feat: 自定义皮肤/主题支持#3003
Open
thedavidweng wants to merge 1 commit into
Open
Conversation
Contributor
|
All contributors have signed the CLA. ✅ |
Author
|
I have read the CLA Document and I hereby sign the CLA |
Allow admins to install and activate themes to customize the sub2api frontend appearance via CSS overrides. Themes are distributed as zip packages or imported from GitHub repositories, similar to Komari Monitor. Backend: - Add ThemeService for theme lifecycle management (install, activate, delete, config) with CSS sanitization and path traversal protection - Add admin API endpoints under /api/v1/admin/themes for CRUD operations - Add public /api/v1/themes/assets route for serving theme static files - Inject theme CSS <link> and config CSS variables into index.html before </head> alongside existing window.__APP_CONFIG__ injection - Wire ThemeService into FrontendServer with cache invalidation callback Frontend: - Add ThemeManager component with drag-drop zip upload, GitHub URL install, theme grid, config editor, and delete confirmation - Add 'Theme' tab to admin settings page between Features and Security - Add i18n translations for zh and en locales Theme package format: - sub2api-theme.json: metadata (name, short, version, author) + config schema - style.css: main CSS file that overrides design tokens and component styles - Optional: preview.png, fonts/, images/, additional CSS files Security measures: - CSS sanitization (strip expression(), -moz-binding, external url()) - File type whitelist (.css, .woff2, .png, .svg, etc.) - Size limits (10MB zip, 512KB CSS, 20MB total extracted) - Path traversal prevention via short ID validation + filepath.Clean
thedavidweng
force-pushed
the
feat/theme-system
branch
from
e64aa2e to
01c0a1e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述
为 sub2api 添加主题系统,允许管理员通过安装自定义主题来修改前端界面样式,而不影响任何业务功能。
Closes #2996
功能特性
主题安装
.zip文件安装主题管理
主题格式
CSS 注入机制
<link>注入到index.html的</head>前--theme-*CSS 自定义属性通过<style>块注入改动文件
backend/internal/service/theme_service.gobackend/internal/handler/admin/theme_handler.gobackend/internal/handler/theme_asset_handler.gobackend/internal/server/routes/theme.gobackend/internal/web/embed_on.gobackend/internal/web/embed_off.gobackend/internal/web/embed_test.gobackend/internal/handler/handler.gobackend/internal/handler/wire.gobackend/internal/service/wire.gobackend/internal/server/http.gobackend/internal/server/router.gobackend/internal/server/routes/admin.gobackend/cmd/server/wire_gen.gofrontend/src/api/admin/themes.tsfrontend/src/api/admin/index.tsfrontend/src/components/admin/ThemeManager.vuefrontend/src/components/icons/Icon.vuefrontend/src/views/admin/SettingsView.vuefrontend/src/i18n/locales/zh.tsfrontend/src/i18n/locales/en.ts安全措施
expression()、-moz-binding、behavior、外部url()、javascript:等危险构造.css,.woff,.woff2,.png,.svg等^[a-z0-9][a-z0-9_-]{0,31}$+filepath.Clean+ 前缀检查测试