xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-11-17 14:33:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:ChatGPTNextWeb/ChatGPT-Next-Web into ChatGPTNextWeb-main

Browse Source
This commit is contained in:
ayman-makki
2024-07-02 16:31:51 +01:00
parent 74a87526ff ce3b6a04c2
commit 422415af90
6 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/api/webdav/[...path]/route.ts
View File

@@ -9,6 +9,14 @@ const mergedAllowedWebDavEndpoints = [
...config.allowedWebDevEndpoints,
].filter((domain) => Boolean(domain.trim()));
const normalizeUrl = (url: string) => {
try {
return new URL(url);
} catch (err) {
return null;
}
};
async function handle(
req: NextRequest,
{ params }: { params: { path: string[] } },
@@ -24,9 +32,19 @@ async function handle(
// Validate the endpoint to prevent potential SSRF attacks
if (
!mergedAllowedWebDavEndpoints.some(
(allowedEndpoint) => endpoint?.startsWith(allowedEndpoint),
)
!endpoint ||
!mergedAllowedWebDavEndpoints.some((allowedEndpoint) => {
const normalizedAllowedEndpoint = normalizeUrl(allowedEndpoint);
const normalizedEndpoint = normalizeUrl(endpoint as string);
return (
normalizedEndpoint &&
normalizedEndpoint.hostname === normalizedAllowedEndpoint?.hostname &&
normalizedEndpoint.pathname.startsWith(
normalizedAllowedEndpoint.pathname,
)
);
})
) {
return NextResponse.json(
{

8
app/constant.ts
View File

@@ -147,9 +147,9 @@ const openaiModels = [
"gpt-4-turbo",
// "gpt-4-turbo-preview",
"gpt-4o",
// "gpt-4o-2024-05-13",
// "gpt-4-vision-preview",
// "gpt-4-turbo-2024-04-09"
"gpt-4o-2024-05-13",
"gpt-4-vision-preview",
"gpt-4-turbo-2024-04-09",
];
const googleModels = [
@@ -166,6 +166,7 @@ const anthropicModels = [
"claude-3-sonnet-20240229",
"claude-3-opus-20240229",
"claude-3-haiku-20240307",
"claude-3-5-sonnet-20240620",
];
export const DEFAULT_MODELS = [
@@ -207,6 +208,7 @@ export const internalAllowedWebDavEndpoints = [
"https://dav.dropdav.com/",
"https://dav.box.com/dav",
"https://nanao.teracloud.jp/dav/",
"https://bora.teracloud.jp/dav/",
"https://webdav.4shared.com/",
"https://dav.idrivesync.com",
"https://webdav.yandex.com",