timxx/CloudSearch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: timxx:v0.4.1
Branches Tags
timxx:master
timxx:v0.5.5 timxx:v0.4.13 timxx:v0.4.12 timxx:v0.4.11 timxx:v0.4.10 timxx:v0.4.9 timxx:v0.4.8 timxx:v0.4.7 timxx:v0.4.6 timxx:v0.4.5 timxx:v0.4.3 timxx:v0.4.2 timxx:v0.4.1 timxx:v0.4.0 timxx:v0.3.53 timxx:v0.3.52 timxx:v0.3.51 timxx:v0.3.50 timxx:v0.3.49 timxx:v0.3.40 timxx:v0.3.32 timxx:v0.2.6 timxx:v0.2.5 timxx:v0.2.4 timxx:v0.2.2 timxx:v0.1.7 timxx:v0.1.3 timxx:v0.1.4 timxx:v0.1.5 timxx:v0.1.6 timxx:v0.1.2 timxx:v0.1.1 timxx:v0.0.3 timxx:v0.0.2 timxx:v0.1.0
..
compare: timxx:v0.4.8
Branches Tags
timxx:master
timxx:v0.5.5 timxx:v0.4.13 timxx:v0.4.12 timxx:v0.4.11 timxx:v0.4.10 timxx:v0.4.9 timxx:v0.4.8 timxx:v0.4.7 timxx:v0.4.6 timxx:v0.4.5 timxx:v0.4.3 timxx:v0.4.2 timxx:v0.4.1 timxx:v0.4.0 timxx:v0.3.53 timxx:v0.3.52 timxx:v0.3.51 timxx:v0.3.50 timxx:v0.3.49 timxx:v0.3.40 timxx:v0.3.32 timxx:v0.2.6 timxx:v0.2.5 timxx:v0.2.4 timxx:v0.2.2 timxx:v0.1.7 timxx:v0.1.3 timxx:v0.1.4 timxx:v0.1.5 timxx:v0.1.6 timxx:v0.1.2 timxx:v0.1.1 timxx:v0.0.3 timxx:v0.0.2 timxx:v0.1.0

10 Commits
v0.4.1 ... v0.4.8

Author SHA1 Message Date
admin
7471d9aece v0.4.8: docker-compose添加DATA_DIR=/data确保secrets.json路径一致 2026-05-19 03:34:23 +08:00
admin
f0c0d0f487 v0.4.8: 同步根VERSION文件 2026-05-19 02:29:12 +08:00
admin
e4e1890da3 v0.4.8: 补播link_invalid_keywords种子键 2026-05-19 02:28:49 +08:00
admin
470ebac20e v0.4.7: 修复网盘类型开关key不匹配+补全10个缺失种子配置键 2026-05-19 02:02:48 +08:00
admin
f284e14630 v0.4.6: 保存网盘配置后自动验证+获取昵称空间 2026-05-19 00:36:42 +08:00
admin
bff955e45b v0.4.5: 修复双重解密/配置key/版本号同步/buil+ssh脚本 2026-05-18 20:25:40 +08:00
admin
6f7ab6dbc6 feat: deploy.sh三重Redis密码检测(参数/conf/cli) + URL编码特殊字符 2026-05-18 18:16:33 +08:00
admin
498b593b28 fix: 添加缺失的cloud_type_uid列(CREATE TABLE和迁移) 2026-05-18 18:00:55 +08:00
admin
c57af012b1 feat: 自动生成JWT_SECRET和ADMIN_PASSWORD并持久化到secrets.json 2026-05-18 16:48:04 +08:00
admin
86d79e550b fix: docker-compose.yml 镜像版本改为 latest 2026-05-18 16:35:53 +08:00
13 changed files with 188 additions and 37 deletions
Expand all files Collapse all files

