Add File

2025-09-08 16:35:56 +08:00
parent a3dee1e821
commit f46ff43fab
1 changed files with 81 additions and 0 deletions
--- a/backend/common/utils/whitelist.py
+++ b/backend/common/utils/whitelist.py
@@ -0,0 +1,81 @@
+# app/utils/whitelist.py
+import re
+from typing import List, Pattern
+from common.core.config import settings
+from common.utils.utils import SQLBotLogUtil
+wlist = [
+    "/",
+    "/docs",
+    "/login/*",
+    "*.json",
+    "*.ico",
+    "*.html",
+    "*.js",
+    "*.css",
+    "*.png",
+    "*.jpg",
+    "*.jpeg",
+    "*.gif",
+    "*.svg",
+    "*.woff",
+    "*.woff2",
+    "*.ttf",
+    "*.eot",
+    "*.otf",
+    "/mcp*",
+    "/system/license",
+    "/system/config/key",
+    "/images/*",
+    "/sse",
+    "/system/appearance/ui",
+    "/system/appearance/picture/*",
+    "/system/assistant/validator*",
+    "/system/assistant/info/*",
+    "/system/assistant/app/*",
+    "/system/assistant/picture/*",
+    "/datasource/uploadExcel"
+]
+
+class WhitelistChecker:
+    def __init__(self, paths: List[str] = None):
+        self.whitelist = paths or wlist
+        self._compiled_patterns: List[Pattern] = []
+        self._compile_patterns()
+    
+    def _compile_patterns(self) -> None:
+        for pattern in self.whitelist:
+            if "*" in pattern:
+                regex_pattern = (
+                    pattern.replace(".", r"\.")
+                    .replace("*", ".*")
+                )
+                if not pattern.startswith("/"):
+                    regex_pattern = f"^{regex_pattern}$"
+                else:
+                    regex_pattern = f"^{regex_pattern}$"
+                try:
+                    self._compiled_patterns.append(re.compile(regex_pattern))
+                except re.error:
+                    SQLBotLogUtil.error(f"Invalid regex pattern: {regex_pattern}")
+    
+    def is_whitelisted(self, path: str) -> bool:
+        prefix = settings.API_V1_STR
+        if path.startswith(prefix):
+            path = path[len(prefix):]
+        if path in self.whitelist:
+            return True
+            
+        path = path.rstrip('/')
+        return any(
+            pattern.match(path) is not None 
+            for pattern in self._compiled_patterns
+        )
+
+    def add_path(self, path: str) -> None:
+       
+        if path not in self.whitelist:
+            self.whitelist.append(path)
+            if "*" in path:
+                self._compile_patterns()
+
+whiteUtils = WhitelistChecker()