Spaces:

ASEM12345
/

anti_api

Running

ZhaoShanGeng commited on Dec 19, 2025

Commit

e6c8f63

1 Parent(s): f076c2a

fix: 安全增强 - 移除默认凭据，使用完全随机生成

Files changed (4) hide show

.env.example CHANGED Viewed

@@ -1,10 +1,11 @@
 # 敏感配置（只在 .env 中配置）
-API_KEY=sk-text
-ADMIN_USERNAME=admin
-ADMIN_PASSWORD=admin123
-JWT_SECRET=your-jwt-secret-key-change-this-in-production
 # 可选配置
 # PROXY=http://127.0.0.1:7890
-SYSTEM_INSTRUCTION=你是聊天机器人，名字叫萌萌，如同名字这般，你的性格是软软糯糯萌萌哒的，专门为用户提供聊天和情绪价值，协助进行小说创作或者角色扮演
 # IMAGE_BASE_URL=http://your-domain.com

 # 敏感配置（只在 .env 中配置）
+# 如果不配置以下三项，系统会自动生成随机凭据并在启动时显示
+# API_KEY=your-api-key
+# ADMIN_USERNAME=your-username
+# ADMIN_PASSWORD=your-password
+# JWT_SECRET=your-jwt-secret
 # 可选配置
 # PROXY=http://127.0.0.1:7890
+# SYSTEM_INSTRUCTION=你的系统提示词
 # IMAGE_BASE_URL=http://your-domain.com

config.json CHANGED Viewed

@@ -32,7 +32,7 @@
     "retryTimes": 3,
     "skipProjectIdFetch": false,
     "useNativeAxios": false,
-    "useContextSystemPrompt": false,
     "passSignatureToClient": false
   }
 }

     "retryTimes": 3,
     "skipProjectIdFetch": false,
     "useNativeAxios": false,
+    "useContextSystemPrompt": true,
     "passSignatureToClient": false
   }
 }

scripts/build.js CHANGED Viewed

@@ -240,15 +240,12 @@ try {
     }
   }
-  // 复制配置文件模板
-  const configFiles = ['.env.example', 'config.json'];
-  for (const file of configFiles) {
-    const srcPath = path.join(rootDir, file);
-    const destPath = path.join(distDir, file);
-    if (fs.existsSync(srcPath)) {
-      fs.copyFileSync(srcPath, destPath);
-      console.log(`  ✓ Copied ${file}`);
-    }
   }
   console.log('');
@@ -256,8 +253,8 @@ try {
   console.log('');
   console.log('📋 Usage:');
   console.log('  1. Copy the dist folder to your target machine');
-  console.log('  2. Rename .env.example to .env and configure it');
-  console.log('  3. Run the executable');
   console.log('');
 } catch (error) {

     }
   }
+  // 复制配置文件模板（只复制 config.json）
+  const configSrcPath = path.join(rootDir, 'config.json');
+  const configDestPath = path.join(distDir, 'config.json');
+  if (fs.existsSync(configSrcPath)) {
+    fs.copyFileSync(configSrcPath, configDestPath);
+    console.log('  ✓ Copied config.json');
   }
   console.log('');
   console.log('');
   console.log('📋 Usage:');
   console.log('  1. Copy the dist folder to your target machine');
+  console.log('  2. Run the executable (will auto-generate random credentials if not configured)');
+  console.log('  3. Optionally create .env file to customize settings');
   console.log('');
 } catch (error) {

src/config/config.js CHANGED Viewed

@@ -36,8 +36,8 @@ function getAdminCredentials() {
   // 生成随机凭据（只生成一次）
   if (!generatedCredentials) {
     generatedCredentials = {
-      username: username || `admin_${crypto.randomBytes(4).toString('hex')}`,
-      password: password || crypto.randomBytes(12).toString('base64').replace(/[+/=]/g, ''),
       jwtSecret: jwtSecret || crypto.randomBytes(32).toString('hex')
     };
@@ -61,14 +61,12 @@ function getAdminCredentials() {
   return generatedCredentials;
 }
-const { envPath, configJsonPath, examplePath } = getConfigPaths();
-// 确保 .env 存在（如果缺失则从 .env.example 复制一份）
 if (!fs.existsSync(envPath)) {
-  if (fs.existsSync(examplePath)) {
-    fs.copyFileSync(examplePath, envPath);
-    log.info('✓ 已从 .env.example 创建 .env 文件');
-  }
 }
 // 加载 config.json

   // 生成随机凭据（只生成一次）
   if (!generatedCredentials) {
     generatedCredentials = {
+      username: username || crypto.randomBytes(8).toString('hex'),
+      password: password || crypto.randomBytes(16).toString('base64').replace(/[+/=]/g, ''),
       jwtSecret: jwtSecret || crypto.randomBytes(32).toString('hex')
     };
   return generatedCredentials;
 }
+const { envPath, configJsonPath } = getConfigPaths();
+// 确保 .env 存在（如果缺失则创建空白文件，方便用户后续配置）
 if (!fs.existsSync(envPath)) {
+  fs.writeFileSync(envPath, '# 环境变量配置文件\n# 参考 .env.example 了解可用配置项\n', 'utf8');
+  log.info('✓ 已创建空白 .env 文件，请根据需要配置环境变量');
 }
 // 加载 config.json