From 6432c24e209ea48cd165bd6c73fa8dc696436338 Mon Sep 17 00:00:00 2001
From: qzl <qzl@example.com>
Date: Thu, 30 Apr 2026 11:47:48 +0800
Subject: [PATCH] fix(security): disable Swagger in prod, remove dead debug
 field, harden env config

---
 .env.example                        | 3 +--
 backend/src/app.py                  | 9 ++++++++-
 backend/src/core/config/settings.py | 1 -
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index e97c1a6..6c953ec 100644
--- a/.env.example
+++ b/.env.example
@@ -5,10 +5,9 @@
 # 运行时配置
 ############
 ERYAO_RUNTIME__ENVIRONMENT=dev
-ERYAO_RUNTIME__DEBUG=true
 ERYAO_RUNTIME__LOG_LEVEL=INFO
 ERYAO_RUNTIME__SQL_LOG_QUERIES=false
-ERYAO_RUNTIME__TRUSTED_PROXY_IPS=[]
+ERYAO_RUNTIME__TRUSTED_PROXY_IPS='["127.0.0.1", "172.18.0.1"]'
 
 ############
 # Web 服务器配置（Uvicorn）
diff --git a/backend/src/app.py b/backend/src/app.py
index 820e9b1..dc9a049 100644
--- a/backend/src/app.py
+++ b/backend/src/app.py
@@ -48,7 +48,14 @@ async def lifespan(_: FastAPI) -> AsyncGenerator[None, None]:
         logger.info("Base services closed", services=SERVICE_STARTUP_ORDER)
 
 
-app = FastAPI(lifespan=lifespan)
+_is_prod = config.runtime.environment == "prod"
+
+app = FastAPI(
+    lifespan=lifespan,
+    docs_url=None if _is_prod else "/docs",
+    redoc_url=None if _is_prod else "/redoc",
+    openapi_url=None if _is_prod else "/openapi.json",
+)
 app.add_middleware(
     CORSMiddleware,
     allow_origins=config.cors.allow_origins,
diff --git a/backend/src/core/config/settings.py b/backend/src/core/config/settings.py
index ed237fb..0566acb 100644
--- a/backend/src/core/config/settings.py
+++ b/backend/src/core/config/settings.py
@@ -35,7 +35,6 @@ def _resolve_project_root() -> Path:
 class RuntimeSettings(BaseModel):
     environment: Literal["dev", "test", "prod"] = "dev"
     service_name: str = "app"
-    debug: bool = True
     log_level: str = "INFO"
     log_json: bool = True
     log_rotation: Literal["time", "size", "none"] = "time"
-- 
2.43.7