feat(seo): SEO 仪表盘 + sitemap/robots 路由代理与 origin 修正

client/functions/robots.txt.ts

@@ -0,0 +1,33 @@
+import {
+  buildTargetUrl,
+  createPlainApiBaseErrorResponse,
+  getBackendUrl,
+} from "./_shared";
+
+// 代理 /robots.txt 到 Workers 后端
+// 仅允许 GET/HEAD，避免成为开放 method 转发器
+export const onRequest: PagesFunction<{ API_BASE: string }> = async (context) => {
+  const method = context.request.method.toUpperCase();
+  if (method !== "GET" && method !== "HEAD") {
+    return new Response("Method Not Allowed", {
+      status: 405,
+      headers: { Allow: "GET, HEAD", "Content-Type": "text/plain; charset=utf-8" },
+    });
+  }
+
+  const backend = getBackendUrl(context.env);
+  if (!backend) {
+    return createPlainApiBaseErrorResponse();
+  }
+
+  const target = buildTargetUrl(backend, context.request);
+  // 不透传客户端 headers，避免泄漏 Cookie / Authorization 给后端代理链路
+  const res = await fetch(target, {
+    method,
+    headers: { Accept: "text/plain" },
+  });
+  return new Response(res.body, {
+    status: res.status,
+    headers: res.headers,
+  });
+};

client/functions/sitemap.xml.ts

@@ -0,0 +1,33 @@
+import {
+  buildTargetUrl,
+  createPlainApiBaseErrorResponse,
+  getBackendUrl,
+} from "./_shared";
+
+// 代理 /sitemap.xml 到 Workers 后端
+// 仅允许 GET/HEAD，避免成为开放 method 转发器
+export const onRequest: PagesFunction<{ API_BASE: string }> = async (context) => {
+  const method = context.request.method.toUpperCase();
+  if (method !== "GET" && method !== "HEAD") {
+    return new Response("Method Not Allowed", {
+      status: 405,
+      headers: { Allow: "GET, HEAD", "Content-Type": "text/plain; charset=utf-8" },
+    });
+  }
+
+  const backend = getBackendUrl(context.env);
+  if (!backend) {
+    return createPlainApiBaseErrorResponse();
+  }
+
+  const target = buildTargetUrl(backend, context.request);
+  // 不透传客户端 headers，避免泄漏 Cookie / Authorization 给后端代理链路
+  const res = await fetch(target, {
+    method,
+    headers: { Accept: "application/xml, text/xml" },
+  });
+  return new Response(res.body, {
+    status: res.status,
+    headers: res.headers,
+  });
+};

client/src/app.tsx

@@ -22,6 +22,7 @@ const AdminPages = lazy(() => import("@/pages/admin/pages").then((m) => ({ defau
 const AdminComments = lazy(() => import("@/pages/admin/comments").then((m) => ({ default: m.AdminComments })));
 const AdminMedia = lazy(() => import("@/pages/admin/media").then((m) => ({ default: m.AdminMedia })));
 const AdminAnalytics = lazy(() => import("@/pages/admin/analytics").then((m) => ({ default: m.AdminAnalytics })));
+const AdminSeo = lazy(() => import("@/pages/admin/seo").then((m) => ({ default: m.AdminSeo })));
 const PrivacyPage = lazy(() => import("@/pages/privacy").then((m) => ({ default: m.PrivacyPage })));
 const DynamicPage = lazy(() => import("@/pages/dynamic-page").then((m) => ({ default: m.DynamicPage })));
 const NotFoundPage = lazy(() => import("@/pages/not-found").then((m) => ({ default: m.NotFoundPage })));
@@ -165,6 +166,7 @@ export function App() {
                 <Route path="/admin/comments"><AdminComments /></Route>
                 <Route path="/admin/media"><AdminMedia /></Route>
                 <Route path="/admin/analytics"><AdminAnalytics /></Route>
+                <Route path="/admin/seo"><AdminSeo /></Route>
                 <Route path="/admin"><AdminDashboard /></Route>
                 <Route><NotFoundPage /></Route>
               </Switch>

client/src/components/admin-layout.tsx

@@ -8,6 +8,7 @@ import {
   ImageIcon,
   BarChart3,
   HardDrive,
+  Sparkles,
   Settings,
   LogOut,
   ExternalLink,
@@ -51,6 +52,7 @@ export function AdminLayout({ children }: AdminLayoutProps) {
       items: [
         { href: "/admin/media", icon: ImageIcon, label: "媒体库" },
         { href: "/admin/analytics", icon: BarChart3, label: "数据分析" },
+        { href: "/admin/seo", icon: Sparkles, label: "SEO 优化" },
         { href: "/admin/backup", icon: HardDrive, label: "安全备份" },
       ],
     },