GitHub/xiaomusic
1
0
Fork 0
mirror of https://github.com/hanxi/xiaomusic.git synced 2026-05-03 23:46:02 +08:00
Code Packages Releases Activity
1,918 Commits 1 Branch 235 Tags
bdc8f2d47bf55448e3d751191eb3667c135c9fb2
Commit Graph

1918 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
涵曦
bdc8f2d47b bump: version 0.5.0 → 0.5.1 v0.5.1 2026-04-09 09:19:40 +08:00
涵曦
7512169a2c build: update static version 2026-04-09 09:19:35 +08:00
tuanaiseo
5f3f2e174a fix(security): arbitrary code execution via eval in plugin exec (#819) 
The plugin manager executes plugin code strings using `eval(code, ...)` for both sync and async plugin functions. If an attacker can influence `code` (directly or indirectly via command/config/plugin inputs), this allows arbitrary Python execution in the server process.

Affected files: plugin.py

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
 2026-04-07 09:33:21 +08:00
tuanaiseo
178797fd91 fix(security): path traversal bypass in safe_join_path prefix c (#820) 
The path safety check uses `normalized_directory.startswith(os.path.normpath(safe_root))`, which can be bypassed by sibling paths sharing the same prefix (e.g., `/safe/root2` starts with `/safe/root`). This may permit access outside the intended root.

Affected files: file_utils.py

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
 2026-04-07 09:32:25 +08:00
boluofan
97879f512f Lxserver feature (#818) 
* 1. 增加鉴权配置;
2. 增加用户LX歌单获取及转换

* 1. 增加[自动拉取、转换]功能
2. MusicFree增加[在线导入]功能

* 1.优化歌单转换功能,
2.更新版本
 2026-04-06 22:04:42 +08:00
Issues Docs [BOT]
57171d4e84 Auto-Generate docs 🤖 2026-04-06 13:27:39 +00:00
Issues Docs [BOT]
c2e9efb82d Auto-Generate docs 🤖 2026-04-04 04:06:34 +00:00
Issues Docs [BOT]
8cd608c40d Auto-Generate docs 🤖 2026-04-04 04:03:33 +00:00
Issues Docs [BOT]
f74c82d8b7 Auto-Generate docs 🤖 2026-04-03 19:16:19 +00:00
birdstudy-nj
769086c192 Enhance iWebPlayer link with additional styling (#816) 2026-04-03 18:10:15 +08:00
Issues Docs [BOT]
573d86e3af Auto-Generate docs 🤖 2026-04-03 09:30:54 +00:00
birdstudy-nj
62b719dd1e fix: 修补url的base64编码 (#815) 2026-04-03 17:24:57 +08:00
Issues Docs [BOT]
9144350e41 Auto-Generate docs 🤖 2026-04-03 04:17:44 +00:00
birdstudy-nj
8490360b9d 新增自定义歌单功能,支持本地和MusicFree的歌曲加入自定义歌单 (#814) 2026-04-03 12:10:59 +08:00
Issues Docs [BOT]
021461df12 Auto-Generate docs 🤖 2026-04-03 02:29:40 +00:00
Issues Docs [BOT]
12079fb37c Auto-Generate docs 🤖 2026-04-01 04:03:54 +00:00
Issues Docs [BOT]
97870bb840 Auto-Generate docs 🤖 2026-04-01 02:38:37 +00:00
Issues Docs [BOT]
4028816189 Auto-Generate docs 🤖 2026-04-01 02:11:59 +00:00
Issues Docs [BOT]
ae919b5ad8 Auto-Generate docs 🤖 2026-04-01 01:58:56 +00:00
Issues Docs [BOT]
ec1e109e90 Auto-Generate docs 🤖 2026-03-31 14:36:28 +00:00
Issues Docs [BOT]
57e4d1ead3 Auto-Generate docs 🤖 2026-03-31 06:15:48 +00:00
birdstudy-nj
e807d65f18 feat: 新增MusicFree插件 (#809) 2026-03-27 12:09:45 +08:00
Issues Docs [BOT]
ca4ef0927d Auto-Generate docs 🤖 2026-03-26 08:54:27 +00:00
Issues Docs [BOT]
663214c298 Auto-Generate docs 🤖 2026-03-26 04:04:53 +00:00
Issues Docs [BOT]
9c3821a1fd Auto-Generate docs 🤖 2026-03-25 13:45:57 +00:00
涵曦
7644ee6f28 bump: version 0.4.26 → 0.5.0 v0.5.0 2026-03-25 21:43:38 +08:00
涵曦
bf6fd52182 build: update static version 2026-03-25 21:43:32 +08:00
Issues Docs [BOT]
38e373a320 Auto-Generate docs 🤖 2026-03-25 12:30:44 +00:00
hejun041
e9bd7543e4 新增Bilibili歌单支持、修复几项显示问题 (#795) 
* fix: support object song items in playlist backend and UI

