Spaces:

javaeeduke
/

FreeLLMAPI

Running

App Files Files Community

javaeeduke commited on 7 days ago

Commit

15cdcf5

verified ·

1 Parent(s): b78b330

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +12 -24

Dockerfile CHANGED Viewed

@@ -21,27 +21,15 @@ ENV PORT=7860
 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
-# 3. 【原生绝杀】：在容器启动前，动态往核心代码里塞入一段 Basic Auth 拦截逻辑
-CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && \
-    # 动态把密码拦截代码注入到后端的入口文件中 \
-    node -e \" \
-    const fs = require('fs'); \
-    const file = 'server/dist/index.js'; \
-    if (fs.existsSync(file)) { \
-      let content = fs.readFileSync(file, 'utf8'); \
-      const injectCode = ` \
-        // 密码锁中间件 \
-        global.authMiddleware = (req, res, next) => { \
-          const user = process.env.SPACE_BASIC_AUTH_USERNAME || 'admin'; \
-          const pass = process.env.SPACE_BASIC_AUTH_PASSWORD || 'admin123'; \
-          const auth = { login: user, password: pass }; \
-          const b64auth = (req.headers.authorization || '').split(' ')[1] || ''; \
-          const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':'); \
-          if (req.url.startsWith('/v1')) return next(); \
-          if (login && password && login === auth.login && password === auth.password) return next(); \
-          res.statusCode = 401; \
-          res.setHeader('WWW-Authenticate', 'Basic realm=\\\"Secure Area\\\"'); \
-          res.end('Unauthorized'); \
-        }; \
-      `; \
-      content = injectCode + content.replace('const app =', 'const app = ; app

 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
+# 3. 【核心修复】：用最直观的方式，把看门大爷的代码写进独立的 security.js 文件里
+RUN echo "const fs = require('fs');" > security.js && \
+    echo "const file = 'server/dist/index.js';" >> security.js && \
+    echo "if (fs.existsSync(file)) {" >> security.js && \
+    echo "  let content = fs.readFileSync(file, 'utf8');" >> security.js && \
+    echo "  const injectCode = \`global.authMiddleware = (req, res, next) => { const user = process.env.SPACE_BASIC_AUTH_USERNAME || 'admin'; const pass = process.env.SPACE_BASIC_AUTH_PASSWORD || 'admin123'; const b64auth = (req.headers.authorization || '').split(' ')[1] || ''; const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':'); if (req.url.startsWith('/v1')) return next(); if (login && password && login === user && password === pass) return next(); res.statusCode = 401; res.setHeader('WWW-Authenticate', 'Basic realm=\"Secure\"'); res.end('Unauthorized'); };\`;" >> security.js && \
+    echo "  content = content.replace('const app =', 'const app = ; app.use(global.authMiddleware); //');" >> security.js && \
+    echo "  fs.writeFileSync(file, injectCode + content, 'utf8');" >> security.js && \
+    echo "}" >> security.js
+# 4. 彻底没有引号冲突的干净启动命令
+CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && node security.js && export ENCRYPTION_KEY=$(node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\") && node server/dist/index.js"]