From b54747af0a169f2766e2c2ee13a04277f7e63fa0 Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Wed, 26 Nov 2025 13:26:15 +0800 Subject: [PATCH] perf: Optimize embedded compatibility for multi-domain verification --- backend/apps/system/crud/assistant.py | 2 +- backend/apps/system/middleware/auth.py | 2 +- frontend/public/assistant.js | 14 +++++++------- frontend/src/stores/assistant.ts | 8 ++++++++ frontend/src/utils/request.ts | 6 ++++++ frontend/src/views/embedded/index.vue | 3 +++ frontend/src/views/embedded/page.vue | 3 +++ 7 files changed, 29 insertions(+), 9 deletions(-) diff --git a/backend/apps/system/crud/assistant.py b/backend/apps/system/crud/assistant.py index 2196e61b..06b77abf 100644 --- a/backend/apps/system/crud/assistant.py +++ b/backend/apps/system/crud/assistant.py @@ -149,7 +149,7 @@ def get_complete_endpoint(self, endpoint: str) -> str | None: if not domain_text: return None if ',' in domain_text: - return self.request_origin.strip('/') if self.request_origin else domain_text.split(',')[0].strip('/') + endpoint + return (self.request_origin.strip('/') if self.request_origin else domain_text.split(',')[0].strip('/')) + endpoint else: return f"{domain_text}{endpoint}" diff --git a/backend/apps/system/middleware/auth.py b/backend/apps/system/middleware/auth.py index 4aaffd58..ecc7b416 100644 --- a/backend/apps/system/middleware/auth.py +++ b/backend/apps/system/middleware/auth.py @@ -40,7 +40,7 @@ async def dispatch(self, request, call_next): if validator[0]: request.state.current_user = validator[1] request.state.assistant = validator[2] - origin = request.headers.get("origin") or get_origin_from_referer(request) + origin = request.headers.get("X-SQLBOT-HOST-ORIGIN") or get_origin_from_referer(request) if origin and validator[2]: request.state.assistant.request_origin = origin return await call_next(request) diff --git a/frontend/public/assistant.js b/frontend/public/assistant.js index 270c28b7..a986eaa9 100644 --- a/frontend/public/assistant.js +++ b/frontend/public/assistant.js @@ -539,12 +539,15 @@ return } if (event.data?.busi == 'ready' && event.data?.ready) { - const certificate = parsrCertificate(data) params = { - busi: 'certificate', - certificate, eventName, messageId: id, + hostOrigin: window.location.origin, + } + if (data.type === 1) { + const certificate = parsrCertificate(data) + params['busi'] = 'certificate' + params['certificate'] = certificate } const contentWindow = iframe.contentWindow contentWindow.postMessage(params, url) @@ -596,10 +599,7 @@ tempData['userFlag'] = userFlag tempData['history'] = history initsqlbot_assistant(tempData) - if (data.type == 1) { - registerMessageEvent(id, tempData) - // postMessage the certificate to iframe - } + registerMessageEvent(id, tempData) }) .catch((e) => { showMsg('嵌入失败', e.message) diff --git a/frontend/src/stores/assistant.ts b/frontend/src/stores/assistant.ts index 5b27fec4..46b7a789 100644 --- a/frontend/src/stores/assistant.ts +++ b/frontend/src/stores/assistant.ts @@ -21,6 +21,7 @@ interface AssistantState { online: boolean pageEmbedded?: boolean history: boolean + hostOrigin: string requestPromiseMap: Map } @@ -36,6 +37,7 @@ export const AssistantStore = defineStore('assistant', { online: false, pageEmbedded: false, history: true, + hostOrigin: '', requestPromiseMap: new Map(), } }, @@ -70,6 +72,9 @@ export const AssistantStore = defineStore('assistant', { getEmbedded(): boolean { return this.assistant && this.type === 4 }, + getHostOrigin(): string { + return this.hostOrigin + }, }, actions: { refreshCertificate() { @@ -138,6 +143,9 @@ export const AssistantStore = defineStore('assistant', { setHistory(history: boolean) { this.history = history ?? true }, + setHostOrigin(origin: string) { + this.hostOrigin = origin + }, async setChat() { if (!this.assistant) { return null diff --git a/frontend/src/utils/request.ts b/frontend/src/utils/request.ts index cbf22931..ca366dfc 100644 --- a/frontend/src/utils/request.ts +++ b/frontend/src/utils/request.ts @@ -100,6 +100,9 @@ class HttpService { if (!assistantStore.getType || assistantStore.getType === 2) { config.headers['X-SQLBOT-ASSISTANT-ONLINE'] = assistantStore.getOnline } + if (assistantStore.getHostOrigin) { + config.headers['X-SQLBOT-HOST-ORIGIN'] = assistantStore.getHostOrigin + } } const locale = getLocale() if (locale) { @@ -302,6 +305,9 @@ class HttpService { encodeURIComponent(assistantStore.getCertificate) ) } + if (assistantStore.getHostOrigin) { + heads['X-SQLBOT-HOST-ORIGIN'] = assistantStore.getHostOrigin + } if (!assistantStore.getType || assistantStore.getType === 2) { heads['X-SQLBOT-ASSISTANT-ONLINE'] = assistantStore.getOnline } diff --git a/frontend/src/views/embedded/index.vue b/frontend/src/views/embedded/index.vue index 18b6e8d6..b7fc61cc 100644 --- a/frontend/src/views/embedded/index.vue +++ b/frontend/src/views/embedded/index.vue @@ -76,6 +76,9 @@ const communicationCb = async (event: any) => { assistantStore.setCertificate(certificate) assistantStore.resolveCertificate(certificate) } + if (event.data?.hostOrigin) { + assistantStore.setHostOrigin(event.data?.hostOrigin) + } if (event.data?.busi == 'setOnline') { setFormatOnline(event.data.online) } diff --git a/frontend/src/views/embedded/page.vue b/frontend/src/views/embedded/page.vue index aeb3bae2..e8ab6f8e 100644 --- a/frontend/src/views/embedded/page.vue +++ b/frontend/src/views/embedded/page.vue @@ -66,6 +66,9 @@ const communicationCb = async (event: any) => { assistantStore.setCertificate(certificate) assistantStore.resolveCertificate(certificate) } + if (event.data?.hostOrigin) { + assistantStore.setHostOrigin(event.data?.hostOrigin) + } if (event.data?.busi == 'setOnline') { setFormatOnline(event.data.online) }