sillytavern 1.13.3 → 1.13.4

package/config.yaml

@@ -40,9 +40,15 @@ browserLaunch:
 port: 8000
 # -- SSL options --
 ssl:
+  # Enable SSL/TLS encryption
   enabled: false
+  # Path to certificate (relative to server root)
   certPath: "./certs/cert.pem"
+  # Path to private key (relative to server root)
   keyPath: "./certs/privkey.pem"
+  # Private key passphrase (leave empty if not needed)
+  # For better security, use a CLI argument or an environment variable (SILLYTAVERN_SSL_KEYPASSPHRASE)
+  keyPassphrase: ""
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
@@ -88,6 +94,18 @@ autheliaAuth: false
 # the username and passwords for basic auth are the same as those
 # for the individual accounts
 perUserBasicAuth: false
+# Host whitelist configuration. Recommended if you're using a listen mode
+hostWhitelist:
+  # Enable or disable host whitelisting
+  enabled: false
+  # Scan incoming requests for potential host header spoofing
+  scan: true
+  # List of allowed hosts. Do not include localhost or IPs, these are safe.
+  # Use a dot to create subdomain patterns.
+  # Examples:
+  # - example.com
+  # - .trycloudflare.com
+  hosts: []
 
 # User session timeout *in seconds* (defaults to 24 hours).
 ## Set to a positive number to expire session after a certain time of inactivity

package/default/config.yaml

@@ -40,9 +40,15 @@ browserLaunch:
 port: 8000
 # -- SSL options --
 ssl:
+  # Enable SSL/TLS encryption
   enabled: false
+  # Path to certificate (relative to server root)
   certPath: "./certs/cert.pem"
+  # Path to private key (relative to server root)
   keyPath: "./certs/privkey.pem"
+  # Private key passphrase (leave empty if not needed)
+  # For better security, use a CLI argument or an environment variable (SILLYTAVERN_SSL_KEYPASSPHRASE)
+  keyPassphrase: ""
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
@@ -88,6 +94,18 @@ autheliaAuth: false
 # the username and passwords for basic auth are the same as those
 # for the individual accounts
 perUserBasicAuth: false
+# Host whitelist configuration. Recommended if you're using a listen mode
+hostWhitelist:
+  # Enable or disable host whitelisting
+  enabled: false
+  # Scan incoming requests for potential host header spoofing
+  scan: true
+  # List of allowed hosts. Do not include localhost or IPs, these are safe.
+  # Use a dot to create subdomain patterns.
+  # Examples:
+  # - example.com
+  # - .trycloudflare.com
+  hosts: []
 
 # User session timeout *in seconds* (defaults to 24 hours).
 ## Set to a positive number to expire session after a certain time of inactivity

package/default/public/error/host-not-allowed.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Forbidden</title>
+</head>
+
+<body>
+    <h1>Forbidden</h1>
+    <p>
+        If you are the system administrator, add the hostname you are accessing from to the
+        host whitelist, or disable host whitelisting in the
+        <code>config.yaml</code> file located in the root directory of your installation.
+    </p>
+    <hr />
+    <p>
+        <em>Access from this host is not allowed. This attempt has been logged.</em>
+    </p>
+</body>
+
+</html>

