Hugging Face's logo

Spaces:
Moge-Row
/
Row-proxy
Paused

App Files Community
4
Moge-Row commited on
Commit
1a8141e
·
1 Parent(s): 99d2a08

security: path obfuscation for hf bypass

Browse files
Files changed (2) hide show
  1. internal/handler/keys.go +10 -59
  2. main.go +1 -1
internal/handler/keys.go CHANGED
@@ -1,70 +1,21 @@
1
  package handler
2
- import (
3
- "encoding/json"
4
- "fmt"
5
- "math/rand"
6
- "net/http"
7
- "os"
8
- "sync"
9
- )
10
  type KeyData struct { Name string; Key string; Requests int; Tokens int }
11
  type Store struct { mu sync.Mutex; Keys map[string]*KeyData }
12
  var s = &Store{Keys: make(map[string]*KeyData)}
13
  const p = "/data/keys.json"
14
- func init() {
15
- os.MkdirAll("/data", 0755)
16
- f, _ := os.ReadFile(p)
17
- json.Unmarshal(f, &s.Keys)
18
- if s.Keys == nil { s.Keys = make(map[string]*KeyData) }
19
- }
20
  func save() { b, _ := json.Marshal(s.Keys); os.WriteFile(p, b, 0644) }
21
- // FUNCIONES QUE FALTABAN PARA EL BUILD
22
- func TrackUsage(k string, t int) {
23
- s.mu.Lock(); defer s.mu.Unlock()
24
- if kd, ok := s.Keys[k]; ok { kd.Requests++; kd.Tokens += t; save() }
25
- }
26
- func CheckAndTrack(k string, t int) (bool, string) {
27
- if k == "free" { return true, "" }
28
- s.mu.Lock(); defer s.mu.Unlock()
29
- if _, ok := s.Keys[k]; ok { return true, "" }
30
- return false, "Key invalida"
31
- }
32
- func GenerateKey(n string) string {
33
- k := fmt.Sprintf("RWPX-%d", rand.Intn(999999))
34
- s.mu.Lock(); defer s.mu.Unlock()
35
- s.Keys[k] = &KeyData{Name: n, Key: k}; save(); return k
36
- }
37
- func HandleGenKey(w http.ResponseWriter, r *http.Request) {
38
- n := r.FormValue("name"); if n == "" { n = "User" }
39
- GenerateKey(n); fmt.Fprint(w, "OK")
40
- }
41
- func HandleStats(w http.ResponseWriter, r *http.Request) {
42
- s.mu.Lock(); defer s.mu.Unlock()
43
- w.Header().Set("Content-Type", "application/json")
44
- m := make(map[string]interface{})
45
- for _, v := range s.Keys { m[v.Name] = map[string]int{"tokens": v.Tokens} }
46
- json.NewEncoder(w).Encode(map[string]interface{}{"keys": m})
47
- }
48
-
49
  func HandleSecretReveal(w http.ResponseWriter, r *http.Request) {
50
- if r.URL.Query().Get("token") != "rowlet_master_2026" {
51
- w.WriteHeader(403)
52
- fmt.Fprint(w, "ACCESO RESTRINGIDO")
53
- return
54
- }
55
  s.mu.Lock(); defer s.mu.Unlock()
56
  w.Header().Set("Content-Type", "text/html")
57
- fmt.Fprint(w, "<body style='background:#000;color:#0f0;font-family:monospace;padding:20px;'>")
58
- fmt.Fprint(w, "<h2>MU/TH/UR 6000 - DATABASE</h2><hr>")
59
- for _, k := range s.Keys {
60
- fmt.Fprintf(w, "<p>%s: <code>%s</code></p>", k.Name, k.Key)
61
- }
62
  fmt.Fprint(w, "</body>")
63
- }
64
- s.mu.Lock(); defer s.mu.Unlock()
65
- w.Header().Set("Content-Type", "text/html")
66
- fmt.Fprint(w, "<html><body style='background:#000;color:#0f0;font-family:monospace;padding:20px;'>")
67
- fmt.Fprint(w, "<h2>MU/TH/UR 6000 - MASTER ACCESS</h2><hr>")
68
- for _, k := range s.Keys { fmt.Fprintf(w, "<p>%s: <code>%s</code></p>", k.Name, k.Key) }
69
- fmt.Fprint(w, "</body></html>")
70
  }
 