* fix: guard favoritelist access in default md.js

* chore: add proxy handler diagnostics

* fix: support manual bilibili playlist urls via proxy transcode

* Update music_library.py

---------

Co-authored-by: hejun041 <hejun041@gmail.com>
Co-authored-by: 涵曦 <im.hanxi@gmail.com>
 2026-03-25 17:20:29 +08:00
boluofan
4118c472a1 feat: 高级设置增加:口令平台偏好设置,方便语音指令播放时指定平台。 (#804) 2026-03-25 17:16:56 +08:00
Issues Docs [BOT]
5bdd4a203d Auto-Generate docs 🤖 2026-03-25 06:33:25 +00:00
boluofan
784b00779f feat: 优化界面:移除【推送】按钮,统一合并为【播放】 (#803) 2026-03-25 14:21:46 +08:00
Issues Docs [BOT]
48411fae41 Auto-Generate docs 🤖 2026-03-25 03:16:42 +00:00
Issues Docs [BOT]
b751b0c127 Auto-Generate docs 🤖 2026-03-25 02:52:25 +00:00
boluofan
7a4a3a51cb feat: lxserver适配 (#802) 
* 1. 增加lxserver接口 测试功能
2. 适配lxserver接口 歌词获取功能

* 设置界面增加密码验证功能
 2026-03-25 10:34:57 +08:00
Issues Docs [BOT]
ebfdaad79a Auto-Generate docs 🤖 2026-03-25 02:21:25 +00:00
birdstudy-nj
c41e7bd325 feat: 启用安全访问后,增加cookie (#801) 
开启安全访问后,FastAPI自带的用户名密码验证,每次开页面都会提示输入账号。
但公网可访问的,又必须开启。
因此,增加cookie,默认一周验证失效。既保证安全,又不失便利性。
 2026-03-24 16:25:37 +08:00
Issues Docs [BOT]
12192b0866 Auto-Generate docs 🤖 2026-03-24 02:49:41 +00:00
boluofan
f128d516b4 feat: lxserver接口功能拓展 (#798) 
* 【默认主题】增加[在线搜索]按钮

* 接入LX Server接口

* 增加LX Server相关配置界面及接口

* 1. 优化配置及前端展示
2. 增加高级配置

* 优化歌曲追加逻辑:支持翻页追加

* 1. 优化前端展示效果
2. 增加配置文件对比合并

* 优化配置文件解构

* 移除重复函数

* 更新版本、引用说明文档

* 更新文档
 2026-03-23 15:40:05 +08:00
zkwzk.eth
0ba962c06c fix: added the function to parse the url copied from bilibili to the music download tool (#796) 
* parse the clipboard pasted text to auto fill the url and name which copied from the bilibili share link feature, for example, the copied url from bilibili like this: `【【推荐歌单】2026年最火的60首热门歌曲合集,值得收藏的流行音乐合集】 https://www.bilibili.com/video/BV1rLAszFEpn/?share_source=copy_web&vd_source=00b5827a742df338af5f9af18320a0b4`, the portion before https will be in the name input, the url will be in the url input

* upgrade library for security update
 2026-03-23 14:19:49 +08:00
Issues Docs [BOT]
0fa61b70d3 Auto-Generate docs 🤖 2026-03-22 14:05:24 +00:00
Issues Docs [BOT]
f021ba553a Auto-Generate docs 🤖 2026-03-21 06:22:16 +00:00
涵曦
d2cf119027 Update README.md 2026-03-21 14:20:32 +08:00
nono11875
e5a56933d8 fix: 移除日志和控制台中敏感凭据的明文输出 (#793) 
- 删除 _save_auth_data() 中打印完整 auth_data 的 print(含 passToken/ssecurity/serviceToken)
- 删除 _request() 中打印请求数据和响应数据的 print
- auth.py get_cookie() 日志不再输出 .mi.token 文件完整内容
- auth.json 写入后设置 0600 权限,防止其他用户读取

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 08:42:08 +08:00
Issues Docs [BOT]
d62d9b7695 Auto-Generate docs 🤖 2026-03-20 04:43:22 +00:00
涵曦
3b3fe9ef8f bump: version 0.4.25 → 0.4.26 v0.4.26 2026-03-20 12:41:26 +08:00
涵曦
8d6e61e803 build: update static version 2026-03-20 12:41:22 +08:00
Formatter [BOT]
f6a86345f1 Auto-format code 🧹🌟🤖 2026-03-20 02:34:46 +00:00
hejun041
311b75cb8e fix: proxy handler CDN safeguard & content-type based FFmpeg routing (#791) 
- 用精确域名后缀匹配替代 mcdn/hdslb 子串匹配,避免误伤其他插件
- 电台流(is_radio=True)跳过 bilibili FFmpeg 路径
- _bilibili_ffmpeg_stream 泛化为 _ffmpeg_mp3_stream,支持可选 extra_headers
- 新增 Content-Type 兜底:非 bilibili CDN 返回 video/mp4 或 audio/aac 时同样走 FFmpeg 转码

Co-authored-by: hejun041 <hejun041@gmail.com>
 2026-03-20 10:34:19 +08:00
Issues Docs [BOT]
3f0bd174e8 Auto-Generate docs 🤖 2026-03-20 01:01:27 +00:00