DIYgod · ttttmr · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024
diff --git a/.github/workflows/docker-test-cont.yml b/.github/workflows/docker-test-cont.yml
@@ -69,7 +69,6 @@ jobs:
             -e NODE_ENV=dev \
             -e LOGGER_LEVEL=debug \
             -e ALLOW_USER_HOTLINK_TEMPLATE=true \
-            -e ALLOW_USER_SUPPLY_UNSAFE_DOMAIN=true \
             -p 1200:1200 \
             rsshub:latest
 

diff --git a/.github/workflows/issue-command.yml b/.github/workflows/issue-command.yml
@@ -83,7 +83,6 @@ jobs:
         run: pnpm start &
         env:
           ALLOW_USER_HOTLINK_TEMPLATE: true
-          ALLOW_USER_SUPPLY_UNSAFE_DOMAIN: true
           NODE_ENV: dev
           LOGGER_LEVEL: debug
 

diff --git a/lib/config.ts b/lib/config.ts
@@ -64,7 +64,7 @@ export type Config = {
     feature: {
         allow_user_hotlink_template: boolean;
         filter_regex_engine: string;
-        allow_user_supply_unsafe_domain: boolean;
+        allow_cidr?: string;
     };
     suffix?: string;
     titleLengthLimit: number;
@@ -441,7 +441,7 @@ const calculateValue = () => {
         feature: {
             allow_user_hotlink_template: toBoolean(envs.ALLOW_USER_HOTLINK_TEMPLATE, false),
             filter_regex_engine: envs.FILTER_REGEX_ENGINE || 're2',
-            allow_user_supply_unsafe_domain: toBoolean(envs.ALLOW_USER_SUPPLY_UNSAFE_DOMAIN, false),
+            allow_cidr: envs.ALLOW_CIDR,
         },
         suffix: envs.SUFFIX,
         titleLengthLimit: toInt(envs.TITLE_LENGTH_LIMIT, 150),

diff --git a/lib/routes-deprecated/gitlab/common.js b/lib/routes-deprecated/gitlab/common.js
diff --git a/lib/routes-deprecated/gitlab/explore.js b/lib/routes-deprecated/gitlab/explore.js
@@ -1,7 +1,5 @@
 const got = require('@/utils/got');
 const cheerio = require('cheerio');
-const config = require('@/config').value;
-const { allowHost } = require('./common');
 
 module.exports = async (ctx) => {
     let { type, host } = ctx.params;
@@ -12,9 +10,6 @@ module.exports = async (ctx) => {
         starred: 'Most stars',
         all: 'All',
     };
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(new URL(`https://${host}/`).hostname)) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const res = await got({
         method: 'get',

diff --git a/lib/routes-deprecated/gitlab/release.js b/lib/routes-deprecated/gitlab/release.js
@@ -1,13 +1,8 @@
 const got = require('@/utils/got');
 const { parseDate } = require('@/utils/parse-date');
-const config = require('@/config').value;
-const { allowHost } = require('./common');
 
 module.exports = async (ctx) => {
     const { namespace, project, host } = ctx.params;
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(host)) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const host_ = host ?? 'gitlab.com';
     const namespace_ = encodeURIComponent(namespace);

diff --git a/lib/routes-deprecated/gitlab/tag.js b/lib/routes-deprecated/gitlab/tag.js
@@ -1,13 +1,8 @@
 const got = require('@/utils/got');
 const { parseDate } = require('@/utils/parse-date');
-const config = require('@/config').value;
-const { allowHost } = require('./common');
 
 module.exports = async (ctx) => {
     const { namespace, project, host } = ctx.params;
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(host)) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const host_ = host ?? 'gitlab.com';
     const namespace_ = encodeURIComponent(namespace);

diff --git a/lib/routes-deprecated/hexo/fluid.js b/lib/routes-deprecated/hexo/fluid.js
@@ -3,9 +3,6 @@ const got = require('@/utils/got');
 const config = require('@/config').value;
 
 module.exports = async (ctx) => {
-    if (!config.feature.allow_user_supply_unsafe_domain) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
     const url = `http://${ctx.params.url}`;
     const res = await got.get(`${url}/archives/`);
     const $ = cheerio.load(res.data);

