iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(server): 健康检查和 OpenAPI 端点移出限流中间件范围
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
account_lockout_middleware 改为 fail-close 后,/health 和 /docs/openapi.json
不应受影响。将它们提取为 unthrottled_routes 独立层。
This commit is contained in:
iven
2026-04-28 01:11:17 +08:00
parent 9dd6095e77
commit 1e6e783fcc
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crates/erp-server/src/main.rs
View File

@@ -503,12 +503,7 @@ async fn main() -> anyhow::Result<()> {
// Layer execution order (outer → inner): account_lockout → rate_limit_by_ip // Layer execution order (outer → inner): account_lockout → rate_limit_by_ip
// So account lockout check runs FIRST, then IP rate limiting // So account lockout check runs FIRST, then IP rate limiting
let public_routes = Router::new() let public_routes = Router::new()
.merge(handlers::health::health_check_router())
.merge(erp_auth::AuthModule::public_routes()) .merge(erp_auth::AuthModule::public_routes())
.route(
"/docs/openapi.json",
axum::routing::get(handlers::openapi::openapi_spec),
)
.layer(axum::middleware::from_fn_with_state( .layer(axum::middleware::from_fn_with_state(
state.clone(), state.clone(),
middleware::rate_limit::account_lockout_middleware, middleware::rate_limit::account_lockout_middleware,
@@ -519,6 +514,15 @@ async fn main() -> anyhow::Result<()> {
)) ))
.with_state(state.clone()); .with_state(state.clone());
// Unthrottled public routes (health, docs) — no rate limiting
let unthrottled_routes = Router::new()
.merge(handlers::health::health_check_router())
.route(
"/docs/openapi.json",
axum::routing::get(handlers::openapi::openapi_spec),
)
.with_state(state.clone());
// Clone jwt_secret for upload auth before protected_routes closure moves it // Clone jwt_secret for upload auth before protected_routes closure moves it
let secret_for_uploads = jwt_secret.clone(); let secret_for_uploads = jwt_secret.clone();
@@ -577,7 +581,7 @@ async fn main() -> anyhow::Result<()> {
async move { upload_auth_middleware(secret, req, next).await } async move { upload_auth_middleware(secret, req, next).await }
})); }));
let app = Router::new() let app = Router::new()
.nest("/api/v1", public_routes.merge(protected_routes)) .nest("/api/v1", unthrottled_routes.merge(public_routes).merge(protected_routes))
.nest("/uploads", uploads_router) .nest("/uploads", uploads_router)
.layer(cors); .layer(cors);