From 235fc9c87f3f77badd2b76b1c9d1e93350223f2f Mon Sep 17 00:00:00 2001 From: zs Date: Tue, 3 Mar 2026 00:47:39 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20CSP=20Violation=20(=20=E6=84=9F?= =?UTF-8?q?=E5=8F=B9=E5=8F=B7=E5=9B=BE=E6=A0=87=E8=A2=AB=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/cmd/server/main.go | 1 + server/internal/handler/router_test.go | 59 ++++++++++++++++++++++++++ web/.env | 2 +- web/src/vite-env.d.ts | 7 +++ 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 server/internal/handler/router_test.go create mode 100644 web/src/vite-env.d.ts diff --git a/server/cmd/server/main.go b/server/cmd/server/main.go index 0d5ab0d..5e08375 100644 --- a/server/cmd/server/main.go +++ b/server/cmd/server/main.go @@ -98,6 +98,7 @@ func main() { r := chi.NewRouter() r.Use(chiMiddleware.Logger) r.Use(chiMiddleware.Recoverer) + r.Use(chiMiddleware.StripSlashes) // CORS Configuration corsOrigins := os.Getenv("CORS_ORIGINS") diff --git a/server/internal/handler/router_test.go b/server/internal/handler/router_test.go new file mode 100644 index 0000000..4136942 --- /dev/null +++ b/server/internal/handler/router_test.go @@ -0,0 +1,59 @@ +package handler_test + +import ( + "net/http" + "net/http/httptest" + "testing" + + "github.com/go-chi/chi/v5" + "github.com/go-chi/chi/v5/middleware" +) + +func TestRouterStripSlashes(t *testing.T) { + r := chi.NewRouter() + r.Use(middleware.StripSlashes) + + r.Route("/api/v1", func(r chi.Router) { + r.Post("/auth/login", func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + w.Write([]byte(`{"code":200}`)) + }) + }) + + tests := []struct { + name string + method string + url string + expectedStatus int + }{ + { + name: "Login without trailing slash", + method: "POST", + url: "/api/v1/auth/login", + expectedStatus: http.StatusOK, + }, + { + name: "Login with trailing slash", + method: "POST", + url: "/api/v1/auth/login/", + expectedStatus: http.StatusOK, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + req, _ := http.NewRequest(tt.method, tt.url, nil) + rr := httptest.NewRecorder() + r.ServeHTTP(rr, req) + + if rr.Code != tt.expectedStatus { + t.Errorf("expected status %v, got %v for %s", tt.expectedStatus, rr.Code, tt.url) + } + + // Check if it redirected (it shouldn't with StripSlashes middleware correctly placed) + if rr.Code == http.StatusPermanentRedirect || rr.Code == http.StatusMovedPermanently { + t.Errorf("got redirect %v for %s", rr.Code, tt.url) + } + }) + } +} diff --git a/web/.env b/web/.env index d04490c..f1ccea2 100644 --- a/web/.env +++ b/web/.env @@ -1 +1 @@ -VITE_API_BASE_URL=http://insight.buildapp.eu.org/api/v1 +VITE_API_BASE_URL=https://insight.buildapp.eu.org/api/v1 \ No newline at end of file diff --git a/web/src/vite-env.d.ts b/web/src/vite-env.d.ts new file mode 100644 index 0000000..899b0bc --- /dev/null +++ b/web/src/vite-env.d.ts @@ -0,0 +1,7 @@ +/// + +declare module "*.vue" { + import type { DefineComponent } from "vue"; + const component: DefineComponent<{}, {}, any>; + export default component; +}