Improve local auth env handling and fallbacks

Allow local env files to reliably override authentication feature flags (SMS/WeChat) by whitelisting keys in scripts/dev-utils.mjs and adding a unit test. Add SMS checks to scripts/check-api-server-env.mjs. Make server config.parse_bool tolerant of shell-wrapped quoted values (e.g. '"true"') and add tests so SMS_AUTH_ENABLED is parsed correctly when shells supply quotes. Update docs to clarify SMS env behaviour, restart requirements, and add guidance + a CSS fallback for old mobile browsers (QQ/X5) so public cover images render even when aspect-ratio is unsupported. Also include related frontend test and component adjustments and add puzzle onboarding handlers/endpoints in server-rs/crates/api-server/src/puzzle.rs.
2026-05-18 23:13:49 +08:00
parent 4c10c181e3
commit d1adfa3406
22 changed files with 4309 additions and 52 deletions
--- a/scripts/dev-utils.mjs
+++ b/scripts/dev-utils.mjs
@@ -2,6 +2,13 @@ import {existsSync, mkdirSync, readFileSync} from 'node:fs';
 import {dirname, isAbsolute, resolve} from 'node:path';

 export const LOCAL_ENV_FILES = ['.env', '.env.local', '.env.secrets.local'];
+const LOCAL_ENV_OVERRIDE_KEYS = new Set([
+  'SMS_AUTH_ENABLED',
+  'SMS_AUTH_PROVIDER',
+  'SMS_AUTH_MOCK_VERIFY_CODE',
+  'WECHAT_AUTH_ENABLED',
+  'WECHAT_AUTH_PROVIDER',
+]);

 export function buildProtectedEnvKeys(baseEnv) {
  return new Set(
@@ -29,7 +36,7 @@ export function loadEnvFile(path, target, protectedKeys) {
    }

    const [, key, rawValue] = match;
-    if (protectedKeys.has(key)) {
+    if (protectedKeys.has(key) && !LOCAL_ENV_OVERRIDE_KEYS.has(key)) {
      continue;
    }