Improve local auth env handling and fallbacks

Allow local env files to reliably override authentication feature flags (SMS/WeChat) by whitelisting keys in scripts/dev-utils.mjs and adding a unit test. Add SMS checks to scripts/check-api-server-env.mjs. Make server config.parse_bool tolerant of shell-wrapped quoted values (e.g. '"true"') and add tests so SMS_AUTH_ENABLED is parsed correctly when shells supply quotes. Update docs to clarify SMS env behaviour, restart requirements, and add guidance + a CSS fallback for old mobile browsers (QQ/X5) so public cover images render even when aspect-ratio is unsupported. Also include related frontend test and component adjustments and add puzzle onboarding handlers/endpoints in server-rs/crates/api-server/src/puzzle.rs.
2026-05-18 23:13:49 +08:00
parent 4c10c181e3
commit d1adfa3406
22 changed files with 4309 additions and 52 deletions
--- a/server-rs/crates/api-server/src/config.rs
+++ b/server-rs/crates/api-server/src/config.rs
@@ -978,6 +978,16 @@ fn parse_duration_seconds(raw: &str) -> Option<u64> {
 }

 fn parse_bool(raw: &str) -> Option<bool> {
+    let raw = raw.trim();
+    let raw = raw
+        .strip_prefix('"')
+        .and_then(|value| value.strip_suffix('"'))
+        .or_else(|| {
+            raw.strip_prefix('\'')
+                .and_then(|value| value.strip_suffix('\''))
+        })
+        .unwrap_or(raw);
+
    match raw.trim().to_ascii_lowercase().as_str() {
        "1" | "true" | "yes" | "on" => Some(true),
        "0" | "false" | "no" | "off" => Some(false),
@@ -1053,7 +1063,9 @@ fn parse_positive_u16(raw: &str) -> Option<u16> {

 #[cfg(test)]
 mod tests {
-    use super::{AppConfig, DEFAULT_VECTOR_ENGINE_IMAGE_REQUEST_TIMEOUT_MS, LlmProvider};
+    use super::{
+        AppConfig, DEFAULT_VECTOR_ENGINE_IMAGE_REQUEST_TIMEOUT_MS, LlmProvider, parse_bool,
+    };
    use std::sync::{Mutex, OnceLock};

    static ENV_LOCK: OnceLock<Mutex<()>> = OnceLock::new();
@@ -1086,6 +1098,34 @@ mod tests {
        );
    }

+    #[test]
+    fn parse_bool_accepts_wrapped_quotes_from_shell_env() {
+        assert_eq!(parse_bool("\"true\""), Some(true));
+        assert_eq!(parse_bool("'true'"), Some(true));
+        assert_eq!(parse_bool("\"false\""), Some(false));
+        assert_eq!(parse_bool("'off'"), Some(false));
+    }
+
+    #[test]
+    fn from_env_reads_sms_enabled_when_shell_value_keeps_quotes() {
+        let _guard = ENV_LOCK
+            .get_or_init(|| Mutex::new(()))
+            .lock()
+            .expect("env lock should not poison");
+
+        unsafe {
+            std::env::remove_var("SMS_AUTH_ENABLED");
+            std::env::set_var("SMS_AUTH_ENABLED", "\"true\"");
+        }
+
+        let config = AppConfig::from_env();
+        assert!(config.sms_auth_enabled);
+
+        unsafe {
+            std::env::remove_var("SMS_AUTH_ENABLED");
+        }
+    }
+
    #[test]
    fn from_env_reads_non_public_models_and_urls() {
        let _guard = ENV_LOCK
--- a/server-rs/crates/api-server/src/puzzle.rs
+++ b/server-rs/crates/api-server/src/puzzle.rs