chore: point services to run.app and add api CORS

2026-01-25 00:16:10 +08:00 · 2026-01-25 00:16:10 +08:00 · a0050806ff
commit a0050806ff
parent 0c335d8da2
4 changed files with 58 additions and 8 deletions
--- a/src/config/runtime-service-config.base.yaml
+++ b/src/config/runtime-service-config.base.yaml
@ -1,6 +1,6 @@
 # Base runtime configuration shared by all environments.
-apiBaseUrl: https://api.svc.plus
-authUrl: https://accounts.svc.plus
+apiBaseUrl: https://rag-server-svc-plus-266500572462.asia-northeast1.run.app
+authUrl: https://accounts-svc-plus-266500572462.asia-northeast1.run.app
 dashboardUrl: https://console.svc.plus
 internalApiBaseUrl: http://127.0.0.1:8090
 logLevel: info
--- a/src/config/runtime-service-config.prod.yaml
+++ b/src/config/runtime-service-config.prod.yaml
@ -2,10 +2,10 @@
 logLevel: warn
 regions:
  cn:
-    apiBaseUrl: https://cn-api.svc.plus
-    authUrl: https://accounts.svc.plus
+    apiBaseUrl: https://rag-server-svc-plus-266500572462.asia-northeast1.run.app
+    authUrl: https://accounts-svc-plus-266500572462.asia-northeast1.run.app
    dashboardUrl: https://console.svc.plus
  global:
-    apiBaseUrl: https://global-api.svc.plus
-    authUrl: https://accounts.svc.plus
+    apiBaseUrl: https://rag-server-svc-plus-266500572462.asia-northeast1.run.app
+    authUrl: https://accounts-svc-plus-266500572462.asia-northeast1.run.app
    dashboardUrl: https://console.svc.plus
--- a/src/config/runtime-service-config.sit.yaml
+++ b/src/config/runtime-service-config.sit.yaml
@ -1,5 +1,5 @@
 # Base runtime configuration shared by all environments.
-apiBaseUrl: https://dev-api.svc.plus
-authUrl: https://accounts.svc.plus
+apiBaseUrl: https://rag-server-svc-plus-266500572462.asia-northeast1.run.app
+authUrl: https://accounts-svc-plus-266500572462.asia-northeast1.run.app
 dashboardUrl: https://console.svc.plus
 logLevel: debug
--- a/src/middleware.ts
+++ b/src/middleware.ts
@ -0,0 +1,50 @@
+import { NextResponse } from 'next/server'
+import type { NextRequest } from 'next/server'
+
+const DEFAULT_ALLOWED_ORIGINS = 'https://console.svc.plus,http://localhost:3000'
+
+function parseAllowedOrigins() {
+  const raw = process.env.CORS_ALLOWED_ORIGINS ?? DEFAULT_ALLOWED_ORIGINS
+  return raw
+    .split(',')
+    .map((value) => value.trim())
+    .filter(Boolean)
+}
+
+function resolveAllowedOrigin(origin: string | null, allowed: string[]) {
+  if (!origin) return null
+  if (allowed.includes('*')) return '*'
+  return allowed.includes(origin) ? origin : null
+}
+
+function applyCorsHeaders(response: NextResponse, origin: string | null) {
+  if (!origin) return
+  response.headers.set('Access-Control-Allow-Origin', origin)
+  response.headers.set('Access-Control-Allow-Credentials', 'true')
+  response.headers.set('Access-Control-Allow-Methods', 'GET,POST,PUT,PATCH,DELETE,OPTIONS')
+  response.headers.set(
+    'Access-Control-Allow-Headers',
+    'Content-Type, Authorization, X-Requested-With, X-Account-Session',
+  )
+  response.headers.set('Vary', 'Origin')
+}
+
+export function middleware(request: NextRequest) {
+  const allowedOrigins = parseAllowedOrigins()
+  const originHeader = request.headers.get('origin')
+  const allowedOrigin = resolveAllowedOrigin(originHeader, allowedOrigins)
+
+  if (request.method === 'OPTIONS') {
+    const response = new NextResponse(null, { status: 204 })
+    applyCorsHeaders(response, allowedOrigin)
+    return response
+  }
+
+  const response = NextResponse.next()
+  applyCorsHeaders(response, allowedOrigin)
+  return response
+}
+
+export const config = {
+  matcher: ['/api/:path*'],
+}