oadmin/xinghuoapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(crs-sync): improve error messages and add private IP allowlist support

Browse Source 
## Changes

### 1. Enhanced Error Messages
- Modified CRS sync error handling to show detailed error messages
- Changed from generic "internal error" to "CRS sync failed: <details>"
- Helps diagnose connection issues with private CRS deployments

### 2. Security Configuration
- Added SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS environment variable
- Allows administrators to enable/disable private IP access for CRS sync
- Production default: false (secure)
- Test environment default: true (convenient for internal testing)

### 3. Flexible Configuration Support
- Added config.yaml mount support in both production and test environments
- Supports dual configuration methods:
  * config.yaml for detailed/complex configurations
  * Environment variables for quick overrides
- Priority: ENV vars > config.yaml > defaults

## Use Case
Enables CRS sync from internal deployments where CRS resolves to private IPs
(e.g., 10.x.x.x, 192.168.x.x) while maintaining security by default.

## Files Modified
- backend/internal/handler/admin/account_handler.go
- deploy/docker-compose.yml
- deploy/docker-compose-test.yml
This commit is contained in:
Jiahao Luo
2026-01-05 12:57:03 +08:00
parent 7cc7e15174
commit 204190f807
3 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/docker-compose-test.yml
View File

@@ -32,6 +32,8 @@ services:
volumes:
# Data persistence (config.yaml will be auto-generated here)
- sub2api_data:/app/data
# Mount custom config.yaml (optional, overrides auto-generated config)
- ./config.yaml:/app/data/config.yaml:ro
environment:
# =======================================================================
# Auto Setup (REQUIRED for Docker deployment)
@@ -95,6 +97,12 @@ services:
- GEMINI_OAUTH_CLIENT_SECRET=${GEMINI_OAUTH_CLIENT_SECRET:-}
- GEMINI_OAUTH_SCOPES=${GEMINI_OAUTH_SCOPES:-}
- GEMINI_QUOTA_POLICY=${GEMINI_QUOTA_POLICY:-}
# =======================================================================
# Security Configuration (URL Allowlist)
# =======================================================================
# Allow private IP addresses for CRS sync (for internal deployments)
- SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=${SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS:-true}
depends_on:
postgres:
condition: service_healthy

6
deploy/docker-compose.yml
View File

@@ -28,6 +28,8 @@ services:
volumes:
# Data persistence (config.yaml will be auto-generated here)
- sub2api_data:/app/data
# Mount custom config.yaml (optional, overrides auto-generated config)
- ./config.yaml:/app/data/config.yaml:ro
environment:
# =======================================================================
# Auto Setup (REQUIRED for Docker deployment)
@@ -93,9 +95,11 @@ services:
- GEMINI_QUOTA_POLICY=${GEMINI_QUOTA_POLICY:-}
# =======================================================================
# Security Configuration
# Security Configuration (URL Allowlist)
# =======================================================================
- SECURITY_URL_ALLOWLIST_UPSTREAM_HOSTS=${SECURITY_URL_ALLOWLIST_UPSTREAM_HOSTS:-}
# Allow private IP addresses for CRS sync (for internal deployments)
- SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=${SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS:-false}
depends_on:
postgres:
condition: service_healthy