jim800121chen
8cd5751ce3
依 R5 五輪決策把 visionA-local 從「Wails 內嵌 Next.js」重構為「Wails
本機伺服器控制台 + 瀏覽器 Web UI」模式(類比 Docker Desktop / Ollama)。
程式碼變動
- M8-1 砍 yt-dlp 全套(後端 resolver / URL handler / 前端 URL tab /
Makefile vendor / installer / bootstrap / CI workflow,-555 行)
- M8-2 砍 Mock 模式全套(driver/mock、mock_camera、Settings runtimeMode、
VISIONA_MOCK 環境變數,-528 行)
- M8-3 ffmpeg 從 GPL 切換到 LGPL 混合方案:Windows/Linux 用 BtbN 現成
LGPL binary,macOS 自 build minimal decoder-only 進 git
(vendor/ffmpeg/macos/ffmpeg 5.7MB + ffprobe 5.6MB,比 GPL 版省 85% 空間)
- M8-4 Wails Server Controller:state machine、log ring buffer 2000 行、
preferences.json atomic write、boot-id、Gin SkipPaths、shutdown 7+1 秒、
notify_*.go 三平台 OS 通知、watchServer 改 Error state 不 os.Exit
- M8-4b 啟動階段管線 R5-E:6 階段進度 event、20s soft / 60s hard timeout、
stage 5/6 skip 規則、sentinel file、RestartStartupSequence 5 步驟
- M8-5 Wails 控制台 vanilla HTML/JS/CSS(9 檔 ~2012 行)取代 M7-B splash:
state 視覺、log panel、startup progress panel、Stage 6 manual CTA
pulse、shutdown modal、Settings、Dark Mode、i18n 中英雙語
- M8-6 上傳影片副檔名擴充(mp4/avi/mov/mpeg/mpg)
- M8-7 Web UI Server Offline Overlay(role=alertdialog + focus trap +
wsEverConnected 容錯 + Page Visibility)
- M8-8 CORS middleware(127.0.0.1/localhost only + suffix attack 防護)+
ws/origin.go 獨立 WebSocket CheckOrigin 避 package cycle
- MAJ-4 server:shutdown-imminent WebSocket broadcast 機制
(/ws/system endpoint + notifyShutdownImminent helper)
- M8-9 Boot-ID + 瀏覽器 tab 自動重連(sessionStorage loop guard)
品質
- ~105+ 新 unit test + race detector (-count=2) 全綠
- 10 個 milestone 全部通過 Reviewer 審查
- 三方 v2 + v2.1 文件(PRD / Design Spec / TDD)+ 交叉互審紀錄
收錄在 .autoflow/
交付前待處理(M8-10)
- 重跑 make payload-macos 把舊 GPL 77MB binary 換成新 LGPL
- 三平台 end-to-end build 驗證
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
39 lines
1.0 KiB
Go
39 lines
1.0 KiB
Go
package ws
|
||
|
||
import (
|
||
"net/http"
|
||
"testing"
|
||
)
|
||
|
||
// TestCheckOrigin 驗證 WebSocket upgrade 的 origin 白名單(M8-8 / TDD §5)。
|
||
func TestCheckOrigin(t *testing.T) {
|
||
cases := []struct {
|
||
name string
|
||
origin string
|
||
want bool
|
||
}{
|
||
{"empty same-origin", "", true},
|
||
{"loopback 127.0.0.1", "http://127.0.0.1:3721", true},
|
||
{"loopback localhost", "http://localhost:3000", true},
|
||
{"loopback ipv6", "http://[::1]:3721", true},
|
||
{"https 不允許", "https://127.0.0.1:3721", false},
|
||
{"非 loopback hostname", "http://192.168.1.5:3721", false},
|
||
{"惡意網站", "http://evil.com", false},
|
||
{"null origin", "null", false},
|
||
{"suffix 攻擊", "http://127.0.0.1.evil.com", false},
|
||
}
|
||
|
||
for _, tc := range cases {
|
||
t.Run(tc.name, func(t *testing.T) {
|
||
req, _ := http.NewRequest(http.MethodGet, "http://127.0.0.1:3721/ws/devices/events", nil)
|
||
if tc.origin != "" {
|
||
req.Header.Set("Origin", tc.origin)
|
||
}
|
||
got := CheckOrigin(req)
|
||
if got != tc.want {
|
||
t.Errorf("CheckOrigin(%q) = %v, want %v", tc.origin, got, tc.want)
|
||
}
|
||
})
|
||
}
|
||
}
|