@lobehub/chat 1.29.0 → 1.29.2

package/CHANGELOG.md

@@ -2,6 +2,56 @@
 
 # Changelog
 
+### [Version 1.29.2](https://github.com/lobehub/lobe-chat/compare/v1.29.1...v1.29.2)
+
+<sup>Released on **2024-11-09**</sup>
+
+#### 💄 Styles
+
+- **misc**: Allow users to disable SSRF or set a whitelist.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Styles
+
+- **misc**: Allow users to disable SSRF or set a whitelist, closes [#4633](https://github.com/lobehub/lobe-chat/issues/4633) ([7175145](https://github.com/lobehub/lobe-chat/commit/7175145))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
+### [Version 1.29.1](https://github.com/lobehub/lobe-chat/compare/v1.29.0...v1.29.1)
+
+<sup>Released on **2024-11-09**</sup>
+
+#### 🐛 Bug Fixes
+
+- **misc**: Fix topic summary field on server db.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### What's fixed
+
+- **misc**: Fix topic summary field on server db, closes [#4655](https://github.com/lobehub/lobe-chat/issues/4655) ([ce10f9a](https://github.com/lobehub/lobe-chat/commit/ce10f9a))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ## [Version 1.29.0](https://github.com/lobehub/lobe-chat/compare/v1.28.6...v1.29.0)
 
 <sup>Released on **2024-11-09**</sup>

package/docs/self-hosting/environment-variables/basic.mdx

@@ -93,6 +93,20 @@ For specific content, please refer to the [Feature Flags](/docs/self-hosting/adv
   try using `host.docker.internal` instead of `localhost`.
 </Callout>
 
+### `SSRF_ALLOW_PRIVATE_IP_ADDRESS`
+
+- Type: Optional
+- Description: Allow to connect private IP address. In a trusted environment, it can be set to true to turn off SSRF protection.
+- Default: `0`
+- Example: `1` or `0`
+
+### `SSRF_ALLOW_IP_ADDRESS_LIST`
+
+- Type: Optional
+- Description: Allow private IP address list, multiple IP addresses are separated by commas. Only when `SSRF_ALLOW_PRIVATE_IP_ADDRESS` is `0`, it takes effect.
+- Default: -
+- Example: `198.18.1.62,224.0.0.3`
+
 ## Plugin Service
 
 ### `PLUGINS_INDEX_URL`

package/docs/self-hosting/environment-variables/basic.zh-CN.mdx

@@ -88,6 +88,20 @@ LobeChat 在部署时提供了一些额外的配置项，你可以使用环境
   是走到自身容器的 `localhost`，此时请尝试用 `host.docker.internal` 替代 `localhost`
 </Callout>
 
+### `SSRF_ALLOW_PRIVATE_IP_ADDRESS`
+
+- 类型：可选
+- 描述：是否允许连接私有IP地址。在可信环境中可以设置为true来关闭SSRF防护。
+- 默认值：`0`
+- 示例：`1` or `0`
+
+### `SSRF_ALLOW_IP_ADDRESS_LIST`
+
+- 类型：可选
+- 描述：允许连接的私有IP地址列表，多个IP地址时使用逗号分隔。当 `SSRF_ALLOW_PRIVATE_IP_ADDRESS` 为 `0` 时才会生效。
+- 默认值：-
+- 示例：`198.18.1.62,224.0.0.3`
+
 ## 插件服务
 
 ### `PLUGINS_INDEX_URL`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.29.0",
+  "version": "1.29.2",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/src/app/(backend)/webapi/proxy/route.ts

@@ -1,6 +1,8 @@
 import { NextResponse } from 'next/server';
 import fetch from 'node-fetch';
-import { useAgent as ssrfAgent } from 'request-filtering-agent';
+import { RequestFilteringAgentOptions, useAgent as ssrfAgent } from 'request-filtering-agent';
+
+import { appEnv } from '@/config/app';
 
 /**
  * just for a proxy
@@ -9,7 +11,14 @@ export const POST = async (req: Request) => {
   const url = await req.text();
 
   try {
-    const res = await fetch(url, { agent: ssrfAgent(url) });
+    // https://www.npmjs.com/package/request-filtering-agent
+    const options: RequestFilteringAgentOptions = {
+      allowIPAddressList: appEnv.SSRF_ALLOW_IP_ADDRESS_LIST?.split(',') || [],
+      allowMetaIPAddress: appEnv.SSRF_ALLOW_PRIVATE_IP_ADDRESS,
+      allowPrivateIPAddress: appEnv.SSRF_ALLOW_PRIVATE_IP_ADDRESS,
+      denyIPAddressList: [],
+    };
+    const res = await fetch(url, { agent: ssrfAgent(url, options) });
 