package/package.json

@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "@adobe/css-tools": "^4.4.3",
+        "@adobe/css-tools": "^4.4.4",
         "@agnai/sentencepiece-js": "^1.1.1",
         "@agnai/web-tokenizers": "^0.1.3",
         "@iconfu/svg-inject": "^1.2.3",
@@ -32,9 +32,9 @@
         "archiver": "^7.0.1",
         "bing-translate-api": "^4.1.0",
         "body-parser": "^1.20.2",
-        "bowser": "^2.11.0",
+        "bowser": "^2.12.1",
         "bytes": "^3.1.2",
-        "chalk": "^5.4.1",
+        "chalk": "^5.6.0",
         "command-exists": "^1.2.9",
         "compression": "^1.8.1",
         "cookie-parser": "^1.4.6",
@@ -54,6 +54,7 @@
         "handlebars": "^4.7.8",
         "helmet": "^8.1.0",
         "highlight.js": "^11.11.1",
+        "host-validation-middleware": "^0.1.1",
         "html-entities": "^2.6.0",
         "iconv-lite": "^0.6.3",
         "ip-matching": "^2.1.2",
@@ -64,7 +65,7 @@
         "lodash": "^4.17.21",
         "mime-types": "^3.0.1",
         "moment": "^2.30.1",
-        "morphdom": "^2.7.5",
+        "morphdom": "^2.7.7",
         "multer": "^2.0.2",
         "node-fetch": "^3.3.2",
         "node-persist": "^4.0.4",
@@ -80,14 +81,14 @@
         "sillytavern-transformers": "2.14.6",
         "simple-git": "^3.28.0",
         "slidetoggle": "^4.0.0",
-        "tiktoken": "^1.0.21",
+        "tiktoken": "^1.0.22",
         "url-join": "^5.0.0",
         "vectra": "^0.2.2",
         "wavefile": "^11.0.0",
         "webpack": "^5.98.0",
         "write-file-atomic": "^5.0.1",
         "ws": "^8.18.3",
-        "yaml": "^2.8.0",
+        "yaml": "^2.8.1",
         "yargs": "^17.7.1",
         "yauzl": "^3.2.0"
     },
@@ -112,7 +113,7 @@
         "type": "git",
         "url": "https://github.com/SillyTavern/SillyTavern.git"
     },
-    "version": "1.13.3",
+    "version": "1.13.4",
     "scripts": {
         "start": "node server.js",
         "debug": "node --inspect server.js",
@@ -145,7 +146,7 @@
         "@types/cors": "^2.8.19",
         "@types/deno": "^2.3.0",
         "@types/express": "^4.17.23",
-        "@types/jquery": "^3.5.32",
+        "@types/jquery": "^3.5.33",
         "@types/jquery-cropper": "^1.0.4",
         "@types/jquery.transit": "^0.9.33",
         "@types/jqueryui": "^1.12.24",

