diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a39e7e3a..2e539418 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build +name: build on: push: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1f66969f..689b9903 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Release +name: release on: push: tags: diff --git a/bootstrap/config.go b/bootstrap/config.go index ab69dc47..ffe8c74c 100644 --- a/bootstrap/config.go +++ b/bootstrap/config.go @@ -6,6 +6,7 @@ import ( log "github.com/sirupsen/logrus" "gopkg.in/yaml.v2" "io/ioutil" + "strings" ) func ReadConf(config string) bool { @@ -25,5 +26,6 @@ func ReadConf(config string) bool { return false } log.Debugf("config:%+v",conf.Conf) + conf.Origins = strings.Split(conf.Conf.Info.SiteUrl,",") return true } \ No newline at end of file diff --git a/conf/const.go b/conf/const.go index 5e0a979b..13396bba 100644 --- a/conf/const.go +++ b/conf/const.go @@ -13,12 +13,14 @@ var( Authorization string Cache *cache.Cache + + Origins []string ) var Conf = new(Config) const ( - VERSION="v0.1.4" + VERSION="v0.1.5" ImageThumbnailProcess="image/resize,w_50" VideoThumbnailProcess="video/snapshot,t_0,f_jpg,w_50" diff --git a/server/middlewares.go b/server/middlewares.go index bf121b06..da25323b 100644 --- a/server/middlewares.go +++ b/server/middlewares.go @@ -2,6 +2,7 @@ package server import ( "github.com/Xhofe/alist/conf" + "github.com/Xhofe/alist/utils" "github.com/gin-gonic/gin" "net/http" ) @@ -9,10 +10,14 @@ import ( func CrosHandler() gin.HandlerFunc { return func(context *gin.Context) { method := context.Request.Method - context.Writer.Header().Set("Access-Control-Allow-Origin", "*") - context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl) // 设置允许访问所有域 + // 设置跨域 + if conf.Conf.Info.SiteUrl=="*"||utils.ContainsString(conf.Origins,context.GetHeader("Origin"))!=-1 { + context.Header("Access-Control-Allow-Origin",context.GetHeader("Origin")) + }else { + context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl)//跨域访问 + } context.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE,UPDATE") - context.Header("Access-Control-Allow-Headers", "Authorization, Content-Length, X-CSRF-Token, Token,session,X_Requested_With,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language,DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Pragma,token,openid,opentoken") + context.Header("Access-Control-Allow-Headers", "Content-Length,session,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, Keep-Alive, User-Agent, Cache-Control, Content-Type, Pragma") context.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar") context.Header("Access-Control-Max-Age", "172800") context.Header("Access-Control-Allow-Credentials", "true") diff --git a/utils/check.go b/utils/check.go index f6db06f1..5dcc2800 100644 --- a/utils/check.go +++ b/utils/check.go @@ -13,4 +13,15 @@ func GetCode(rawUrl string) string { } code:=u.Query().Get("code") return code +} + +func ContainsString(array []string, val string) (index int) { + index = -1 + for i := 0; i < len(array); i++ { + if array[i] == val { + index = i + return + } + } + return } \ No newline at end of file