Merge pull request #102 from shinonomeow/shino_aio

move poster to api/bangumi

Author: shinonomeow

backend/src/main.py

@@ -3,14 +3,13 @@
 from pathlib import Path
 
 import uvicorn
-from fastapi import Depends, FastAPI, HTTPException, Request
+from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import FileResponse, RedirectResponse
 from fastapi.staticfiles import StaticFiles
 from fastapi.templating import Jinja2Templates
+
 from module.api import lifespan, v1
 from module.conf import VERSION, settings, setup_logger
-from module.network import load_image
-from module.security.api import get_current_user
 
 setup_logger(reset=True)
 logger = logging.getLogger(__name__)
@@ -37,62 +36,47 @@ def create_app() -> FastAPI:
 
 
 app = create_app()
-
-
-@app.get("/posters/{path:path}", dependencies=[Depends(get_current_user)])
-async def get_poster(path: str):
-    """
-    安全的poster图片访问端点
-    - 添加了用户鉴权
-    - 防止路径遍历攻击
-    - 限制只能访问posters目录下的文件
-    """
-    # 验证路径安全性 - 阻止路径遍历
-    if ".." in path or path.startswith("/") or "\\" in path:
-        logger.warning(f"[Poster] Blocked path traversal attempt: {path}")
-        raise HTTPException(status_code=400, detail="Invalid path")
-
-    # 构建安全的文件路径
-    poster_dir = Path("data/posters")
-    post_path = poster_dir / Path(path)
-
-    # 确保解析后的路径仍在预期目录内
-    try:
-        post_path.resolve().relative_to(poster_dir.resolve())
-    except ValueError:
-        logger.warning(f"[Poster] Path outside allowed directory: {path}")
-        raise HTTPException(status_code=400, detail="Path outside allowed directory")
-
-    # 如果文件不存在，尝试下载
-    if not post_path.exists():
-        try:
-            await load_image(path)
-        except Exception as e:
-            logger.warning(f"[Poster] Failed to load image {path}: {e}")
-
-    # 返回文件
-    if post_path.exists() and post_path.is_file():
-        return FileResponse(
-            post_path,
-            media_type="image/jpeg",
-            headers={"Cache-Control": "public, max-age=86400"},  # 缓存1天
-        )
-    else:
-        logger.warning(f"[Poster] File not found: {post_path}")
-        raise HTTPException(status_code=404, detail="Poster not found")
-
-
 if VERSION != "DEV_VERSION":
     app.mount("/assets", StaticFiles(directory="dist/assets"), name="assets")
     app.mount("/images", StaticFiles(directory="dist/images"), name="images")
     templates = Jinja2Templates(directory="dist")
 
     @app.get("/{path:path}")
-    def html(request: Request, path: str):
-        files = os.listdir("dist")
-        if path in files:
-            return FileResponse(f"dist/{path}")
+    async def serve_spa(request: Request, path: str):
+        """
+        安全的SPA静态文件服务
+        - 防止路径遍历攻击
+        - 限制只能访问dist目录下的文件
+        - 对未匹配路由返回SPA入口页面
+        """
+        # 空路径或根路径，返回SPA入口页面
+        if not path or path == "/":
+            context = {"request": request}
+            return templates.TemplateResponse("index.html", context)
+
+        # 验证路径安全性 - 阻止路径遍历
+        if ".." in path or path.startswith("/") or "\\" in path:
+            logger.warning(f"[Static] Blocked path traversal attempt: {path}")
+            context = {"request": request}
+            return templates.TemplateResponse("index.html", context)
+
+        # 构建安全的文件路径
+        dist_dir = Path("dist").resolve()
+        file_path = (dist_dir / path).resolve()
+
+        # 确保解析后的路径仍在预期目录内
+        try:
+            file_path.relative_to(dist_dir)
+        except ValueError:
+            logger.warning(f"[Static] Path outside allowed directory: {path}")
+            context = {"request": request}
+            return templates.TemplateResponse("index.html", context)
+
+        # 如果文件存在且是文件，则返回
+        if file_path.exists() and file_path.is_file():
+            return FileResponse(file_path)
         else:
+            # 文件不存在，返回SPA入口页面（用于客户端路由）
             context = {"request": request}
             return templates.TemplateResponse("index.html", context)
 

webui/src/components/ab-image.vue

@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import { ErrorPicture } from '@icon-park/vue-next';
 
-withDefaults(
+const props = withDefaults(
   defineProps<{
     src?: string | null;
     aspectRatio?: number;
@@ -11,6 +11,15 @@ withDefaults(
     objectFit: 'cover',
   }
 );
+
+const transformedSrc = computed(() => {
+  if (!props.src) return null;
+  // Transform posters/ URLs to the new API endpoint
+  if (props.src.startsWith('posters/')) {
+    return props.src.replace('posters/', '/api/v1/bangumi/posters/');
+  }
+  return props.src;
+});
 </script>
 
 <template>
@@ -22,8 +31,8 @@ withDefaults(
       ></div>
 
       <img
-        v-if="src"
-        :src="src"
+        v-if="transformedSrc"
+        :src="transformedSrc"
         alt="poster"
         abs
         top-0
@@ -34,7 +43,7 @@ withDefaults(
     </template>
 
     <template v-else>
-      <img v-if="src" :src="src" alt="poster" :style="{ objectFit }" wh-full />
+      <img v-if="transformedSrc" :src="transformedSrc" alt="poster" :style="{ objectFit }" wh-full />
 
       <div v-else wh-full f-cer border="1 white">
         <ErrorPicture theme="outline" size="24" fill="#333" />

webui/vite.config.ts

@@ -101,8 +101,8 @@ export default defineConfig(({ mode }) => ({
   },
   server: {
     proxy: {
-      '^/api/.*': 'http://192.168.0.100:7892',
-      '^/posters/.*': 'http://192.168.0.100:7892',
+      '^/api/.*': 'http://127.0.0.1:7892',
+      // '^/api/.*': 'http://192.168.0.100:7892',
     },
   },
 }));