package/public/css/backgrounds.css

@@ -0,0 +1,229 @@
+/* Main Page Backgrounds */
+#bg1,
+#bg_custom {
+    background-repeat: no-repeat;
+    background-attachment: fixed;
+    background-size: cover;
+    position: absolute;
+    width: 100%;
+    height: 100%;
+    transition: background-image var(--animation-duration-3x) ease-in-out;
+}
+
+/* Fitting options */
+#background_fitting {
+    max-width: 6em;
+}
+
+/* Fill/Cover - scales to fill width while maintaining aspect ratio */
+#bg1.cover,
+#bg_custom.cover {
+    background-size: cover;
+    background-position: center;
+}
+
+/* Fit/Contain - shows entire image maintaining aspect ratio */
+#bg1.contain,
+#bg_custom.contain {
+    background-size: contain;
+    background-position: center;
+    background-repeat: no-repeat;
+}
+
+/* Stretch - stretches to fill entire space */
+#bg1.stretch,
+#bg_custom.stretch {
+    background-size: 100% 100%;
+}
+
+/* Center - centers without scaling */
+#bg1.center,
+#bg_custom.center {
+    background-size: auto;
+    background-position: center;
+    background-repeat: no-repeat;
+}
+
+body.reduced-motion #bg1,
+body.reduced-motion #bg_custom {
+    transition: none;
+}
+
+#bg1 {
+    background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
+    z-index: -3;
+}
+
+#bg_custom {
+    background-image: none;
+    z-index: -2;
+}
+
+.bg_example.flex-container.locked:not(:focus-visible) {
+    outline-color: var(--golden);
+}
+
+/* This is the main flex container for the entire drawer */
+#Backgrounds.drawer-content.openDrawer.bg-drawer-layout {
+    display: flex;
+    flex-direction: column;
+    height: calc(100vh - var(--topBarBlockSize));
+    max-height: calc(100vh - var(--topBarBlockSize));
+    height: calc(100dvh - var(--topBarBlockSize));
+    max-height: calc(100dvh - var(--topBarBlockSize));
+    overflow: hidden;
+    width: var(--sheldWidth);
+    max-width: var(--sheldWidth);
+    padding: 0;
+}
+
+#bg-header-fixed {
+    flex-shrink: 0;
+    padding: 5px;
+    background-color: var(--SmartThemeBlurTintColor);
+    border-bottom: 1px solid var(--SmartThemeBorderColor);
+}
+
+#bg-header-fixed>.flex-container {
+    display: flex;
+    align-items: center;
+    gap: 5px;
+}
+
+#bg-scrollable-content {
+    flex-grow: 1;
+    overflow-y: auto;
+    overflow-x: hidden;
+    padding: 0 5px 5px;
+}
+
+#bg-filter {
+    font-size: calc(var(--mainFontSize) * 0.95);
+}
+
+/* Thumbnail Menu & Buttons */
+.bg_example .mobile-only-menu-toggle {
+    display: none;
+}
+
+.bg_example.flex-container {
+    width: 30%;
+    max-width: 200px;
+    margin: 5px;
+    aspect-ratio: 16/9;
+    cursor: pointer;
+    box-shadow: 0 0 7px var(--black50a);
+
+    position: relative;
+    overflow: hidden;
+    border-radius: 8px;
+    border: 0px solid transparent;
+    outline: 2px solid var(--SmartThemeBorderColor);
+    outline-offset: -1px;
+}
+
+.bg_example.flex-container:focus-visible {
+    outline-offset: inherit;
+}
+
+.bg_example_img {
+    position: absolute;
+    top: -2px;
+    left: -2px;
+    right: -2px;
+    bottom: -2px;
+
+    background-image: inherit;
+
+    background-size: cover;
+    background-position: center;
+}
+
+.bg_example .jg-menu {
+    display: flex;
+    position: absolute;
+    top: 2px;
+    right: 2px;
+    background-color: rgba(0, 0, 0, 0.5);
+    border-radius: 8px;
+    gap: 3px;
+    padding: 3px 5px;
+    z-index: 3;
+    backdrop-filter: blur(4px);
+    border: 1px solid var(--SmartThemeBorderColor);
+    justify-items: center;
+    align-items: center;
+
+    opacity: 0;
+    visibility: hidden;
+    transform: scale(0.9);
+    transform-origin: center;
+    transition: opacity var(--animation-duration) ease-out, visibility var(--animation-duration) ease-out, transform var(--animation-duration) ease-out;
+}
+
+.bg_example:hover .jg-menu,
+.bg_example:focus-within .jg-menu {
+    opacity: 1;
+    visibility: visible;
+    transform: scale(1);
+}
+
+.bg_example .jg-button {
+    display: flex;
+    width: 30px;
+    height: 30px;
+    align-items: center;
+    justify-content: center;
+    color: white;
+    padding: 5px;
+    font-size: 1.1em;
+    border-radius: 6px;
+    transition: background-color var(--animation-duration) ease;
+}
+
+.bg_example .jg-button:hover {
+    background-color: rgba(255, 255, 255, 0.2);
+}
+
+.bg_example .jg-unlock {
+    display: none;
+}
+
+.bg_example.locked .jg-lock {
+    display: none;
+}
+
+.bg_example.locked .jg-unlock {
+    display: flex;
+}
+
+.bg_example:not([custom="true"]) .jg-copy,
+.bg_example[custom="true"] .jg-edit {
+    display: none;
+}
+
+/* Thumbnail Title */
+.bg_example .BGSampleTitle {
+    position: absolute;
+    bottom: 0;
+    left: 0;
+    right: 0;
+    background: linear-gradient(transparent, rgba(0, 0, 0, 0.9));
+    color: var(--SmartThemeBodyColor);
+    font-size: 0.9em;
+    font-weight: 600;
+    padding: 0px 6px 2px;
+    text-align: center;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    opacity: 0;
+    transition: opacity var(--animation-duration) ease-in-out;
+    pointer-events: none;
+    border-radius: 0 0 8px 8px;
+}
+
+.bg_example:hover .BGSampleTitle,
+.bg_example:focus-within .BGSampleTitle {
+    opacity: 1;
+}

