fix: 修复绑定名称冲突 - 将PASSWORD改为AUTH_PASSWORD避免Cloudflare保留名称

2025-10-01 23:47:37 +08:00
parent fb5be70529
commit 4c052df342
5 changed files with 93 additions and 13 deletions
@@ -56,10 +56,10 @@ async function generateAuthCookie(
    authData.password = password;
  }

-  if (username && process.env.PASSWORD) {
+  if (username && process.env.AUTH_PASSWORD) {
    authData.username = username;
    // 使用密码作为密钥对用户名进行签名
-    const signature = await generateSignature(username, process.env.PASSWORD);
+    const signature = await generateSignature(username, process.env.AUTH_PASSWORD);
    authData.signature = signature;
    authData.timestamp = Date.now(); // 添加时间戳防重放攻击
  }
@@ -71,9 +71,9 @@ export async function POST(req: NextRequest) {
  try {
    // 本地 / localStorage 模式——仅校验固定密码
    if (STORAGE_TYPE === 'localstorage') {
-      const envPassword = process.env.PASSWORD;
+      const envPassword = process.env.AUTH_PASSWORD;

-      // 未配置 PASSWORD 时直接放行
+      // 未配置 AUTH_PASSWORD 时直接放行
      if (!envPassword) {
        const response = NextResponse.json({ ok: true });

@@ -136,7 +136,7 @@ export async function POST(req: NextRequest) {
    // 可能是站长，直接读环境变量
    if (
      username === process.env.USERNAME &&
-      password === process.env.PASSWORD
+      password === process.env.AUTH_PASSWORD
    ) {
      // 验证成功，设置认证cookie
      const response = NextResponse.json({ ok: true });
@@ -50,8 +50,8 @@ async function generateAuthCookie(username: string): Promise<string> {
    timestamp: Date.now(),
  };

-  // 使用process.env.PASSWORD作为签名密钥，而不是用户密码
-  const signingKey = process.env.PASSWORD || '';
+  // 使用process.env.AUTH_PASSWORD作为签名密钥，而不是用户密码
+  const signingKey = process.env.AUTH_PASSWORD || '';
  const signature = await generateSignature(username, signingKey);
  authData.signature = signature;

@@ -14,7 +14,7 @@ export async function middleware(request: NextRequest) {

  const storageType = process.env.NEXT_PUBLIC_STORAGE_TYPE || 'localstorage';

-  if (!process.env.PASSWORD) {
+  if (!process.env.AUTH_PASSWORD) {
    // 如果没有设置密码，重定向到警告页面
    const warningUrl = new URL('/warning', request.url);
    return NextResponse.redirect(warningUrl);
@@ -29,7 +29,7 @@ export async function middleware(request: NextRequest) {

  // localstorage模式：在middleware中完成验证
  if (storageType === 'localstorage') {
-    if (!authInfo.password || authInfo.password !== process.env.PASSWORD) {
+    if (!authInfo.password || authInfo.password !== process.env.AUTH_PASSWORD) {
      return handleAuthFailure(request, pathname);
    }
    return NextResponse.next();
@@ -46,7 +46,7 @@ export async function middleware(request: NextRequest) {
    const isValidSignature = await verifySignature(
      authInfo.username,
      authInfo.signature,
-      process.env.PASSWORD || ''
+      process.env.AUTH_PASSWORD || ''
    );

    // 签名验证通过即可