iven/nj
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(app): 强制 HTTPS — Android 网络安全配置 + 生产默认 HTTPS

Browse Source 
- Android: 添加 network_security_config.xml,默认禁止明文流量
- Android: 仅允许 localhost/127.0.0.1/10.0.2.2 明文(开发调试)
- Android: 更新 AndroidManifest 引用网络安全配置
- ApiClient: 默认 URL 改为 https://api.nuanji.app/api/v1
- AppConfig: fromEnvironment 默认值改为 HTTPS 生产地址
- AppConfig: dev 常量保留 localhost(仅用于本地开发)
- iOS: ATS 默认已强制 HTTPS,无需修改

审计 ID: 6b-C01
This commit is contained in:
iven
2026-06-03 10:13:20 +08:00
parent 45949e3ed0
commit a34c9fd176
4 changed files with 41 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/lib/data/remote/api_client.dart
View File

@@ -36,7 +36,12 @@ class ApiClient {
/// 是否正在刷新 token防止并发 401 触发多次刷新)
bool _isRefreshing = false;
ApiClient({this.baseUrl = 'http://localhost:3000/api/v1'}) {
/// 创建 API 客户端
///
/// [baseUrl] 默认使用 HTTPS 生产地址。
/// 开发环境可通过构造参数覆盖为 http://localhost:3000/api/v1
/// Android 网络安全配置已允许 localhost 明文)。
ApiClient({this.baseUrl = 'https://api.nuanji.app/api/v1'}) {
_dio = Dio(BaseOptions(
baseUrl: baseUrl,
connectTimeout: const Duration(seconds: 10),