Роли, переделывание отчета, изменение на главной странице

2026-01-11 23:37:18 +09:00
parent eb019504d7
commit d4f077cdaf
59 changed files with 2099 additions and 366 deletions
--- a/docker/app.conf
+++ b/docker/app.conf
@@ -4,26 +4,6 @@ map $remote_addr $blocked_ip {
    include /etc/nginx/blocked_ips.map;
 }

-# Определяем типы запросов
-map $request_uri $request_type {
-    default "general";
-
-    # API endpoints
-    ~*^/api/ "api";
-
-    # Auth endpoints
-    ~*^/(login|register|password-reset|auth|forgot-password|verify-email) "auth";
-
-    # Admin endpoints
-    ~*^/(admin|dashboard|cp|control-panel|manager) "admin";
-
-    # Static files by extension
-    ~*\.(jpg|jpeg|png|gif|ico|css|js|woff2?|ttf|eot|svg|pdf|zip|mp4|webm)$ "static";
-
-    # Static files by directory
-    ~*^/(storage|uploads|media|images|css|js|fonts)/ "static";
-}
-
 server {
    listen 80;
    server_name _;
@@ -46,85 +26,11 @@ server {
        return 444;
    }

-    # Блокировка пустых User-Agent
-    if ($http_user_agent = "") {
-        return 444;
-    }
-
-    # Блокировка нестандартных методов
-    if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) {
-        return 444;
-    }
-
    # ========== ГЛОБАЛЬНЫЕ ОГРАНИЧЕНИЯ ==========

    limit_conn conn_limit_per_ip 25;
    limit_req zone=req_limit_per_ip burst=30 delay=15;

-    # ========== СТАТИЧЕСКИЕ ФАЙЛЫ ==========
-
-    location ~* \.(jpg|jpeg|png|gif|ico|webp|avif)$ {
-        limit_req zone=static_limit burst=100 nodelay;
-        limit_conn conn_limit_per_ip 100;
-
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-        add_header Pragma "public";
-
-        try_files $uri =404;
-
-        access_log off;
-        log_not_found off;
-    }
-
-    location ~* \.(css|js)$ {
-        limit_req zone=static_limit burst=80 nodelay;
-        limit_conn conn_limit_per_ip 80;
-
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-        add_header X-Content-Type-Options "nosniff";
-
-        try_files $uri =404;
-
-        access_log off;
-    }
-
-    location ~* \.(woff2?|ttf|eot|svg)$ {
-        limit_req zone=static_limit burst=60 nodelay;
-        limit_conn conn_limit_per_ip 60;
-
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-        add_header Access-Control-Allow-Origin "*";
-
-        try_files $uri =404;
-
-        access_log off;
-    }
-
-    # ========== API ENDPOINTS ==========
-
-    location ~* ^/api/ {
-        limit_req zone=api_limit burst=30 delay=15;
-        limit_conn conn_limit_per_ip 30;
-
-        access_log /var/log/nginx/api_access.log main;
-
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
-    # ========== АУТЕНТИФИКАЦИЯ ==========
-
-    location ~* ^/(login|register|password-reset|auth|forgot-password|verify-email) {
-        limit_req zone=auth_limit burst=5 delay=3;
-        limit_conn conn_limit_per_ip 5;
-
-        access_log /var/log/nginx/auth_access.log main;
-
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
    # ========== ОБРАБОТКА PHP ==========

    location ~ \.php$ {
@@ -157,32 +63,12 @@ server {
    # ========== ОСНОВНОЙ LOCATION ==========

    location / {
-
-        if ($query_string ~* "(?:^|[^a-z])(?:union|select|insert|update|delete|drop|create|alter|exec)(?:[^a-z]|$)") {
-            return 444;
-        }
-
-        if ($request_uri ~ "//") {
-            return 444;
-        }
-
        try_files $uri $uri/ /index.php?$query_string;

        gzip_static on;
        gzip_vary on;
    }

-    # ========== HEALTH CHECK ==========
-
-    location = /health {
-        access_log off;
-
-        # Прямой прокси в Laravel
-        try_files $uri /index.php?$query_string;
-
-        add_header Cache-Control "no-store, no-cache, must-revalidate";
-    }
-
    # ========== ЗАЩИТА ФАЙЛОВОЙ СИСТЕМЫ ==========

    location ~ /\. {
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -13,27 +13,8 @@ events {

 http {
    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
-
-    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=6r/s;
-
-    limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=3r/s;
-
-    limit_req_zone $binary_remote_addr zone=bot_limit:10m rate=1r/s;
-
-    limit_req_zone $binary_remote_addr zone=static_limit:10m rate=100r/s;
-
    limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;

-    map $http_user_agent $limit_bots {
-        default "";
-        ~*(googlebot|bingbot|yandex|baiduspider) $binary_remote_addr;
-    }
-    limit_req_zone $limit_bots zone=bots:10m rate=20r/m;
-
-    limit_req_zone $request_method zone=post_limit:10m rate=5r/s;
-
-    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=40m use_temp_path=off;
-
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

@@ -62,15 +43,6 @@ http {
    gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss
               application/atom+xml image/svg+xml;

-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for" '
-                    'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
-
-    log_format ddos_log '$remote_addr - [$time_local] "$request" $status '
-                        'rate=$limit_req_status conn=$limit_conn_status '
-                        'user_agent="$http_user_agent"';
-
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log warn;