refactor: update webui rules and docker compose

- Docker compose - tmpfs update /app/.next/cache to /app/node_modules/.cache - tmpfs add /tmp - Rules - Update rules for tanstack start + nitro - Stricter webui rules - Add webui dev rules
2026-03-17 23:14:21 +01:00 · 2026-02-05 22:53:35 +08:00
parent 0a2df3b9e3
commit 211e4ad465
3 changed files with 36 additions and 5 deletions
--- a/compose.example.yml
+++ b/compose.example.yml
@@ -31,8 +31,8 @@ services:
    user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000}
    read_only: true
    tmpfs:
-      - /app/.next/cache # next image caching
-
+      - /tmp:rw
+      - /app/node_modules/.cache:rw
      # for lite variant, do not change uid/gid
      # - /var/cache/nginx:uid=101,gid=101
      # - /run:uid=101,gid=101
--- a/internal/route/rules/presets/webui.yml
+++ b/internal/route/rules/presets/webui.yml
@@ -3,12 +3,19 @@
  do: pass
 - name: protected
  on: |
-    !path regex("(_next/static|_next/image|favicon.ico).*")
    !path glob("/api/v1/auth/*")
    !path glob("/auth/*")
-    !path regex("[A-Za-z0-9_-]+\.(svg|png|jpg|jpeg|gif|ico|webp|woff2?|eot|ttf|otf|txt)(\?.+)?")
+    !path /icon0.svg
+    !path /favicon.ico
+    !path /apple-icon.png
+    !path glob("/web-app-manifest-*x*.png")
+    !path regex("\/assets\/(chunks\/)?[a-zA-Z0-9\-_]+\.(css|js|woff2)")
+    !path regex("\/assets\/workbox-window\.prod\.es5-[a-zA-Z0-9]+\.js")
+    !path regex("/workbox-[a-zA-Z0-9]+\.js")
    !path /api/v1/version
-    !path /manifest.json
+    !path /manifest.webmanifest
+    !path /sw.js
+    !path /registerSW.js
  do: require_auth
 - name: proxy to backend
  on: path glob("/api/v1/*")
--- a/internal/route/rules/presets/webui_dev.yml
+++ b/internal/route/rules/presets/webui_dev.yml
@@ -0,0 +1,24 @@
+- name: login page
+  on: path /login
+  do: pass
+- name: protected
+  on: |
+    !path glob("@tanstack-start/*")
+    !path /@react-refresh
+    !path /@vite/client
+    !path regex("\?token=\w{5}-\w{5}")
+    !path glob("/@id/*")
+    !path glob("/api/v1/auth/*")
+    !path glob("/auth/*")
+    !path regex("[A-Za-z0-9_\-/]+\.(css|ts|js|mjs|svg|png|jpg|jpeg|gif|ico|webp|woff2?|eot|ttf|otf|txt)(\?.+)?")
+    !path /api/v1/version
+    !path /manifest.webmanifest
+  do: require_auth
+- name: proxy to backend
+  on: path glob("/api/v1/*")
+  do: proxy http://${API_ADDR}/
+- name: proxy to auth api
+  on: path glob("/auth/*")
+  do: |
+    rewrite /auth /api/v1/auth
+    proxy http://${API_ADDR}/