From a05145bf48ba5147ee9b9d5f683292c5f86b140b Mon Sep 17 00:00:00 2001 From: Supra4E8C Date: Mon, 8 Dec 2025 12:33:11 +0800 Subject: [PATCH] feat: implement iFlow OAuth access restrictions to local machine only, enhancing visibility logic and user notifications --- app.js | 61 +++++++++++++++++++++++++++++--------------- i18n.js | 2 ++ src/modules/oauth.js | 11 ++++++++ 3 files changed, 54 insertions(+), 20 deletions(-) diff --git a/app.js b/app.js index 9a428d8..0c76e82 100644 --- a/app.js +++ b/app.js @@ -229,13 +229,25 @@ class CLIProxyManager { } } + isLocalHostname(hostname = (typeof window !== 'undefined' ? window.location.hostname : '')) { + const host = (hostname || '').toLowerCase(); + return host === 'localhost' || host === '127.0.0.1' || host === '::1'; + } + + isIflowOAuthAllowed(hostname = (typeof window !== 'undefined' ? window.location.hostname : '')) { + const host = (hostname || '').toLowerCase(); + // iFlow OAuth 仅允许在本机回环地址访问 + return host === '127.0.0.1' || host === 'localhost' || host === '::1'; + } + // 检查主机名并隐藏 OAuth 登录框 checkHostAndHideOAuth() { const hostname = window.location.hostname; - const isLocalhost = hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1'; + const isLocalhost = this.isLocalHostname(hostname); + const isIflowOAuthAllowed = this.isIflowOAuthAllowed(hostname); if (!isLocalhost) { - // 隐藏所有 OAuth 登录卡片(除了iFlow,因为它有Cookie登录功能可远程使用) + // 隐藏所有 OAuth 登录卡片(除了 iFlow, 因为它有 Cookie 登录功能可远程使用) OAUTH_CARD_IDS.forEach(cardId => { const card = document.getElementById(cardId); if (card) { @@ -243,24 +255,6 @@ class CLIProxyManager { } }); - // 对于 iFlow card,只隐藏 OAuth 部分,保留 Cookie 登录部分 - const iflowCard = document.getElementById('iflow-oauth-card'); - if (iflowCard) { - // 隐藏 OAuth 部分 - const oauthContent = document.getElementById('iflow-oauth-content'); - const oauthButton = iflowCard.querySelector('button[onclick*="startIflowOAuth"]'); - const oauthStatus = document.getElementById('iflow-oauth-status'); - const oauthUrlGroup = iflowCard.querySelector('.form-group:has(#iflow-oauth-url)'); - - if (oauthContent) oauthContent.style.display = 'none'; - if (oauthButton) oauthButton.style.display = 'none'; - if (oauthStatus) oauthStatus.style.display = 'none'; - if (oauthUrlGroup) oauthUrlGroup.style.display = 'none'; - - // 保持整个card可见,因为Cookie登录部分仍然可用 - iflowCard.style.display = 'block'; - } - // 如果找不到具体的卡片 ID,尝试通过类名查找 const oauthCardElements = document.querySelectorAll('.card'); oauthCardElements.forEach(card => { @@ -277,6 +271,33 @@ class CLIProxyManager { console.log(`当前主机名: ${hostname},已隐藏 OAuth 登录框(保留 iFlow Cookie 登录)`); } + + if (!isIflowOAuthAllowed) { + // 对于 iFlow card, 仅在本机允许 OAuth,其余情况只保留 Cookie 登录 + const iflowCard = document.getElementById('iflow-oauth-card'); + if (iflowCard) { + const oauthContent = document.getElementById('iflow-oauth-content'); + const oauthButton = document.getElementById('iflow-oauth-btn'); + const oauthStatus = document.getElementById('iflow-oauth-status'); + const oauthUrlGroup = document.getElementById('iflow-oauth-url')?.closest('.form-group'); + const oauthHint = iflowCard.querySelector('[data-i18n="auth_login.iflow_oauth_hint"]'); + + if (oauthContent) oauthContent.style.display = 'none'; + if (oauthButton) oauthButton.style.display = 'none'; + if (oauthStatus) { + oauthStatus.textContent = i18n.t('auth_login.iflow_oauth_local_only'); + oauthStatus.style.display = 'block'; + oauthStatus.style.color = 'var(--warning-text)'; + } + if (oauthUrlGroup) oauthUrlGroup.style.display = 'none'; + if (oauthHint) oauthHint.style.display = 'none'; + + // 保持整个 card 可见, 因为 Cookie 登录部分仍然可用 + iflowCard.style.display = 'block'; + } + + console.log(`当前主机名: ${hostname},iFlow OAuth 已限制为本机访问,仅保留 Cookie 登录`); + } } // 检查登录状态 diff --git a/i18n.js b/i18n.js index bfef89e..066a38c 100644 --- a/i18n.js +++ b/i18n.js @@ -431,6 +431,7 @@ const i18n = { 'auth_login.iflow_oauth_title': 'iFlow OAuth', 'auth_login.iflow_oauth_button': '开始 iFlow 登录', 'auth_login.iflow_oauth_hint': '通过 OAuth 流程登录 iFlow 服务,自动获取并保存认证文件。', + 'auth_login.iflow_oauth_local_only': 'iFlow OAuth 仅在本机 (127.0.0.1) 访问时可用,请使用 Cookie 登录。', 'auth_login.iflow_oauth_url_label': '授权链接:', 'auth_login.iflow_open_link': '打开链接', 'auth_login.iflow_copy_link': '复制链接', @@ -1097,6 +1098,7 @@ const i18n = { 'auth_login.iflow_oauth_title': 'iFlow OAuth', 'auth_login.iflow_oauth_button': 'Start iFlow Login', 'auth_login.iflow_oauth_hint': 'Login to iFlow service through OAuth flow, automatically obtain and save authentication files.', + 'auth_login.iflow_oauth_local_only': 'iFlow OAuth is only available from 127.0.0.1 (local machine); please use Cookie login remotely.', 'auth_login.iflow_oauth_url_label': 'Authorization URL:', 'auth_login.iflow_open_link': 'Open Link', 'auth_login.iflow_copy_link': 'Copy Link', diff --git a/src/modules/oauth.js b/src/modules/oauth.js index 61e7ad5..8c6521b 100644 --- a/src/modules/oauth.js +++ b/src/modules/oauth.js @@ -723,6 +723,17 @@ export const oauthModule = { // 开始 iFlow OAuth 流程 async startIflowOAuth() { + if (!this.isIflowOAuthAllowed()) { + const statusEl = document.getElementById('iflow-oauth-status'); + if (statusEl) { + statusEl.textContent = i18n.t('auth_login.iflow_oauth_local_only'); + statusEl.style.display = 'block'; + statusEl.style.color = 'var(--warning-text)'; + } + this.showNotification(i18n.t('auth_login.iflow_oauth_local_only'), 'error'); + return; + } + try { const response = await this.makeRequest('/iflow-auth-url?is_webui=1'); const authUrl = response.url;