SillyTavern

Author	SHA1	Message	Date
Cohee	b2fa6a0afb	Add rate limit to basic auth middleware (#5504 ) * feat: add rate limiting to basic auth flow * fix: round up retry-after duration * feat: enhance point consume logic * fix: move unauthorized webpage reading inside response function * refactor: move getIpAddress to express-common * fix: check for rate limit before checking creds * fix: use correct rate limit pattern in /recover-step2 * feat: handle CF forwarded IP header in rate limit, whitelist and access logger * feat: add individual config toggles for forwarded headers * feat: enhance IP address retrieval to include forwarded IP for access logging * chore: clean-up diff * fix: don't consume points for missing credentials * feat: log rate limited method and URL Co-authored-by: Copilot <copilot@github.com> * feat: make rate limiter points configurable Co-authored-by: Copilot <copilot@github.com> * feat: implement retry-after header for rate limiting responses Co-authored-by: Copilot <copilot@github.com> --------- Co-authored-by: Copilot <copilot@github.com>	2026-05-01 00:09:24 +03:00
Cohee	338119ab77	Implement private IP range request host validator (#5497 ) * feat: implement private IP range request host validator for server-side HTTP requests * feat: add link-local address support * fix: use correct config keys * fix: if config missing use default loopback addresses * fix: re-use resolved address for connection * test: add unit coverage for private request filter and proxy interaction Agent-Logs-Url: https://github.com/SillyTavern/SillyTavern/sessions/1813593e-2263-45e2-aa53-74d39515f1df Co-authored-by: Cohee1207 <18619528+Cohee1207@users.noreply.github.com> * test: remove request-proxy.test.js * perf: cache resolved matches * fix: remove unused import * fix: use proper ipv4 loopback cidr * fix: correct raiseError comment * test: uses tls.connect for secure endpoints * Implement private IP range request host validator Agent-Logs-Url: https://github.com/SillyTavern/SillyTavern/sessions/e76ba122-136e-43ad-b4bc-ea48a01fcdda Co-authored-by: Cohee1207 <18619528+Cohee1207@users.noreply.github.com> * Revert "Implement private IP range request host validator" This reverts commit 14e271470227b485b7d23caac31a237abf9f7835. * fix: close request without sending status in CORS forwarding when headers were sent * fix: not enabled -> disabled * feat: add enableKeepAlive option to PrivateRequestAgent Co-authored-by: Copilot <copilot@github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: anthropic-code-agent[bot] <242468646+Claude@users.noreply.github.com> Co-authored-by: Copilot <copilot@github.com>	2026-04-27 01:51:18 +03:00
DeathStalker471	b1ef254f78	fix: disable HTTP keepAlive (Node 18 behavior) with a config toggle (#5519 ) * implement disable keepalive, handle request-proxy and config logic * Invert keep-alive boolean setting * fix: clean-up server.js diff * fix: boolean flag type * feat: disable keep-alive by default --------- Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>	2026-04-24 22:53:35 +03:00
Cohee	d96d1451ab	Add IP whitelist for SSO authentication headers (#5404 ) * feat: add trusted proxies configuration for SSO authentication * Refactor check to accept IP address directly * Refactor IP patterns validation * Unify warning message format	2026-04-05 22:20:39 +03:00
Cohee	c78f978ede	fix: conditionally include secrets in user data backup (#5360 ) * fix: conditionally include secrets in user data backup * feat: add full data backup toggle * 418 -> 403 I'm not a teapot * Distinguish fails from disabled	2026-03-28 01:52:03 +02:00
Cohee	b259c975a3	Claude: disable adaptive thonk by default	2026-03-13 21:10:29 +02:00
Roland4396	1c5091539c	feat: optionally gzip large save uploads with fallback (#5259 ) * feat: optionally gzip large save uploads with fallback * fix: replace Safari-prone save compression with fflate fallback * refactor: align save upload compression with review feedback * refactor: use compressRequest wrapper for save uploads * Refactor request compression settings * Fix default value * Avoid null in bytes parsing result * fix: switch request compression to fflate gzip * fix: add request compression maxBytes cap and clarify timeout semantics * Refresh package-lock.json * Unify payload limit setting names * Expose compression termination function * Add compression to group chat saves --------- Co-authored-by: Roland4396 <Roland4396@users.noreply.github.com> Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>	2026-03-10 23:32:36 +02:00
Cohee	3070cf26cd	Add config for adaptive thinking Fixes #5236	2026-03-03 20:10:39 +02:00
