Merge remote-tracking branch 'upstream/main'

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Zhang Yifei
+Copyright (c) 2023-2024 Zhang Yifei
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

app/api/webdav/[...path]/route.ts

@@ -9,6 +9,14 @@ const mergedAllowedWebDavEndpoints = [
   ...config.allowedWebDevEndpoints,
 ].filter((domain) => Boolean(domain.trim()));
 
+const normalizeUrl = (url: string) => {
+  try {
+    return new URL(url);
+  } catch (err) {
+    return null;
+  }
+};
+
 async function handle(
   req: NextRequest,
   { params }: { params: { path: string[] } },
@@ -24,9 +32,15 @@ async function handle(
 
   // Validate the endpoint to prevent potential SSRF attacks
   if (
-    !mergedAllowedWebDavEndpoints.some((allowedEndpoint) =>
+    !endpoint ||
-      endpoint?.startsWith(allowedEndpoint),
+    !mergedAllowedWebDavEndpoints.some((allowedEndpoint) => {
-    )
+      const normalizedAllowedEndpoint = normalizeUrl(allowedEndpoint);
+      const normalizedEndpoint = normalizeUrl(endpoint as string);
+
+      return normalizedEndpoint &&
+        normalizedEndpoint.hostname === normalizedAllowedEndpoint?.hostname &&
+        normalizedEndpoint.pathname.startsWith(normalizedAllowedEndpoint.pathname);
+    })
   ) {
     return NextResponse.json(
       {

app/constant.ts

@@ -188,6 +188,7 @@ const anthropicModels = [
   "claude-3-sonnet-20240229",
   "claude-3-opus-20240229",
   "claude-3-haiku-20240307",
+  "claude-3-5-sonnet-20240620",
 ];
 
 export const DEFAULT_MODELS = [

src-tauri/tauri.conf.json

@@ -9,7 +9,7 @@
   },
   "package": {
     "productName": "NextChat",
-    "version": "2.12.3"
+    "version": "2.12.4"
   },
   "tauri": {
     "allowlist": {