refactor(site): use NUXT_PUBLIC_SITE_URL instead of DB publicSiteUrl

Made-with: Cursor
3 weeks ago · 5ae04d4fac
9 changed files with 68 additions and 67 deletions
--- a/.env.example
+++ b/.env.example
@ -1,6 +1,8 @@
 # DATABASE_URL=postgresql://postgres:xxxxxx@localhost:6666/postgres
 DATABASE_URL=file:./db.sqlite
 NITRO_PORT=3399
+# 站点对外根 URL（含协议与域名，可带端口）。用于：① 媒体库复制绝对链接 ② 文章/资料里绝对地址图片是否计为本站 /public/assets/ 引用。生产环境务必设置，与浏览器访问地址一致。
+# NUXT_PUBLIC_SITE_URL=https://example.com
 # Optional: first admin for an empty instance. Creates an admin only when no user has role=admin yet (same username/password rules as registration).
 BOOTSTRAP_ADMIN_USERNAME=
 BOOTSTRAP_ADMIN_PASSWORD=
--- a/app/composables/useGlobalConfig.ts
+++ b/app/composables/useGlobalConfig.ts
@ -3,8 +3,6 @@ import { request, unwrapApiBody, type ApiResponse } from '../utils/http/factory'
 export type GlobalConfig = {
  siteName: string
  allowRegister: boolean
-  /** 与后台「站点对外地址」一致；空表示未配置 */
-  publicSiteUrl: string
 }

 type GlobalConfigResult = {
@ -14,7 +12,6 @@ type GlobalConfigResult = {
 const DEFAULT_GLOBAL_CONFIG: GlobalConfig = {
  siteName: 'Person Panel',
  allowRegister: true,
-  publicSiteUrl: '',
 }

 export function useGlobalConfig() {
--- a/app/pages/me/admin/config/index.vue
+++ b/app/pages/me/admin/config/index.vue
@ -7,7 +7,6 @@ type GlobalConfigPayload = {
  config: {
    siteName: string
    allowRegister: boolean
-    publicSiteUrl: string
    mediaOrphanAutoSweepEnabled: boolean
    mediaOrphanAutoSweepIntervalMinutes: number
  }
@ -22,7 +21,6 @@ const loading = ref(true)
 const saving = ref(false)
 const siteName = ref('')
 const allowRegister = ref(true)
-const publicSiteUrl = ref('')
 const mediaOrphanAutoSweepEnabled = ref(false)
 const mediaOrphanAutoSweepIntervalMinutes = ref(60)

@ -39,7 +37,6 @@ async function load() {
    const { config: cfg } = await fetchData<GlobalConfigPayload>('/api/config/global')
    siteName.value = cfg.siteName
    allowRegister.value = cfg.allowRegister
-    publicSiteUrl.value = typeof cfg.publicSiteUrl === 'string' ? cfg.publicSiteUrl : ''
    mediaOrphanAutoSweepEnabled.value = cfg.mediaOrphanAutoSweepEnabled
    mediaOrphanAutoSweepIntervalMinutes.value = cfg.mediaOrphanAutoSweepIntervalMinutes
  } finally {
@ -64,7 +61,6 @@ async function save() {
  try {
    await putKey('siteName', siteName.value.trim())
    await putKey('allowRegister', allowRegister.value)
-    await putKey('publicSiteUrl', publicSiteUrl.value.trim())
    await putKey('mediaOrphanAutoSweepEnabled', mediaOrphanAutoSweepEnabled.value)
    await putKey('mediaOrphanAutoSweepIntervalMinutes', mediaOrphanAutoSweepIntervalMinutes.value)
    await load()
@ -82,7 +78,7 @@ async function save() {
      应用配置
    </h1>
    <p class="text-sm text-muted">
-      全局设置：站点名称、对外访问地址、开放注册与媒体孤儿自动清扫。
+      全局设置：站点名称、开放注册与媒体孤儿自动清扫。
    </p>

