refactor(proxy): rename middleware to proxy

apps/web/proxy.ts

@@ -0,0 +1,102 @@
+import { NextRequest, NextResponse } from "next/server";
+
+const CSMS_INTERNAL_URL =
+  process.env.CSMS_INTERNAL_URL ?? process.env.NEXT_PUBLIC_CSMS_URL ?? "http://localhost:3001";
+
+/** 检查 CSMS 是否已完成初始化（有用户存在）。使用 cookie 缓存结果，避免每次请求都查询。 */
+async function isInitialized(
+  request: NextRequest,
+  useCache = true,
+): Promise<{ initialized: boolean; fromCache: boolean }> {
+  // 读缓存 cookie（仅在 useCache=true 时使用，避免 DB 重置后缓存陈旧）
+  if (useCache) {
+    const cached = request.cookies.get("helios_setup_done");
+    if (cached?.value === "1") {
+      return { initialized: true, fromCache: true };
+    }
+  }
+
+  try {
+    const res = await fetch(`${CSMS_INTERNAL_URL}/api/setup`, {
+      method: "GET",
+      headers: { "Content-Type": "application/json" },
+      // 短超时，避免阻塞
+      signal: AbortSignal.timeout(3000),
+    });
+    if (!res.ok) return { initialized: true, fromCache: false }; // 出错时放行，不阻止访问
+    const data = (await res.json()) as { initialized: boolean };
+    return { initialized: data.initialized, fromCache: false };
+  } catch {
+    // 无法连接 CSMS 时放行，不强制跳转
+    return { initialized: true, fromCache: false };
+  }
+}
+
+export async function proxy(request: NextRequest) {
+  const { pathname } = request.nextUrl;
+
+  // /setup 页面：已初始化则跳转登录
+  if (pathname === "/setup") {
+    const { initialized, fromCache } = await isInitialized(request);
+    if (initialized) {
+      return NextResponse.redirect(new URL("/login", request.url));
+    }
+    const res = NextResponse.next();
+    if (!fromCache) {
+      // 未初始化，确保缓存 cookie 不存在（若之前意外设置了）
+      res.cookies.delete("helios_setup_done");
+    }
+    return res;
+  }
+
+  // /dashboard 路由：检查 session，未登录跳转 /login
+  if (pathname.startsWith("/dashboard")) {
+    const { initialized, fromCache } = await isInitialized(request);
+
+    // 未初始化，先去 setup
+    if (!initialized) {
+      const res = NextResponse.redirect(new URL("/setup", request.url));
+      if (!fromCache) res.cookies.delete("helios_setup_done");
+      return res;
+    }
+
+    const sessionCookie =
+      request.cookies.get("helios.session_token") ??
+      request.cookies.get("__Secure-helios.session_token");
+
+    if (!sessionCookie) {
+      const loginUrl = new URL("/login", request.url);
+      const fromPath = request.nextUrl.search ? pathname + request.nextUrl.search : pathname;
+      loginUrl.searchParams.set("from", fromPath);
+      const res = NextResponse.redirect(loginUrl);
+      if (!fromCache)
+        res.cookies.set("helios_setup_done", "1", { path: "/", httpOnly: true, sameSite: "lax" });
+      return res;
+    }
+
+    const res = NextResponse.next();
+    if (!fromCache)
+      res.cookies.set("helios_setup_done", "1", { path: "/", httpOnly: true, sameSite: "lax" });
+    return res;
+  }
+
+  // /login 路由：未初始化则跳转 /setup（不使用缓存，防止 DB 重置后缓存陈旧）
+  if (pathname === "/login") {
+    const { initialized, fromCache } = await isInitialized(request, false);
+    if (!initialized) {
+      const res = NextResponse.redirect(new URL("/setup", request.url));
+      if (!fromCache) res.cookies.delete("helios_setup_done");
+      return res;
+    }
+    const res = NextResponse.next();
+    if (!fromCache)
+      res.cookies.set("helios_setup_done", "1", { path: "/", httpOnly: true, sameSite: "lax" });
+    return res;
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: ["/setup", "/login", "/dashboard/:path*"],
+};