更新环境变量注入问题

f2468861 · hjdhnx · 0a6fb56f · f2468861 · f2468861 · f2468861
5 changed file
--- a/controllers/admin.py
+++ b/controllers/admin.py
@@ -20,6 +20,7 @@ from js.rules import getRules,getCacheCount
 from utils.parser import runJScode
 from werkzeug.utils import secure_filename
 from utils.web import md5
+from utils.common_api import js_render

 admin = Blueprint("admin", __name__)

@@ -83,37 +84,38 @@ def admin_update_env():  # 更新环境变量中的某个值

 @admin.route("/view/<name>",methods=['GET'])
 def admin_view_rule(name):
-    if not name or not name.split('.')[-1] in ['js','txt','py','json']:
-        return R.error(f'非法猥亵,未指定文件名。必须包含js|txt|json|py')
-    try:
-        env = get_env()
-        # print(env)
-        if env.get('js_proxy'):
-            js_proxy = env['js_proxy']
-            burl = request.base_url
-            if '=>' in js_proxy:
-                oldsrc = js_proxy.split('=>')[0]
-                if oldsrc in burl:
-                        newsrc = js_proxy.split('=>')[1]
-                        # print(f'js1源代理已启用,全局替换{oldsrc}为{newsrc}')
-                        rurl = burl.replace(oldsrc, newsrc)
-                        if burl != rurl:
-                            jscode = parser.getJs(name, 'js')
-                            # rjscode = render_template_string(jscode, env=env)
-                            rjscode = jscode
-                            for k in env:
-                                # print(f'${k}', f'{env[k]}')
-                                if f'${k}' in rjscode:
-                                    rjscode = rjscode.replace(f'${k}', f'{env[k]}')
-                            # rjscode = render_template_string(jscode, **env)
-                            if rjscode.strip() == jscode.strip():  # 无需渲染才代理
-                                return redirect(rurl)
-                            else:
-                                logger.info(f'{name}由于存在环境变量无法被依赖代理')
-
-        return parser.toJs(name,'js',env)
-    except Exception as e:
-        return R.error(f'非法猥亵\n{e}')
+    return js_render(name)
+    # if not name or not name.split('.')[-1] in ['js','txt','py','json']:
+    #     return R.error(f'非法猥亵,未指定文件名。必须包含js|txt|json|py')
+    # try:
+    #     env = get_env()
+    #     # print(env)
+    #     if env.get('js_proxy'):
+    #         js_proxy = env['js_proxy']
+    #         burl = request.base_url
+    #         if '=>' in js_proxy:
+    #             oldsrc = js_proxy.split('=>')[0]
+    #             if oldsrc in burl:
+    #                     newsrc = js_proxy.split('=>')[1]
+    #                     # print(f'js1源代理已启用,全局替换{oldsrc}为{newsrc}')
+    #                     rurl = burl.replace(oldsrc, newsrc)
+    #                     if burl != rurl:
+    #                         jscode = parser.getJs(name, 'js')
+    #                         # rjscode = render_template_string(jscode, env=env)
+    #                         rjscode = jscode
+    #                         for k in env:
+    #                             # print(f'${k}', f'{env[k]}')
+    #                             if f'${k}' in rjscode:
+    #                                 rjscode = rjscode.replace(f'${k}', f'{env[k]}')
+    #                         # rjscode = render_template_string(jscode, **env)
+    #                         if rjscode.strip() == jscode.strip():  # 无需渲染才代理
+    #                             return redirect(rurl)
+    #                         else:
+    #                             logger.info(f'{name}由于存在环境变量无法被依赖代理')
+    #
+    #     return parser.toJs(name,'js',env)
+    # except Exception as e:
+    #     return R.error(f'非法猥亵\n{e}')

 @admin.route('/clear/<name>')
 def admin_clear_rule(name):

--- a/controllers/home.py
+++ b/controllers/home.py
@@ -25,6 +25,7 @@ from utils.update import getLocalVer,getHotSuggest
 from js.rules import getJxs
 import random
 from utils.web import getParmas,verfy_token
+from utils.common_api import js_render
 import functools


@@ -137,11 +138,17 @@ def custom_static_libs(filename):
    # print(filename)
    return send_from_directory('libs', filename)

-@home.route('/js/<path:filename>')
-def custom_static_js(filename):
+# @home.route('/js/<path:filename>')
+# def custom_static_js(filename):
+#     # 自定义静态目录 {{ url_for('custom_static',filename='help.txt')}}
+#     # print(filename)
+#     return send_from_directory('js', filename)
+
+@home.route('/js/<path:name>',methods=['GET'])
+def custom_static_js(name):
    # 自定义静态目录 {{ url_for('custom_static',filename='help.txt')}}
-    # print(filename)
-    return send_from_directory('js', filename)
+    # print(name)
+    return js_render(name)

 # @home.route('/txt/<name>')
 # def get_txt_files(name):

--- a/doc/更新日志.md
+++ b/doc/更新日志.md
+###### 2023/03/22
+- [X] 3.9.40beta5 修复 /js 路径未注入环境变量问题
+
 ###### 2023/03/21
 - [X] 增加了直播转点播的api,版本号升级至 3.9.40
 - [X] 需要在custom.conf加一行自定义配置,例如:

--- a/js/version.txt
+++ b/js/version.txt
-3.9.40beta4
\ No newline at end of file
+3.9.40beta5
\ No newline at end of file
--- a/utils/common_api.py
+++ b/utils/common_api.py
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# File  : common_api.py
+# Author: DaShenHan&道长-----先苦后甜，任凭晚风拂柳颜------
+# Author's Blog: https://blog.csdn.net/qq_32394351
+# Date  : 2023/3/22
+
+from utils import parser
+from utils.env import get_env
+from base.R import R
+from flask import request,redirect
+from utils.log import logger
+
+def js_render(name):
+    if not name or not name.split('.')[-1] in ['js','txt','py','json']:
+        return R.error(f'非法猥亵,未指定文件名。必须包含js|txt|json|py')
+    try:
+        env = get_env()
+        # print(env)
+        if env.get('js_proxy'):
+            js_proxy = env['js_proxy']
+            burl = request.base_url
+            if '=>' in js_proxy:
+                oldsrc = js_proxy.split('=>')[0]
+                if oldsrc in burl:
+                        newsrc = js_proxy.split('=>')[1]
+                        # print(f'js1源代理已启用,全局替换{oldsrc}为{newsrc}')
+                        rurl = burl.replace(oldsrc, newsrc)
+                        if burl != rurl:
+                            jscode = parser.getJs(name, 'js')
+                            # rjscode = render_template_string(jscode, env=env)
+                            rjscode = jscode
+                            for k in env:
+                                # print(f'${k}', f'{env[k]}')
+                                if f'${k}' in rjscode:
+                                    rjscode = rjscode.replace(f'${k}', f'{env[k]}')
+                            # rjscode = render_template_string(jscode, **env)
+                            if rjscode.strip() == jscode.strip():  # 无需渲染才代理
+                                return redirect(rurl)
+                            else:
+                                logger.info(f'{name}由于存在环境变量无法被依赖代理')
+
+        return parser.toJs(name,'js',env)
+    except Exception as e:
+        return R.error(f'非法猥亵\n{e}')
\ No newline at end of file