woohoo

default/config.yaml

@@ -31,6 +31,8 @@ enableForwardedWhitelist: true
 whitelist:
   - ::1
   - 127.0.0.1
+# HTML displayed when a connection is blocked. Use "{{ipDetails}}" to print the client's IP.
+whitelistErrorMessage: "<h1>Forbidden</h1><p>If you are the system administrator, add your IP address to the whitelist or disable whitelist mode by editing <code>config.yaml</code> in the root directory of your installation.</p><hr /><p><em>Connection from {{ipDetails}} has been blocked. This attempt has been logged.</em></p>"
 # Toggle basic authentication for endpoints
 basicAuthMode: false
 # Basic authentication credentials

src/middleware/whitelist.js

@@ -1,6 +1,7 @@
 import path from 'node:path';
 import fs from 'node:fs';
 import process from 'node:process';
+import Handlebars from 'handlebars';
 import ipMatching from 'ip-matching';
 
 import { getIpFromRequest } from '../express-common.js';
@@ -11,6 +12,9 @@ const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', fals
 let whitelist = getConfigValue('whitelist', []);
 let knownIPs = new Set();
 
+const DEFAULT_WHITELIST_ERROR_MESSAGE =
+    '<h1>Forbidden</h1><p>If you are the system administrator, add your IP address to the whitelist or disable whitelist mode by editing <code>config.yaml</code> in the root directory of your installation.</p><hr /><p><em>Connection from {{ipDetails}} has been blocked. This attempt has been logged.</em></p>';
+
 if (fs.existsSync(whitelistPath)) {
     try {
         let whitelistTxt = fs.readFileSync(whitelistPath, 'utf-8');
@@ -55,9 +59,9 @@ export default function whitelistMiddleware(whitelistMode, listen) {
     return function (req, res, next) {
         const clientIp = getIpFromRequest(req);
         const forwardedIp = getForwardedIp(req);
+        const userAgent = req.headers['user-agent'];
 
         if (listen && !knownIPs.has(clientIp)) {
-            const userAgent = req.headers['user-agent'];
             console.log(color.yellow(`New connection from ${clientIp}; User Agent: ${userAgent}\n`));
             knownIPs.add(clientIp);
 
@@ -76,9 +80,21 @@ export default function whitelistMiddleware(whitelistMode, listen) {
             || forwardedIp && whitelistMode === true && !whitelist.some(x => ipMatching.matches(forwardedIp, ipMatching.getMatch(x)))
         ) {
             // Log the connection attempt with real IP address
-            const ipDetails = forwardedIp ? `${clientIp} (forwarded from ${forwardedIp})` : clientIp;
+            const ipDetails = forwardedIp
-            console.log(color.red('Forbidden: Connection attempt from ' + ipDetails + '. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.\n'));
+                ? `${clientIp} (forwarded from ${forwardedIp})`
-            return res.status(403).send('<b>Forbidden</b>: Connection attempt from <b>' + ipDetails + '</b>. If you are attempting to connect, please add your IP address in whitelist or disable whitelist mode in config.yaml in root of SillyTavern folder.');
+                : clientIp;
+            const errorMessage = Handlebars.compile(
+                getConfigValue(
+                    'whitelistErrorMessage',
+                    DEFAULT_WHITELIST_ERROR_MESSAGE,
+                ),
+            );
+            console.log(
+                color.red(
+                    `Blocked connection from ${clientIp}; User Agent: ${userAgent}\n\tTo allow this connection, add its IP address to the whitelist or disable whitelist mode by editing config.yaml in the root directory of your SillyTavern installation.\n`,
+                ),
+            );
+            return res.status(403).send(errorMessage({ ipDetails }));
         }
         next();
     };