Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Jun 25, 2024
2 parents deaee56 + b972a0d commit 2ff3de2
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 6 deletions.
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2023 Zhang Yifei
Copyright (c) 2023-2024 Zhang Yifei

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
20 changes: 17 additions & 3 deletions app/api/webdav/[...path]/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@ const mergedAllowedWebDavEndpoints = [
...config.allowedWebDevEndpoints,
].filter((domain) => Boolean(domain.trim()));

const normalizeUrl = (url: string) => {
try {
return new URL(url);
} catch (err) {
return null;
}
};

async function handle(
req: NextRequest,
{ params }: { params: { path: string[] } },
Expand All @@ -24,9 +32,15 @@ async function handle(

// Validate the endpoint to prevent potential SSRF attacks
if (
!mergedAllowedWebDavEndpoints.some(
(allowedEndpoint) => endpoint?.startsWith(allowedEndpoint),
)
!endpoint ||
!mergedAllowedWebDavEndpoints.some((allowedEndpoint) => {
const normalizedAllowedEndpoint = normalizeUrl(allowedEndpoint);
const normalizedEndpoint = normalizeUrl(endpoint as string);

return normalizedEndpoint &&
normalizedEndpoint.hostname === normalizedAllowedEndpoint?.hostname &&
normalizedEndpoint.pathname.startsWith(normalizedAllowedEndpoint.pathname);
})
) {
return NextResponse.json(
{
Expand Down
1 change: 1 addition & 0 deletions app/constant.ts
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ const anthropicModels = [
"claude-3-sonnet-20240229",
"claude-3-opus-20240229",
"claude-3-haiku-20240307",
"claude-3-5-sonnet-20240620",
];

export const DEFAULT_MODELS = [
Expand Down
4 changes: 2 additions & 2 deletions src-tauri/tauri.conf.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
},
"package": {
"productName": "NextChat",
"version": "2.12.3"
"version": "2.12.4"
},
"tauri": {
"allowlist": {
Expand Down Expand Up @@ -112,4 +112,4 @@
}
]
}
}
}

0 comments on commit 2ff3de2

Please sign in to comment.