Sanitised	3db508a759	Support for isomorphic-git as an alternative git backend, part 1 (#5229 ) * Initial version of git adapter for alternate backend. Only clone is implemented. * Regenerate package-lock.json * Clarify comments in config.yaml regarding git backend options --------- Co-authored-by: Sanitised <sanitised@users.noreply.github.com> Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>	2026-03-01 17:08:07 +02:00
Cohee	614f404390	Revert "add char-archive to whitelistImportDomains" This reverts commit `13099c43a9`.	2026-02-12 23:40:30 +02:00
awaae	10e08f0e3d	feat(server): make CORS middleware configurable (#5123 ) * feat(server): make CORS middleware configurable Add detailed configuration options for CORS in config.yaml, including origin, methods, headers, credentials, and max age. Update server initialization to apply these settings dynamically instead of using hardcoded values. * fix(server): Fix default value and conditional logic issues in CORS configuration - Changed the default value of `cors.maxAge` from `null` to `0`. - Simplified the conditional check logic for `allowedHeaders`, removing duplicate checks for `corsAllowedHeaders` being `null`. * fix(server): Fix CORS exposed headers configuration logic - Removed redundant conditional checks. now directly validates array length when `corsExposedHeaders` has a truthy value * Improve types + simplify checks * fix(cors): align maxAge default with original behavior * Adjust default array values * Remove debug log --------- Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>	2026-02-11 21:27:45 +02:00
Cohee	2c09d32b5b	feat(docker): add robust healthcheck script (#5028 ) * feat(docker): add robust healthcheck script - Added `docker/healthcheck.cjs`: A standalone, dependency-free Node.js script for verifying server status. - Updated `Dockerfile`: Added HEALTHCHECK instruction and script copy step. - Features: Auto-detects port from env/config, handles IPv4/IPv6 fallback, auto-retries HTTPS on socket hangup, and sets custom User-Agent. * feat(docker): new healthcheck with /api/health endpoint - Added `GET /api/health` endpoint to `server.js` (unauthenticated) for lightweight status checks. - Update `docker/healthcheck.cjs`: Rewrite - Updated Error handle for `HEALTHCHECK` * feat(docker): switch to heartbeat file healthcheck mechanism - Replaced network-based check with a file-based heartbeat approach. - Updated `src/command-line.js`: Added `heartbeatInterval` argument with explicit ENV override (`SILLYTAVERN_HEARTBEAT_INTERVAL`). - Updated `src/server-main.js`: Added logic to write `heartbeat.json` to data directory at set intervals. - Rewrote `docker/healthcheck.cjs`: Script now monitors the heartbeat file timestamp (zero dependencies, no config parsing required). - Updated `Dockerfile`: Sets default heartbeat interval to 30s and ensures script availability. - Updated `config.yaml`: Added `heartbeatInterval` defaulting to 0 (disabled) for non-Docker users. * Fix variable names * Convert to ESM, use serverDirectory variable * Move file to /src * fix: update heartbeat path to use global DATA_ROOT variable * Pretty colors * Move healthcheck to docker-compose.yml * Comment fixed * Even cleaner diff! --------- Co-authored-by: Pavdig <101715456+Pavdig@users.noreply.github.com>	2026-01-18 16:36:37 +02:00
Cohee	06691e8b9d	Gemini: Add config.yaml setting for thought signatures (#5025 )	2026-01-16 23:23:39 +02:00
underscore_x	865e0a60a2	updated claude prompt caching url (#4931 )	2025-12-29 13:26:13 +02:00
Chanho Chung	ca43796795	Add caching system prompt feature for OpenRouter Gemini (#4903 ) * feat: add caching system prompt for OpenRouter Gemini * fix: resolve reviews	2025-12-20 19:01:42 +02:00
Cohee	2b7003a6da	Google Imagen: Add personGeneration setting to config.yaml	2025-11-28 00:26:31 +02:00
Jakub Jędrzejczyk	e68f9e482e	Authentik automatic login support (#4600 ) * feat: authentik auto login * refactor: move SSO login configuration under sso section in config * Migrate SSO config keys read --------- Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>	2025-10-04 23:47:43 +03:00
Cohee	d134abd50e	Server: Add host whitelisting (#4476 ) * Add host whitelisting middleware * Add prompt to enable hostWhitelist * perf: Freeze config array * Update src/middleware/hostWhitelist.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * perf: Add max known hosts limit * Add validation warning disable hint * Add conditional host whitelist middleware based on SSL configuration * Check for cache exhaustion before logging * Revert "Add conditional host whitelist middleware based on SSL configuration" This reverts commit 968104c6f4f2e4b72e1fd8ceff0a4b0ded216d69. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-04 20:52:23 +03:00