2
VERSION
View File

@@ -1 +1 @@
0.4.0 0.4.8

2
build.sh
View File

@@ -4,7 +4,7 @@ cd "$(dirname "$0")/source_clean"
VERSION=$(cat ../VERSION) VERSION=$(cat ../VERSION)
echo "🔨 Building CloudSearch v${VERSION}..." echo "🔨 Building CloudSearch v${VERSION}..."
cp ../VERSION ./VERSION
docker build -t cloudsearch-app:v${VERSION} -t cloudsearch-app:latest . docker build -t cloudsearch-app:v${VERSION} -t cloudsearch-app:latest .
echo "✅ Built: cloudsearch-app:v${VERSION} + cloudsearch-app:latest" echo "✅ Built: cloudsearch-app:v${VERSION} + cloudsearch-app:latest"

1
docker-compose.yml
View File

@@ -70,6 +70,7 @@ services:
- CORS_ORIGIN=${CORS_ORIGIN} - CORS_ORIGIN=${CORS_ORIGIN}
# ── 数据库 & 缓存 ── # ── 数据库 & 缓存 ──
- DATA_DIR=/data
- DB_PATH=${DB_PATH:-/data/database.sqlite} - DB_PATH=${DB_PATH:-/data/database.sqlite}
- REDIS_URL=${REDIS_URL:-redis://redis:6379} - REDIS_URL=${REDIS_URL:-redis://redis:6379}

2
source_clean/VERSION
View File

@@ -1 +1 @@
0.4.0 0.4.8

11
source_clean/build.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
set -e
cd "$(dirname "$0")/source_clean"
VERSION=$(cat ../VERSION)
echo "🔨 Building CloudSearch v${VERSION}..."
docker build -t cloudsearch-app:v${VERSION} -t cloudsearch-app:latest .
echo "✅ Built: cloudsearch-app:v${VERSION} + cloudsearch-app:latest"
echo " Run: docker-compose up -d app"

