大佬可不可以加一个后台管理界面 #23
Comments
|
已star |
|
最近一段时间比较忙,需求有点多等过段时间有空了,再逐步更新,也欢迎其他大佬可以参与贡献代码 |
可以用 Cloudflare Access 功能達到驗證登入。 |
|
我试过了,但是好像没办法设密码,而且没办法只给主界面加登录验证,如果给主界面加上,那所有短链接就都有了 |
|
Line 129 in 681d43e 改這行,改成像是 |
|
@Anpiluo 其實我有嘗試做一個後台管理介面,現在的狀況就是「能用,但是程式碼寫得很亂」(我是弱雞)。你不介意的話,我可以給你用用看。 |
很抱歉这么晚才回复 我在看到了你的回复后,进行了尝试,但我发现如果引号中的路径如果写为 btw: |
|
我的做法是 |
如有需要,請email我。 |
此JS非彼JS。 还有个main.js是由index.html调用的。里面是一些业务逻辑。 |
@crazypeace 哇!我沒想到有這樣子的風險!我自己的做法是不設password(純 |
我个人认为风险不是很大,不过你的worker的JS源码如果公开在互联网上(比如GitHub),原则上攻击者是有可能获得的。因为你的作法相当于在workder的JS里面写死一个密钥(manage),如果访问者提供了此密钥,则向访问者提供服务。 |
|
而我的作法是,worker的JS源码表明要在cloudflare的KV库里读取指定key的value作为密钥。 |
|
Cloudflare Zero Trust 我没有研究过。 |
|
根据我对Cloudflare Zero Trust的使用经历,@chiyi4488 和我的想法差不多,给界面加路径的目的是为了套cf Access的时候不会把短链接也套上,这种做法基本不依赖“路径”(或者说“密钥”)的隐蔽性(不可知性),我个人认为即使在网络上公开链接也无所谓(除非他能淦破cf(笑))。 |
|
如果简单应用,分享给几个朋友使用。 |
|
@crazypeace @Anpiluo 或許咱可以來整合各自寫的短連結code 😁 感覺不錯 我的範例:https://fordemo.short-link.cotpear.workers.dev/manage (不過我改動的有點多,我以JSON格式儲存短連結資料) |
|
你的功能比较强大。 |
|
在我们启动URL缩短器之前,必须至少有一次认证。否则,该服务可能被垃圾邮件发送者滥用,这将损害域名的声誉。 例如,"admin "和 "password",然后可以访问URL缩短器页面。不需要很多复杂的功能或多个用户。只有这样,至少可以保护域名。 There must be at least one authentication before we start the URL shortener. Otherwise, the service can be abused by spammers, which will harm the domain's reputation. e.g., "admin" and "password" can access the URL shortener page. No need for many complicated functions or multiple users. Only this will at least protect the domain. Edit: Just notice someone already added this feature - https://github.com/51sec/Url-Shorten-By-CF-Worker Edit 2: Deployed this fork, in the main url, if someone can see the source code or cltr + u, then the password to access the site is visible. Not a viable solution either. Requesting @xyTom to do something regarding basic security. |
This is my solution: https://github.com/crazypeace/Url-Shorten-Worker Demo: https://1ladder.eu.org/6H4wjH If you don't know the path, just access https://1ladder.eu.org/ , you can not use the service. You can set a "password" in your KV, it can only be read by cloudflare worker script. So unauthorized user can't know it. |
Thanks. This solved the issue. At least will provide basic protection from spammers. |
|
@xenstar What do you think of cloudflare zero trust service? I personally think this stops spam, done without making any changes to this repo. ✨ |
Hi, @chiyi4488 thanks for suggesting this. I have never checked this feature. So I have tried to apply it, and it looks very promising. But one issue I am facing is it is applying policy for the whole subdomain. So even while accessing a redirecting domain, it's asking for authentication. I think this is a policy setting; I will check this more to fix it, but if you know anything or have any tutorial online (Chinese or English), you can share it with me. |
|
做了一个新的短链接cloudflare-worker-short-url ,带密码控制和点击历史记录,欢迎试用~ |
and others
这样子就不用在上cfkv里,就可以自定义和删除了
另,可不可以在两个地方加个可选的密码一个是跳转,另外一个是主界面,因为害怕被不法分子拿来利用
The text was updated successfully, but these errors were encountered: