Spaces:

javaeeduke
/

FreeLLMAPI

Running

App Files Files Community

javaeeduke commited on 7 days ago

Commit

b78b330

verified ·

1 Parent(s): 5772276

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +26 -26

Dockerfile CHANGED Viewed

@@ -9,39 +9,39 @@ RUN npm run build
 FROM node:20-slim AS runner
 WORKDIR /app
-# 1. 安装用于网络转发和基础认证的 caddy（极其轻量且极其安全）
-RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl \
-    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | apt-key add - \
-    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.yandex.net/caddy/stable.list \
-    && apt-get update && apt-get install -y caddy && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /app ./
 RUN mkdir -p /data/freellm
-# 2. 路由修复
 RUN cp -r client/dist/* server/dist/public/ 2>/dev/null || cp -r client/dist/* server/public/ 2>/dev/null || true
-# 3. 环境变量（让 FreeLLMAPI 后端改退到内部 8080 端口，把 7860 留给密码锁）
 EXPOSE 7860
-ENV PORT=8080
 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
-# 4. 【核心绝杀】：动态生成密码锁配置文件，并启动全套服务
 CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && \
-    # 如果你在 HF Settings 里配了这两个 secret，就用你配的；没配就默认 admin/admin123 \
-    USER=${SPACE_BASIC_AUTH_USERNAME:-admin} && \
-    PASS=${SPACE_BASIC_AUTH_PASSWORD:-admin123} && \
-    HASHED_PASS=$(caddy hash-password --plaintext \"$PASS\") && \
-    # 现场印制 Caddyfile 配置文件 \
-    echo \":7860 {\" > Caddyfile && \
-    echo \"  basic_auth / { \" >> Caddyfile && \
-    echo \"    $USER $HASHED_PASS\" >> Caddyfile && \
-    echo \"  }\" >> Caddyfile && \
-    echo \"  reverse_proxy localhost:8080\" >> Caddyfile && \
-    echo \"}\" >> Caddyfile && \
-    # 动态计算密钥并后台启动 API 引擎 \
-    export ENCRYPTION_KEY=$(node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\") && \
-    node server/dist/index.js & \
-    # 前台启动密码锁守护进程 \
-    caddy run --config Caddyfile\"]

 FROM node:20-slim AS runner
 WORKDIR /app
 COPY --from=builder /app ./
 RUN mkdir -p /data/freellm
+# 1. 前端路由修复
 RUN cp -r client/dist/* server/dist/public/ 2>/dev/null || cp -r client/dist/* server/public/ 2>/dev/null || true
+# 2. 注入基础配置
 EXPOSE 7860
+ENV PORT=7860
 ENV NODE_ENV=production
 ENV DATABASE_URL="file:/data/database.sqlite"
+# 3. 【原生绝杀】：在容器启动前，动态往核心代码里塞入一段 Basic Auth 拦截逻辑
 CMD ["sh", "-c", "rm -rf /app/server/data && ln -s /data/freellm /app/server/data && \
+    # 动态把密码拦截代码注入到后端的入口文件中 \
+    node -e \" \
+    const fs = require('fs'); \
+    const file = 'server/dist/index.js'; \
+    if (fs.existsSync(file)) { \
+      let content = fs.readFileSync(file, 'utf8'); \
+      const injectCode = ` \
+        // 密码锁中间件 \
+        global.authMiddleware = (req, res, next) => { \
+          const user = process.env.SPACE_BASIC_AUTH_USERNAME || 'admin'; \
+          const pass = process.env.SPACE_BASIC_AUTH_PASSWORD || 'admin123'; \
+          const auth = { login: user, password: pass }; \
+          const b64auth = (req.headers.authorization || '').split(' ')[1] || ''; \
+          const [login, password] = Buffer.from(b64auth, 'base64').toString().split(':'); \
+          if (req.url.startsWith('/v1')) return next(); \
+          if (login && password && login === auth.login && password === auth.password) return next(); \
+          res.statusCode = 401; \
+          res.setHeader('WWW-Authenticate', 'Basic realm=\\\"Secure Area\\\"'); \
+          res.end('Unauthorized'); \
+        }; \
+      `; \
+      content = injectCode + content.replace('const app =', 'const app = ; app