    <UCard>
@ -103,12 +99,6 @@ async function save() {
          <UCheckbox v-model="allowRegister" label="开启" />
        </UFormField>
        <UFormField
-          label="站点对外地址"
-          description="含协议的站点根 URL（如 https://blog.example.com）。用于识别文章/资料里以绝对地址引用的本站 /public/assets/ 图片并计入媒体引用；留空则仅识别相对路径 /public/assets/...。"
-        >
-          <UInput v-model="publicSiteUrl" maxlength="256" placeholder="https://…" />
-        </UFormField>
-        <UFormField
          label="媒体孤儿自动清扫"
          description="全站生效、仅删除已过宽限期且无引用的图片、建议先在「图片孤儿审查」确认。"
        >
--- a/app/pages/me/media/index.vue
+++ b/app/pages/me/media/index.vue
@ -1,6 +1,5 @@
 <script setup lang="ts">
 import { useAuthSession } from '../../../composables/useAuthSession'
-import { useGlobalConfig } from '../../../composables/useGlobalConfig'

 definePageMeta({ title: '媒体库' })

@ -16,12 +15,12 @@ type MediaAssetRow = {

 const toast = useToast()
 const { refresh: refreshAuth } = useAuthSession()
-const { config, refresh: refreshGlobalConfig } = useGlobalConfig()
+const runtimeConfig = useRuntimeConfig()
 const { fetchData, getApiErrorMessage } = useClientApi()

-/** 与全局「站点对外地址」一致时复制出的绝对链接才会被服务端计入引用；未配置则退回当前页 origin。 */
+/** 与 `NUXT_PUBLIC_SITE_URL` / `runtimeConfig.public.siteUrl` 一致；未配置则退回当前页 origin。 */
 function resolveCopyOrigin(): string {
-  const raw = config.value.publicSiteUrl?.trim() ?? ''
+  const raw = String(runtimeConfig.public.siteUrl ?? '').trim()
  if (raw) {
    try {
      return new URL(raw).origin
@ -92,10 +91,9 @@ watch([page, pageSize], () => {
  void load()
 })

-onMounted(async () => {
-  await refreshAuth(true)
-  await refreshGlobalConfig()
-  await load()
+onMounted(() => {
+  void refreshAuth(true)
+  void load()
 })

 function openFilePicker() {
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@ -26,6 +26,12 @@ function resolveNuxtNitroErrorHandler(): string {

 export default defineNuxtConfig({
  compatibilityDate: '2025-07-15',
+  /** 部署时设置 `NUXT_PUBLIC_SITE_URL`（如 https://blog.example.com）可自动覆盖；用于媒体绝对链接与引用同步。 */
+  runtimeConfig: {
+    public: {
+      siteUrl: '',
+    },
+  },
  modules: ['@nuxt/ui'],
  css: ['~/assets/css/main.css'],
  ui: {
--- a/server/service/config/registry.ts
+++ b/server/service/config/registry.ts
@ -31,32 +31,6 @@ const CONFIG_REGISTRY = {
    defaultValue: true,
    userOverridable: false,
  }),
-  /**
-   * 站点对外访问根地址（含协议与域名，可带端口），用于识别 Markdown/封面中的绝对图片链接是否为本站资源。
-   * 留空则仅接受以 `/public/assets/` 开头的相对路径。
-   */
-  publicSiteUrl: defineConfig<string>({
-    key: "publicSiteUrl",
-    scope: "global",
-    valueType: "string",
-    defaultValue: "",
-    userOverridable: false,
-    validate: (value: string) => {
-      const t = value.trim();
-      if (!t) {
-        return true;
-      }
-      if (t.length > 256) {
-        return false;
-      }
-      try {
-        const u = new URL(t);
-        return (u.protocol === "http:" || u.protocol === "https:") && Boolean(u.host);
-      } catch {
-        return false;
-      }
-    },
-  }),
  mediaOrphanAutoSweepEnabled: defineConfig<boolean>({
    key: "mediaOrphanAutoSweepEnabled",
    scope: "global",
--- a/server/service/media/index.ts
+++ b/server/service/media/index.ts
@ -10,8 +10,8 @@ import {
  RELATIVE_ASSETS_DIR,
 } from "#server/constants/media";
 import { MEDIA_REF_OWNER_POST, MEDIA_REF_OWNER_PROFILE } from "#server/constants/media-refs";
-import { getGlobalConfigValue } from "#server/service/config";
 import { mergePostMediaUrls, mergeProfileMediaUrls, publicAssetUrlToStorageKey } from "#server/utils/post-media-urls";
+import { allowedOriginsFromSitePublicEnv } from "#server/utils/site-public";
 import { nextIntegerId } from "#server/utils/sqlite-id";

 const NEVER_REF_MS = MEDIA_ORPHAN_GRACE_HOURS_NEVER_REF * 3600 * 1000;
@ -184,22 +184,6 @@ export async function reconcileAssetTimestampsAfterRefChange(assetIds: number[])
  }
 }

