diff --git a/README.md b/README.md index 0f4581a..b2fa337 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ Usage of OpenList-Proxy: openlist address -cert string cert file (default "server.crt") + -disable-sign + disable signature verification -help show help -https diff --git a/openlist-proxy.go b/openlist-proxy.go index 675800b..95edac8 100644 --- a/openlist-proxy.go +++ b/openlist-proxy.go @@ -29,6 +29,7 @@ var ( https bool help bool showVersion bool + disableSign bool certFile, keyFile string address, token string s sign.Sign @@ -40,6 +41,7 @@ func init() { flag.BoolVar(&https, "https", false, "use https protocol.") flag.BoolVar(&help, "help", false, "show help") flag.BoolVar(&showVersion, "version", false, "show version and exit") + flag.BoolVar(&disableSign, "disable-sign", false, "disable signature verification") flag.StringVar(&certFile, "cert", "server.crt", "cert file") flag.StringVar(&keyFile, "key", "server.key", "key file") flag.StringVar(&address, "address", "", "openlist address") @@ -66,13 +68,18 @@ func errorResponse(w http.ResponseWriter, code int, msg string) { } func downHandle(w http.ResponseWriter, r *http.Request) { - sign := r.URL.Query().Get("sign") filePath := r.URL.Path - err := s.Verify(filePath, sign) - if err != nil { - errorResponse(w, 401, err.Error()) - return + + // If signature verification is not disabled, perform signature verification + if !disableSign { + sign := r.URL.Query().Get("sign") + err := s.Verify(filePath, sign) + if err != nil { + errorResponse(w, 401, err.Error()) + return + } } + data := Json{ "path": filePath, } diff --git a/openlist-proxy.js b/openlist-proxy.js index 320e7f7..b953ef0 100644 --- a/openlist-proxy.js +++ b/openlist-proxy.js @@ -1,7 +1,29 @@ // src/const.js -const ADDRESS = "YOUR_ADDRESS"; -const TOKEN = "YOUR_TOKEN"; -const WORKER_ADDRESS = "YOUR_WORKER_ADDRESS"; +// Environment variables will be injected by Cloudflare Worker runtime +// These will be set during the fetch function execution +let ADDRESS, TOKEN, WORKER_ADDRESS, DISABLE_SIGN; + +// Function to initialize constants from environment variables +function initConstants(env) { + // OpenList 后端服务器地址 (不要包含尾随斜杠) + // OpenList backend server address (do not include trailing slash) + ADDRESS = env.ADDRESS || "YOUR_ADDRESS"; + // OpenList 服务器的 API 访问令牌 (密钥) + // API access token (secret key) for OpenList server + TOKEN = env.TOKEN || "YOUR_TOKEN"; + // Cloudflare Worker 的完整地址 + // Full address of your Cloudflare Worker + WORKER_ADDRESS = env.WORKER_ADDRESS || "YOUR_WORKER_ADDRESS"; + // 是否禁用签名验证 (推荐设置为 false) + // Whether to disable signature verification (recommended to set as false) + // 隐私警告:关闭签名会造成文件可被任何知晓路径的人获取 + // Privacy Warning: Disabling signature allows files to be accessed by anyone who knows the path. + DISABLE_SIGN = + env.DISABLE_SIGN === "true" || env.DISABLE_SIGN === true || false; +} + +// Privacy Warning: Disabling signature allows files to be accessed by anyone who knows the path. +// 隐私警告:关闭签名会造成文件可被任何知晓路径的人获取 // src/verify.js /** @@ -11,6 +33,11 @@ const WORKER_ADDRESS = "YOUR_WORKER_ADDRESS"; * @returns {Promise} Error message if invalid, empty string if valid. */ var verify = async (data, _sign) => { + // If signature verification is disabled, return pass directly + if (DISABLE_SIGN) { + return ""; + } + const signSlice = _sign.split(":"); if (!signSlice[signSlice.length - 1]) { return "expire missing"; @@ -70,23 +97,28 @@ async function handleDownload(request) { const origin = request.headers.get("origin") ?? "*"; const url = new URL(request.url); const path = decodeURIComponent(url.pathname); - const sign = url.searchParams.get("sign") ?? ""; - const verifyResult = await verify(path, sign); - if (verifyResult !== "") { - const resp2 = new Response( - JSON.stringify({ - code: 401, - message: verifyResult, - }), - { - headers: { - "content-type": "application/json;charset=UTF-8", - }, - } - ); - resp2.headers.set("Access-Control-Allow-Origin", origin); - return resp2; + + // If signature verification is not disabled, perform signature verification + if (!DISABLE_SIGN) { + const sign = url.searchParams.get("sign") ?? ""; + const verifyResult = await verify(path, sign); + if (verifyResult !== "") { + const resp2 = new Response( + JSON.stringify({ + code: 401, + message: verifyResult, + }), + { + headers: { + "content-type": "application/json;charset=UTF-8", + "Access-Control-Allow-Origin": origin, + }, + } + ); + return resp2; + } } + let resp = await fetch(`${ADDRESS}/api/fs/link`, { method: "POST", headers: { @@ -140,7 +172,7 @@ async function handleDownload(request) { function handleOptions(request) { const corsHeaders = { "Access-Control-Allow-Origin": "*", - "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS", + "Access-Control-Allow-Methods": "GET, HEAD, OPTIONS", "Access-Control-Max-Age": "86400", }; let headers = request.headers; @@ -159,7 +191,7 @@ function handleOptions(request) { } else { return new Response(null, { headers: { - Allow: "GET, HEAD, POST, OPTIONS", + Allow: "GET, HEAD, OPTIONS", }, }); } @@ -188,6 +220,8 @@ async function handleRequest(request) { */ var src_default = { async fetch(request, env, ctx) { + // Initialize constants from environment variables + initConstants(env); return await handleRequest(request); }, };