     return new Response(await res.arrayBuffer(), { headers: { ...res.headers } });
   } catch (err) {

package/src/config/app.ts

@@ -46,6 +46,9 @@ export const getAppConfig = () => {
       CDN_USE_GLOBAL: z.boolean().optional(),
       CUSTOM_FONT_FAMILY: z.string().optional(),
       CUSTOM_FONT_URL: z.string().optional(),
+
+      SSRF_ALLOW_PRIVATE_IP_ADDRESS: z.boolean().optional(),
+      SSRF_ALLOW_IP_ADDRESS_LIST: z.string().optional(),
     },
     runtimeEnv: {
       NEXT_PUBLIC_BASE_PATH: process.env.NEXT_PUBLIC_BASE_PATH || '',
@@ -72,6 +75,9 @@ export const getAppConfig = () => {
       CUSTOM_FONT_FAMILY: process.env.CUSTOM_FONT_FAMILY,
       CUSTOM_FONT_URL: process.env.CUSTOM_FONT_URL,
       CDN_USE_GLOBAL: process.env.CDN_USE_GLOBAL === '1',
+
+      SSRF_ALLOW_PRIVATE_IP_ADDRESS: process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS === '1',
+      SSRF_ALLOW_IP_ADDRESS_LIST: process.env.SSRF_ALLOW_IP_ADDRESS_LIST,
     },
   });
 };

package/src/database/server/models/topic.ts

@@ -35,9 +35,9 @@ export class TopicModel {
         .select({
           createdAt: topics.createdAt,
           favorite: topics.favorite,
+          historySummary: topics.historySummary,
           id: topics.id,
           metadata: topics.metadata,
-          summary: topics.historySummary,
           title: topics.title,
           updatedAt: topics.updatedAt,
         })
@@ -49,20 +49,6 @@ export class TopicModel {
         .limit(pageSize)
         .offset(offset)
     );
-
-    // return result.map(({ summary, metadata, ...item }) => {
-    //   const meta = metadata as ChatTopicMetadata;
-    //   return {
-    //     ...item,
-    //     summary: !!summary
-    //       ? ({
-    //           content: summary,
-    //           model: meta?.model,
-    //           provider: meta?.provider,
-    //         } as ChatTopicSummary)
-    //       : undefined,
-    //   };
-    // });
   }
 
   async findById(id: string) {

package/src/features/Portal/Artifacts/Body/Renderer/React/index.tsx

@@ -17,6 +17,7 @@ const ReactRenderer = memo<ReactRendererProps>(({ code }) => {
     <SandpackProvider
       customSetup={{
         dependencies: {
+          '@ant-design/icons': 'latest',
           '@lshay/ui': 'latest',
           '@radix-ui/react-alert-dialog': 'latest',
           '@radix-ui/react-dialog': 'latest',

package/src/server/routers/lambda/topic.ts

@@ -120,6 +120,7 @@ export const topicRouter = router({
         id: z.string(),
         value: z.object({
           favorite: z.boolean().optional(),
+          historySummary: z.string().optional(),
           messages: z.array(z.string()).optional(),
           metadata: z
             .object({
@@ -128,7 +129,6 @@ export const topicRouter = router({
             })
             .optional(),
           sessionId: z.string().optional(),
-          summary: z.string().optional(),
           title: z.string().optional(),
         }),
       }),

package/src/store/chat/slices/aiChat/actions/memory.ts

@@ -43,8 +43,8 @@ export const chatMemory: StateCreator<
     });
 
     await topicService.updateTopic(topicId, {
+      historySummary,
       metadata: { model, provider },
-      summary: historySummary,
     });
     await get().refreshTopic();
     await get().refreshMessages();

package/src/store/chat/slices/topic/selectors.ts

@@ -33,7 +33,7 @@ const currentActiveTopicSummary = (s: ChatStoreState): ChatTopicSummary | undefi
   if (!activeTopic) return undefined;
 
   return {
-    content: activeTopic.summary || '',
+    content: activeTopic.historySummary || '',
     model: activeTopic.metadata?.model || '',
     provider: activeTopic.metadata?.provider || '',
   };

package/src/types/topic.ts

@@ -37,9 +37,9 @@ export interface ChatTopicSummary {
 
 export interface ChatTopic extends Omit<BaseDataModel, 'meta'> {
   favorite?: boolean;
+  historySummary?: string;
   metadata?: ChatTopicMetadata;
   sessionId?: string;
-  summary?: string;
   title: string;
 }