随机图API支持目录权限控制

对于随机图API，可以指定仅开放部分目录，避免隐私泄露风险

README.md

@@ -72,7 +72,7 @@
 
 
 
-## 最近更新 2025.3.7
+## 最近更新 2025.3.8
 
 Add Features:
 
@@ -81,7 +81,7 @@ Add Features:
   - 整目录删除
   - 文件位置移动（ Telegraph 和旧版 Telegram 渠道不支持移动）
   - 按目录读取文件
-- 随机图API支持按目录读取
+- 随机图API支持按目录读取，支持按目录进行权限控制
 
 Fix Bugs:
 
@@ -93,6 +93,16 @@ Fix Bugs:
     <summary>更新日志</summary>
 
 
+## 2025.3.8
+
+Add Features:
+
+- 随机图API支持按目录读取，支持按目录进行权限控制
+
+Fix Bugs:
+
+- 修复随机图API的缓存问题
+
 ## 2025.3.7
 
 Add Features:

functions/api/manage/sysConfig/others.js

@@ -54,6 +54,7 @@ export async function getOthersConfig(kv, env) {
     // 随机图API
     settings.randomImageAPI = {
         enabled: env.AllowRandom === 'true',
+        allowedDir: '',
         fixed: false,
     }
 
@@ -66,7 +67,9 @@ export async function getOthersConfig(kv, env) {
     }
 
     // 用KV存储的设置覆盖默认设置
-    Object.assign(settings, settingsKV)
+    for (const key in settings) {
+        Object.assign(settings[key], settingsKV[key])
+    }
 
     return settings;
 }

functions/random.js

@@ -18,6 +18,7 @@ export async function onRequest(context) {
     // 读取其他设置
     othersConfig = await fetchOthersConfig(env);
     allowRandom = othersConfig.randomImageAPI.enabled;
+    const allowedDir = othersConfig.randomImageAPI.allowedDir;
 
     // 检查是否启用了随机图功能
     if (allowRandom != true) {
@@ -29,6 +30,12 @@ export async function onRequest(context) {
         return new Response('Error: Please configure KV database', { status: 500 });
     }
 
+    // 处理允许的目录，每个目录调整为标准格式，去掉首尾空格和
+    const allowedDirList = allowedDir.split(',');
+    const allowedDirListFormatted = allowedDirList.map(item => {
+        return item.trim().replace(/^\/+/, '').replace(/\/{2,}/g, '/').replace(/\/$/, '');
+    });
+
     // 从params中读取返回的文件类型
     let fileType = requestUrl.searchParams.get('content');
     if (fileType == null) {
@@ -41,6 +48,11 @@ export async function onRequest(context) {
     const paramDir = requestUrl.searchParams.get('dir') || '';
     const dir = paramDir.replace(/^\/+/, '').replace(/\/{2,}/g, '/').replace(/\/$/, '');
 
+    // 检查是否在允许的目录中
+    if (!allowedDirListFormatted.includes(dir)) {
+        return new Response(JSON.stringify({ error: "Directory not allowed" }), { status: 403 });
+    }
+
     // 调用randomFileList接口，读取KV数据库中的所有记录
     let allRecords = await getRandomFileList(env, requestUrl, dir);
 

index.html

@@ -1,4 +1,4 @@
-<!doctype html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/logo.png"><title>Sanyue ImgHub</title><script defer="defer" src="/js/app.1854c0a3.js"></script><link href="/css/app.9a1a6b51.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but sanyue_imghub doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html><style>/* 下拉菜单样式 */
+<!doctype html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/logo.png"><title>Sanyue ImgHub</title><script defer="defer" src="/js/app.f588d16e.js"></script><link href="/css/app.9a1a6b51.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but sanyue_imghub doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html><style>/* 下拉菜单样式 */
 .el-dropdown__popper.el-popper {
     border-radius: 12px;
     border: none;