-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
47 lines (42 loc) · 1.75 KB
/
server.js
File metadata and controls
47 lines (42 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import express from "express";
import ViteExpress from "vite-express";
import 'dotenv/config';
import { createCosApiHandler } from './api.js';
ViteExpress.config({ mode: "production" })
const app = express();
const config = {
cos: {
secretId: process.env.COS_SECRET_ID,
secretKey: process.env.COS_SECRET_KEY,
region: process.env.COS_REGION,
bucket: process.env.COS_BUCKET,
customDomain: process.env.COS_CUSTOM_DOMAIN
},
defaultPath: process.env.DEFAULT_PATH || '/',
readmeFiles: process.env.README_FILES ? process.env.README_FILES.split(',') : ['README.md', 'readme.txt']
};
// 检测.env必填项是否完整
const requiredEnvVars = ['COS_SECRET_ID', 'COS_SECRET_KEY', 'COS_REGION', 'COS_BUCKET'];
const missingVars = requiredEnvVars.filter(varName => !process.env[varName]);
if (missingVars.length > 0) {
console.error(`错误:.env 文件缺少以下必填项: ${missingVars.join(', ')}`);
process.exit(1);
}
// 创建API处理中间件
const cosApiHandler = createCosApiHandler(config);
// 注册API路由(添加Referer验证)
app.get('/api', (req, res, next) => {
const referer = req.headers.referer;
const { customDomain } = config.cos;
const allowedDomains = [req.headers.host];
if (customDomain) allowedDomains.push(customDomain);
const allowedReferers = allowedDomains.flatMap(domain => [`http://${domain}/`, `https://${domain}/`]);
if (!referer || !allowedReferers.some(allowed => referer.startsWith(allowed))) {
return res.status(403).send('Forbidden: API cannot be accessed directly');
}
next();
}, cosApiHandler);
const port = process.env.PORT || 3000;
ViteExpress.listen(
app, port, () => console.log(`\nServer is listening...http://localhost:${port}\n`)
);