-async function allowedAssetOriginsForRefs(): Promise<string[]> {
-  const raw = String(await getGlobalConfigValue("publicSiteUrl")).trim();
-  if (!raw) {
-    return [];
-  }
-  try {
-    const u = new URL(raw);
-    if (u.protocol !== "http:" && u.protocol !== "https:") {
-      return [];
-    }
-    return [u.origin];
-  } catch {
-    return [];
-  }
-}
-
 export async function syncPostMediaRefs(
  userId: number,
  postId: number,
@ -212,7 +196,7 @@ export async function syncPostMediaRefs(

  await dbGlobal.delete(mediaRefs).where(postRef);

-  const allowedOrigins = await allowedAssetOriginsForRefs();
+  const allowedOrigins = allowedOriginsFromSitePublicEnv();
  const urls = mergePostMediaUrls(bodyMarkdown, coverUrl, { allowedAssetOrigins: allowedOrigins });
  const keys = [...new Set(urls.map((u) => publicAssetUrlToStorageKey(u)).filter((k): k is string => k != null))];

@ -251,7 +235,7 @@ export async function syncProfileMediaRefs(

  await dbGlobal.delete(mediaRefs).where(profileRef);

-  const allowedOrigins = await allowedAssetOriginsForRefs();
+  const allowedOrigins = allowedOriginsFromSitePublicEnv();
  const urls = mergeProfileMediaUrls(bioMarkdown, avatar, { allowedAssetOrigins: allowedOrigins });
  const keys = [...new Set(urls.map((u) => publicAssetUrlToStorageKey(u)).filter((k): k is string => k != null))];

--- a/server/utils/site-public.test.ts
+++ b/server/utils/site-public.test.ts
@ -0,0 +1,26 @@
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import { allowedOriginsFromSitePublicEnv, getSitePublicUrlFromEnv } from "./site-public";
+
+describe("site-public env", () => {
+  const prev = process.env.NUXT_PUBLIC_SITE_URL;
+
+  afterEach(() => {
+    if (prev === undefined) {
+      delete process.env.NUXT_PUBLIC_SITE_URL;
+    } else {
+      process.env.NUXT_PUBLIC_SITE_URL = prev;
+    }
+  });
+
+  test("empty when env unset", () => {
+    delete process.env.NUXT_PUBLIC_SITE_URL;
+    expect(getSitePublicUrlFromEnv()).toBe("");
+    expect(allowedOriginsFromSitePublicEnv()).toEqual([]);
+  });
+
+  test("parses https origin", () => {
+    process.env.NUXT_PUBLIC_SITE_URL = "https://blog.example.com/posts";
+    expect(getSitePublicUrlFromEnv()).toBe("https://blog.example.com/posts");
+    expect(allowedOriginsFromSitePublicEnv()).toEqual(["https://blog.example.com"]);
+  });
+});
--- a/server/utils/site-public.ts
+++ b/server/utils/site-public.ts
@ -0,0 +1,24 @@
+/**
+ * 与 Nuxt `runtimeConfig.public.siteUrl` 同源：环境变量 **`NUXT_PUBLIC_SITE_URL`**
+ *（构建/启动时注入，见 `.env.example`）。
+ */
+export function getSitePublicUrlFromEnv(): string {
+  return (process.env.NUXT_PUBLIC_SITE_URL ?? "").trim();
+}
+
+/** 用于 `mergePostMediaUrls` 的 `allowedAssetOrigins`；无效或空则返回空数组。 */
+export function allowedOriginsFromSitePublicEnv(): string[] {
+  const raw = getSitePublicUrlFromEnv();
+  if (!raw) {
+    return [];
+  }
+  try {
+    const u = new URL(raw);
+    if (u.protocol !== "http:" && u.protocol !== "https:") {
+      return [];
+    }
+    return [u.origin];
+  } catch {
+    return [];
+  }
+}