diff --git a/src/locales/en-US.ts b/src/locales/en-US.ts index 31c7a0da..72cb7c3d 100644 --- a/src/locales/en-US.ts +++ b/src/locales/en-US.ts @@ -1704,6 +1704,11 @@ export default { securityImageDomainsHint: 'Allowed image domains whitelist for caching, used to control trusted image sources', noSecurityImageDomains: 'No security domains', securityImageDomainAdd: 'Add domain, e.g.: image.tmdb.org', + imageProxyAllowedPrivateRanges: 'Image Proxy Allowed Private Ranges', + imageProxyAllowedPrivateRangesHint: + 'Only applies after a URL matches a security image domain. Use for TUN mappings or internal CDNs; broad ranges weaken SSRF protection', + noImageProxyAllowedPrivateRanges: 'No allowed ranges', + imageProxyAllowedPrivateRangeAdd: 'Add CIDR, e.g.: 198.18.0.0/15', proxyHost: 'Proxy Server', proxyHostHint: 'Set proxy server address, support: http(s), socks5, socks5h, etc.', moviePilotAutoUpdate: 'Auto Update MoviePilot', diff --git a/src/locales/zh-CN.ts b/src/locales/zh-CN.ts index 099a1fe2..a87ed5f4 100644 --- a/src/locales/zh-CN.ts +++ b/src/locales/zh-CN.ts @@ -1677,6 +1677,11 @@ export default { securityImageDomainsHint: '允许缓存的图片域名白名单,用于控制可信任的图片来源', noSecurityImageDomains: '暂无安全域名', securityImageDomainAdd: '添加域名,如:image.tmdb.org', + imageProxyAllowedPrivateRanges: '图片代理允许非公网网段', + imageProxyAllowedPrivateRangesHint: + '仅对已命中安全图片域名的地址生效,用于 TUN 映射、内网 CDN 等特殊场景;配置过宽会降低 SSRF 防护强度', + noImageProxyAllowedPrivateRanges: '暂无允许网段', + imageProxyAllowedPrivateRangeAdd: '添加 CIDR,如:198.18.0.0/15', proxyHost: '代理服务器', proxyHostHint: '设置代理服务器地址,支持:http(s)、socks5、socks5h 等协议', moviePilotAutoUpdate: '自动更新MoviePilot', diff --git a/src/locales/zh-TW.ts b/src/locales/zh-TW.ts index f1bbb20b..0a06539c 100644 --- a/src/locales/zh-TW.ts +++ b/src/locales/zh-TW.ts @@ -1678,6 +1678,11 @@ export default { securityImageDomainsHint: '允許緩存的圖片域名白名單,用於控制可信任的圖片來源', noSecurityImageDomains: '暫無安全域名', securityImageDomainAdd: '添加域名,如:image.tmdb.org', + imageProxyAllowedPrivateRanges: '圖片代理允許非公網網段', + imageProxyAllowedPrivateRangesHint: + '僅對已命中安全圖片域名的地址生效,用於 TUN 映射、內網 CDN 等特殊場景;配置過寬會降低 SSRF 防護強度', + noImageProxyAllowedPrivateRanges: '暫無允許網段', + imageProxyAllowedPrivateRangeAdd: '添加 CIDR,如:198.18.0.0/15', proxyHost: '代理服務器', proxyHostHint: '設置代理服務器地址,支持:http(s)、socks5、socks5h 等協議', moviePilotAutoUpdate: '自動更新MoviePilot', diff --git a/src/views/setting/AccountSettingSystem.vue b/src/views/setting/AccountSettingSystem.vue index ff5a6b8e..66c77ed3 100644 --- a/src/views/setting/AccountSettingSystem.vue +++ b/src/views/setting/AccountSettingSystem.vue @@ -112,6 +112,7 @@ const SystemSettings = ref({ DOH_RESOLVERS: null, DOH_DOMAINS: null, SECURITY_IMAGE_DOMAINS: [], + IMAGE_PROXY_ALLOWED_PRIVATE_RANGES: [], // 日志 DEBUG: false, LOG_LEVEL: 'INFO', @@ -494,6 +495,8 @@ const dataCleanupFieldRules = [ // 安全域名添加变量 const newSecurityDomain = ref('') +// 图片代理允许非公网网段添加变量 +const newImageProxyAllowedPrivateRange = ref('') // 加载 LLM 模型列表与 provider 目录 async function refreshLlmModels(forceRefresh = true) { @@ -544,6 +547,19 @@ function addSecurityDomain() { } } +// 添加图片代理允许访问的非公网网段 +function addImageProxyAllowedPrivateRange() { + if ( + newImageProxyAllowedPrivateRange.value && + !SystemSettings.value.Advanced.IMAGE_PROXY_ALLOWED_PRIVATE_RANGES.includes( + newImageProxyAllowedPrivateRange.value, + ) + ) { + SystemSettings.value.Advanced.IMAGE_PROXY_ALLOWED_PRIVATE_RANGES.push(newImageProxyAllowedPrivateRange.value) + newImageProxyAllowedPrivateRange.value = '' + } +} + // 调用API查询下载器设置 async function loadDownloaderSetting() { try { @@ -2103,6 +2119,51 @@ watch(currentLlmSnapshotKey, (snapshotKey, previousSnapshotKey) => { + +
+ {{ t('setting.system.imageProxyAllowedPrivateRanges') }} +
+
+ {{ t('setting.system.imageProxyAllowedPrivateRangesHint') }} +
+
+ + {{ range }} + + + {{ t('setting.system.noImageProxyAllowedPrivateRanges') }} + +
+
+ + + +