From 65858594e7c25817ca92693e50f3bcaf23e0c1f6 Mon Sep 17 00:00:00 2001
From: xuqinmin12 <xuqinmin12@sina.com>
Date: Fri, 12 Jun 2026 22:48:29 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20update.sh=20=E8=BF=81=E7=A7=BBA=E4=BF=AE?=
 =?UTF-8?q?=E6=AD=A3heredoc=E5=86=99=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/update.sh | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/scripts/update.sh b/scripts/update.sh
index cc1dec3..9592282 100755
--- a/scripts/update.sh
+++ b/scripts/update.sh
@@ -511,21 +511,23 @@ fi
 # ---------------------------------------------------------------------------
 _nginx_conf="$ROOT_DIR/config/nginx/conf.d/xuqm.conf"
 if [ -f "$_nginx_conf" ] && ! grep -q 'api/auth/register' "$_nginx_conf"; then
-  python3 - "$_nginx_conf" <<\'PYEOF\'
+  _PATCH_PY="$(mktemp /tmp/xuqm-nginx-patch-XXXXXX.py)"
+  cat > "$_PATCH_PY" << 'NGINX_PATCH_PY'
 import re, sys
-content = open(sys.argv[1]).read()
-block = """  # 私有化部署：精确拦截用户自注册（必须在通用 /api/ 之前）
-  location = /api/auth/register {
-    add_header Content-Type \'application/json; charset=utf-8\' always;
-    return 403 \'{"code":403,"status":"1","data":null,"message":"私有化部署已禁用用户自注册"}\';
-  }
-
-"""
-content = re.sub(r"(  # 核心 API)", block + r"\1", content, count=1)
-open(sys.argv[1], \'w\').write(content)
-PYEOF
-  ok "nginx conf 已补充用户注册拦截规则"
-  # 重载 nginx 容器使配置生效
+path = sys.argv[1]
+content = open(path).read()
+block = (
+    '  # \u79c佖化部署：精确拦截用户自注册（必须在通用 /api/ 之前）\n'
+    '  location = /api/auth/register {\n'
+    "    add_header Content-Type 'application/json; charset=utf-8' always;\n"
+    '    return 403 \'{"code":403,"status":"1","data":null,"message":"\u79c佖化部署已禁用用户自注册"}\';\n'
+    '  }\n\n'
+)
+content = re.sub(r'(  # 核心 API)', block + r'\1', content, count=1)
+open(path, 'w').write(content)
+NGINX_PATCH_PY
+  python3 "$_PATCH_PY" "$_nginx_conf" && ok "nginx conf 已补充用户注册拦截规则" || warn "nginx conf 修改失败，请手动添加"
+  rm -f "$_PATCH_PY"
   docker exec xuqm-private-nginx-1 nginx -s reload 2>/dev/null && ok "nginx 已 reload" || warn "nginx reload 失败，将在容器重启后生效"
 else
   ok "nginx 用户注册拦截规则已存在，跳过"