免费图床Telegraph-Image

前提

部署了博客少不了要用到图片的时候,没有一个合适的图床肯定是不行的,看了一圈还是决定再嫖一次大善人.

部署效果

部署过程

略
按项目文档一步一步走即可.项目Telegraph-Image

部署后的问题

问题

原始项目没有对上传加以限制，导致会出现一个问题只有有人知道你部署的就可以使用你的图床，一般人使用到也没有什么问题，万一碰见不法分子就要遭殃了

解决

翻阅项目的issues，这个问题已经有很多人提出，同样的也有很多解决方法被研究出来,如issues#97,其中有两个解决方案很不错@MicroMatrixOrg提出的增加防盗链,和@maytom2016修改的增加认证版本Telegraph-Image-auth很符合我的期望,不过Telegraph-Image-auth复刻版本有些老,我还是想要新版本的,而且还能同步官方最好.最后决定自己动手,好在修改难度不高.
于是基于这两个方案来修改我的

上传增加认证

对上传文件functions/upload.js进行修改,代码参考Telegraph-Image-auth,

import { errorHandling, telemetryData } from "./utils/middleware";

function UnauthorizedException(reason) {
  return new Response(reason, {
    status: 401,
    statusText: "Unauthorized",
    headers: {
      "Content-Type": "text/plain;charset=UTF-8",
      // Disables caching by default.
      "Cache-Control": "no-store",
      // Returns the "Content-Length" header for HTTP HEAD requests.
      "Content-Length": reason.length,
    },
  });
}

export async function onRequestPost(context) {  // Contents of context object  
    const {
        request, // same as existing Worker API  
        env, // same as existing Worker API  
        params, // if filename includes [id] or [[path]]   
        waitUntil, // same as ctx.waitUntil in existing Worker API  
        next, // used for middleware or to fetch assets  
        data, // arbitrary space for passing data between middlewares 
    } = context;
    const ref=request.headers.get('Referer');
    const url1= new URL(ref)
    const refparam = new URLSearchParams(url1.search);
    const autcode=refparam.get('authcode');
    if(autcode==env.AUTH_CODE){
        const url2 = new URL(request.url)
        const url = new URL(url2.protocol + '//' + url2.host + '/upload' + url2.search);
      
        const clonedRequest = request.clone();
        await errorHandling(context);
        telemetryData(context);
        const response = fetch('https://telegra.ph/' + url.pathname + url.search, {
            method: clonedRequest.method,
            headers: clonedRequest.headers,
            body: clonedRequest.body,
        });
        return response;
    }
    return new UnauthorizedException("error");
}

增加防盗链

对文件读取functions/file/[id].js增加防盗链限制,参考增加防盗链

export async function onRequest(context) {  // Contents of context object  
    const {
        request, // same as existing Worker API  
        env, // same as existing Worker API  
        params, // if filename includes [id] or [[path]]   
        waitUntil, // same as ctx.waitUntil in existing Worker API  
        next, // used for middleware or to fetch assets  
        data, // arbitrary space for passing data between middlewares 
    } = context;

    const url = new URL(request.url);
    let Referer = request.headers.get('Referer')
    if (Referer) {
        try {
            let refererUrl = new URL(Referer)
            let allowedDomains = env.ALLOWED_DOMAINS.split(','); 
            let isAllowed = allowedDomains.some(domain => {
              let domainPattern = new RegExp(`(^|\\.)${domain}$`);
              return domainPattern.test(refererUrl.hostname);
            });
            if (!isAllowed) {
              return Response.redirect(url.origin + "/block-img.html", 302);
            }  
        } catch (e) {
            return Response.redirect(url.origin + "/block-img.html", 302);
        }
    }
  
    const response = fetch('https://telegra.ph/' + url.pathname + url.search, {
        method: request.method,
        headers: request.headers,
        body: request.body,
    }).then(async (response) => {
        console.log(response.ok); // true if the response status is 2xx
        console.log(response.status); // 200
        if (response.ok) {
            // Referer header equal to the admin page
            console.log(url.origin + "/admin")
            if (request.headers.get('Referer') == url.origin + "/admin") {
                //show the image
                return response;
            }

            if (typeof env.img_url == "undefined" || env.img_url == null || env.img_url == "") { } else {
                //check the record from kv
                const record = await env.img_url.getWithMetadata(params.id);
                console.log("record")
                console.log(record)
                if (record.metadata === null) {

                } else {

                    //if the record is not null, redirect to the image
                    if (record.metadata.ListType == "White") {
                        return response;
                    } else if (record.metadata.ListType == "Block") {
                        console.log("Referer")
                        console.log(request.headers.get('Referer'))
                        if (typeof request.headers.get('Referer') == "undefined" || request.headers.get('Referer') == null || request.headers.get('Referer') == "") {
                            return Response.redirect(url.origin + "/block-img.html", 302)
                        } else {
                            return Response.redirect("https://static-res.pages.dev/teleimage/img-block-compressed.png", 302)
                        }

                    } else if (record.metadata.Label == "adult") {
                        if (typeof request.headers.get('Referer') == "undefined" || request.headers.get('Referer') == null || request.headers.get('Referer') == "") {
                            return Response.redirect(url.origin + "/block-img.html", 302)
                        } else {
                            return Response.redirect("https://static-res.pages.dev/teleimage/img-block-compressed.png", 302)
                        }
                    }
                    //check if the env variables WhiteList_Mode are set
                    console.log("env.WhiteList_Mode:", env.WhiteList_Mode)
                    if (env.WhiteList_Mode == "true") {
                        //if the env variables WhiteList_Mode are set, redirect to the image
                        return Response.redirect(url.origin + "/whitelist-on.html", 302);
                    } else {
                        //if the env variables WhiteList_Mode are not set, redirect to the image
                        return response;
                    }
                }

            }

            //get time
            let time = new Date().getTime();

            let apikey = env.ModerateContentApiKey

            if (typeof apikey == "undefined" || apikey == null || apikey == "") {

                if (typeof env.img_url == "undefined" || env.img_url == null || env.img_url == "") {
                    console.log("Not enbaled KV")

                } else {
                    //add image to kv
                    await env.img_url.put(params.id, "", {
                        metadata: { ListType: "None", Label: "None", TimeStamp: time },
                    });

                }
            } else {
                await fetch(`https://api.moderatecontent.com/moderate/?key=` + apikey + `&url=https://telegra.ph/` + url.pathname + url.search).
                    then(async (response) => {
                        let moderate_data = await response.json();
                        console.log(moderate_data)
                        console.log("---env.img_url---")
                        console.log(env.img_url == "true")
                        if (typeof env.img_url == "undefined" || env.img_url == null || env.img_url == "") { } else {
                            //add image to kv
                            await env.img_url.put(params.id, "", {
                                metadata: { ListType: "None", Label: moderate_data.rating_label, TimeStamp: time },
                            });
                        }
                        if (moderate_data.rating_label == "adult") {
                            return Response.redirect(url.origin + "/block-img.html", 302)
                        }
                    });

            }
        }
        return response;
    });

    return response;

}

说明

修改之后相比于原项目增加了两个环境变量
AUTH_CODE:上传时认证密码
ALLOWED_DOMAINS访问时允许的域名,我对空进行的放行
由于还打算同步上游项目所以只对必要部分修改,文档什么的没有修改

项目地址

https://github.com/hl128k/Telegraph-Image

更新 2024/8/14

推荐一个分支仓库，ui优化重制版CloudFlare-ImgBed