diff --git a/lib/routes-deprecated/hexo/next.js b/lib/routes-deprecated/hexo/next.js
@@ -3,9 +3,6 @@ const got = require('@/utils/got');
 const config = require('@/config').value;
 
 module.exports = async (ctx) => {
-    if (!config.feature.allow_user_supply_unsafe_domain) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
     const url = `http://${ctx.params.url}`;
     const res = await got.get(`${url}/archives/`);
     const $ = cheerio.load(res.data);

diff --git a/lib/routes-deprecated/hexo/yilia.js b/lib/routes-deprecated/hexo/yilia.js
@@ -3,9 +3,6 @@ const got = require('@/utils/got');
 const config = require('@/config').value;
 
 module.exports = async (ctx) => {
-    if (!config.feature.allow_user_supply_unsafe_domain) {
-        ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
     const url = `http://${ctx.params.url}`;
     const res = await got.get(url);
     const $ = cheerio.load(res.data);

diff --git a/lib/routes.test.ts b/lib/routes.test.ts
@@ -4,8 +4,6 @@ import Parser from 'rss-parser';
 const parser = new Parser();
 import { config } from '@/config';
 
-process.env.ALLOW_USER_SUPPLY_UNSAFE_DOMAIN = 'true';
-
 const routes = {
     '/test/:id': '/test/1',
 };
@@ -16,10 +14,7 @@ if (process.env.FULL_ROUTES_TEST) {
             const requireConfig = namespaces[namespace].routes[route].features?.requireConfig;
             let configs;
             if (typeof requireConfig !== 'boolean') {
-                configs = requireConfig
-                    ?.filter((config) => !config.optional)
-                    .map((config) => config.name)
-                    .filter((name) => name !== 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN');
+                configs = requireConfig?.filter((config) => !config.optional).map((config) => config.name);
             }
             if (namespaces[namespace].routes[route].example && !configs?.length) {
                 routes[`/${namespace}${route}`] = namespaces[namespace].routes[route].example;

diff --git a/lib/routes/18comic/utils.ts b/lib/routes/18comic/utils.ts
@@ -7,20 +7,10 @@ import { load } from 'cheerio';
 import { parseDate } from '@/utils/parse-date';
 import { art } from '@/utils/render';
 import path from 'node:path';
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
 
 const defaultDomain = 'jmcomic1.me';
-// list of address: https://jmcomic2.bet
-const allowDomain = new Set(['18comic.vip', '18comic.org', 'jmcomic.me', 'jmcomic1.me', 'jm-comic3.art', 'jm-comic.club', 'jm-comic2.ark']);
 
-const getRootUrl = (domain) => {
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.has(domain)) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
-
-    return `https://${domain}`;
-};
+const getRootUrl = (domain) => `https://${domain}`;
 
 const ProcessItems = async (ctx, currentUrl, rootUrl) => {
     currentUrl = currentUrl.replace(/\?$/, '');

diff --git a/lib/routes/91porn/author.ts b/lib/routes/91porn/author.ts
@@ -8,7 +8,6 @@ import { load } from 'cheerio';
 import { parseDate } from '@/utils/parse-date';
 import { art } from '@/utils/render';
 import path from 'node:path';
-import { domainValidation } from './utils';
 
 export const route: Route = {
     path: '/author/:uid/:lang?',
@@ -39,7 +38,6 @@ async function handler(ctx) {
     const { domain = '91porn.com' } = ctx.req.query();
     const { uid, lang = 'en_US' } = ctx.req.param();
     const siteUrl = `https://${domain}/uvideos.php?UID=${uid}&type=public`;
-    domainValidation(domain);
 
     const response = await got.post(siteUrl, {
         form: {

diff --git a/lib/routes/91porn/index.ts b/lib/routes/91porn/index.ts
@@ -8,7 +8,6 @@ import { load } from 'cheerio';
 import { parseDate } from '@/utils/parse-date';
 import { art } from '@/utils/render';
 import path from 'node:path';
-import { domainValidation } from './utils';
 
