fix: auth bypass, SPA serving, and provider improvements (#97)
* feat(chat): polish syntax highlighting and tool payload rendering (#94) * [verified] feat(chat): polish syntax highlighting and tool payload rendering * [verified] fix(chat): tighten large tool payload rendering * docs: update data volume path in Docker docs Align documentation with docker-compose.yml change: hermes-web-ui-data -> hermes-web-ui, /app/dist/data -> /root/.hermes-web-ui Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: bundle server build and restructure service modules - Add build-server.mjs script for standalone server compilation - Add logger service with structured output - Restructure auth, gateway-manager, hermes-cli, hermes services - Update docker-compose volume mount path - Update tsconfig and entry point for bundled server Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: separate controllers from routes and centralize route registration - Extract business logic from route handlers into controllers/ - Add centralized route registry in routes/index.ts with public/auth/protected layers - Replace global auth whitelist with sequential middleware registration - Extract shared helpers to services/config-helpers.ts - Allow custom provider name to be user-editable in ProviderFormModal - Deduplicate custom providers by poolKey instead of base_url in getAvailable Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: auth bypass via path case, SPA serving, and provider improvements - Fix auth bypass: path case-insensitive check for /api, /v1, /upload - Fix SPA returning 401: skip auth for non-API paths (static files) - Fix profile switch: use local loading state instead of shared store ref - Auto-append /v1 to base_url when fetching models (frontend + backend) - Guard .env writing to built-in providers only - Add builtin field to provider presets, enable base_url input in form - Print auth token to console on startup (pino only writes to file) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Zhicheng Han <43314240+hanzckernel@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ekko
@@ -0,0 +1,54 @@
|
||||
import type { Context, Next } from 'koa'
|
||||
|
||||
// Shared route modules
|
||||
import { healthRoutes } from './health'
|
||||
import { webhookRoutes } from './webhook'
|
||||
import { uploadRoutes } from './upload'
|
||||
import { updateRoutes } from './update'
|
||||
|
||||
// Hermes route modules
|
||||
import { sessionRoutes } from './hermes/sessions'
|
||||
import { profileRoutes } from './hermes/profiles'
|
||||
import { skillRoutes } from './hermes/skills'
|
||||
import { memoryRoutes } from './hermes/memory'
|
||||
import { modelRoutes } from './hermes/models'
|
||||
import { providerRoutes } from './hermes/providers'
|
||||
import { configRoutes } from './hermes/config'
|
||||
import { logRoutes } from './hermes/logs'
|
||||
import { codexAuthRoutes } from './hermes/codex-auth'
|
||||
import { gatewayRoutes } from './hermes/gateways'
|
||||
import { weixinRoutes } from './hermes/weixin'
|
||||
import { proxyRoutes, proxyMiddleware } from './hermes/proxy'
|
||||
|
||||
/**
|
||||
* Register all routes on the Koa app.
|
||||
* Public routes are registered first, then auth middleware,
|
||||
* then all protected routes. Returns the proxy middleware (must be mounted last).
|
||||
*/
|
||||
export function registerRoutes(app: any, requireAuth: (ctx: Context, next: Next) => Promise<void>) {
|
||||
// --- Public routes (no auth required) ---
|
||||
app.use(healthRoutes.routes())
|
||||
app.use(webhookRoutes.routes())
|
||||
|
||||
// --- Auth middleware: all routes below require authentication ---
|
||||
app.use(requireAuth)
|
||||
|
||||
// --- Protected routes (auth required) ---
|
||||
app.use(uploadRoutes.routes())
|
||||
app.use(updateRoutes.routes()) // Must be before proxy (proxy catch-all matches everything)
|
||||
app.use(sessionRoutes.routes())
|
||||
app.use(profileRoutes.routes())
|
||||
app.use(skillRoutes.routes())
|
||||
app.use(memoryRoutes.routes())
|
||||
app.use(modelRoutes.routes())
|
||||
app.use(providerRoutes.routes())
|
||||
app.use(configRoutes.routes())
|
||||
app.use(logRoutes.routes())
|
||||
app.use(codexAuthRoutes.routes())
|
||||
app.use(gatewayRoutes.routes())
|
||||
app.use(weixinRoutes.routes())
|
||||
app.use(proxyRoutes.routes())
|
||||
|
||||
// Proxy catch-all middleware (must be last)
|
||||
return proxyMiddleware
|
||||
}
|
||||
Reference in New Issue
Block a user