45
source_clean/deploy.sh
View File

@@ -7,7 +7,10 @@ cd "$SCRIPT_DIR"
# 如果 docker-compose.yml 不存在,自动下载 # 如果 docker-compose.yml 不存在,自动下载
if [ ! -f docker-compose.yml ]; then if [ ! -f docker-compose.yml ]; then
echo "📥 下载 docker-compose.yml..." echo "📥 下载 docker-compose.yml..."
wget -q https://gitea.timxx.cn/admin/CloudSearch/raw/branch/master/source_clean/docker-compose.yml wget -q https://gitea.timxx.cn/admin/CloudSearch/raw/branch/master/source_clean/docker-compose.yml || {
echo "❌ 下载失败,请检查网络"
exit 1
}
fi fi
echo "🔍 检测 Redis..." echo "🔍 检测 Redis..."
@@ -23,11 +26,43 @@ if [ -n "$EXISTING_REDIS" ]; then
echo " ✅ 已加入 cloudsearch-net" echo " ✅ 已加入 cloudsearch-net"
fi fi
# 检测 Redis 密码 # 检测 Redis 密码 (多种来源)
REDIS_PASS=$(docker inspect "$EXISTING_REDIS" --format '{{range .Config.Cmd}}{{println .}}{{end}}' 2>/dev/null | grep -A1 'requirepass' | tail -1 || true) REDIS_PASS=""
# 方法1: 从命令行参数 --requirepass
PASS_FROM_CMD=$(docker inspect "$EXISTING_REDIS" --format '{{range .Config.Cmd}}{{println .}}{{end}}' 2>/dev/null | grep -A1 'requirepass' | tail -1 | tr -d '[:space:]' || true)
if [ -n "$PASS_FROM_CMD" ] && [ "$PASS_FROM_CMD" != "redis-server" ] && [ "$PASS_FROM_CMD" != "/etc/redis/redis.conf" ]; then
REDIS_PASS="$PASS_FROM_CMD"
echo " 🔑 从启动参数检测到 Redis 密码"
fi
# 方法2: 从 redis.conf 读取 (1Panel 常见配置方式)
if [ -z "$REDIS_PASS" ]; then
PASS_FROM_CONF=$(docker exec "$EXISTING_REDIS" cat /etc/redis/redis.conf 2>/dev/null | grep '^requirepass ' | awk '{print $2}' | tr -d '"' || true)
if [ -n "$PASS_FROM_CONF" ]; then
REDIS_PASS="$PASS_FROM_CONF"
echo " 🔑 从 redis.conf 检测到 Redis 密码"
fi
fi
# 方法3: 尝试无密码连接测试
if [ -z "$REDIS_PASS" ]; then
if docker exec "$EXISTING_REDIS" redis-cli ping 2>/dev/null | grep -q PONG; then
echo " Redis 无密码(已通过连接测试验证)"
else
# 有密码但检测不到 — 尝试从 redis-cli 的错误消息中提取
AUTH_ERR=$(docker exec "$EXISTING_REDIS" redis-cli ping 2>&1 || true)
if echo "$AUTH_ERR" | grep -q "NOAUTH\|AUTH"; then
echo " ⚠️ Redis 需要密码但无法自动检测,请手动设置 REDIS_URL"
echo " 提示: 在 .env 中设置 REDIS_URL=redis://:密码@${EXISTING_REDIS}:6379"
fi
fi
fi
if [ -n "$REDIS_PASS" ]; then if [ -n "$REDIS_PASS" ]; then
REDIS_URL="redis://:${REDIS_PASS}@${EXISTING_REDIS}:6379" # 对密码中的特殊字符进行URL编码
echo " 🔑 检测到 Redis 密码,已自动配置" ENCODED_PASS=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$REDIS_PASS', safe=''))" 2>/dev/null || echo "$REDIS_PASS")
REDIS_URL="redis://:${ENCODED_PASS}@${EXISTING_REDIS}:6379"
else else
REDIS_URL="redis://${EXISTING_REDIS}:6379" REDIS_URL="redis://${EXISTING_REDIS}:6379"
fi fi

2
source_clean/docker-compose.yml
View File

@@ -1,7 +1,7 @@
name: cloudsearch name: cloudsearch
services: services:
app: app:
image: gitea.timxx.cn/admin/cloudsearch:v0.4.0 image: gitea.timxx.cn/admin/cloudsearch:latest
container_name: CloudSearch_App container_name: CloudSearch_App
restart: unless-stopped restart: unless-stopped
ports: ["9527:9527"] ports: ["9527:9527"]

3
source_clean/src/cloud/credential.service.ts
View File

@@ -222,7 +222,8 @@ export async function testCloudConnection(id: number): Promise<{
return { success: false, message: 'Cookie not configured' }; return { success: false, message: 'Cookie not configured' };
} }
const cookie = decryptCookie(config.cookie); // config.cookie is already decrypted by getCloudConfigById
const cookie = config.cookie;
try { try {
let valid = false; let valid = false;

