From d9229ec093ec68b1446860365cdafc83b1e28624 Mon Sep 17 00:00:00 2001
From: zpc <zpc1131@gamil.com>
Date: Wed, 14 Jan 2026 01:12:07 +0800
Subject: [PATCH 1/4] 33

---
 nginx/html_app.zpc-xy.com.conf | 72 ++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 nginx/html_app.zpc-xy.com.conf

diff --git a/nginx/html_app.zpc-xy.com.conf b/nginx/html_app.zpc-xy.com.conf
new file mode 100644
index 0000000..31c3ba4
--- /dev/null
+++ b/nginx/html_app.zpc-xy.com.conf
@@ -0,0 +1,72 @@
+server
+{
+    listen 80;
+    listen 443 ssl;
+    listen 443 quic;
+    http2 on;
+    server_name app.zpc-xy.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/app.zpc-xy.com;
+    include /www/server/panel/vhost/nginx/extension/app.zpc-xy.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除并保持这段设置在优先级高的位置
+    include /www/server/panel/vhost/nginx/well-known/app.zpc-xy.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
+    #error_page 404/404.html;
+    ssl_certificate    /www/server/panel/vhost/cert/app.zpc-xy.com/fullchain.pem;
+    ssl_certificate_key    /www/server/panel/vhost/cert/app.zpc-xy.com/privkey.pem;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"';
+    error_page 497  https://$host$request_uri;
+
+    #SSL-END
+
+    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+
+    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
+    include /www/server/panel/vhost/rewrite/html_app.zpc-xy.com.conf;
+    #REWRITE-END
+
+    #禁止访问的文件或目录
+    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
+    {
+        return 404;
+    }
+
+    #一键申请SSL证书验证目录相关设置
+    location ~ \.well-known{
+        allow all;
+    }
+
+    #禁止在证书验证目录放入敏感文件
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+        return 403;
+    }
+
+    location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$
+    {
+        expires      30d;
+        error_log /dev/null;
+        access_log /dev/null;
+    }
+
+    location ~ .*\\.(js|css)?$
+    {
+        expires      12h;
+        error_log /dev/null;
+        access_log /dev/null;
+    }
+    access_log  /www/wwwlogs/app.zpc-xy.com.log;
+    error_log  /www/wwwlogs/app.zpc-xy.com.error.log;
+}
\ No newline at end of file

From da45ce2a9656da173c7ea48e9ea455854d9e7ccd Mon Sep 17 00:00:00 2001
From: zpc <zpc1131@gamil.com>
Date: Wed, 14 Jan 2026 01:36:40 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E7=89=88=E6=9C=AC1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginx/html_app.zpc-xy.com.conf | 40 ++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/nginx/html_app.zpc-xy.com.conf b/nginx/html_app.zpc-xy.com.conf
index 31c3ba4..9391132 100644
--- a/nginx/html_app.zpc-xy.com.conf
+++ b/nginx/html_app.zpc-xy.com.conf
@@ -38,12 +38,52 @@ server
     include /www/server/panel/vhost/rewrite/html_app.zpc-xy.com.conf;
     #REWRITE-END
 
+    #跨域处理
+    add_header Access-Control-Allow-Origin * always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
+    add_header Access-Control-Allow-Headers $http_access_control_request_headers always;
+    add_header Access-Control-Max-Age 86400 always;
+    add_header Access-Control-Allow-Credentials true always;
+
     #禁止访问的文件或目录
     location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
     {
         return 404;
     }
 
+    #子目录API转发规则 - 用^~确保优先级最高
+    location ^~ /xyqj/api/ {
+        #处理OPTIONS预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
+            add_header Access-Control-Allow-Headers $http_access_control_request_headers always;
+            add_header Access-Control-Max-Age 86400 always;
+            add_header Access-Control-Allow-Credentials true always;
+            return 204;
+        }
+        
+        proxy_pass http://192.168.195.15:2802/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        
+        #重写响应体中的绝对路径，添加/xyqj/api前缀
+        sub_filter '"url":"/' '"url":"/xyqj/api/';
+        sub_filter 'href="/' 'href="/xyqj/api/';
+        sub_filter 'src="/' 'src="/xyqj/api/';
+        sub_filter_once off;
+        
+        #转发时的跨域处理
+        add_header Access-Control-Allow-Origin * always;
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
+        add_header Access-Control-Allow-Headers $http_access_control_request_headers always;
+        add_header Access-Control-Max-Age 86400 always;
+        add_header Access-Control-Allow-Credentials true always;
+    }
+
     #一键申请SSL证书验证目录相关设置
     location ~ \.well-known{
         allow all;

