移除Host头验证中间件及相关逻辑,简化OAuth相关API的请求处理,优化代码结构和可读性。

This commit is contained in:
2025-09-22 20:29:46 +08:00
parent c1b5c76e5c
commit 75969253d0
10 changed files with 22 additions and 339 deletions
-10
View File
@@ -1,22 +1,12 @@
import { type ActionFunctionArgs, json } from "@remix-run/node";
import { OAuthClient } from "~/api/login/oauth-client";
import { OAUTH_CONFIG } from "~/config/api-config";
import { validateRequest, logSecurityEvent } from "~/middleware/host-validation";
/**
* 这个Action作为获取用户信息的服务器端代理。
* 它接收来自前端的`access_token`,然后在后端安全地获取用户信息。
*/
export async function action({ request }: ActionFunctionArgs) {
// 1. Host头验证
const hostValidation = validateRequest(request);
if (!hostValidation.valid) {
logSecurityEvent('host_validation_failed', hostValidation.error || 'Unknown validation error', request);
console.error('❌ OAuth UserInfo API Host验证失败:', hostValidation.error);
return json({ success: false, error: "Forbidden: Invalid Host header" }, { status: 403 });
}
// 2. 只允许POST请求
if (request.method !== "POST") {
return json({ success: false, error: "Method Not Allowed" }, { status: 405 });
}