From 8b191bd2f733d8677c851d90a5003617bd1da937 Mon Sep 17 00:00:00 2001 From: butterfly Date: Tue, 9 Apr 2024 18:05:56 +0800 Subject: [PATCH] feat: white webdav server domain --- .env.template | 5 ++- README.md | 7 +++++ README_CN.md | 7 +++++ app/api/webdav/[...path]/route.ts | 52 +++++++++++++++++++------------ app/config/server.ts | 5 +++ app/constant.ts | 2 ++ 6 files changed, 57 insertions(+), 21 deletions(-) diff --git a/.env.template b/.env.template index d5d0c4c27..fae5d8f4c 100644 --- a/.env.template +++ b/.env.template @@ -57,4 +57,7 @@ ANTHROPIC_API_VERSION= ### anthropic claude Api url (optional) -ANTHROPIC_URL= \ No newline at end of file +ANTHROPIC_URL= + +### (optional) +WHITE_WEBDEV_DOMAINS= \ No newline at end of file diff --git a/README.md b/README.md index c756b7bb6..d821093f4 100644 --- a/README.md +++ b/README.md @@ -245,6 +245,13 @@ To control custom models, use `+` to add a custom model, use `-` to hide a model User `-all` to disable all default models, `+all` to enable all default models. +### `WHITE_WEBDEV_DOMAINS` (可选) + +如果你想增加允许访问的webdav服务地址,可以使用该选项,格式要求: +- 每一个地址必须是一个完整的 origin +> `https://xxxx` +- 多个地址以`,`相连 + ## Requirements NodeJS >= 18, Docker >= 20 diff --git a/README_CN.md b/README_CN.md index 0df271814..07f426ee8 100644 --- a/README_CN.md +++ b/README_CN.md @@ -142,6 +142,13 @@ anthropic claude Api Url. 如果你想禁用从链接解析预制设置,将此环境变量设置为 1 即可。 +### `WHITE_WEBDEV_DOMAINS` (可选) + +如果你想增加允许访问的webdav服务地址,可以使用该选项,格式要求: +- 每一个地址必须是一个完整的 origin +> `https://xxxx` +- 多个地址以`,`相连 + ### `CUSTOM_MODELS` (可选) > 示例:`+qwen-7b-chat,+glm-6b,-gpt-3.5-turbo,gpt-4-1106-preview=gpt-4-turbo` 表示增加 `qwen-7b-chat` 和 `glm-6b` 到模型列表,而从列表中删除 `gpt-3.5-turbo`,并将 `gpt-4-1106-preview` 模型名字展示为 `gpt-4-turbo`。 diff --git a/app/api/webdav/[...path]/route.ts b/app/api/webdav/[...path]/route.ts index 56c2388ae..58d591bfc 100644 --- a/app/api/webdav/[...path]/route.ts +++ b/app/api/webdav/[...path]/route.ts @@ -1,5 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; -import { STORAGE_KEY } from "../../../constant"; +import { STORAGE_KEY, internalWhiteWebDavDomains } from "../../../constant"; +import { getServerSideConfig } from "@/app/config/server"; + +const config = getServerSideConfig(); + +const mergedWhiteWebDavDomains = [ + ...internalWhiteWebDavDomains, + ...config.whiteWebDevDomains, +].filter((domain) => Boolean(domain.trim())); + async function handle( req: NextRequest, { params }: { params: { path: string[] } }, @@ -14,7 +23,9 @@ async function handle( let endpoint = requestUrl.searchParams.get("endpoint"); // Validate the endpoint to prevent potential SSRF attacks - if (!endpoint || !endpoint.startsWith("/")) { + if ( + !mergedWhiteWebDavDomains.some((domain) => endpoint?.startsWith(domain)) + ) { return NextResponse.json( { error: true, @@ -25,6 +36,11 @@ async function handle( }, ); } + + if (!endpoint?.endsWith("/")) { + endpoint += "/"; + } + const endpointPath = params.path.join("/"); const targetPath = `${endpoint}/${endpointPath}`; @@ -42,10 +58,7 @@ async function handle( } // for MKCOL request, only allow request ${folder} - if ( - req.method === "MKCOL" && - !targetPath.endsWith(folder) - ) { + if (req.method === "MKCOL" && !targetPath.endsWith(folder)) { return NextResponse.json( { error: true, @@ -58,10 +71,7 @@ async function handle( } // for GET request, only allow request ending with fileName - if ( - req.method === "GET" && - !targetPath.endsWith(fileName) - ) { + if (req.method === "GET" && !targetPath.endsWith(fileName)) { return NextResponse.json( { error: true, @@ -74,10 +84,7 @@ async function handle( } // for PUT request, only allow request ending with fileName - if ( - req.method === "PUT" && - !targetPath.endsWith(fileName) - ) { + if (req.method === "PUT" && !targetPath.endsWith(fileName)) { return NextResponse.json( { error: true, @@ -101,7 +108,7 @@ async function handle( authorization: req.headers.get("authorization") ?? "", }, body: shouldNotHaveBody ? null : req.body, - redirect: 'manual', + redirect: "manual", method, // @ts-ignore duplex: "half", @@ -109,15 +116,20 @@ async function handle( const fetchResult = await fetch(targetUrl, fetchOptions); - console.log("[Any Proxy]", targetUrl, { - status: fetchResult.status, - statusText: fetchResult.statusText, - }); + console.log( + "[Any Proxy]", + targetUrl, + { + status: fetchResult.status, + statusText: fetchResult.statusText, + }, + fetchResult, + ); return fetchResult; } -export const POST = handle; +export const PUT = handle; export const GET = handle; export const OPTIONS = handle; diff --git a/app/config/server.ts b/app/config/server.ts index d18e4a1a6..596ef9cab 100644 --- a/app/config/server.ts +++ b/app/config/server.ts @@ -79,6 +79,10 @@ export const getServerSideConfig = () => { `[Server Config] using ${randomIndex + 1} of ${apiKeys.length} api key`, ); + const whiteWebDevDomains = (process.env.WHITE_WEBDEV_DOMAINS ?? "").split( + ",", + ); + return { baseUrl: process.env.BASE_URL, apiKey, @@ -112,5 +116,6 @@ export const getServerSideConfig = () => { hideBalanceQuery: !process.env.ENABLE_BALANCE_QUERY, disableFastLink: !!process.env.DISABLE_FAST_LINK, customModels, + whiteWebDevDomains, }; }; diff --git a/app/constant.ts b/app/constant.ts index 7786d1b06..48fca62c0 100644 --- a/app/constant.ts +++ b/app/constant.ts @@ -366,3 +366,5 @@ export const DEFAULT_MODELS = [ export const CHAT_PAGE_SIZE = 15; export const MAX_RENDER_MSG_COUNT = 45; + +export const internalWhiteWebDavDomains = ["https://dav.jianguoyun.com"];