Merge pull request #4479 from ChatGPTNextWeb/chore-fix

feat: white webdav server domain
2025-11-04 08:13:43 +08:00 · 2024-04-09 18:34:28 +08:00
parent f3106e3bbb 908ce3bbd9
commit 13db64f0ec
6 changed files with 48 additions and 17 deletions
--- a/.env.template
+++ b/.env.template
@@ -57,4 +57,7 @@ ANTHROPIC_API_VERSION=


 ### anthropic claude Api url (optional)
-ANTHROPIC_URL=
+ANTHROPIC_URL=
+
+### (optional)
+WHITE_WEBDEV_ENDPOINTS=
--- a/README.md
+++ b/README.md
@@ -245,6 +245,13 @@ To control custom models, use `+` to add a custom model, use `-` to hide a model

 User `-all` to disable all default models, `+all` to enable all default models.

+### `WHITE_WEBDEV_ENDPOINTS` (可选)
+
+You can use this option if you want to increase the number of webdav service addresses you are allowed to access, as required by the format：
+- Each address must be a complete endpoint 
+> `https://xxxx/yyy`
+- Multiple addresses are connected by ', '
+
 ## Requirements

 NodeJS >= 18, Docker >= 20
--- a/README_CN.md
+++ b/README_CN.md
@@ -142,6 +142,13 @@ anthropic claude Api Url.

 如果你想禁用从链接解析预制设置，将此环境变量设置为 1 即可。

+### `WHITE_WEBDEV_ENDPOINTS` (可选)
+
+如果你想增加允许访问的webdav服务地址，可以使用该选项，格式要求：
+- 每一个地址必须是一个完整的 endpoint
+> `https://xxxx/xxx`
+- 多个地址以`,`相连
+
 ### `CUSTOM_MODELS` （可选）

 > 示例：`+qwen-7b-chat,+glm-6b,-gpt-3.5-turbo,gpt-4-1106-preview=gpt-4-turbo` 表示增加 `qwen-7b-chat` 和 `glm-6b` 到模型列表，而从列表中删除 `gpt-3.5-turbo`，并将 `gpt-4-1106-preview` 模型名字展示为 `gpt-4-turbo`。
--- a/app/api/webdav/[...path]/route.ts
+++ b/app/api/webdav/[...path]/route.ts
@@ -1,5 +1,14 @@
 import { NextRequest, NextResponse } from "next/server";
-import { STORAGE_KEY } from "../../../constant";
+import { STORAGE_KEY, internalWhiteWebDavEndpoints } from "../../../constant";
+import { getServerSideConfig } from "@/app/config/server";
+
+const config = getServerSideConfig();
+
+const mergedWhiteWebDavEndpoints = [
+  ...internalWhiteWebDavEndpoints,
+  ...config.whiteWebDevEndpoints,
+].filter((domain) => Boolean(domain.trim()));
+
 async function handle(
  req: NextRequest,
  { params }: { params: { path: string[] } },
@@ -14,7 +23,9 @@ async function handle(
  let endpoint = requestUrl.searchParams.get("endpoint");

  // Validate the endpoint to prevent potential SSRF attacks
-  if (!endpoint || !endpoint.startsWith("/")) {
+  if (
+    !mergedWhiteWebDavEndpoints.some((white) => endpoint?.startsWith(white))
+  ) {
    return NextResponse.json(
      {
        error: true,
@@ -25,6 +36,11 @@ async function handle(
      },
    );
  }
+
+  if (!endpoint?.endsWith("/")) {
+    endpoint += "/";
+  }
+
  const endpointPath = params.path.join("/");
  const targetPath = `${endpoint}/${endpointPath}`;

@@ -42,10 +58,7 @@ async function handle(
  }

  // for MKCOL request, only allow request ${folder}
-  if (
-    req.method === "MKCOL" &&
-     !targetPath.endsWith(folder)
-  ) {
+  if (req.method === "MKCOL" && !targetPath.endsWith(folder)) {
    return NextResponse.json(
      {
        error: true,
@@ -58,10 +71,7 @@ async function handle(
  }

  // for GET request, only allow request ending with fileName
-  if (
-    req.method === "GET" &&
-     !targetPath.endsWith(fileName)
-  ) {
+  if (req.method === "GET" && !targetPath.endsWith(fileName)) {
    return NextResponse.json(
      {
        error: true,
@@ -74,10 +84,7 @@ async function handle(
  }

  //   for PUT request, only allow request ending with fileName
-  if (
-    req.method === "PUT" &&
-     !targetPath.endsWith(fileName)
-  ) {
+  if (req.method === "PUT" && !targetPath.endsWith(fileName)) {
    return NextResponse.json(
      {
        error: true,
@@ -101,7 +108,7 @@ async function handle(
      authorization: req.headers.get("authorization") ?? "",
    },
    body: shouldNotHaveBody ? null : req.body,
-    redirect: 'manual',
+    redirect: "manual",
    method,
    // @ts-ignore
    duplex: "half",
@@ -117,7 +124,7 @@ async function handle(
  return fetchResult;
 }

-export const POST = handle;
+export const PUT = handle;
 export const GET = handle;
 export const OPTIONS = handle;

--- a/app/config/server.ts
+++ b/app/config/server.ts
@@ -79,6 +79,10 @@ export const getServerSideConfig = () => {
    `[Server Config] using ${randomIndex + 1} of ${apiKeys.length} api key`,
  );

+  const whiteWebDevEndpoints = (process.env.WHITE_WEBDEV_ENDPOINTS ?? "").split(
+    ",",
+  );
+
  return {
    baseUrl: process.env.BASE_URL,
    apiKey,
@@ -112,5 +116,6 @@ export const getServerSideConfig = () => {
    hideBalanceQuery: !process.env.ENABLE_BALANCE_QUERY,
    disableFastLink: !!process.env.DISABLE_FAST_LINK,
    customModels,
+    whiteWebDevEndpoints,
  };
 };
--- a/app/constant.ts
+++ b/app/constant.ts
@@ -366,3 +366,5 @@ export const DEFAULT_MODELS = [

 export const CHAT_PAGE_SIZE = 15;
 export const MAX_RENDER_MSG_COUNT = 45;
+
+export const internalWhiteWebDavEndpoints = ["https://dav.jianguoyun.com"];