Cohee	e871886b13	Server: Support passphrase for SSL private key (#4488 ) * SSL: support passphrase for private key * Recommend CLI argument or environment variable for key passphrase * Fix SSL passphrase handling to ensure it is always a string	2025-09-04 19:02:48 +03:00
cloudskytian	9cd7910aff	Update config.yaml for Console access log output is now controlled by enableAccessLog	2025-07-25 10:18:42 +08:00
Cohee	c627d77c46	Add toggle and user agent filter for CacheBuster middleware (#4301 ) * Add toggle and user agent filter for CacheBuster middleware Closes #4290 [BUG] SillyTavern takes ~45 seconds to load initially * Use single instance of CacheBuster class * Cache config values * Consistent log header * Remove unnecessary empty line at the beginning of byaf.js	2025-07-24 00:45:42 +03:00
Cohee	cdefddef6c	Implement persona thumbnails (#4210 ) * Implement persona thumbnails * Dear Firefox, fix your overzealous image cache * Add cache busting for avatar uploads when overwriting existing files	2025-06-28 21:39:32 +03:00
Cohee	195034637f	Fix browser launch on android	2025-06-16 22:56:01 +03:00
Cohee	87f618d15c	Rework browser launch functionality (#4143 ) * Add browser selection to auto-launch * Update readmes * Update readme * Display browser name in a console	2025-06-12 22:17:34 +03:00
Nicode	cfa9ef4726	fix: lowercase remote-user header in authelia auto-login procedure Ensure the remote-user header is lowercased to fix case-sensitivity issues in the authelia auto-login process, improving compatibility.	2025-06-02 20:53:39 +08:00
Cohee	560c6e8ff1	Claude: control cache TTL with config	2025-05-23 21:40:40 +03:00
Cohee	61c7f53d22	Move endpoint version to conifg. Refactor ugli model lists	2025-04-27 14:56:51 +03:00
Cyberes	13099c43a9	add char-archive to whitelistImportDomains	2025-04-19 12:30:14 -06:00
Cohee	0e2290dacf	Enable disk cache by default	2025-03-19 22:45:26 +02:00
Cohee	694df8ca55	Merge branch 'staging' into disk-cache	2025-03-19 22:40:11 +02:00
Cohee	400d29e97e	Add chat integrity check to saveChat	2025-03-16 02:24:20 +02:00
Cohee	684ee98168	Add config, increase cache TTL, use async file reads	2025-03-15 19:43:26 +02:00
Cohee	28bad6479c	Use human-readable memory cache capacity in config	2025-03-05 00:45:34 +02:00
Cohee	3d813e4ef6	Move shallow toggle to config.yaml	2025-03-04 23:32:42 +02:00
Cohee	1d995fb92d	Rewrite to only consider Docker	2025-03-01 20:22:33 +02:00
Cohee	58fe54954a	Update whitelist entry in config.yaml to use gateway.docker.internal	2025-02-28 00:21:35 +02:00
Cohee	0bc4396427	Resolve hostnames from whitelist	2025-02-27 23:14:57 +02:00
Cohee	e7fcd0072b	Refactor server startup	2025-02-26 14:46:54 +00:00
Cohee	a73dfa7586	Merge branch 'staging' into immutable-config	2025-02-22 20:15:13 +02:00
Cohee	a2ecb81378	Move minLogLevel to logging section	2025-02-22 13:58:08 +02:00
KevinSun	db500188d8	feat(middleware): add separate access log middleware with config option	2025-02-21 20:32:23 +08:00
Cohee	eb31d7baa2	Merge branch 'staging' into immutable-config	2025-02-20 21:54:41 +02:00
KevinSun	3f5b63bba0	Feature: Add configurable X-Real-IP header support for rate limiting (#3504 ) * fix: correct client IP detection behind reverse proxy * Revert "fix: correct client IP detection behind reverse proxy" This reverts commit 72075062402eadb32c9e349df9bc92bfe4546ce3. * feat: support X-Real-IP header for reverse proxy setups * feat: add option to use x-real-ip for rate limiting behind reverse proxy * docs: update rate limiting configuration comments for X-Real-IP usage * refactor: extract getIpAddress function to reduce code duplication * revert(whitelist): rate limit settings shouldn't affect whitelist	2025-02-20 21:11:44 +02:00
Cohee	7ea2c5f8cf	Move cookie secret to data root. Make config.yaml immutable	2025-02-20 20:16:44 +02:00
Cohee	362470da18	Plugins: Add auto-update functionality (#3487 ) * Plugins: Add auto-update functionality * Check if directory is a git repo * Display message if any plugins were loaded	2025-02-16 20:55:53 +02:00
Cohee	96d6a6df07	Merge pull request #3478 from Dakraid/feature/set-listen-ip Feature: Allow user to configure an address to listen to	2025-02-15 00:02:15 +02:00
Kristan Schlikow	b029ae98dc	Fix default config for IPv6	2025-02-14 20:06:45 +01:00
Kristan Schlikow	f5bfbce0ad	Group listenAddress for config	2025-02-14 20:04:23 +01:00
Kristan Schlikow	2445b6d9dc	Split up listen address configuration between IPv4 and IPv6	2025-02-14 19:58:59 +01:00
Kristan Schlikow	ad8f0f564f	Use IP Regex package, update default	2025-02-14 19:06:07 +01:00

1 2 3

107 Commits