fix

config.yaml

@@ -228,7 +228,7 @@ development:
     debug: true
     enable_profiler: true
     enable_cors: true
-    cors_allowed_origins: "https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
+    cors_allowed_origins: "http://localhost:5173,https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
     cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
     cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"
 

configs/env.development.yaml

@@ -106,3 +106,8 @@ zhicha:
     app_id: "4b78fff61ab8426f"
     app_secret: "1128f01b94124ae899c2e9f2b1f37681"
     encrypt_key: "af4ca0098e6a202a5c08c413ebd9fd62"
+development:
+    enable_cors: true
+    cors_allowed_origins: "http://localhost:5173,http://localhost:8080"
+    cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
+    cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"

configs/env.production.yaml

@@ -18,7 +18,7 @@ server:
 # ===========================================
 development:
     enable_cors: true
-    cors_allowed_origins: "https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
+    cors_allowed_origins: "http://localhost:5173,https://consoletest.tianyuanapi.com,https://console.tianyuanapi.com"
     cors_allowed_methods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
     cors_allowed_headers: "Origin,Content-Type,Accept,Authorization,X-Requested-With,Access-Id"
 

internal/infrastructure/http/routes/api_routes.go

@@ -40,6 +40,9 @@ func (r *ApiRoutes) Register(router *sharedhttp.GinRouter) {
 	{
 		apiGroup.POST("/:api_name", r.domainAuthMiddleware.Handle(""), r.apiHandler.HandleApiCall)
 
+		// Console专用接口 - 使用JWT认证，不需要域名认证
+		apiGroup.POST("/console/:api_name", r.authMiddleware.Handle(), r.apiHandler.HandleApiCall)
+
 		// 表单配置接口（用于前端动态生成表单）
 		apiGroup.GET("/form-config/:api_code", r.authMiddleware.Handle(), r.apiHandler.GetFormConfig)
 

internal/shared/http/router.go

@@ -134,9 +134,18 @@ func (r *GinRouter) GetEngine() *gin.Engine {
 
 // applyMiddlewares 应用中间件
 func (r *GinRouter) applyMiddlewares() {
-	// 按优先级排序中间件
+	// 按优先级排序中间件，优先级相同时按名称排序确保稳定性
 	sort.Slice(r.middlewares, func(i, j int) bool {
-		return r.middlewares[i].GetPriority() > r.middlewares[j].GetPriority()
+		priorityI := r.middlewares[i].GetPriority()
+		priorityJ := r.middlewares[j].GetPriority()
+		
+		// 如果优先级不同，按优先级降序排列
+		if priorityI != priorityJ {
+			return priorityI > priorityJ
+		}
+		
+		// 如果优先级相同，按名称排序确保稳定性
+		return r.middlewares[i].GetName() < r.middlewares[j].GetName()
 	})
 
 	// 应用全局中间件

internal/shared/middleware/cors.go

@@ -27,7 +27,7 @@ func (m *CORSMiddleware) GetName() string {
 
 // GetPriority 返回中间件优先级
 func (m *CORSMiddleware) GetPriority() int {
-	return 100 // 高优先级，最先执行
+	return 95 // 在PanicRecovery(100)之后，SecurityHeaders(85)之前执行
 }
 
 // Handle 返回中间件处理函数
@@ -39,22 +39,43 @@ func (m *CORSMiddleware) Handle() gin.HandlerFunc {
 		}
 	}
 
+	// 获取CORS配置
+	origins := m.getAllowedOrigins()
+	methods := m.getAllowedMethods()
+	headers := m.getAllowedHeaders()
+
 	config := cors.Config{
 		AllowAllOrigins: false,
-		AllowOrigins:    m.getAllowedOrigins(),
+		AllowOrigins:    origins,
-		AllowMethods:    m.getAllowedMethods(),
+		AllowMethods:    methods,
-		AllowHeaders:    m.getAllowedHeaders(),
+		AllowHeaders:    headers,
 		ExposeHeaders: []string{
 			"Content-Length",
 			"Content-Type",
 			"X-Request-ID",
 			"X-Response-Time",
+			"Access-Control-Allow-Origin",
+			"Access-Control-Allow-Methods",
+			"Access-Control-Allow-Headers",
 		},
 		AllowCredentials: true,
 		MaxAge:           86400, // 24小时
+		// 增加Chrome兼容性
+		AllowWildcard:   false,
+		AllowBrowserExtensions: false,
 	}
 
-	return cors.New(config)
+	// 创建CORS中间件
+	corsMiddleware := cors.New(config)
+	
+	// 返回包装后的中间件
+	return func(c *gin.Context) {
+		// 调用实际的CORS中间件
+		corsMiddleware(c)
+		
+		// 继续处理下一个中间件或处理器
+		c.Next()
+	}
 }
 
 // IsGlobal 是否为全局中间件