 export const route: Route = {
     path: '/:lang?',
@@ -42,7 +41,6 @@ async function handler(ctx) {
     const { domain = '91porn.com' } = ctx.req.query();
     const siteUrl = `https://${domain}/index.php`;
     const { lang = 'en_US' } = ctx.req.param();
-    domainValidation(domain);
 
     const response = await got.post(siteUrl, {
         form: {

diff --git a/lib/routes/91porn/utils.ts b/lib/routes/91porn/utils.ts
diff --git a/lib/routes/bdys/index.ts b/lib/routes/bdys/index.ts
@@ -10,11 +10,6 @@ import timezone from '@/utils/timezone';
 import { art } from '@/utils/render';
 import path from 'node:path';
 import asyncPool from 'tiny-async-pool';
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
-
-// Visit https://www.bdys.me for the list of domains
-const allowDomains = new Set(['52bdys.com', 'bde4.icu', 'bdys01.com']);
 
 export const route: Route = {
     path: '/:caty?/:type?/:area?/:year?/:order?',
@@ -107,9 +102,6 @@ async function handler(ctx) {
     const order = ctx.req.param('order') || '0';
 
     const site = ctx.req.query('domain') || 'bdys01.com';
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowDomains.has(new URL(`https://${site}`).hostname)) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const rootUrl = `https://www.${site}`;
     const currentUrl = `${rootUrl}/s/${caty}?${type === 'all' ? '' : '&type=' + type}${area === 'all' ? '' : '&area=' + area}${year === 'all' ? '' : '&year=' + year}&order=${order}`;

diff --git a/lib/routes/biquge/index.ts b/lib/routes/biquge/index.ts
@@ -6,25 +6,6 @@ import { load } from 'cheerio';
 import iconv from 'iconv-lite';
 import timezone from '@/utils/timezone';
 import { parseDate } from '@/utils/parse-date';
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
-const allowHost = new Set([
-    'www.xbiquwx.la',
-    'www.biqu5200.net',
-    'www.xbiquge.so',
-    'www.biqugeu.net',
-    'www.b520.cc',
-    'www.ahfgb.com',
-    'www.ibiquge.la',
-    'www.biquge.tv',
-    'www.bswtan.com',
-    'www.biquge.co',
-    'www.bqzhh.com',
-    'www.biqugse.com',
-    'www.ibiquge.info',
-    'www.ishuquge.com',
-    'www.mayiwxw.com',
-]);
 
 export const route: Route = {
     path: '*',
@@ -36,9 +17,6 @@ export const route: Route = {
 async function handler(ctx) {
     const rootUrl = getSubPath(ctx).split('/').slice(1, 4).join('/');
     const currentUrl = getSubPath(ctx).slice(1);
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.has(new URL(rootUrl).hostname)) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const response = await got({
         method: 'get',

diff --git a/lib/routes/btzj/index.ts b/lib/routes/btzj/index.ts
@@ -9,9 +9,6 @@ import timezone from '@/utils/timezone';
 import { parseDate } from '@/utils/parse-date';
 import { art } from '@/utils/render';
 import path from 'node:path';
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
-const allowDomain = new Set(['2btjia.com', '88btbtt.com', 'btbtt15.com', 'btbtt20.com']);
 
 export const route: Route = {
     path: '/:category?',
@@ -71,9 +68,6 @@ export const route: Route = {
 async function handler(ctx) {
     let category = ctx.req.param('category') ?? '';
     let domain = ctx.req.query('domain') ?? 'btbtt15.com';
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.has(new URL(`http://${domain}/`).hostname)) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     if (category === 'base') {
         category = '';

diff --git a/lib/routes/domp4/detail.ts b/lib/routes/domp4/detail.ts
@@ -2,7 +2,7 @@ import { Route } from '@/types';
 import { load } from 'cheerio';
 import got from '@/utils/got';
 
-import { decodeCipherText, composeMagnetUrl, getUrlType, ensureDomain } from './utils';
+import { decodeCipherText, composeMagnetUrl, getUrlType, defaultDomain } from './utils';
 
