feat(logging): inject x-request-id in proxy.ts

This commit is contained in:
SpecialX
2026-07-07 12:01:55 +08:00
parent dce2561751
commit c44f19aefd
2 changed files with 80 additions and 21 deletions

View File

@@ -17,7 +17,11 @@ import {
export async function proxy(request: NextRequest) {
const { pathname } = request.nextUrl
// Skip static assets and auth pages
// 生成或复用 requestIdWeb Crypto APIEdge Runtime 兼容)
const requestId =
request.headers.get("x-request-id") ?? crypto.randomUUID()
// 跳过静态资源和登录页:仍注入 requestId 便于关联下游
if (
pathname.startsWith("/_next") ||
pathname.startsWith("/api/auth") ||
@@ -25,7 +29,9 @@ export async function proxy(request: NextRequest) {
pathname === "/register" ||
pathname === "/favicon.ico"
) {
return NextResponse.next()
return NextResponse.next({
request: { headers: injectRequestId(request, requestId) },
})
}
const token = await getToken({
@@ -33,15 +39,14 @@ export async function proxy(request: NextRequest) {
secret: process.env.NEXTAUTH_SECRET,
})
// Not authenticated → redirect to login
// 未认证 → 重定向到登录页
if (!token) {
const loginUrl = new URL("/login", request.url)
loginUrl.searchParams.set("callbackUrl", request.url)
return NextResponse.redirect(loginUrl)
}
// Onboarding gate: 未完成引导的用户只能访问 /onboarding 与白名单路径
// 修复 P2-1用 middleware 强制重定向替代客户端 Dialog
// Onboarding gate
const onboarded = Boolean(token.onboarded)
const isOnboardingPath = pathname === "/onboarding" || pathname.startsWith("/onboarding/")
const isWhitelistedApi = pathname.startsWith("/api/auth") || pathname.startsWith("/api/onboarding")
@@ -49,7 +54,6 @@ export async function proxy(request: NextRequest) {
const onboardingUrl = new URL("/onboarding", request.url)
return NextResponse.redirect(onboardingUrl)
}
// 已完成 onboarding 的用户不应停留在 /onboarding
if (onboarded && isOnboardingPath) {
const roles: string[] = (token.roles as string[]) ?? []
const defaultPath = resolveDefaultPath(roles)
@@ -78,7 +82,6 @@ export async function proxy(request: NextRequest) {
}
// Check page route permissions
// 优先级 1精确路由权限覆盖前缀匹配用于将 /admin/* 下特定页面开放给非管理员)
if (Object.prototype.hasOwnProperty.call(SPECIFIC_ROUTE_PERMISSIONS, pathname)) {
const requiredPerm = SPECIFIC_ROUTE_PERMISSIONS[pathname]
if (!hasPermission(requiredPerm)) {
@@ -88,10 +91,11 @@ export async function proxy(request: NextRequest) {
redirectUrl.searchParams.set("reason", "forbidden")
return NextResponse.redirect(redirectUrl)
}
return NextResponse.next()
return NextResponse.next({
request: { headers: injectRequestId(request, requestId) },
})
}
// 优先级 2仪表盘路由的细粒度权限防止跨角色访问仪表盘
if (Object.prototype.hasOwnProperty.call(DASHBOARD_ROUTE_PERMISSIONS, pathname)) {
const requiredPerm = DASHBOARD_ROUTE_PERMISSIONS[pathname]
if (!hasPermission(requiredPerm)) {
@@ -101,15 +105,15 @@ export async function proxy(request: NextRequest) {
redirectUrl.searchParams.set("reason", "forbidden")
return NextResponse.redirect(redirectUrl)
}
return NextResponse.next()
return NextResponse.next({
request: { headers: injectRequestId(request, requestId) },
})
}
for (const [prefix, requiredPerm] of Object.entries(ROUTE_PREFIX_PERMISSIONS)) {
if (pathname.startsWith(prefix)) {
if (!hasPermission(requiredPerm)) {
const defaultPath = resolveDefaultPath(roles)
// Carry original path + reason in URL so the target page can explain
// why the user was redirected (Web Interface Guidelines: URL reflects state).
const redirectUrl = new URL(defaultPath, request.url)
redirectUrl.searchParams.set("from", pathname)
redirectUrl.searchParams.set("reason", "forbidden")
@@ -119,7 +123,23 @@ export async function proxy(request: NextRequest) {
}
}
return NextResponse.next()
const response = NextResponse.next({
request: { headers: injectRequestId(request, requestId) },
})
response.headers.set("x-request-id", requestId)
return response
}
/**
* 创建包含 x-request-id 的新 Headers 对象。
* 通过 NextResponse.next({ request: { headers } }) 注入到下游 RSC 请求。
*
* 注意proxy.ts 在 Edge Runtime 运行,不能导入 node:async_hooks 或 request-context.ts。
*/
function injectRequestId(request: NextRequest, requestId: string): Headers {
const headers = new Headers(request.headers)
headers.set("x-request-id", requestId)
return headers
}
export const config = {