Giter VIP home page Giter VIP logo

Comments (15)

mmqmzk avatar mmqmzk commented on May 19, 2024 1

不好意思, 检查了一下, 好像是我把 nginx 配错了

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

server/index.js
const port = isProduction? 3000: 8080;
const server = app.listen(port, () => {

没有很看懂你的意思。
解释一下,production下 express做全部的事情,只用一个3000的端口。dev模式下,express用的是8080,前端webpack用的是3000的端口。

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

发现非本地访问, 没有移动和删除漫画的功能, 应该是 这里 限制了, 建议加个可信域名配置吧, 有时候需要远程管理.

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

你觉得该怎么加?

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

加域名多麻烦 还不如搞个账号密码系统

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

前端的 webpack 不怎么懂, 可不可以在 user-config.js 里面 export 一个数组, 默认包含 localhost, 127.0.0.1, 用户可以自己加域名, 如果 localtion.hostname 包含任意一个可信域名就开启管理功能

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

有 https 直接加个 basic auth 就行了吧, 我就是这么做的
有办法把服务映射到公网的用户应该知道怎么弄

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

设计是纯LAN使用
映射到公网不安全
服务器的删除api没安全性检查的
别人很容易就可以把你电脑东西删光

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

我加个输密码开启删除权限

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

统一用 https auth 保护, 应该问题不大

from shigureader.

hjyssg avatar hjyssg commented on May 19, 2024

后端我不熟,你改一个https auth我看一下

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

image

未认证无法访问 /api

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

后端我不熟,你改一个 https auth 我看一下

这个是在 nginx 里面配的

  location / {
    auth_basic "Restricted access";
    auth_basic_user_file /etc/nginx/htpasswd.conf;
    proxy_buffering off;
    proxy_pass http://127.0.0.1:3000;
  }

当然要自己搞域名和证书
域名最便宜的可以用花生壳的二级域名, 十几块一个貌似可以长期使用, 正式的 (正式的就不建议花生壳了) 大概 100 多每年, 证书用 lets encrypt, 免费.

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

没有 https 的话, basic auth 和账号密码都不安全, 不建议架到外网, 所以这方面就提供个指导让用户自己搞吧.

from shigureader.

mmqmzk avatar mmqmzk commented on May 19, 2024

看到更新密码认证了, 这样也可以吧, 不过得提醒用户, 没有 https 真的不能搞到外网

from shigureader.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.