome兼容性
+		AllowWildcard:   false,
+		AllowBrowserExtensions: false,
+	}
+
+	// 创建CORS中间件
+	corsMiddleware := cors.New(config)
+
+	// 返回包装后的中间件
+	return func(c *gin.Context) {
+		// 调用实际的CORS中间件
+		corsMiddleware(c)
+
+		// 继续处理下一个中间件或处理器
+		c.Next()
+	}
+}
+
+// IsGlobal 是否为全局中间件
+func (m *CORSMiddleware) IsGlobal() bool {
+	return true
+}
+
+// getAllowedOrigins 获取允许的来源
+func (m *CORSMiddleware) getAllowedOrigins() []string {
+	if m.config.Development.CorsOrigins == "" {
+		return []string{"http://localhost:3000", "http://localhost:8080"}
+	}
+
+	// 解析配置中的origins字符串，按逗号分隔
+	origins := strings.Split(m.config.Development.CorsOrigins, ",")
+	// 去除空格
+	for i, origin := range origins {
+		origins[i] = strings.TrimSpace(origin)
+	}
+	return origins
+}
+
+// getAllowedMethods 获取允许的方法
+func (m *CORSMiddleware) getAllowedMethods() []string {
+	if m.config.Development.CorsMethods == "" {
+		return []string{
+			"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS",
+		}
+	}
+
+	// 解析配置中的methods字符串，按逗号分隔
+	methods := strings.Split(m.config.Development.CorsMethods, ",")
+	// 去除空格
+	for i, method := range methods {
+		methods[i] = strings.TrimSpace(method)
+	}
+	return methods
+}
+
+// getAllowedHeaders 获取允许的头部
+func (m *CORSMiddleware) getAllowedHeaders() []string {
+	if m.config.Development.CorsHeaders == "" {
+		return []string{
+			"Origin",
+			"Content-Type",
+			"Content-Length",
+			"Accept",
+			"Accept-Encoding",
+			"Accept-Language",
+			"Authorization",
+			"X-Requested-With",
+			"X-Request-ID",
+			"Access-Id",
+		}
+	}
+
+	// 解析配置中的headers字符串，按逗号分隔
+	headers := strings.Split(m.config.Development.CorsHeaders, ",")
+	// 去除空格
+	for i, header := range headers {
+		headers[i] = strings.TrimSpace(header)
+	}
+	return headers
+}