mirror of
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git
synced 2025-10-10 12:06:38 +08:00
支持禁止用户输入API Key
This commit is contained in:
dreamagician
parent
71aa9d05ed
commit
05ae0b8161
@ -8,6 +8,7 @@ const serverConfig = getServerSideConfig();
|
||||
// 警告!不要在这里写入任何敏感信息!
|
||||
const DANGER_CONFIG = {
|
||||
needCode: serverConfig.needCode,
|
||||
disableUserToken: serverConfig.disableUserToken,
|
||||
};
|
||||
|
||||
declare global {
|
||||
@ -17,5 +18,6 @@ declare global {
|
||||
export async function POST(req: NextRequest) {
|
||||
return NextResponse.json({
|
||||
needCode: serverConfig.needCode,
|
||||
disableUserToken: serverConfig.disableUserToken,
|
||||
});
|
||||
}
|
||||
|
||||
@ -215,8 +215,8 @@ export function Settings() {
|
||||
}
|
||||
|
||||
const accessStore = useAccessStore();
|
||||
const enabledAccessControl = useMemo(
|
||||
() => accessStore.enabledAccessControl(),
|
||||
const accessControl = useMemo(
|
||||
() => accessStore.accessControl(),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[],
|
||||
);
|
||||
@ -450,7 +450,7 @@ export function Settings() {
|
||||
</List>
|
||||
|
||||
<List>
|
||||
{enabledAccessControl ? (
|
||||
{accessControl.needCode ? (
|
||||
<SettingItem
|
||||
title={Locale.Settings.AccessCode.Title}
|
||||
subTitle={Locale.Settings.AccessCode.SubTitle}
|
||||
@ -468,19 +468,23 @@ export function Settings() {
|
||||
<></>
|
||||
)}
|
||||
|
||||
<SettingItem
|
||||
title={Locale.Settings.Token.Title}
|
||||
subTitle={Locale.Settings.Token.SubTitle}
|
||||
>
|
||||
<PasswordInput
|
||||
value={accessStore.token}
|
||||
type="text"
|
||||
placeholder={Locale.Settings.Token.Placeholder}
|
||||
onChange={(e) => {
|
||||
accessStore.updateToken(e.currentTarget.value);
|
||||
}}
|
||||
/>
|
||||
</SettingItem>
|
||||
{!accessControl.disableUserToken ? (
|
||||
<SettingItem
|
||||
title={Locale.Settings.Token.Title}
|
||||
subTitle={Locale.Settings.Token.SubTitle}
|
||||
>
|
||||
<PasswordInput
|
||||
value={accessStore.token}
|
||||
type="text"
|
||||
placeholder={Locale.Settings.Token.Placeholder}
|
||||
onChange={(e) => {
|
||||
accessStore.updateToken(e.currentTarget.value);
|
||||
}}
|
||||
/>
|
||||
</SettingItem>
|
||||
) : (
|
||||
<></>
|
||||
)}
|
||||
|
||||
<SettingItem
|
||||
title={Locale.Settings.Usage.Title}
|
||||
|
||||
@ -36,6 +36,7 @@ export const getServerSideConfig = () => {
|
||||
code: process.env.CODE,
|
||||
codes: ACCESS_CODES,
|
||||
needCode: ACCESS_CODES.size > 0,
|
||||
disableUserToken: process.env.DISABLE_USER_TOKEN === "true",
|
||||
proxyUrl: process.env.PROXY_URL,
|
||||
isVercel: !!process.env.VERCEL,
|
||||
};
|
||||
|
||||
@ -50,11 +50,16 @@ function getHeaders() {
|
||||
const accessStore = useAccessStore.getState();
|
||||
let headers: Record<string, string> = {};
|
||||
|
||||
if (accessStore.enabledAccessControl()) {
|
||||
const accessControl = accessStore.accessControl();
|
||||
if (accessControl.needCode) {
|
||||
headers["access-code"] = accessStore.accessCode;
|
||||
}
|
||||
|
||||
if (accessStore.token && accessStore.token.length > 0) {
|
||||
if (
|
||||
!accessControl.disableUserToken &&
|
||||
accessStore.token &&
|
||||
accessStore.token.length > 0
|
||||
) {
|
||||
headers["token"] = accessStore.token;
|
||||
}
|
||||
|
||||
|
||||
@ -6,10 +6,14 @@ export interface AccessControlStore {
|
||||
token: string;
|
||||
|
||||
needCode: boolean;
|
||||
disableUserToken: boolean;
|
||||
|
||||
updateToken: (_: string) => void;
|
||||
updateCode: (_: string) => void;
|
||||
enabledAccessControl: () => boolean;
|
||||
accessControl: () => {
|
||||
needCode: boolean;
|
||||
disableUserToken: boolean;
|
||||
};
|
||||
isAuthorized: () => boolean;
|
||||
fetch: () => void;
|
||||
}
|
||||
@ -24,10 +28,14 @@ export const useAccessStore = create<AccessControlStore>()(
|
||||
token: "",
|
||||
accessCode: "",
|
||||
needCode: true,
|
||||
enabledAccessControl() {
|
||||
disableUserToken: false,
|
||||
accessControl() {
|
||||
get().fetch();
|
||||
|
||||
return get().needCode;
|
||||
return {
|
||||
needCode: get().needCode,
|
||||
disableUserToken: get().disableUserToken,
|
||||
};
|
||||
},
|
||||
updateCode(code: string) {
|
||||
set((state) => ({ accessCode: code }));
|
||||
@ -37,8 +45,11 @@ export const useAccessStore = create<AccessControlStore>()(
|
||||
},
|
||||
isAuthorized() {
|
||||
// has token or has code or disabled access control
|
||||
const accessControl = get().accessControl();
|
||||
return (
|
||||
!!get().token || !!get().accessCode || !get().enabledAccessControl()
|
||||
!accessControl.needCode ||
|
||||
!!get().accessCode ||
|
||||
(!!get().token && !accessControl.disableUserToken)
|
||||
);
|
||||
},
|
||||
fetch() {
|
||||
|
||||
@ -30,7 +30,7 @@ export function middleware(req: NextRequest) {
|
||||
console.log("[User IP] ", getIP(req));
|
||||
console.log("[Time] ", new Date().toLocaleString());
|
||||
|
||||
if (serverConfig.needCode && !serverConfig.codes.has(hashedCode) && !token) {
|
||||
if (serverConfig.needCode && !serverConfig.codes.has(hashedCode) && (!token || serverConfig.disableUserToken)) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error: true,
|
||||
@ -44,7 +44,7 @@ export function middleware(req: NextRequest) {
|
||||
}
|
||||
|
||||
// inject api key
|
||||
if (!token) {
|
||||
if (!token || serverConfig.disableUserToken) {
|
||||
const apiKey = serverConfig.apiKey;
|
||||
if (apiKey) {
|
||||
console.log("[Auth] set system token");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user