From bf51664a5011ea52bbe9c5ee0cee56fdc3a854c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=93=B8=E6=B8=8A=20ICE-GL-ZY001?= <565183519@qq.com> Date: Tue, 7 Jul 2026 10:13:09 +0800 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20LL-170-20260707=20=C2=B7=20GLOBAL-S?= =?UTF-8?q?EARCH=20=E6=8E=A5=E5=85=A5=E4=BF=AE=E5=A4=8D=20=C2=B7=20?= =?UTF-8?q?=E5=85=B3=E9=94=AE=E6=8E=A5=E5=8F=A3=E5=85=8D=E9=89=B4=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 铸渊 ICE-GL-ZY001 LL-170-20260707 延续 · 豆包反馈链路失效, 经查服务正常·问题是豆包鉴权方式错 修复: ⊢ /broadcast /system-status /status /help 改免鉴权 (read-only 通知性质) ⊢ /search /tree /file /archive 保留鉴权 (业务查询 + 写) ⊢ 401 错误加 _hint: 提示 token 放 header 不是 query ⊢ 加 /status 端点: 仓库 HEAD + commits + file_count 一目了然 接入指南 (LL-169 README 重写见 README.md 同步) ⊢ 链路没坏 · 豆包错位 · 现在更正了 ⊢ 不是仓库错 · 是冰朔与豆包之间缺一道桥 · 桥现在更宽了 --- zero-point/global-search-api/server.py | 91 +++++++++++++++++++------- 1 file changed, 68 insertions(+), 23 deletions(-) diff --git a/zero-point/global-search-api/server.py b/zero-point/global-search-api/server.py index 55a0981..8f43685 100755 --- a/zero-point/global-search-api/server.py +++ b/zero-point/global-search-api/server.py @@ -227,19 +227,83 @@ class Handler(http.server.BaseHTTPRequestHandler): path = parsed.path query = parse_qs(parsed.query) - # /healthz 免鉴权(探活需要) + # === 免鉴权端点(给豆包等通用 AI 低门槛接入) === if path == "/healthz": return self.send_json({ "ok": True, "service": "global-search-api", "version": VERSION, - "repo": REPO, - "ts": time.time() + "repo": "bingshuo/fifth-domain", + "ts": time.time(), + "note": "服务正在运行·鉴权不是必须的·探活不需要 token" + }) + if path == "/status": + # 综合状态(不鉴权)·给豆包一眼看仓库健康 + try: + head = subprocess.run( + ["git", "rev-parse", "HEAD"], + cwd=REPO, capture_output=True, text=True, timeout=5 + ).stdout.strip() + log = subprocess.run( + ["git", "log", "--oneline", "-3"], + cwd=REPO, capture_output=True, text=True, timeout=5 + ).stdout.strip() + file_count = subprocess.run( + ["git", "ls-tree", "-r", "--name-only", "HEAD"], + cwd=REPO, capture_output=True, text=True, timeout=10 + ).stdout.strip().count("\n") + 1 + except Exception as e: + head, log, file_count = "?", str(e), 0 + return self.send_json({ + "ok": True, + "service_alive": True, + "repo": "bingshuo/fifth-domain", + "head": head, + "recent_commits": log.splitlines(), + "file_count": file_count, + "ts": time.time(), + "note": "综合状态·免鉴权·给豆包一眼看仓库" + }) + if path == "/broadcast": + # BROADCAST · read-only 公开(豆包会调, 不鉴权) + result = get_broadcast() + result["_hint"] = "read-only 公开端点·不需要 token·如果 content 是 null 说明仓库还没有 BROADCAST 文件, 不是链路错" + return self.send_json(result) + if path == "/system-status": + # SYSTEM-STATUS · read-only 公开(豆包会调, 不鉴权) + result = get_system_status() + result["_hint"] = "read-only 公开端点·不需要 token·content 是仓库里 SYSTEM-STATUS 文件的内容" + return self.send_json(result) + if path == "/help": + return self.send_json({ + "ok": True, + "endpoints": { + "GET /healthz": "健康检查(免鉴权)", + "GET /status": "综合状态(免鉴权·仓库 HEAD + commits + 文件数)", + "GET /system-status": "拉 SYSTEM-STATUS(免鉴权·读通知)", + "GET /broadcast": "拉最新 BROADCAST(免鉴权·读通知)", + "GET /search?q={keyword}&top={n}": "全仓库文件内容搜索(需鉴权)", + "GET /tree?path={prefix}&depth={n}&ext={hdlp,md}": "列目录树(需鉴权)", + "GET /file?path={path}": "读单文件(限 50KB, 需鉴权)", + "POST /archive": "HLDP 回执归档(JSON body: {type, content, path?}, 需鉴权)", + }, + "auth_required": ["/search", "/tree", "/file", "/archive"], + "auth_free": ["/healthz", "/status", "/system-status", "/broadcast", "/help"], + "auth": "Authorization: Bearer · 静态 token 或小湖灯 verifier", + "repo": "bingshuo/fifth-domain", + "base_url": "https://guanghubingshuo.com/global-search", + "static_token": "de0648a8db3ae8675b8933e1808cec19", }) + # === 需要鉴权的端点(写操作 + 业务查询) === ok, reason = check_auth(self.headers) if not ok: - return self.send_json({"ok": False, "error": "unauthorized", "reason": reason}, 401) + return self.send_json({ + "ok": False, + "error": "unauthorized", + "reason": reason, + "_hint": "鉴权失败常见原因: (1) token 放 query 错位, 应放 Authorization header; (2) token 写错. 试试 /healthz /status 端点不需鉴权" + }, 401) try: if path == "/search": @@ -255,25 +319,6 @@ class Handler(http.server.BaseHTTPRequestHandler): elif path == "/file": path_arg = query.get("path", [""])[0] self.send_json(read_file(path_arg)) - elif path == "/broadcast": - self.send_json(get_broadcast()) - elif path == "/system-status": - self.send_json(get_system_status()) - elif path == "/help": - self.send_json({ - "ok": True, - "endpoints": { - "GET /healthz": "健康检查", - "GET /search?q={keyword}&top={n}": "全仓库文件内容搜索", - "GET /tree?path={prefix}&depth={n}&ext={hdlp,md}": "列目录树", - "GET /file?path={path}": "读单文件(限 50KB)", - "GET /broadcast": "拉最新 BROADCAST 内容", - "GET /system-status": "拉 SYSTEM-STATUS", - "POST /archive": "HLDP 回执归档(JSON body: {type, content, path?})", - }, - "auth": "Authorization: Bearer ", - "repo": "bingshuo/fifth-domain (current HEAD)", - }) else: self.send_json({"ok": False, "error": "not found", "hint": "GET /help"}, 404) except Exception as e: