mirror of
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git
synced 2025-10-10 20:16:37 +08:00
支持禁止用户输入API Key
This commit is contained in:
dreamagician
parent
71aa9d05ed
commit
05ae0b8161
@ -8,6 +8,7 @@ const serverConfig = getServerSideConfig();
|
|||||||
// 警告!不要在这里写入任何敏感信息!
|
// 警告!不要在这里写入任何敏感信息!
|
||||||
const DANGER_CONFIG = {
|
const DANGER_CONFIG = {
|
||||||
needCode: serverConfig.needCode,
|
needCode: serverConfig.needCode,
|
||||||
|
disableUserToken: serverConfig.disableUserToken,
|
||||||
};
|
};
|
||||||
|
|
||||||
declare global {
|
declare global {
|
||||||
@ -17,5 +18,6 @@ declare global {
|
|||||||
export async function POST(req: NextRequest) {
|
export async function POST(req: NextRequest) {
|
||||||
return NextResponse.json({
|
return NextResponse.json({
|
||||||
needCode: serverConfig.needCode,
|
needCode: serverConfig.needCode,
|
||||||
|
disableUserToken: serverConfig.disableUserToken,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -215,8 +215,8 @@ export function Settings() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const accessStore = useAccessStore();
|
const accessStore = useAccessStore();
|
||||||
const enabledAccessControl = useMemo(
|
const accessControl = useMemo(
|
||||||
() => accessStore.enabledAccessControl(),
|
() => accessStore.accessControl(),
|
||||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||||
[],
|
[],
|
||||||
);
|
);
|
||||||
@ -450,7 +450,7 @@ export function Settings() {
|
|||||||
</List>
|
</List>
|
||||||
|
|
||||||
<List>
|
<List>
|
||||||
{enabledAccessControl ? (
|
{accessControl.needCode ? (
|
||||||
<SettingItem
|
<SettingItem
|
||||||
title={Locale.Settings.AccessCode.Title}
|
title={Locale.Settings.AccessCode.Title}
|
||||||
subTitle={Locale.Settings.AccessCode.SubTitle}
|
subTitle={Locale.Settings.AccessCode.SubTitle}
|
||||||
@ -468,19 +468,23 @@ export function Settings() {
|
|||||||
<></>
|
<></>
|
||||||
)}
|
)}
|
||||||
|
|
||||||
<SettingItem
|
{!accessControl.disableUserToken ? (
|
||||||
title={Locale.Settings.Token.Title}
|
<SettingItem
|
||||||
subTitle={Locale.Settings.Token.SubTitle}
|
title={Locale.Settings.Token.Title}
|
||||||
>
|
subTitle={Locale.Settings.Token.SubTitle}
|
||||||
<PasswordInput
|
>
|
||||||
value={accessStore.token}
|
<PasswordInput
|
||||||
type="text"
|
value={accessStore.token}
|
||||||
placeholder={Locale.Settings.Token.Placeholder}
|
type="text"
|
||||||
onChange={(e) => {
|
placeholder={Locale.Settings.Token.Placeholder}
|
||||||
accessStore.updateToken(e.currentTarget.value);
|
onChange={(e) => {
|
||||||
}}
|
accessStore.updateToken(e.currentTarget.value);
|
||||||
/>
|
}}
|
||||||
</SettingItem>
|
/>
|
||||||
|
</SettingItem>
|
||||||
|
) : (
|
||||||
|
<></>
|
||||||
|
)}
|
||||||
|
|
||||||
<SettingItem
|
<SettingItem
|
||||||
title={Locale.Settings.Usage.Title}
|
title={Locale.Settings.Usage.Title}
|
||||||
|
|||||||
@ -36,6 +36,7 @@ export const getServerSideConfig = () => {
|
|||||||
code: process.env.CODE,
|
code: process.env.CODE,
|
||||||
codes: ACCESS_CODES,
|
codes: ACCESS_CODES,
|
||||||
needCode: ACCESS_CODES.size > 0,
|
needCode: ACCESS_CODES.size > 0,
|
||||||
|
disableUserToken: process.env.DISABLE_USER_TOKEN === "true",
|
||||||
proxyUrl: process.env.PROXY_URL,
|
proxyUrl: process.env.PROXY_URL,
|
||||||
isVercel: !!process.env.VERCEL,
|
isVercel: !!process.env.VERCEL,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -50,11 +50,16 @@ function getHeaders() {
|
|||||||
const accessStore = useAccessStore.getState();
|
const accessStore = useAccessStore.getState();
|
||||||
let headers: Record<string, string> = {};
|
let headers: Record<string, string> = {};
|
||||||
|
|
||||||
if (accessStore.enabledAccessControl()) {
|
const accessControl = accessStore.accessControl();
|
||||||
|
if (accessControl.needCode) {
|
||||||
headers["access-code"] = accessStore.accessCode;
|
headers["access-code"] = accessStore.accessCode;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (accessStore.token && accessStore.token.length > 0) {
|
if (
|
||||||
|
!accessControl.disableUserToken &&
|
||||||
|
accessStore.token &&
|
||||||
|
accessStore.token.length > 0
|
||||||
|
) {
|
||||||
headers["token"] = accessStore.token;
|
headers["token"] = accessStore.token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -6,10 +6,14 @@ export interface AccessControlStore {
|
|||||||
token: string;
|
token: string;
|
||||||
|
|
||||||
needCode: boolean;
|
needCode: boolean;
|
||||||
|
disableUserToken: boolean;
|
||||||
|
|
||||||
updateToken: (_: string) => void;
|
updateToken: (_: string) => void;
|
||||||
updateCode: (_: string) => void;
|
updateCode: (_: string) => void;
|
||||||
enabledAccessControl: () => boolean;
|
accessControl: () => {
|
||||||
|
needCode: boolean;
|
||||||
|
disableUserToken: boolean;
|
||||||
|
};
|
||||||
isAuthorized: () => boolean;
|
isAuthorized: () => boolean;
|
||||||
fetch: () => void;
|
fetch: () => void;
|
||||||
}
|
}
|
||||||
@ -24,10 +28,14 @@ export const useAccessStore = create<AccessControlStore>()(
|
|||||||
token: "",
|
token: "",
|
||||||
accessCode: "",
|
accessCode: "",
|
||||||
needCode: true,
|
needCode: true,
|
||||||
enabledAccessControl() {
|
disableUserToken: false,
|
||||||
|
accessControl() {
|
||||||
get().fetch();
|
get().fetch();
|
||||||
|
|
||||||
return get().needCode;
|
return {
|
||||||
|
needCode: get().needCode,
|
||||||
|
disableUserToken: get().disableUserToken,
|
||||||
|
};
|
||||||
},
|
},
|
||||||
updateCode(code: string) {
|
updateCode(code: string) {
|
||||||
set((state) => ({ accessCode: code }));
|
set((state) => ({ accessCode: code }));
|
||||||
@ -37,8 +45,11 @@ export const useAccessStore = create<AccessControlStore>()(
|
|||||||
},
|
},
|
||||||
isAuthorized() {
|
isAuthorized() {
|
||||||
// has token or has code or disabled access control
|
// has token or has code or disabled access control
|
||||||
|
const accessControl = get().accessControl();
|
||||||
return (
|
return (
|
||||||
!!get().token || !!get().accessCode || !get().enabledAccessControl()
|
!accessControl.needCode ||
|
||||||
|
!!get().accessCode ||
|
||||||
|
(!!get().token && !accessControl.disableUserToken)
|
||||||
);
|
);
|
||||||
},
|
},
|
||||||
fetch() {
|
fetch() {
|
||||||
|
|||||||
@ -30,7 +30,7 @@ export function middleware(req: NextRequest) {
|
|||||||
console.log("[User IP] ", getIP(req));
|
console.log("[User IP] ", getIP(req));
|
||||||
console.log("[Time] ", new Date().toLocaleString());
|
console.log("[Time] ", new Date().toLocaleString());
|
||||||
|
|
||||||
if (serverConfig.needCode && !serverConfig.codes.has(hashedCode) && !token) {
|
if (serverConfig.needCode && !serverConfig.codes.has(hashedCode) && (!token || serverConfig.disableUserToken)) {
|
||||||
return NextResponse.json(
|
return NextResponse.json(
|
||||||
{
|
{
|
||||||
error: true,
|
error: true,
|
||||||
@ -44,7 +44,7 @@ export function middleware(req: NextRequest) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// inject api key
|
// inject api key
|
||||||
if (!token) {
|
if (!token || serverConfig.disableUserToken) {
|
||||||
const apiKey = serverConfig.apiKey;
|
const apiKey = serverConfig.apiKey;
|
||||||
if (apiKey) {
|
if (apiKey) {
|
||||||
console.log("[Auth] set system token");
|
console.log("[Auth] set system token");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user