52
source_clean/src/config/index.ts
View File

@@ -1,3 +1,7 @@
import * as crypto from 'crypto';
import * as fs from 'fs';
import * as path from 'path';
export interface Config { export interface Config {
port: number; port: number;
nodeEnv: string; nodeEnv: string;
@@ -23,6 +27,50 @@ export interface Config {
dbPath: string; dbPath: string;
} }
const DEFAULT_JWT_SECRETS = ['', 'cloudsearch-jwt-secret-dev', 'cloudsearch-jwt-secret-2024', 'your-super-secret-jwt-key-change-me'];
const DEFAULT_PASSWORDS = ['', 'admin123', 'admin', 'password', '123456', '0nL5kLhMIJ1121PYmQb25A'];
function loadOrGenerateSecret(key: string, envKey: string, defaultVal: string, isDefault: (v: string) => boolean, byteLen: number): string {
const envVal = process.env[envKey];
// If env var is set and NOT a known default → use it directly
if (envVal && !isDefault(envVal)) {
return envVal;
}
// Try to load from persisted secrets file
const secretsPath = path.join(process.env.DATA_DIR || '/app/data', 'secrets.json');
try {
if (fs.existsSync(secretsPath)) {
const secrets = JSON.parse(fs.readFileSync(secretsPath, 'utf8'));
if (secrets[key]) return secrets[key];
}
} catch (_) {}
// If env var is set but it's a default → still use it (admin set it explicitly, maybe for dev)
if (envVal) return envVal;
// No env var, no persisted file → auto-generate
const generated = byteLen === 16
? crypto.randomBytes(8).toString('hex') // 16-char hex for passwords
: crypto.randomBytes(byteLen).toString('hex'); // 64-char hex for JWT
try {
const dir = path.dirname(secretsPath);
if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
let existing: Record<string, string> = {};
if (fs.existsSync(secretsPath)) {
try { existing = JSON.parse(fs.readFileSync(secretsPath, 'utf8')); } catch (_) {}
}
existing[key] = generated;
fs.writeFileSync(secretsPath, JSON.stringify(existing, null, 2));
console.log(`[Config] Auto-generated ${envKey} → saved to secrets.json`);
} catch (e: any) {
console.log(`[Config] Could not persist ${envKey}:`, e.message);
}
return generated;
}
const config: Config = { const config: Config = {
port: parseInt(process.env.PORT || '9527', 10), port: parseInt(process.env.PORT || '9527', 10),
nodeEnv: process.env.NODE_ENV || 'development', nodeEnv: process.env.NODE_ENV || 'development',
@@ -30,9 +78,9 @@ const config: Config = {
pansouUrl: process.env.PANSOU_URL || 'http://localhost:8888', pansouUrl: process.env.PANSOU_URL || 'http://localhost:8888',
pansouAuthToken: process.env.PANSOU_AUTH_TOKEN || '', pansouAuthToken: process.env.PANSOU_AUTH_TOKEN || '',
videoParserUrl: process.env.VIDEO_PARSER_URL || 'http://localhost:3001', videoParserUrl: process.env.VIDEO_PARSER_URL || 'http://localhost:3001',
jwtSecret: process.env.JWT_SECRET || 'cloudsearch-jwt-secret-dev', jwtSecret: loadOrGenerateSecret('jwt_secret', 'JWT_SECRET', 'cloudsearch-jwt-secret-dev', (v) => DEFAULT_JWT_SECRETS.includes(v), 32),
adminUsername: process.env.ADMIN_USERNAME || 'admin', adminUsername: process.env.ADMIN_USERNAME || 'admin',
adminPassword: process.env.ADMIN_PASSWORD || 'admin123', adminPassword: loadOrGenerateSecret('admin_password', 'ADMIN_PASSWORD', 'admin123', (v) => DEFAULT_PASSWORDS.includes(v), 16),
validation: { validation: {
concurrency: parseInt(process.env.VALIDATION_CONCURRENCY || '10', 10), concurrency: parseInt(process.env.VALIDATION_CONCURRENCY || '10', 10),
timeout: parseInt(process.env.VALIDATION_TIMEOUT || '5000', 10), timeout: parseInt(process.env.VALIDATION_TIMEOUT || '5000', 10),

9
source_clean/src/config/startup-validator.ts
View File

@@ -42,14 +42,7 @@ export function validateConfig(): ValidationError[] {
} }
// ─── Cookie Encryption ─── // ─── Cookie Encryption ───
if (!process.env.COOKIE_ENCRYPTION_KEY) { // Key is auto-generated and persisted to encryption.key if COOKIE_ENCRYPTION_KEY is not set
errors.push({
key: 'COOKIE_ENCRYPTION_KEY',
message: '未设置网盘 Cookie 加密密钥Cookie 将以明文存储。生产环境强烈建议设置。\n' +
'生成: openssl rand -hex 32',
severity: 'warn',
});
}
// ─── Port conflict check (best-effort) ─── // ─── Port conflict check (best-effort) ───
if (config.port < 1024 && (process as any).getuid?.() !== 0) { if (config.port < 1024 && (process as any).getuid?.() !== 0) {

