feat: white webdav server domain

2024-11-27 08:53:17 +08:00 · 2024-04-09 18:05:56 +08:00 · 2024-04-09 18:05:56 +08:00 · 8b191bd2f7
commit 8b191bd2f7
parent 7fcfbc3729
6 changed files with 57 additions and 21 deletions
--- a/.env.template
+++ b/.env.template
@ -57,4 +57,7 @@ ANTHROPIC_API_VERSION=


 ### anthropic claude Api url (optional)
-ANTHROPIC_URL=
+ANTHROPIC_URL=
+
+### (optional)
+WHITE_WEBDEV_DOMAINS=
--- a/README.md
+++ b/README.md
@ -245,6 +245,13 @@ To control custom models, use `+` to add a custom model, use `-` to hide a model

 User `-all` to disable all default models, `+all` to enable all default models.

+### `WHITE_WEBDEV_DOMAINS` (可选)
+
+如果你想增加允许访问的webdav服务地址，可以使用该选项，格式要求：
+- 每一个地址必须是一个完整的 origin 
+> `https://xxxx`
+- 多个地址以`,`相连
+
 ## Requirements

 NodeJS >= 18, Docker >= 20
--- a/README_CN.md
+++ b/README_CN.md
@ -142,6 +142,13 @@ anthropic claude Api Url.

 如果你想禁用从链接解析预制设置，将此环境变量设置为 1 即可。

+### `WHITE_WEBDEV_DOMAINS` (可选)
+
+如果你想增加允许访问的webdav服务地址，可以使用该选项，格式要求：
+- 每一个地址必须是一个完整的 origin 
+> `https://xxxx`
+- 多个地址以`,`相连
+
 ### `CUSTOM_MODELS` （可选）

 > 示例：`+qwen-7b-chat,+glm-6b,-gpt-3.5-turbo,gpt-4-1106-preview=gpt-4-turbo` 表示增加 `qwen-7b-chat` 和 `glm-6b` 到模型列表，而从列表中删除 `gpt-3.5-turbo`，并将 `gpt-4-1106-preview` 模型名字展示为 `gpt-4-turbo`。
--- a/app/api/webdav/[...path]/route.ts
+++ b/app/api/webdav/[...path]/route.ts
@ -1,5 +1,14 @@
 import { NextRequest, NextResponse } from "next/server";
-import { STORAGE_KEY } from "../../../constant";
+import { STORAGE_KEY, internalWhiteWebDavDomains } from "../../../constant";
+import { getServerSideConfig } from "@/app/config/server";
+
+const config = getServerSideConfig();
+
+const mergedWhiteWebDavDomains = [
+  ...internalWhiteWebDavDomains,
+  ...config.whiteWebDevDomains,
+].filter((domain) => Boolean(domain.trim()));
+
 async function handle(
  req: NextRequest,
  { params }: { params: { path: string[] } },
@ -14,7 +23,9 @@ async function handle(
  let endpoint = requestUrl.searchParams.get("endpoint");

  // Validate the endpoint to prevent potential SSRF attacks
-  if (!endpoint || !endpoint.startsWith("/")) {
+  if (
+    !mergedWhiteWebDavDomains.some((domain) => endpoint?.startsWith(domain))
+  ) {
    return NextResponse.json(
      {
        error: true,
@ -25,6 +36,11 @@ async function handle(
      },
    );
  }
+
+  if (!endpoint?.endsWith("/")) {
+    endpoint += "/";
+  }
+
  const endpointPath = params.path.join("/");
  const targetPath = `${endpoint}/${endpointPath}`;

@ -42,10 +58,7 @@ async function handle(
  }

  // for MKCOL request, only allow request ${folder}
-  if (
-    req.method === "MKCOL" &&
-     !targetPath.endsWith(folder)
-  ) {
+  if (req.method === "MKCOL" && !targetPath.endsWith(folder)) {
    return NextResponse.json(
      {
        error: true,
@ -58,10 +71,7 @@ async function handle(
  }

  // for GET request, only allow request ending with fileName
-  if (
-    req.method === "GET" &&
-     !targetPath.endsWith(fileName)
-  ) {
+  if (req.method === "GET" && !targetPath.endsWith(fileName)) {
    return NextResponse.json(
      {
        error: true,
@ -74,10 +84,7 @@ async function handle(
  }

  //   for PUT request, only allow request ending with fileName
-  if (
-    req.method === "PUT" &&
-     !targetPath.endsWith(fileName)
-  ) {
+  if (req.method === "PUT" && !targetPath.endsWith(fileName)) {
    return NextResponse.json(
      {
        error: true,
@ -101,7 +108,7 @@ async function handle(
      authorization: req.headers.get("authorization") ?? "",
    },
    body: shouldNotHaveBody ? null : req.body,
-    redirect: 'manual',
+    redirect: "manual",
    method,
    // @ts-ignore
    duplex: "half",
@ -109,15 +116,20 @@ async function handle(

  const fetchResult = await fetch(targetUrl, fetchOptions);

-  console.log("[Any Proxy]", targetUrl, {
-    status: fetchResult.status,
-    statusText: fetchResult.statusText,
-  });
+  console.log(
+    "[Any Proxy]",
+    targetUrl,
+    {
+      status: fetchResult.status,
+      statusText: fetchResult.statusText,
+    },
+    fetchResult,
+  );

  return fetchResult;
 }

-export const POST = handle;
+export const PUT = handle;
 export const GET = handle;
 export const OPTIONS = handle;

--- a/app/config/server.ts
+++ b/app/config/server.ts
@ -79,6 +79,10 @@ export const getServerSideConfig = () => {
    `[Server Config] using ${randomIndex + 1} of ${apiKeys.length} api key`,
  );

+  const whiteWebDevDomains = (process.env.WHITE_WEBDEV_DOMAINS ?? "").split(
+    ",",
+  );
+
  return {
    baseUrl: process.env.BASE_URL,
    apiKey,
@ -112,5 +116,6 @@ export const getServerSideConfig = () => {
    hideBalanceQuery: !process.env.ENABLE_BALANCE_QUERY,
    disableFastLink: !!process.env.DISABLE_FAST_LINK,
    customModels,
+    whiteWebDevDomains,
  };
 };
--- a/app/constant.ts
+++ b/app/constant.ts
@ -366,3 +366,5 @@ export const DEFAULT_MODELS = [

 export const CHAT_PAGE_SIZE = 15;
 export const MAX_RENDER_MSG_COUNT = 45;
+
+export const internalWhiteWebDavDomains = ["https://dav.jianguoyun.com"];