From 83fd02c4c0bcb2b924c61d1f3a0b8ccbac18bc43 Mon Sep 17 00:00:00 2001
From: zpc <zpc1131@gamil.com>
Date: Sat, 24 Jan 2026 19:47:56 +0800
Subject: [PATCH 3/4] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98=E7=A7=81=E9=92=A5=E6=A0=BC=E5=BC=8F=E8=A7=A3?=
 =?UTF-8?q?=E6=9E=90=E9=97=AE=E9=A2=98=20-=20=E5=A4=84=E7=90=86JSON?=
 =?UTF-8?q?=E4=B8=AD=E8=BD=AC=E4=B9=89=E7=9A=84=E6=8D=A2=E8=A1=8C=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 miniapp/config/index.js                                   | 4 ++--
 server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/miniapp/config/index.js b/miniapp/config/index.js
index bbe8a5f..6bdbd8d 100644
--- a/miniapp/config/index.js
+++ b/miniapp/config/index.js
@@ -15,7 +15,7 @@ const ENV = {
 	},
 	// 生产环境 - 部署时修改这里的地址
 	production: {
-		API_BASE_URL: 'https://app.zpc-xy.com/xyqj/api/app',
+		API_BASE_URL: 'https://app.zpc-xy.com/xyqj/api/api/app',
 		STATIC_BASE_URL: 'https://app.zpc-xy.com',
 		ADMIN_API_BASE_URL: 'https://app.zpc-xy.com/xyqj/admin/',
 		SIGNALR_URL: 'wss://app.zpc-xy.com/xyqj/api/hubs/chat'
@@ -23,7 +23,7 @@ const ENV = {
 }
 
 // 当前环境 - 开发时使用 development，打包时改为 production
-const CURRENT_ENV = 'development'
+const CURRENT_ENV = 'production'
 
 // 导出配置
 export const config = {
diff --git a/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs b/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
index fbf338b..dcf13bd 100644
--- a/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
+++ b/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
@@ -430,7 +430,9 @@ public class WeChatService : IWeChatService
     private string SignWithPrivateKey(string message)
     {
         using var rsa = RSA.Create();
-        rsa.ImportFromPem(_options.Pay.PrivateKey);
+        // 处理 JSON 中转义的换行符
+        var privateKey = _options.Pay.PrivateKey.Replace("\\n", "\n");
+        rsa.ImportFromPem(privateKey);
 
         var data = Encoding.UTF8.GetBytes(message);
         var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

From dfc352a64a836a788eec21bdb5a8e3a730cb62b5 Mon Sep 17 00:00:00 2001
From: zpc <zpc1131@gamil.com>
Date: Sat, 24 Jan 2026 19:51:04 +0800
Subject: [PATCH 4/4] =?UTF-8?q?fix:=20=E6=94=B9=E4=B8=BA=E4=BC=98=E5=85=88?=
 =?UTF-8?q?=E4=BB=8E=E6=96=87=E4=BB=B6=E8=AF=BB=E5=8F=96=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98=E7=A7=81=E9=92=A5=EF=BC=8C=E6=8F=90=E9=AB=98?=
 =?UTF-8?q?=E5=8F=AF=E9=9D=A0=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../WeChat/WeChatService.cs                   | 31 +++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs b/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
index dcf13bd..62cc0aa 100644
--- a/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
+++ b/server/src/XiangYi.Infrastructure/WeChat/WeChatService.cs
@@ -430,9 +430,34 @@ public class WeChatService : IWeChatService
     private string SignWithPrivateKey(string message)
     {
         using var rsa = RSA.Create();
-        // 处理 JSON 中转义的换行符
-        var privateKey = _options.Pay.PrivateKey.Replace("\\n", "\n");
-        rsa.ImportFromPem(privateKey);
+        
+        // 优先从文件读取，如果文件不存在则从配置读取
+        string privateKeyPem;
+        if (!string.IsNullOrEmpty(_options.Pay.PrivateKey) && _options.Pay.PrivateKey.StartsWith("-----BEGIN"))
+        {
+            // 从配置中读取，处理转义的换行符
+            privateKeyPem = _options.Pay.PrivateKey.Replace("\\n", "\n");
+        }
+        else
+        {
+            // 从文件读取
+            var keyPath = Path.Combine(AppContext.BaseDirectory, "apiclient_key.pem");
+            if (!File.Exists(keyPath))
+            {
+                throw new FileNotFoundException($"私钥文件不存在: {keyPath}");
+            }
+            privateKeyPem = File.ReadAllText(keyPath);
+        }
+
+        try
+        {
+            rsa.ImportFromPem(privateKeyPem.AsSpan());
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "导入私钥失败，私钥内容长度: {Length}", privateKeyPem.Length);
+            throw;
+        }
 
         var data = Encoding.UTF8.GetBytes(message);
         var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);