45
source_clean/src/database/database.ts
View File

@@ -39,6 +39,7 @@ function runMigrations(db: Database.Database): void {
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
cloud_type TEXT NOT NULL, cloud_type TEXT NOT NULL,
cookie TEXT, cookie TEXT,
cloud_type_uid TEXT DEFAULT NULL,
nickname TEXT, nickname TEXT,
is_active INTEGER NOT NULL DEFAULT 1, is_active INTEGER NOT NULL DEFAULT 1,
storage_used TEXT, storage_used TEXT,
@@ -204,6 +205,7 @@ function migrateCloudConfigs(db: Database.Database): void {
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
cloud_type TEXT NOT NULL, cloud_type TEXT NOT NULL,
cookie TEXT, cookie TEXT,
cloud_type_uid TEXT DEFAULT NULL,
nickname TEXT, nickname TEXT,
is_active INTEGER NOT NULL DEFAULT 1, is_active INTEGER NOT NULL DEFAULT 1,
storage_used TEXT, storage_used TEXT,
@@ -251,6 +253,13 @@ function migrateCloudConfigs(db: Database.Database): void {
db.exec("ALTER TABLE cloud_configs ADD COLUMN notify_config TEXT DEFAULT NULL"); db.exec("ALTER TABLE cloud_configs ADD COLUMN notify_config TEXT DEFAULT NULL");
console.log('[DB] cloud_configs migration: notify_config column added'); console.log('[DB] cloud_configs migration: notify_config column added');
} }
// Migration 6: Add cloud_type_uid column
const hasCloudTypeUid = db.prepare("SELECT sql FROM sqlite_master WHERE name='cloud_configs' AND sql LIKE '%cloud_type_uid%'").get();
if (!hasCloudTypeUid) {
db.exec("ALTER TABLE cloud_configs ADD COLUMN cloud_type_uid TEXT DEFAULT NULL");
console.log('[DB] cloud_configs migration: cloud_type_uid column added');
}
} }
} }
@@ -280,18 +289,19 @@ function seedSystemConfigs(db: Database.Database): void {
{ key: 'search_proxy_url', value: '', description: '搜索代理地址 (如 http://127.0.0.1:7890)' }, { key: 'search_proxy_url', value: '', description: '搜索代理地址 (如 http://127.0.0.1:7890)' },
{ key: 'search_strategy', value: 'wait_all', description: '搜索结果展示方式: wait_all=等待全部后展示, stream_channel=频道逐步展示' }, { key: 'search_strategy', value: 'wait_all', description: '搜索结果展示方式: wait_all=等待全部后展示, stream_channel=频道逐步展示' },
{ key: 'link_validation_enabled', value: 'true', description: '资源链接有效性检测开关true/false' }, { key: 'link_validation_enabled', value: 'true', description: '资源链接有效性检测开关true/false' },
{ key: 'cloud_enabled_quark', value: 'true', description: '夸克网盘' }, { key: 'link_invalid_keywords', value: '', description: '链接失效关键词(一行一条,命中的链接判定为失效)' },
{ key: 'cloud_enabled_baidu', value: 'true', description: '百度网盘' }, { key: 'cloud_type_quark_enabled', value: 'true', description: '夸克网盘' },
{ key: 'cloud_enabled_aliyun', value: 'true', description: '阿里云盘' }, { key: 'cloud_type_baidu_enabled', value: 'true', description: '百度网盘' },
{ key: 'cloud_enabled_115', value: 'true', description: '115 网盘' }, { key: 'cloud_type_aliyun_enabled', value: 'true', description: '阿里云盘' },
{ key: 'cloud_enabled_tianyi', value: 'true', description: '天翼云盘' }, { key: 'cloud_type_115_enabled', value: 'true', description: '115 网盘' },
{ key: 'cloud_enabled_123pan', value: 'true', description: '123 云盘' }, { key: 'cloud_type_tianyi_enabled', value: 'true', description: '天翼云盘' },
{ key: 'cloud_enabled_uc', value: 'true', description: 'UC 网盘' }, { key: 'cloud_type_123pan_enabled', value: 'true', description: '123 云盘' },
{ key: 'cloud_enabled_xunlei', value: 'true', description: '迅雷网盘' }, { key: 'cloud_type_uc_enabled', value: 'true', description: 'UC 网盘' },
{ key: 'cloud_enabled_pikpak', value: 'true', description: 'PikPak 网盘' }, { key: 'cloud_type_xunlei_enabled', value: 'true', description: '迅雷网盘' },
{ key: 'cloud_enabled_magnet', value: 'true', description: '磁力链接' }, { key: 'cloud_type_pikpak_enabled', value: 'true', description: 'PikPak 网盘' },
