From 3bfa846db13d45c3288b87668a47292800b31dcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=85=AC=E6=98=8E?= <83812544+Ed1s0nZ@users.noreply.github.com> Date: Fri, 10 Jul 2026 18:45:07 +0800 Subject: [PATCH] Add files via upload --- config.example.yaml | 7 ++++--- web/static/css/style.css | 9 --------- web/static/js/api-docs.js | 9 +++------ web/templates/index.html | 1 - 4 files changed, 7 insertions(+), 19 deletions(-) diff --git a/config.example.yaml b/config.example.yaml index a21e7e2b..68a728bc 100644 --- a/config.example.yaml +++ b/config.example.yaml @@ -272,10 +272,11 @@ security: # MCP (Model Context Protocol) 用于工具注册和调用 mcp: enabled: false # 是否启用 MCP 服务器(http模式) - host: 0.0.0.0 # MCP 服务器监听地址 + host: 127.0.0.1 # MCP 服务器监听地址;需要远程访问时再显式修改并配置网络层访问控制 port: 8081 # MCP 服务器端口 - auth_header: "X-MCP-Token" # 鉴权:请求需携带该 header 且值与 auth_header_value 一致方可调用。留空表示不鉴权 - auth_header_value: "" # 鉴权密钥值(与 auth_header 配合使用,建议使用随机字符串) + auth_header: "X-MCP-Token" # 可选的全局服务凭证 Header;普通调用请使用用户 Authorization: Bearer Token + auth_header_value: "" # 全局服务凭证值,仅 allow_global_access=true 时生效 + allow_global_access: false # 高风险兼容模式:静态密钥映射为全局服务身份;默认请使用用户 Bearer Token # 外部 MCP 配置 external_mcp: servers: {} diff --git a/web/static/css/style.css b/web/static/css/style.css index a2e4e87a..cb74897a 100644 --- a/web/static/css/style.css +++ b/web/static/css/style.css @@ -4375,15 +4375,6 @@ html[data-theme="dark"] .user-menu-dropdown { border-bottom: 1px solid var(--border-color); } -.login-brand-logo { - width: 56px; - height: 56px; - margin: 0 auto 16px; - border-radius: 14px; - box-shadow: 0 6px 20px rgba(0, 102, 255, 0.2); - object-fit: cover; -} - .login-title { margin: 0; display: flex; diff --git a/web/static/js/api-docs.js b/web/static/js/api-docs.js index 2e0ae1db..f8e281e8 100644 --- a/web/static/js/api-docs.js +++ b/web/static/js/api-docs.js @@ -96,12 +96,9 @@ async function loadToken() { // 加载OpenAPI规范 async function loadAPISpec() { try { - let url = '/api/openapi/spec'; - if (currentToken) { - url += '?token=' + encodeURIComponent(currentToken); - } - - const response = await fetch(url); + const url = '/api/openapi/spec'; + const headers = currentToken ? { 'Authorization': `Bearer ${currentToken}` } : {}; + const response = await fetch(url, { headers }); if (!response.ok) { if (response.status === 401) { showError(_t('apiDocs.errorLoginRequired')); diff --git a/web/templates/index.html b/web/templates/index.html index df187bd3..ff311703 100644 --- a/web/templates/index.html +++ b/web/templates/index.html @@ -32,7 +32,6 @@