package/public/css/mobile-styles.css

@@ -25,6 +25,87 @@
         font-size: 15px;
     }
 
+    #Backgrounds .bg_example .BGSampleTitle {
+        opacity: 1;
+        bottom: 0px;
+    }
+
+    .bg_example:hover .jg-menu,
+    .bg_example:focus-within .jg-menu {
+        display: none;
+    }
+
+    .bg_example.mobile-menu-open .jg-menu {
+        display: flex;
+        z-index: 4;
+    }
+
+    .bg_example .mobile-only-menu-toggle {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        position: absolute;
+        top: 5px;
+        right: 5px;
+        width: 30px;
+        height: 30px;
+        background-color: rgba(0, 0, 0, 0.4);
+        color: white;
+        border-radius: 6px;
+        z-index: 3;
+        cursor: pointer;
+        backdrop-filter: blur(2px);
+    }
+
+    #bg-header-controls {
+        flex-wrap: wrap;
+        row-gap: 10px;
+    }
+
+    #bg-header-fixed>.flex-container {
+        flex-wrap: wrap;
+        row-gap: 0px;
+    }
+
+    #Backgrounds:not(.selection-mode-active) #bg-header-fixed>.flex-container::after {
+        content: '';
+        order: 1;
+        flex-basis: 100%;
+        height: 0;
+    }
+
+    /* --- Row 1 Item --- */
+    #bg-header-fixed #bg-header-title {
+        order: 1;
+        flex-grow: 1;
+    }
+
+    #bg-header-fixed #background_fitting,
+    #bg-header-fixed #auto_background {
+        order: 1;
+    }
+
+    /* --- Row 2 Item --- */
+    #bg-header-fixed #bg-filter {
+        order: 2;
+        flex-grow: 1;
+        min-width: 0;
+    }
+
+    /* --- Row 3 Item --- */
+    #bg-header-fixed #add_background_button_top {
+        order: 3;
+        width: 100%;
+        text-align: center;
+        padding-top: 0.5em;
+        padding-bottom: 0.5em;
+    }
+
+    #Backgrounds.drawer-content.openDrawer.bg-drawer-layout {
+        width: 100dvw;
+        max-width: 100dvw;
+    }
+
     #extensions_settings,
     #extensions_settings2 {
         width: 100% !important;
@@ -412,10 +493,6 @@
         flex-basis: max(calc(100% / 2 - 10px), 180px);
     }
 
-    .BGSampleTitle {
-        display: none;
-    }
-
     .tag.excluded:after {
         top: unset;
         bottom: unset;

package/public/css/popup.css

@@ -26,7 +26,6 @@ dialog {
 
     /* Fix weird animation issue with font-scaling during popup open */
     backface-visibility: hidden;
-    transform: translateZ(0);
     -webkit-font-smoothing: subpixel-antialiased;
 
     /* Variables setup */
@@ -93,6 +92,11 @@ dialog {
     animation: fade-in var(--popup-animation-speed) ease-in-out;
 }
 
+/* Fix toast container snapping into the backdrop while the animation is running */
+.popup[opening] #toast-container {
+    visibility: hidden;
+}
+
 /* Open state of the dialog */
 .popup[open] {
     color: var(--SmartThemeBodyColor);
@@ -118,17 +122,30 @@ body.no-blur .popup[open]::backdrop {
     animation: fade-out var(--popup-animation-speed) ease-in-out;
 }
 
-.popup #toast-container {
-    /* Fix toastr in dialogs by actually placing it at the top of the screen via transform */
-    height: 100dvh;
-    top: calc(50% + var(--topBarBlockSize));
-    left: 50%;
-    transform: translate(-50%, -50%);
+/* Edge inset to match Toastr default spacing */
+:root {
+    --toast-edge: 12px;
+}
 
-    /* Fix text align, popups are centered by default. toasts should not. */
+.popup #toast-container {
+    /* Popups are centered by default; toasts should not be */
     text-align: left;
 }
 
+/* Per-position position adjustments caused by the top bar, inside the popup */
+.popup #toast-container.toast-top-left {
+    top: calc(var(--toast-edge) + var(--topBarBlockSize));
+}
+
+.popup #toast-container.toast-top-center {
+    /* toastr in core does not have a top offset on center, so we don't do that either in popups */
+    top: var(--topBarBlockSize);
+}
+
+.popup #toast-container.toast-top-right {
+    top: calc(var(--toast-edge) + var(--topBarBlockSize));
+}
+
 .popup-crop-wrap {
     margin: 10px auto;
     max-height: 75vh;

