From ecc7495954e54aee3785dcb55ef0941b0861bac6 Mon Sep 17 00:00:00 2001
From: liangzai <2440983361@qq.com>
Date: Thu, 28 Aug 2025 17:09:21 +0800
Subject: [PATCH] fix

---
 config.yaml                                   |  2 +-
 configs/env.development.yaml                  |  7 ++++-
 configs/env.production.yaml                   |  2 +-
 .../infrastructure/http/routes/api_routes.go  |  3 ++
 internal/shared/http/router.go                | 13 ++++++--
 internal/shared/middleware/cors.go            | 31 ++++++++++++++++---
 6 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/config.yaml b/config.yaml
index 8b7c83b..b898af9 100644
--- a/config.yaml
+++ b/config.yaml
@@ -228,7 +228,7 @@ development:
     debug: true
     enable_profiler: true
     enable_cors: true
-    cors_allowed_origins: "https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
+    cors_allowed_origins: "http://localhost:5173,https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
     cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
     cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"
 
diff --git a/configs/env.development.yaml b/configs/env.development.yaml
index cc352db..571a88b 100644
--- a/configs/env.development.yaml
+++ b/configs/env.development.yaml
@@ -105,4 +105,9 @@ zhicha:
     url: "http://proxy.tianyuanapi.com/dataMiddle/api/handle"
     app_id: "4b78fff61ab8426f"
     app_secret: "1128f01b94124ae899c2e9f2b1f37681"
-    encrypt_key: "af4ca0098e6a202a5c08c413ebd9fd62"
\ No newline at end of file
+    encrypt_key: "af4ca0098e6a202a5c08c413ebd9fd62"
+development:
+    enable_cors: true
+    cors_allowed_origins: "http://localhost:5173,http://localhost:8080"
+    cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
+    cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"
\ No newline at end of file
diff --git a/configs/env.production.yaml b/configs/env.production.yaml
index 6f2d6c5..8c23129 100644
--- a/configs/env.production.yaml
+++ b/configs/env.production.yaml
@@ -18,7 +18,7 @@ server:
 # ===========================================
 development:
     enable_cors: true
-    cors_allowed_origins: "https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
+    cors_allowed_origins: "http://localhost:5173,https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
     cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
     cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"
 
diff --git a/internal/infrastructure/http/routes/api_routes.go b/internal/infrastructure/http/routes/api_routes.go
index 399d34c..b6e205b 100644
--- a/internal/infrastructure/http/routes/api_routes.go
+++ b/internal/infrastructure/http/routes/api_routes.go
@@ -40,6 +40,9 @@ func (r *ApiRoutes) Register(router *sharedhttp.GinRouter) {
 	{
 		apiGroup.POST("/:api_name", r.domainAuthMiddleware.Handle(""), r.apiHandler.HandleApiCall)
 
+		// Console专用接口 - 使用JWT认证，不需要域名认证
+		apiGroup.POST("/console/:api_name", r.authMiddleware.Handle(), r.apiHandler.HandleApiCall)
+
 		// 表单配置接口（用于前端动态生成表单）
 		apiGroup.GET("/form-config/:api_code", r.authMiddleware.Handle(), r.apiHandler.GetFormConfig)
 
diff --git a/internal/shared/http/router.go b/internal/shared/http/router.go
index 4d9ec2a..7fbe543 100644
--- a/internal/shared/http/router.go
+++ b/internal/shared/http/router.go
@@ -134,9 +134,18 @@ func (r *GinRouter) GetEngine() *gin.Engine {
 
 // applyMiddlewares 应用中间件
 func (r *GinRouter) applyMiddlewares() {
-	// 按优先级排序中间件
+	// 按优先级排序中间件，优先级相同时按名称排序确保稳定性
 	sort.Slice(r.middlewares, func(i, j int) bool {
-		return r.middlewares[i].GetPriority() > r.middlewares[j].GetPriority()
+		priorityI := r.middlewares[i].GetPriority()
+		priorityJ := r.middlewares[j].GetPriority()
+		
+		// 如果优先级不同，按优先级降序排列
+		if priorityI != priorityJ {
+			return priorityI > priorityJ
+		}
+		
+		// 如果优先级相同，按名称排序确保稳定性
+		return r.middlewares[i].GetName() < r.middlewares[j].GetName()
 	})
 
 	// 应用全局中间件
diff --git a/internal/shared/middleware/cors.go b/internal/shared/middleware/cors.go
index 046f617..e17c1b9 100644
--- a/internal/shared/middleware/cors.go
+++ b/internal/shared/middleware/cors.go
@@ -27,7 +27,7 @@ func (m *CORSMiddleware) GetName() string {
 
 // GetPriority 返回中间件优先级
 func (m *CORSMiddleware) GetPriority() int {
-	return 100 // 高优先级，最先执行
+	return 95 // 在PanicRecovery(100)之后，SecurityHeaders(85)之前执行
 }
 
 // Handle 返回中间件处理函数
@@ -39,22 +39,43 @@ func (m *CORSMiddleware) Handle() gin.HandlerFunc {
 		}
 	}
 
+	// 获取CORS配置
+	origins := m.getAllowedOrigins()
+	methods := m.getAllowedMethods()
+	headers := m.getAllowedHeaders()
+
 	config := cors.Config{
 		AllowAllOrigins: false,
-		AllowOrigins:    m.getAllowedOrigins(),
-		AllowMethods:    m.getAllowedMethods(),
-		AllowHeaders:    m.getAllowedHeaders(),
+		AllowOrigins:    origins,
+		AllowMethods:    methods,
+		AllowHeaders:    headers,
 		ExposeHeaders: []string{
 			"Content-Length",
 			"Content-Type",
 			"X-Request-ID",
 			"X-Response-Time",
+			"Access-Control-Allow-Origin",
+			"Access-Control-Allow-Methods",
+			"Access-Control-Allow-Headers",
 		},
 		AllowCredentials: true,
 		MaxAge:           86400, // 24小时
+		// 增加Chrome兼容性
+		AllowWildcard:   false,
+		AllowBrowserExtensions: false,
 	}
 
-	return cors.New(config)
+	// 创建CORS中间件
+	corsMiddleware := cors.New(config)
+	
+	// 返回包装后的中间件
+	return func(c *gin.Context) {
+		// 调用实际的CORS中间件
+		corsMiddleware(c)
+		
+		// 继续处理下一个中间件或处理器
+		c.Next()
+	}
 }
 
 // IsGlobal 是否为全局中间件