{ key: 'cloud_enabled_ed2k', value: 'true', description: '电驴链接' }, { key: 'cloud_type_magnet_enabled', value: 'true', description: '磁力链接' },
{ key: 'cloud_enabled_others', value: 'false', description: '其他类型(默认关闭)' }, { key: 'cloud_type_ed2k_enabled', value: 'true', description: '电驴链接' },
{ key: 'cloud_type_others_enabled', value: 'false', description: '其他类型(默认关闭)' },
{ key: 'search_result_limit', value: '10', description: '每类网盘最多展示的有效结果数' }, { key: 'search_result_limit', value: '10', description: '每类网盘最多展示的有效结果数' },
{ key: 'search_fallback_image', value: '', description: '无图资源的兜底封面图 URL留空使用渐变色' }, { key: 'search_fallback_image', value: '', description: '无图资源的兜底封面图 URL留空使用渐变色' },
{ key: 'site_logo', value: '', description: '网站 LOGO 图片 URL留空使用默认图标/文字)' }, { key: 'site_logo', value: '', description: '网站 LOGO 图片 URL留空使用默认图标/文字)' },
@@ -300,6 +310,7 @@ function seedSystemConfigs(db: Database.Database): void {
{ key: 'site_marquee', value: '📢 欢迎使用CloudSearch所有资源仅供学习交流请于下载后24小时内删除', description: '搜索栏下方滚动通知文字(从右往左滚动显示)' }, { key: 'site_marquee', value: '📢 欢迎使用CloudSearch所有资源仅供学习交流请于下载后24小时内删除', description: '搜索栏下方滚动通知文字(从右往左滚动显示)' },
{ key: 'tmdb_api_token', value: '', description: 'TMDB API 读取令牌(用于增强豆瓣内容信息)' }, { key: 'tmdb_api_token', value: '', description: 'TMDB API 读取令牌(用于增强豆瓣内容信息)' },
{ key: 'ip_geo_api_url', value: '', description: 'IP 归属地查询接口({ip} 会被替换为实际IP留空则禁用' }, { key: 'ip_geo_api_url', value: '', description: 'IP 归属地查询接口({ip} 会被替换为实际IP留空则禁用' },
{ key: 'ip_geo_api_id', value: '', description: 'IP 归属地 API IDapihz.cn 接口)' },
{ key: 'ip_geo_api_key', value: '', description: 'IP 归属地备用 API Key留空使用默认' }, { key: 'ip_geo_api_key', value: '', description: 'IP 归属地备用 API Key留空使用默认' },
{ key: 'title_filter_rules', value: '', description: '搜索结果标题过滤规则(一行一条:纯文本直接移除 / 正则用/包围/' }, { key: 'title_filter_rules', value: '', description: '搜索结果标题过滤规则(一行一条:纯文本直接移除 / 正则用/包围/' },
{ key: 'timezone', value: 'Asia/Shanghai', description: '系统时区(如 Asia/Shanghai、America/New_York、UTC' }, { key: 'timezone', value: 'Asia/Shanghai', description: '系统时区(如 Asia/Shanghai、America/New_York、UTC' },
@@ -319,6 +330,16 @@ function seedSystemConfigs(db: Database.Database): void {
{ key: 'search_all_channels', value: 'false', description: '使用所有频道参与搜索(包含未启用频道)' }, { key: 'search_all_channels', value: 'false', description: '使用所有频道参与搜索(包含未启用频道)' },
{ key: 'ip_geo_provider', value: 'apihz', description: 'IP 归属地查询接口提供商' }, { key: 'ip_geo_provider', value: 'apihz', description: 'IP 归属地查询接口提供商' },
{ key: 'auto_update_enabled', value: 'false', description: '自动更新镜像(预留,暂未实现)' }, { key: 'auto_update_enabled', value: 'false', description: '自动更新镜像(预留,暂未实现)' },
{ key: 'cleanup_auto_refresh_storage', value: 'false', description: '自动刷新网盘空间信息(每天检查一次)' },
{ key: 'cleanup_verify_enabled', value: 'false', description: '启用转存后自动验证链接有效性' },
{ key: 'cleanup_verify_interval', value: '3600', description: '自动验证间隔(秒)' },
{ key: 'cleanup_whitelist_dirs', value: '', description: '清理文件白名单目录(逗号分隔,保留不删)' },
{ key: 'proxy_url', value: '', description: 'HTTP 代理地址(用于搜索请求代理)' },
{ key: 'quark_ad_keywords', value: '', description: '夸克广告文件关键词(逗号分隔)' },
{ key: 'quark_sus_extensions', value: '', description: '夸克可疑文件后缀(逗号分隔)' },
{ key: 'quark_warning_folder_names', value: '', description: '夸克警示文件夹名称(逗号分隔)' },
{ key: 'storage_refresh_interval', value: '86400', description: '空间信息刷新间隔默认24小时' },
]; ];
const insert = db.prepare( const insert = db.prepare(
'INSERT OR IGNORE INTO system_configs (key, value, description) VALUES (?, ?, ?)' 'INSERT OR IGNORE INTO system_configs (key, value, description) VALUES (?, ?, ?)'