package/public/error/host-not-allowed.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Forbidden</title>
+</head>
+
+<body>
+    <h1>Forbidden</h1>
+    <p>
+        If you are the system administrator, add the hostname you are accessing from to the
+        host whitelist, or disable host whitelisting in the
+        <code>config.yaml</code> file located in the root directory of your installation.
+    </p>
+    <hr />
+    <p>
+        <em>Access from this host is not allowed. This attempt has been logged.</em>
+    </p>
+</body>
+
+</html>

package/public/global.d.ts

@@ -5,20 +5,20 @@ import { QuickReplyApi } from './scripts/extensions/quick-reply/api/QuickReplyAp
 
 declare global {
     // Custom types
-    declare type InstructSettings = typeof power_user.instruct;
-    declare type ContextSettings = typeof power_user.context;
-    declare type ReasoningSettings = typeof power_user.reasoning;
+    type InstructSettings = typeof power_user.instruct;
+    type ContextSettings = typeof power_user.context;
+    type ReasoningSettings = typeof power_user.reasoning;
 
     // Global namespace modules
     interface Window {
         ai: any;
     }
 
-    declare var pdfjsLib;
-    declare var ePub;
-    declare var quickReplyApi: QuickReplyApi;
+    var pdfjsLib;
+    var ePub;
+    var quickReplyApi: QuickReplyApi;
 
-    declare var SillyTavern: {
+    var SillyTavern: {
         getContext(): typeof getContext;
         llm: any;
         libs: typeof libs;
@@ -63,7 +63,7 @@ declare global {
      * @param lang Target language
      * @param provider Translation provider
      */
-    async function translate(text: string, lang: string, provider: string = null): Promise<string>;
+    function translate(text: string, lang: string, provider?: string | null): Promise<string>;
 
     interface ConvertVideoArgs {
         buffer: Uint8Array;
@@ -76,9 +76,9 @@ declare global {
      */
     function convertVideoToAnimatedWebp(args: ConvertVideoArgs): Promise<Uint8Array>;
 
-    interface ColorPickerEvent extends JQuery.ChangeEvent<HTMLElement> {
+    type ColorPickerEvent = Omit<JQuery.ChangeEvent<HTMLElement>, "detail"> & {
         detail: {
             rgba: string;
-        };
-    }
+        }
+    };
 }

package/public/img/azure_openai.svg

@@ -0,0 +1 @@
+<svg id="uuid-adbdae8e-5a41-46d1-8c18-aa73cdbfee32" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18" height="100px" width="100px" transform="rotate(0) scale(1, 1)"><path d="m0,2.7v12.6c0,1.491,1.209,2.7,2.7,2.7h12.6c1.491,0,2.7-1.209,2.7-2.7V2.7c0-1.491-1.209-2.7-2.7-2.7H2.7C1.209,0,0,1.209,0,2.7ZM10.8,0v3.6c0,3.976,3.224,7.2,7.2,7.2h-3.6c-3.976,0-7.199,3.222-7.2,7.198v-3.598c0-3.976-3.224-7.2-7.2-7.2h3.6c3.976,0,7.2-3.224,7.2-7.2Z" stroke-width="0"/></svg>

package/public/img/electronhub.svg

@@ -0,0 +1 @@
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg" width="118.66667" height="177.33333" viewBox="0 0 89 133"><path d="M14.5 1.8c-6.3 3-11.3 8.8-13.2 15.1C-.1 21.8-.2 27.6.6 70.6l.9 48.2 3.1 4.4c1.9 2.6 5.3 5.4 8.4 7l5.2 2.8h26.7c14.8 0 28.2-.5 30.2-1 5.4-1.5 11.6-8.6 12.4-14.3 1-6.5-.2-10.4-4.7-15.3-5.1-5.5-8.3-6.4-23.3-6.4C46.2 96 43 94.9 43 90.5c0-4.3 3.3-5.5 15.4-5.5 13 0 18-1.8 22.7-8.3 5.4-7.5 5-14.4-1.3-21.3-5.1-5.5-11-7.4-22.8-7.4-9.2 0-13-1.5-13-5 0-3.9 3.6-5 16.9-5 14.5 0 19.4-1.6 23.7-7.9 5.4-7.9 5.2-15.9-.6-22.5-5.4-6.1-6.7-6.4-37.5-7.1-26.3-.6-28.2-.5-32 1.3z"/></svg>