rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-02-18 21:20:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

woohoo

Browse Source
This commit is contained in:
Spappz 2025-01-24 03:35:56 +00:00
parent d4672b3517
commit 90459116e3
No known key found for this signature in database
GPG Key ID: 44515A38F636F591
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
default/config.yaml
View File

@ -31,6 +31,8 @@ enableForwardedWhitelist: true
whitelist:
- ::1
- 127.0.0.1
# HTML displayed when a connection is blocked. Use "{{ipDetails}}" to print the client's IP.
whitelistErrorMessage: "<h1>Forbidden</h1><p>If you are the system administrator, add your IP address to the whitelist or disable whitelist mode by editing <code>config.yaml</code> in the root directory of your installation.</p><hr /><p><em>Connection from {{ipDetails}} has been blocked. This attempt has been logged.</em></p>"
# Toggle basic authentication for endpoints
basicAuthMode: false
# Basic authentication credentials

24
src/middleware/whitelist.js
View File

@ -1,6 +1,7 @@
import path from 'node:path';
import fs from 'node:fs';
import process from 'node:process';
import Handlebars from 'handlebars';
import ipMatching from 'ip-matching';
import { getIpFromRequest } from '../express-common.js';
@ -11,6 +12,9 @@ const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', fals
let whitelist = getConfigValue('whitelist', []);
let knownIPs = new Set();
const DEFAULT_WHITELIST_ERROR_MESSAGE =
'<h1>Forbidden</h1><p>If you are the system administrator, add your IP address to the whitelist or disable whitelist mode by editing <code>config.yaml</code> in the root directory of your installation.</p><hr /><p><em>Connection from {{ipDetails}} has been blocked. This attempt has been logged.</em></p>';
if (fs.existsSync(whitelistPath)) {
try {
let whitelistTxt = fs.readFileSync(whitelistPath, 'utf-8');
@ -55,9 +59,9 @@ export default function whitelistMiddleware(whitelistMode, listen) {
return function (req, res, next) {
const clientIp = getIpFromRequest(req);
const forwardedIp = getForwardedIp(req);
const userAgent = req.headers['user-agent'];
if (listen && !knownIPs.has(clientIp)) {
const userAgent = req.headers['user-agent'];
console.log(color.yellow(`New connection from ${clientIp}; User Agent: ${userAgent}\n`));
knownIPs.add(clientIp);
@ -76,9 +80,21 @@ export default function whitelistMiddleware(whitelistMode, listen) {
|| forwardedIp && whitelistMode === true && !whitelist.some(x => ipMatching.matches(forwardedIp, ipMatching.getMatch(x)))
) {
// Log the connection attempt with real IP address
const ipDetails = forwardedIp ? `${clientIp} (forwarded from ${forwardedIp})` : clientIp;
console.log(color.red('Forbidden: Connection attempt from ' + ipDetails + '. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.\n'));
return res.status(403).send('<b>Forbidden</b>: Connection attempt from <b>' + ipDetails + '</b>. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.');
const ipDetails = forwardedIp
? `${clientIp} (forwarded from ${forwardedIp})`
: clientIp;
const errorMessage = Handlebars.compile(
getConfigValue(
'whitelistErrorMessage',
DEFAULT_WHITELIST_ERROR_MESSAGE,
),
);
console.log(
color.red(
`Blocked connection from ${clientIp}; User Agent: ${userAgent}\n\tTo allow this connection, add its IP address to the whitelist or disable whitelist mode by editing config.yaml in the root directory of your SillyTavern installation.\n`,
),
);
return res.status(403).send(errorMessage({ ipDetails }));
}
next();
};