22
source_clean/src/routes/admin.routes.ts
View File

@@ -154,7 +154,7 @@ router.get('/admin/cloud-configs', (_req: Request, res: Response) => {
}); });
/** POST /api/admin/cloud-configs — create or smart-replace a cloud config */ /** POST /api/admin/cloud-configs — create or smart-replace a cloud config */
router.post('/admin/cloud-configs', (req: Request, res: Response) => { router.post('/admin/cloud-configs', async (req: Request, res: Response) => {
try { try {
const data = req.body; const data = req.body;
if (!data.cloud_type) { if (!data.cloud_type) {
@@ -164,6 +164,24 @@ router.post('/admin/cloud-configs', (req: Request, res: Response) => {
// Normalize is_active: frontend sends boolean, SQLite needs 0/1 // Normalize is_active: frontend sends boolean, SQLite needs 0/1
if (typeof data.is_active === 'boolean') data.is_active = data.is_active ? 1 : 0; if (typeof data.is_active === 'boolean') data.is_active = data.is_active ? 1 : 0;
const saved = saveCloudConfig(data); const saved = saveCloudConfig(data);
// Auto-validate if cookie was provided (best-effort, non-blocking)
if (data.cookie && saved.id) {
try {
const result = await testCloudConnectionWithCookie(data.cloud_type, data.cookie);
if (result.success) {
const updateData: any = { id: saved.id, cloud_type: data.cloud_type };
if (result.nickname) updateData.nickname = result.nickname;
if (result.storage_used) updateData.storage_used = result.storage_used;
if (result.storage_total) updateData.storage_total = result.storage_total;
saveCloudConfig(updateData);
Object.assign(saved, { nickname: result.nickname, storage_used: result.storage_used, storage_total: result.storage_total });
}
} catch (_) {
// Auto-validation is best-effort, don't fail the save
}
}
res.json(saved); res.json(saved);
} catch (err: any) { } catch (err: any) {
res.status(500).json({ error: err.message || 'Failed to save cloud config' }); res.status(500).json({ error: err.message || 'Failed to save cloud config' });
@@ -508,7 +526,7 @@ router.post('/admin/test-external-service', async (req: Request, res: Response)
break; break;
} }
case 'tmdb': { case 'tmdb': {
const tmdbToken = token || getSystemConfig('tmdb_api_key') || ''; const tmdbToken = token || getSystemConfig('tmdb_api_token') || '';
if (!tmdbToken) { if (!tmdbToken) {
res.json({ ok: false, info: 'TMDB API Key not configured' }); res.json({ ok: false, info: 'TMDB API Key not configured' });
return; return;

