移除 cookie 的 secure 属性

Dockerfile

@@ -31,7 +31,6 @@ RUN pnpm run build
 FROM base AS runner
 WORKDIR /app
 
-ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
 
 RUN addgroup --system --gid 1001 nodejs

src/actions/auth/auth.ts

@@ -40,25 +40,21 @@ export async function login(props: LoginParams): Promise<ApiResponse> {
   cookieStore.set('auth_token', data.access_token, {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: Math.max(future, 0),
   })
   cookieStore.set('auth_refresh', data.refresh_token, {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: 7 * 24 * 3600,
   })
   cookieStore.set('auth_info', JSON.stringify(data.auth), {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: 7 * 24 * 3600,
   })
   cookieStore.set('auth_profile', JSON.stringify(data.profile), {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: 7 * 24 * 3600,
   })
 
@@ -85,25 +81,21 @@ export async function logout() {
   cookieStore.set('auth_token', '', {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: -1,
   })
   cookieStore.set('auth_refresh', '', {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: -1,
   })
   cookieStore.set('auth_info', '', {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: -1,
   })
   cookieStore.set('auth_profile', '', {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: -1,
   })
 
@@ -140,7 +132,6 @@ export async function getProfile(refresh: boolean = false) {
   cookie.set('auth_profile', JSON.stringify(result.data), {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: 7 * 24 * 3600,
   })
 

src/actions/auth/verify.ts

@@ -1,5 +1,4 @@
 'use server'
-// 验证验证码函数
 import {cookies} from 'next/headers'
 import crypto from 'crypto'
 import {ApiResponse} from '@/lib/api'
@@ -43,8 +42,6 @@ export default async function verify(props: VerifyParams): Promise<ApiResponse>
 }
 
 async function verifyCaptcha(userInput: string): Promise<boolean> {
-  console.log("验证验证码:", userInput)
-  
   const cookieStore = await cookies()
   const hash = cookieStore.get('captcha_hash')?.value
   const salt = cookieStore.get('captcha_salt')?.value
@@ -63,7 +60,6 @@ async function verifyCaptcha(userInput: string): Promise<boolean> {
 
   // 比较哈希值
   const isValid = hash === userInputHash
-  console.log('验证码验证结果:', isValid, hash, userInputHash)
 
   // 验证后删除验证码cookie，防止重复使用
   if (isValid) {

src/actions/base.ts

@@ -156,13 +156,11 @@ async function getUserToken(refresh = false): Promise<string> {
   cookie.set('auth_token', nextAccessToken, {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: Math.max(expiresIn, 0),
   })
   cookie.set('auth_refresh', nextRefreshToken, {
     httpOnly: true,
     sameSite: 'strict',
-    secure: process.env.NODE_ENV === 'production',
     maxAge: 7 * 24 * 3600, // 7天
   })
 

src/app/(auth)/captcha/route.ts

@@ -73,13 +73,11 @@ export async function GET(request: Request) {
     .set('captcha_hash', hash, {
       httpOnly: true,
       sameSite: 'strict',
-      secure: process.env.NODE_ENV === 'production',
       maxAge: 60,
     })
     .set('captcha_salt', salt, {
       httpOnly: true,
       sameSite: 'strict',
-      secure: process.env.NODE_ENV === 'production',
       maxAge: 60,
     })