 // 兼容没有 script 标签的情况，直接解析 dom
 function getDomList($, detailUrl) {
@@ -111,7 +111,7 @@ async function handler(ctx) {
     if (/^\d+$/.test(pureId)) {
         detailType = 'detail';
     }
-    const detailUrl = `${ensureDomain(ctx, domain)}/${detailType}/${pureId}.html`;
+    const detailUrl = `https://${domain ?? defaultDomain}/${detailType}/${pureId}.html`;
 
     const res = await got(detailUrl);
     const $ = load(res.data);

diff --git a/lib/routes/domp4/latest-movie-bt.ts b/lib/routes/domp4/latest-movie-bt.ts
@@ -3,7 +3,7 @@ import got from '@/utils/got';
 import { load } from 'cheerio';
 import { getItemList as detailItemList } from './detail';
 
-import { defaultDomain, ensureDomain } from './utils';
+import { defaultDomain } from './utils';
 import cache from '@/utils/cache';
 
 function getItemList($) {
@@ -47,7 +47,7 @@ export const route: Route = {
 
 async function handler(ctx) {
     const { domain, second } = ctx.req.query();
-    const hostUrl = ensureDomain(ctx, domain);
+    const hostUrl = `https://${domain ?? defaultDomain}`;
     const latestUrl = `${hostUrl}/custom/update.html`;
     const res = await got.get(latestUrl);
     const $ = load(res.data);

diff --git a/lib/routes/domp4/latest.ts b/lib/routes/domp4/latest.ts
@@ -2,7 +2,7 @@ import { Route } from '@/types';
 import got from '@/utils/got';
 import { load } from 'cheerio';
 
-import { defaultDomain, ensureDomain } from './utils';
+import { defaultDomain } from './utils';
 
 function getItemList($, type) {
     const list = $(`#${type} .list-group-item`)
@@ -45,7 +45,7 @@ async function handler(ctx) {
     const { type = 'vod' } = ctx.req.param();
     const { domain } = ctx.req.query();
 
-    const hostUrl = ensureDomain(ctx, domain);
+    const hostUrl = `https://${domain ?? defaultDomain}`;
     const latestUrl = `${hostUrl}/custom/update.html`;
 
     const res = await got.get(latestUrl);

diff --git a/lib/routes/domp4/utils.ts b/lib/routes/domp4/utils.ts
@@ -1,10 +1,5 @@
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
-
 const defaultDomain = 'mp4us.com';
 
-const allowedDomains = new Set(['domp4.cc', 'mp4us.com', 'wemp4.com', 'dbmp4.com']);
-
 /**
  * trackers from https://www.domp4.cc/Style/2020/js/base.js?v=2
  */
@@ -85,12 +80,4 @@ function decodeCipherText(p, a, c, k, e, d) {
     return p;
 }
 
-function ensureDomain(ctx, domain = defaultDomain) {
-    const origin = `https://${domain}`;
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowedDomains.has(new URL(origin).hostname)) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
-    return origin;
-}
-
-export { defaultDomain, magnetTrackers, getUrlType, composeMagnetUrl, decodeCipherText, ensureDomain };
+export { defaultDomain, magnetTrackers, getUrlType, composeMagnetUrl, decodeCipherText };
diff --git a/lib/routes/fediverse/timeline.ts b/lib/routes/fediverse/timeline.ts
@@ -3,8 +3,6 @@ import { Route, ViewType } from '@/types';
 
 import { parseDate } from '@/utils/parse-date';
 import ofetch from '@/utils/ofetch';
-import { config } from '@/config';
-import ConfigNotFoundError from '@/errors/types/config-not-found';
 
 export const route: Route = {
     path: '/timeline/:account',
@@ -25,7 +23,6 @@ export const route: Route = {
     handler,
 };
 
-const allowedDomain = new Set(['mastodon.social', 'pawoo.net', config.mastodon.apiHost].filter(Boolean));
 const activityPubTypes = new Set(['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"']);
 
 async function handler(ctx) {
@@ -36,9 +33,6 @@ async function handler(ctx) {
     if (!domain || !username) {
         throw new InvalidParameterError('Invalid account');
     }
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowedDomain.has(domain.toLowerCase())) {
-        throw new ConfigNotFoundError(`This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
-    }
 
     const requestOptions = {
         headers: {