feat(cors): 配置跨域策略 (#47)

xiaorongnie · ipcjs · TranscodeGroupDeveloper · web-flow · commit 68760e382638 · 2026-01-21T17:34:46.000+08:00
* feat(cors): 默认禁用跨域
默认不启用跨域验证

* wip: 默认允许公网域名和IP的任意端口访问

* feat(cors):增加设备厂家，设备类型，设备型号初始化数据表

* nginx

* wip: 让Spring识别nginx添加的X-Forwarded-*头

* wip: 整理配置

---------

Co-authored-by: ipcjs.mac4 &lt;gipcjs@gmail.com&gt;
Co-authored-by: TranscodeGroupDeveloper &lt;transcodegroupdeveloper@gmail.com&gt;
Co-authored-by: cli &lt;cli@debian&gt;
diff --git a/maintain/compose.yml b/maintain/compose.yml
@@ -42,6 +42,8 @@ services:
 
       # 网关指令
       - spring_my_gateway_jtt808_url=http://${JTT808_HOST:-jtt808}:${JTT808_PORT_HTTP:-9012}
+      # 让Spring识别nginx添加的X-Forwarded-*头, 参考: https://docs.spring.io/spring-boot/how-to/webserver.html#howto.webserver.use-behind-a-proxy-server
+      - SERVER_FORWARD_HEADERS_STRATEGY=native
 
       # 短信服务
       # - tencent_sms_secret_id=AKID74lBKCoAF2YomUv60e06vTkkSt3wYtxk
@@ -56,7 +58,7 @@ services:
       - spring_my_push_group_secret=63b4ff15d550ba1675b1dceb
 
       # 跨域 逗号分割
-      - spring_my_cors_origin-patterns=https://*.tgtrack.com,https://*.tripsdd.com,https://tripsdd.com
+      - spring_my_cors_origin-patterns=*://${TRACK_HOSTNAME}:[*],*://${SERVER_IP_PUBLIC}:[*]
 
       # Mail-预设了bus的邮箱
       - spring_mail_host=${MAIL_HOST:-smtp.transcodegroup.com}
diff --git a/mysql8/initdb/02-maintain-init-data.sql b/mysql8/initdb/02-maintain-init-data.sql
@@ -200,4 +200,27 @@ INSERT INTO `system_dictionary` VALUES (47, '47', '轨迹完整率低', '轨迹
 INSERT INTO `system_dictionary` VALUES (48, '48', '漂移', '漂移', 'drift', 'GPS กระโดด', 'drift', 'Deriva', 'Deriva', 'Fault-Type', NULL, NULL, 0, 0, '2022-05-09 03:27:18', '2025-10-09 04:31:10');
 INSERT INTO `system_dictionary` VALUES (49, '49', '不读司机卡', '不读司机卡', 'Does not read driver card', 'เครื่องรูดบัตร', 'Tidak membaca kartu pengemudi', 'No lee la tarjeta del conductor', 'Não lê o cartão do motorista', 'Fault-Type', NULL, NULL, 0, 0, '2022-05-09 03:27:18', '2025-10-09 04:31:10');
 
+
+-- ----------------------------
+-- Records of device_category
+-- ----------------------------
+
+INSERT INTO `maintain`.`device_category` VALUES (1, '1d3b089c74ca496b8c17cfa77e13a65a', '视频终端', '视频终端', 'MDVR', 'MDVR', 'MDVR', 'MDVR', 'MDVR', '', 200, 0, '2026-01-21 07:14:15', '2026-01-21 07:14:15');
+INSERT INTO `maintain`.`device_category` VALUES (2, 'ed4d3d9b5eda4dfe9a6cdb1327ec1690', 'GPS Tracker', 'GPS Tracker', 'GPS Tracker', 'GPS Tracker', 'GPS Tracker', 'GPS Tracker', 'GPS Tracker', '', 100, 0, '2026-01-21 07:58:47', '2026-01-21 07:58:47');
+
+-- ----------------------------
+-- Records of device_manufacturer
+-- ----------------------------
+
+INSERT INTO `maintain`.`device_manufacturer` VALUES (1, '43a610ca929d45dea574b1122e313e2b', 'TGC', '100010001', NULL, 0, '2026-01-21 07:13:43', '2026-01-21 07:13:43');
+
+-- ----------------------------
+-- Records of device_product
+-- ----------------------------
+
+INSERT INTO `maintain`.`device_product` VALUES (1, '7de049b26def4364a9f3dc3bc60cf029', 'TCG-MDVR', 'TCG-MDVR', '1d3b089c74ca496b8c17cfa77e13a65a', '[\"808-2011\",\"808-2013\",\"808-2016\",\"808-2019\",\"1078-2016\",\"safety-jiangsu\",\"tl\"]', '', 2, 4095, '43a610ca929d45dea574b1122e313e2b', 'TGC', NULL, '', 0, NULL, NULL, 0, '', '[\"TCG-MDVR\"]', 0, '2026-01-21 07:15:23', '2026-01-21 07:16:39');
+INSERT INTO `maintain`.`device_product` VALUES (2, 'bf56842a3d80445c96d705e91320a92a', 'GPS Tracker', 'GPS Tracker', 'ed4d3d9b5eda4dfe9a6cdb1327ec1690', '[\"808-2011\",\"808-2013\",\"808-2019\",\"tg\"]', '', 0, 288, '43a610ca929d45dea574b1122e313e2b', 'TGC', NULL, '', 0, NULL, NULL, 0, '', NULL, 0, '2026-01-21 08:02:53', '2026-01-21 08:02:53');
+
+
+
 SET FOREIGN_KEY_CHECKS = 1;
diff --git a/nginx/conf/conf.d/track.conf.template b/nginx/conf/conf.d/track.conf.template
@@ -72,18 +72,20 @@ server {
 
     location /api/ {
         proxy_pass http://track_api_server;
-        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
 
     location ~ ^/(pass|file|datamotor|video|health)/ {
         proxy_pass http://track_api_server;
-        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
