Spaces:

javaeeduke
/

FreeLLMAPI

Running

App Files Files Community

javaeeduke commited on 7 days ago

Commit

a944561

verified ·

1 Parent(s): 15cdcf5

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +21 -6

Dockerfile CHANGED Viewed

@@ -12,7 +12,7 @@ WORKDIR /app
 COPY --from=builder /app ./
 RUN mkdir -p /data/freellm
-# 1. 前端路由修复
 RUN cp -r client/dist/* server/dist/public/ 2>/dev/null || cp -r client/dist/* server/public/ 2>/dev/null || true
 # 2. 注入基础配置
@@ -21,15 +21,30 @@ ENV PORT=7860
 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
-# 3. 【核心修复】：用最直观的方式，把看门大爷的代码写进独立的 security.js 文件里
-RUN echo "const fs = require('fs');" > security.js && \
     echo "const file = 'server/dist/index.js';" >> security.js && \
     echo "if (fs.existsSync(file)) {" >> security.js && \
     echo "  let content = fs.readFileSync(file, 'utf8');" >> security.js && \
-    echo "  const injectCode = \`global.authMiddleware = (req, res, next) => { const user = process.env.SPACE_BASIC_AUTH_USERNAME || 'admin'; const pass = process.env.SPACE_BASIC_AUTH_PASSWORD || 'admin123'; const b64auth = (req.headers.authorization || '').split(' ')[1] || ''; const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':'); if (req.url.startsWith('/v1')) return next(); if (login && password && login === user && password === pass) return next(); res.statusCode = 401; res.setHeader('WWW-Authenticate', 'Basic realm=\"Secure\"'); res.end('Unauthorized'); };\`;" >> security.js && \
-    echo "  content = content.replace('const app =', 'const app = ; app.use(global.authMiddleware); //');" >> security.js && \
     echo "  fs.writeFileSync(file, injectCode + content, 'utf8');" >> security.js && \
     echo "}" >> security.js
-# 4. 彻底没有引号冲突的干净启动命令
 CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && node security.js && export ENCRYPTION_KEY=$(node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\") && node server/dist/index.js"]

 COPY --from=builder /app ./
 RUN mkdir -p /data/freellm
+# 1. 前端静态路由修复
 RUN cp -r client/dist/* server/dist/public/ 2>/dev/null || cp -r client/dist/* server/public/ 2>/dev/null || true
 # 2. 注入基础配置
 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
+# 3. 【无损看门狗】：直接把拦截逻辑写进一个独立的中间件，然后利用 Node.js 极低层的 http 模块拦截器
+# 无论项目底层怎么写、变量叫什么名字，只要请求进来，首先必过此关，绝不引发任何语法冲突！
+RUN echo "import fs from 'fs';" > security.js && \
     echo "const file = 'server/dist/index.js';" >> security.js && \
     echo "if (fs.existsSync(file)) {" >> security.js && \
     echo "  let content = fs.readFileSync(file, 'utf8');" >> security.js && \
+    echo "  const injectCode = \` \
+import http from 'http'; \
+const originalCreateServer = http.createServer; \
+http.createServer = function(onion) { \
+  return originalCreateServer.call(this, (req, res) => { \
+    const user = process.env.SPACE_BASIC_AUTH_USERNAME || 'admin'; \
+    const pass = process.env.SPACE_BASIC_AUTH_PASSWORD || 'admin123'; \
+    if (req.url.startsWith('/v1')) return onion(req, res); \
+    const b64auth = (req.headers.authorization || '').split(' ')[1] || ''; \
+    const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':'); \
+    if (login === user && password === pass) return onion(req, res); \
+    res.statusCode = 401; \
+    res.setHeader('WWW-Authenticate', 'Basic realm=\"Secure\"'); \
+    res.end('Unauthorized'); \
+  }); \
+}; \n\`;" >> security.js && \
     echo "  fs.writeFileSync(file, injectCode + content, 'utf8');" >> security.js && \
     echo "}" >> security.js
+# 4. 完美运行命令
 CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && node security.js && export ENCRYPTION_KEY=$(node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\") && node server/dist/index.js"]