29
source_clean/src/utils/crypto.ts
View File

@@ -6,6 +6,8 @@
* Production MUST set COOKIE_ENCRYPTION_KEY! * Production MUST set COOKIE_ENCRYPTION_KEY!
*/ */
import * as crypto from 'crypto'; import * as crypto from 'crypto';
import * as fs from 'fs';
import * as path from 'path';
const ALGORITHM = 'aes-256-gcm'; const ALGORITHM = 'aes-256-gcm';
const IV_LENGTH = 12; // 96-bit nonce for GCM const IV_LENGTH = 12; // 96-bit nonce for GCM
@@ -25,9 +27,30 @@ function getKey(): Buffer {
ENCRYPTION_KEY = crypto.createHash('sha256').update(envKey).digest(); ENCRYPTION_KEY = crypto.createHash('sha256').update(envKey).digest();
console.log('[Crypto] Cookie encryption enabled (key from COOKIE_ENCRYPTION_KEY, SHA-256 derived)'); console.log('[Crypto] Cookie encryption enabled (key from COOKIE_ENCRYPTION_KEY, SHA-256 derived)');
} else { } else {
// Default stable key (not ephemeral) — data survives container restart // Auto-generate a random key and persist to file
ENCRYPTION_KEY = crypto.createHash('sha256').update('cloudsearch-cookie-key-v1').digest(); const keyFile = path.join(process.env.DATA_DIR || '/app/data', 'encryption.key');
console.log('[Crypto] Cookie encryption enabled (built-in default key — set COOKIE_ENCRYPTION_KEY in .env for extra security)'); try {
if (fs.existsSync(keyFile)) {
const savedKey = fs.readFileSync(keyFile, 'utf8').trim();
if (savedKey.length >= 32) {
ENCRYPTION_KEY = crypto.createHash('sha256').update(savedKey).digest();
console.log('[Crypto] Cookie encryption enabled (loaded from encryption.key)');
return ENCRYPTION_KEY;
}
}
} catch (_) { /* file read failed, will generate new key */ }
const autoKey = crypto.randomBytes(32).toString('hex');
try {
const dir = path.dirname(keyFile);
if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
fs.writeFileSync(keyFile, autoKey);
console.log('[Crypto] Auto-generated encryption key saved to encryption.key');
} catch (e: any) {
console.log('[Crypto] Could not persist key, using ephemeral:', e.message);
}
ENCRYPTION_KEY = crypto.createHash('sha256').update(autoKey).digest();
console.log('[Crypto] Cookie encryption enabled (auto-generated key)');
} }
return ENCRYPTION_KEY; return ENCRYPTION_KEY;
} }