kqjy/MyFSIO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 13 Wiki Activity

Undo:

Browse Source 
Fix hardcoded localhost fallback
This commit is contained in:
kqjy
2025-11-22 23:28:00 +08:00
parent 92cf8825cf
commit e6ee341b93
1 changed files with 1 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/ui.py
View File

@@ -224,8 +224,7 @@ def logout():
@ui_bp.get("/docs") @ui_bp.get("/docs")
def docs_page(): def docs_page():
principal = _current_principal() principal = _current_principal()
# Use the current request's host as the default API base if not configured api_base = current_app.config.get("API_BASE_URL") or "http://127.0.0.1:5000"
api_base = current_app.config.get("API_BASE_URL") or request.host_url
api_base = api_base.rstrip("/") api_base = api_base.rstrip("/")
parsed = urlparse(api_base) parsed = urlparse(api_base)
api_host = parsed.netloc or parsed.path or api_base api_host = parsed.netloc or parsed.path or api_base
@@ -712,15 +711,10 @@ def object_presign(bucket_name: str, object_key: str):
except IamError as exc: except IamError as exc:
return jsonify({"error": str(exc)}), 403 return jsonify({"error": str(exc)}), 403
# Use internal URL for the connection to ensure reliability
# We ignore API_BASE_URL here because that might be set to a public domain
# which is not reachable from within the container (NAT/DNS issues).
connection_url = "http://127.0.0.1:5000" connection_url = "http://127.0.0.1:5000"
url = f"{connection_url}/presign/{bucket_name}/{object_key}" url = f"{connection_url}/presign/{bucket_name}/{object_key}"
headers = _api_headers() headers = _api_headers()
# Forward the host so the API knows the public URL
# We also add X-Forwarded-For to ensure ProxyFix middleware processes the headers
headers["X-Forwarded-Host"] = request.host headers["X-Forwarded-Host"] = request.host
headers["X-Forwarded-Proto"] = request.scheme headers["X-Forwarded-Proto"] = request.scheme
headers["X-Forwarded-For"] = request.remote_addr or "127.0.0.1" headers["X-Forwarded-For"] = request.remote_addr or "127.0.0.1"
@@ -732,13 +726,11 @@ def object_presign(bucket_name: str, object_key: str):
try: try:
body = response.json() body = response.json()
except ValueError: except ValueError:
# Handle XML error responses from S3 backend
text = response.text or "" text = response.text or ""
if text.strip().startswith("<"): if text.strip().startswith("<"):
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
try: try:
root = ET.fromstring(text) root = ET.fromstring(text)
# Try to find Message or Code
message = root.findtext(".//Message") or root.findtext(".//Code") or "Unknown S3 error" message = root.findtext(".//Message") or root.findtext(".//Code") or "Unknown S3 error"
body = {"error": message} body = {"error": message}
except ET.ParseError: except ET.ParseError:
@@ -948,7 +940,6 @@ def rotate_iam_secret(access_key: str):
return redirect(url_for("ui.iam_dashboard")) return redirect(url_for("ui.iam_dashboard"))
try: try:
new_secret = _iam().rotate_secret(access_key) new_secret = _iam().rotate_secret(access_key)
# If rotating own key, update session immediately so subsequent API calls (like presign) work
if principal and principal.access_key == access_key: if principal and principal.access_key == access_key:
creds = session.get("credentials", {}) creds = session.get("credentials", {})
creds["secret_key"] = new_secret creds["secret_key"] = new_secret
@@ -1040,7 +1031,6 @@ def update_iam_policies(access_key: str):
policies_raw = request.form.get("policies", "").strip() policies_raw = request.form.get("policies", "").strip()
if not policies_raw: if not policies_raw:
# Empty policies list is valid (clears permissions)
policies = [] policies = []
else: else:
try: try: