Upload app.py
Browse files
app.py
CHANGED
|
@@ -19,6 +19,7 @@ import json
|
|
| 19 |
from urllib.parse import urlparse
|
| 20 |
import tempfile
|
| 21 |
import shutil
|
|
|
|
| 22 |
|
| 23 |
# 創建臨時輸出目錄
|
| 24 |
OUTPUT_DIR = tempfile.mkdtemp(prefix="edge_tts_")
|
|
@@ -64,6 +65,9 @@ ALLOWED_ORIGINS = [
|
|
| 64 |
"https://www.dfes.ntpc.edu.tw/"
|
| 65 |
]
|
| 66 |
|
|
|
|
|
|
|
|
|
|
| 67 |
# 如果希望允許所有 GAS,取消下面兩行的註解
|
| 68 |
# "https://script.google.com", # 所有 Google Apps Script
|
| 69 |
|
|
@@ -102,15 +106,27 @@ def _is_origin_allowed(request: Request) -> bool:
|
|
| 102 |
# 2. 或者沒有 Origin/Referer 標頭(沙箱環境)
|
| 103 |
# 3. User-Agent 通常是標準的瀏覽器標頭
|
| 104 |
|
| 105 |
-
# 檢查是否為 GAS 的 Origin
|
| 106 |
-
if origin
|
| 107 |
-
|
| 108 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 |
|
| 110 |
-
# 檢查是否為 GAS 的 Referer
|
| 111 |
-
if referer
|
| 112 |
-
|
| 113 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 114 |
|
| 115 |
# 檢查其他允許的來源(一般網頁)
|
| 116 |
if origin:
|
|
@@ -197,6 +213,7 @@ async def debug_request(request: Request):
|
|
| 197 |
"client_ip": request.client.host if request.client else "unknown",
|
| 198 |
"gas_detection": {
|
| 199 |
"has_script_googleusercontent": "script.googleusercontent.com" in str(headers.get("origin", "")) + str(headers.get("referer", "")),
|
|
|
|
| 200 |
"is_sandbox_request": not headers.get("origin") and not headers.get("referer") and "mozilla" in headers.get("user-agent", "").lower(),
|
| 201 |
"api_key_provided": "x-api-key" in headers
|
| 202 |
}
|
|
|
|
| 19 |
from urllib.parse import urlparse
|
| 20 |
import tempfile
|
| 21 |
import shutil
|
| 22 |
+
import re
|
| 23 |
|
| 24 |
# 創建臨時輸出目錄
|
| 25 |
OUTPUT_DIR = tempfile.mkdtemp(prefix="edge_tts_")
|
|
|
|
| 65 |
"https://www.dfes.ntpc.edu.tw/"
|
| 66 |
]
|
| 67 |
|
| 68 |
+
# GAS 動態網域格式模式(用於正則表達式匹配)
|
| 69 |
+
GAS_DYNAMIC_DOMAIN_PATTERN = r"^https://[a-zA-Z0-9\-]+-script\.googleusercontent\.com$"
|
| 70 |
+
|
| 71 |
# 如果希望允許所有 GAS,取消下面兩行的註解
|
| 72 |
# "https://script.google.com", # 所有 Google Apps Script
|
| 73 |
|
|
|
|
| 106 |
# 2. 或者沒有 Origin/Referer 標頭(沙箱環境)
|
| 107 |
# 3. User-Agent 通常是標準的瀏覽器標頭
|
| 108 |
|
| 109 |
+
# 檢查是否為 GAS 的 Origin(支援動態網域格式)
|
| 110 |
+
if origin:
|
| 111 |
+
# 使用正則表達式檢查 GAS 動態網域格式:https://[隨機字符]-script.googleusercontent.com
|
| 112 |
+
if re.match(GAS_DYNAMIC_DOMAIN_PATTERN, origin):
|
| 113 |
+
print("✅ 檢測到 Google Apps Script 動態網域 Origin")
|
| 114 |
+
return True
|
| 115 |
+
# 檢查是否包含 script.googleusercontent.com(向後兼容)
|
| 116 |
+
elif "script.googleusercontent.com" in origin:
|
| 117 |
+
print("✅ 檢測到 Google Apps Script Origin")
|
| 118 |
+
return True
|
| 119 |
|
| 120 |
+
# 檢查是否為 GAS 的 Referer(支援動態網域格式)
|
| 121 |
+
if referer:
|
| 122 |
+
# 使用正則表達式檢查 GAS 動態網域格式:https://[隨機字符]-script.googleusercontent.com
|
| 123 |
+
if re.match(GAS_DYNAMIC_DOMAIN_PATTERN, referer):
|
| 124 |
+
print("✅ 檢測到 Google Apps Script 動態網域 Referer")
|
| 125 |
+
return True
|
| 126 |
+
# 檢查是否包含 script.googleusercontent.com(向後兼容)
|
| 127 |
+
elif "script.googleusercontent.com" in referer:
|
| 128 |
+
print("✅ 檢測到 Google Apps Script Referer")
|
| 129 |
+
return True
|
| 130 |
|
| 131 |
# 檢查其他允許的來源(一般網頁)
|
| 132 |
if origin:
|
|
|
|
| 213 |
"client_ip": request.client.host if request.client else "unknown",
|
| 214 |
"gas_detection": {
|
| 215 |
"has_script_googleusercontent": "script.googleusercontent.com" in str(headers.get("origin", "")) + str(headers.get("referer", "")),
|
| 216 |
+
"is_dynamic_gas_domain": re.match(GAS_DYNAMIC_DOMAIN_PATTERN, headers.get("origin", "")) or re.match(GAS_DYNAMIC_DOMAIN_PATTERN, headers.get("referer", "")),
|
| 217 |
"is_sandbox_request": not headers.get("origin") and not headers.get("referer") and "mozilla" in headers.get("user-agent", "").lower(),
|
| 218 |
"api_key_provided": "x-api-key" in headers
|
| 219 |
}
|