diff --git a/Dockerfile.app b/Dockerfile.app index 588477a..4d5c76d 100644 --- a/Dockerfile.app +++ b/Dockerfile.app @@ -82,6 +82,15 @@ RUN printf '%s\n' \ ' try_files $uri $uri/ /index.html;' \ ' }' \ '' \ +' location ~ ^/(docs|redoc|openapi\\.json)$ {' \ +' proxy_pass http://127.0.0.1:PORT_PLACEHOLDER;' \ +' proxy_http_version 1.1;' \ +' proxy_set_header Host $host;' \ +' proxy_set_header X-Real-IP $real_ip;' \ +' proxy_set_header X-Forwarded-For $forwarded_for;' \ +' proxy_set_header X-Forwarded-Proto $scheme;' \ +' }' \ +'' \ ' location / {' \ ' try_files $uri $uri/ @backend;' \ ' }' \ diff --git a/src/api/admin/users/routes.py b/src/api/admin/users/routes.py index 7c600fe..47a6e27 100644 --- a/src/api/admin/users/routes.py +++ b/src/api/admin/users/routes.py @@ -273,6 +273,9 @@ class AdminListUsersAdapter(AdminApiAdapter): "email": u.email, "username": u.username, "role": u.role.value, + "allowed_providers": u.allowed_providers, + "allowed_endpoints": u.allowed_endpoints, + "allowed_models": u.allowed_models, "quota_usd": u.quota_usd, "used_usd": u.used_usd, "total_usd": getattr(u, "total_usd", 0), diff --git a/src/main.py b/src/main.py index 0e29129..f3008ab 100644 --- a/src/main.py +++ b/src/main.py @@ -355,15 +355,17 @@ app.add_middleware(PluginMiddleware) # 生产环境必须通过 CORS_ORIGINS 环境变量显式指定允许的域名 # 开发环境默认允许本地前端访问 if config.cors_origins: + # CORS_ORIGINS=* 时自动禁用 credentials(浏览器规范要求) + allow_credentials = config.cors_allow_credentials and "*" not in config.cors_origins app.add_middleware( CORSMiddleware, allow_origins=config.cors_origins, # 使用配置的白名单 - allow_credentials=config.cors_allow_credentials, + allow_credentials=allow_credentials, allow_methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"], allow_headers=["*"], expose_headers=["*"], ) - logger.info(f"CORS已启用,允许的源: {config.cors_origins}") + logger.info(f"CORS已启用,允许的源: {config.cors_origins}, credentials: {allow_credentials}") else: # 没有配置CORS源,不允许跨域 logger.warning(