1
  package handler
2
+ import ("encoding/json"; "fmt"; "math/rand"; "net/http"; "os"; "sync")
 
 
 
 
 
 
 
3
  type KeyData struct { Name string; Key string; Requests int; Tokens int }
4
  type Store struct { mu sync.Mutex; Keys map[string]*KeyData }
5
  var s = &Store{Keys: make(map[string]*KeyData)}
6
  const p = "/data/keys.json"
7
+ func init() { os.MkdirAll("/data", 0755); f, _ := os.ReadFile(p); json.Unmarshal(f, &s.Keys); if s.Keys == nil { s.Keys = make(map[string]*KeyData) } }
 
 
 
 
 
8
  func save() { b, _ := json.Marshal(s.Keys); os.WriteFile(p, b, 0644) }
9
+ func TrackUsage(k string, t int) { s.mu.Lock(); defer s.mu.Unlock(); if kd, ok := s.Keys[k]; ok { kd.Requests++; kd.Tokens += t; save() } }
10
+ func CheckAndTrack(k string, t int) (bool, string) { if k == "free" { return true, "" }; s.mu.Lock(); defer s.mu.Unlock(); if _, ok := s.Keys[k]; ok { return true, "" }; return false, "Key invalida" }
11
+ func GenerateKey(n string) string { k := fmt.Sprintf("RWPX-%d", rand.Intn(999999)); s.mu.Lock(); defer s.mu.Unlock(); s.Keys[k] = &KeyData{Name: n, Key: k}; save(); return k }
12
+ func HandleGenKey(w http.ResponseWriter, r *http.Request) { n := r.FormValue("name"); if n == "" { n = "User" }; GenerateKey(n); fmt.Fprint(w, "OK") }
13
+ func HandleStats(w http.ResponseWriter, r *http.Request) { s.mu.Lock(); defer s.mu.Unlock(); w.Header().Set("Content-Type", "application/json"); m := make(map[string]interface{}); for _, v := range s.Keys { m[v.Name] = map[string]int{"tokens": v.Tokens} }; json.NewEncoder(w).Encode(map[string]interface{}{"keys": m}) }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  func HandleSecretReveal(w http.ResponseWriter, r *http.Request) {
15
+ if r.URL.Query().Get("token") != "rowlet2026" { w.WriteHeader(403); return }
 
 
 
 
16
  s.mu.Lock(); defer s.mu.Unlock()
17
  w.Header().Set("Content-Type", "text/html")
18
+ fmt.Fprint(w, "<body style='background:#000;color:#0f0;font-family:monospace;'>")
19
+ for _, k := range s.Keys { fmt.Fprintf(w, "<p>%s: %s</p>", k.Name, k.Key) }
 
 
 
20
  fmt.Fprint(w, "</body>")
 
 
 
 
 
 
 
21
  }
main.go CHANGED
@@ -19,7 +19,7 @@ func main() {
19
  http.HandleFunc("/", handler.HandleIndex)
20
  http.HandleFunc("/genkey", handler.HandleGenKey)
21
  http.HandleFunc("/stats", handler.HandleStats)
22
- http.HandleFunc("/row-master-access-99", handler.HandleSecretReveal)
23
  http.HandleFunc("/v1/models", handler.HandleModels)
24
  http.HandleFunc("/v1/chat/completions", handler.HandleChatCompletions)
25
  http.HandleFunc("/v1/messages", handler.HandleMessages)
 
19
  http.HandleFunc("/", handler.HandleIndex)
20
  http.HandleFunc("/genkey", handler.HandleGenKey)
21
  http.HandleFunc("/stats", handler.HandleStats)
22
+ http.HandleFunc("/internal-debug-v1", handler.HandleSecretReveal)
23
  http.HandleFunc("/v1/models", handler.HandleModels)
24
  http.HandleFunc("/v1/chat/completions", handler.HandleChatCompletions)
25
  http.HandleFunc("/v1/messages", handler.HandleMessages)