forked from ChatGPTNextWeb/NextChat
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'ChatGPTNextWeb:main' into main
- Loading branch information
Showing
7 changed files
with
226 additions
and
106 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
import { NextRequest, NextResponse } from "next/server"; | ||
|
||
async function handle( | ||
req: NextRequest, | ||
{ params }: { params: { action: string; key: string[] } }, | ||
) { | ||
const requestUrl = new URL(req.url); | ||
const endpoint = requestUrl.searchParams.get("endpoint"); | ||
|
||
if (req.method === "OPTIONS") { | ||
return NextResponse.json({ body: "OK" }, { status: 200 }); | ||
} | ||
const [...key] = params.key; | ||
// only allow to request to *.upstash.io | ||
if (!endpoint || !new URL(endpoint).hostname.endsWith(".upstash.io")) { | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.key.join("/"), | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
// only allow upstash get and set method | ||
if (params.action !== "get" && params.action !== "set") { | ||
console.log("[Upstash Route] forbidden action ", params.action); | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.action, | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
const targetUrl = `${endpoint}/${params.action}/${params.key.join("/")}`; | ||
|
||
const method = req.method; | ||
const shouldNotHaveBody = ["get", "head"].includes( | ||
method?.toLowerCase() ?? "", | ||
); | ||
|
||
const fetchOptions: RequestInit = { | ||
headers: { | ||
authorization: req.headers.get("authorization") ?? "", | ||
}, | ||
body: shouldNotHaveBody ? null : req.body, | ||
method, | ||
// @ts-ignore | ||
duplex: "half", | ||
}; | ||
|
||
console.log("[Upstash Proxy]", targetUrl, fetchOptions); | ||
const fetchResult = await fetch(targetUrl, fetchOptions); | ||
|
||
console.log("[Any Proxy]", targetUrl, { | ||
status: fetchResult.status, | ||
statusText: fetchResult.statusText, | ||
}); | ||
|
||
return fetchResult; | ||
} | ||
|
||
export const POST = handle; | ||
export const GET = handle; | ||
export const OPTIONS = handle; | ||
|
||
export const runtime = "edge"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
import { NextRequest, NextResponse } from "next/server"; | ||
import { STORAGE_KEY } from "../../../constant"; | ||
async function handle( | ||
req: NextRequest, | ||
{ params }: { params: { path: string[] } }, | ||
) { | ||
if (req.method === "OPTIONS") { | ||
return NextResponse.json({ body: "OK" }, { status: 200 }); | ||
} | ||
const folder = STORAGE_KEY; | ||
const fileName = `${folder}/backup.json`; | ||
|
||
const requestUrl = new URL(req.url); | ||
let endpoint = requestUrl.searchParams.get("endpoint"); | ||
if (!endpoint?.endsWith("/")) { | ||
endpoint += "/"; | ||
} | ||
const endpointPath = params.path.join("/"); | ||
|
||
// only allow MKCOL, GET, PUT | ||
if (req.method !== "MKCOL" && req.method !== "GET" && req.method !== "PUT") { | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.path.join("/"), | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
// for MKCOL request, only allow request ${folder} | ||
if ( | ||
req.method == "MKCOL" && | ||
!new URL(endpointPath).pathname.endsWith(folder) | ||
) { | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.path.join("/"), | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
// for GET request, only allow request ending with fileName | ||
if ( | ||
req.method == "GET" && | ||
!new URL(endpointPath).pathname.endsWith(fileName) | ||
) { | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.path.join("/"), | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
// for PUT request, only allow request ending with fileName | ||
if ( | ||
req.method == "PUT" && | ||
!new URL(endpointPath).pathname.endsWith(fileName) | ||
) { | ||
return NextResponse.json( | ||
{ | ||
error: true, | ||
msg: "you are not allowed to request " + params.path.join("/"), | ||
}, | ||
{ | ||
status: 403, | ||
}, | ||
); | ||
} | ||
|
||
const targetUrl = `${endpoint + endpointPath}`; | ||
|
||
const method = req.method; | ||
const shouldNotHaveBody = ["get", "head"].includes( | ||
method?.toLowerCase() ?? "", | ||
); | ||
|
||
const fetchOptions: RequestInit = { | ||
headers: { | ||
authorization: req.headers.get("authorization") ?? "", | ||
}, | ||
body: shouldNotHaveBody ? null : req.body, | ||
method, | ||
// @ts-ignore | ||
duplex: "half", | ||
}; | ||
|
||
const fetchResult = await fetch(targetUrl, fetchOptions); | ||
|
||
console.log("[Any Proxy]", targetUrl, { | ||
status: fetchResult.status, | ||
statusText: fetchResult.statusText, | ||
}); | ||
|
||
return fetchResult; | ||
} | ||
|
||
export const POST = handle; | ||
export const GET = handle; | ||
export const OPTIONS = handle; | ||
|
||
export const runtime = "edge"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,7 +23,7 @@ export enum Path { | |
} | ||
|
||
export enum ApiPath { | ||
Cors = "/api/cors", | ||
Cors = "", | ||
OpenAI = "/api/openai", | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.