feat: add disable sign

README.md

@@ -13,6 +13,8 @@ Usage of OpenList-Proxy:
         openlist address
   -cert string
         cert file (default "server.crt")
+  -disable-sign
+        disable signature verification
   -help
         show help
   -https

openlist-proxy.go

@@ -29,6 +29,7 @@ var (
 	https             bool
 	help              bool
 	showVersion       bool
+	disableSign       bool
 	certFile, keyFile string
 	address, token    string
 	s                 sign.Sign
@@ -40,6 +41,7 @@ func init() {
 	flag.BoolVar(&https, "https", false, "use https protocol.")
 	flag.BoolVar(&help, "help", false, "show help")
 	flag.BoolVar(&showVersion, "version", false, "show version and exit")
+	flag.BoolVar(&disableSign, "disable-sign", false, "disable signature verification")
 	flag.StringVar(&certFile, "cert", "server.crt", "cert file")
 	flag.StringVar(&keyFile, "key", "server.key", "key file")
 	flag.StringVar(&address, "address", "", "openlist address")
@@ -66,13 +68,18 @@ func errorResponse(w http.ResponseWriter, code int, msg string) {
 }
 
 func downHandle(w http.ResponseWriter, r *http.Request) {
-	sign := r.URL.Query().Get("sign")
 	filePath := r.URL.Path
-	err := s.Verify(filePath, sign)
-	if err != nil {
-		errorResponse(w, 401, err.Error())
-		return
+
+	// If signature verification is not disabled, perform signature verification
+	if !disableSign {
+		sign := r.URL.Query().Get("sign")
+		err := s.Verify(filePath, sign)
+		if err != nil {
+			errorResponse(w, 401, err.Error())
+			return
+		}
 	}
+
 	data := Json{
 		"path": filePath,
 	}

openlist-proxy.js

@@ -1,7 +1,29 @@
 // src/const.js
-const ADDRESS = "YOUR_ADDRESS";
-const TOKEN = "YOUR_TOKEN";
-const WORKER_ADDRESS = "YOUR_WORKER_ADDRESS";
+// Environment variables will be injected by Cloudflare Worker runtime
+// These will be set during the fetch function execution
+let ADDRESS, TOKEN, WORKER_ADDRESS, DISABLE_SIGN;
+
+// Function to initialize constants from environment variables
+function initConstants(env) {
+  // OpenList 后端服务器地址 (不要包含尾随斜杠)
+  // OpenList backend server address (do not include trailing slash)
+  ADDRESS = env.ADDRESS || "YOUR_ADDRESS";
+  // OpenList 服务器的 API 访问令牌 (密钥)
+  // API access token (secret key) for OpenList server
+  TOKEN = env.TOKEN || "YOUR_TOKEN";
+  // Cloudflare Worker 的完整地址
+  // Full address of your Cloudflare Worker
+  WORKER_ADDRESS = env.WORKER_ADDRESS || "YOUR_WORKER_ADDRESS";
+  // 是否禁用签名验证 (推荐设置为 false)
+  // Whether to disable signature verification (recommended to set as false)
+  // 隐私警告：关闭签名会造成文件可被任何知晓路径的人获取
+  // Privacy Warning: Disabling signature allows files to be accessed by anyone who knows the path.
+  DISABLE_SIGN =
+    env.DISABLE_SIGN === "true" || env.DISABLE_SIGN === true || false;
+}
+
+// Privacy Warning: Disabling signature allows files to be accessed by anyone who knows the path.
+// 隐私警告：关闭签名会造成文件可被任何知晓路径的人获取
 
 // src/verify.js
 /**
@@ -11,6 +33,11 @@ const WORKER_ADDRESS = "YOUR_WORKER_ADDRESS";
  * @returns {Promise<string>} Error message if invalid, empty string if valid.
  */
 var verify = async (data, _sign) => {
+  // If signature verification is disabled, return pass directly
+  if (DISABLE_SIGN) {
+    return "";
+  }
+
   const signSlice = _sign.split(":");
   if (!signSlice[signSlice.length - 1]) {
     return "expire missing";
@@ -70,23 +97,28 @@ async function handleDownload(request) {
   const origin = request.headers.get("origin") ?? "*";
   const url = new URL(request.url);
   const path = decodeURIComponent(url.pathname);
-  const sign = url.searchParams.get("sign") ?? "";
-  const verifyResult = await verify(path, sign);
-  if (verifyResult !== "") {
-    const resp2 = new Response(
-      JSON.stringify({
-        code: 401,
-        message: verifyResult,
-      }),
-      {
-        headers: {
-          "content-type": "application/json;charset=UTF-8",
-        },
-      }
-    );
-    resp2.headers.set("Access-Control-Allow-Origin", origin);
-    return resp2;
+
+  // If signature verification is not disabled, perform signature verification
+  if (!DISABLE_SIGN) {
+    const sign = url.searchParams.get("sign") ?? "";
+    const verifyResult = await verify(path, sign);
+    if (verifyResult !== "") {
+      const resp2 = new Response(
+        JSON.stringify({
+          code: 401,
+          message: verifyResult,
+        }),
+        {
+          headers: {
+            "content-type": "application/json;charset=UTF-8",
+            "Access-Control-Allow-Origin": origin,
+          },
+        }
+      );
+      return resp2;
+    }
   }
+
   let resp = await fetch(`${ADDRESS}/api/fs/link`, {
     method: "POST",
     headers: {
@@ -140,7 +172,7 @@ async function handleDownload(request) {
 function handleOptions(request) {
   const corsHeaders = {
     "Access-Control-Allow-Origin": "*",
-    "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
+    "Access-Control-Allow-Methods": "GET, HEAD, OPTIONS",
     "Access-Control-Max-Age": "86400",
   };
   let headers = request.headers;
@@ -159,7 +191,7 @@ function handleOptions(request) {
   } else {
     return new Response(null, {
       headers: {
-        Allow: "GET, HEAD, POST, OPTIONS",
+        Allow: "GET, HEAD, OPTIONS",
       },
     });
   }
@@ -188,6 +220,8 @@ async function handleRequest(request) {
  */
 var src_default = {
   async fetch(request, env, ctx) {
+    // Initialize constants from environment variables
+    initConstants(env);
     return await handleRequest(request);
   },
 };