feat: remove MEDIA_PROXY_KEY and internal media proxy

lib/config.ts

@@ -61,7 +61,6 @@ export type Config = {
         allow_user_hotlink_template: boolean;
         filter_regex_engine: string;
         allow_user_supply_unsafe_domain: boolean;
-        mediaProxyKey?: string;
     };
     suffix?: string;
     titleLengthLimit: number;
@@ -391,7 +390,6 @@ const calculateValue = () => {
             allow_user_hotlink_template: toBoolean(envs.ALLOW_USER_HOTLINK_TEMPLATE, false),
             filter_regex_engine: envs.FILTER_REGEX_ENGINE || 're2',
             allow_user_supply_unsafe_domain: toBoolean(envs.ALLOW_USER_SUPPLY_UNSAFE_DOMAIN, false),
-            mediaProxyKey: envs.MEDIA_PROXY_KEY,
         },
         suffix: envs.SUFFIX,
         titleLengthLimit: toInt(envs.TITLE_LENGTH_LIMIT, 150),

lib/routes/rsshub/maintainer.ts

@@ -1,5 +1,4 @@
 export default {
-    '/m/:key/:url': ['TonyRL'],
     '/routes/:lang?': ['DIYgod'],
     '/transform/html/:url/:routeParams': ['ttttmr'],
     '/transform/json/:url/:routeParams': ['ttttmr'],

lib/routes/rsshub/router.ts

@@ -1,5 +1,4 @@
 export default (router) => {
-    router.get('/m/:key/:url', './media');
     router.get('/routes/:lang?', './routes');
     router.get('/transform/html/:url/:routeParams', './transform/html');
     router.get('/transform/json/:url/:routeParams', './transform/json');

lib/routes/telegram/channel.ts

@@ -55,7 +55,7 @@ const mediaTagDict = {
 };
 
 export default async (ctx) => {
-    const useWeb = ctx.req.param('routeParams') || !(config.telegram.session && config.feature.mediaProxyKey);
+    const useWeb = ctx.req.param('routeParams') || !config.telegram.session;
     if (!useWeb) {
         return require('./tglib/channel').default(ctx);
     }

lib/routes/telegram/tglib/channel.ts

@@ -33,10 +33,6 @@ function parseRange(range, length) {
 }
 
 async function getMedia(ctx) {
-    if (ctx.req.param('key') !== config.feature.mediaProxyKey) {
-        throw new Error('Invalid key');
-    }
-
     const media = await decodeMedia(ctx.req.param('username'), ctx.req.param('media'));
     if (!media) {
         ctx.status = 500;

lib/routes/telegram/tglib/client.ts

@@ -69,7 +69,7 @@ function ExpandInlineBytes(bytes) {
 }
 
 function getMediaLink(ctx, channel, channelName, message) {
-    const base = `${ctx.protocol}://${ctx.host}/telegram/channel/${channelName}/${config.feature.mediaProxyKey}/`;
+    const base = `${ctx.protocol}://${ctx.host}/telegram/channel/${channelName}`;
     const src = base + `${channel.channelId}_${message.id}`;
 
     const x = message.media;

lib/routes/weibo/timeline.ts

@@ -145,7 +145,7 @@ export default async (ctx) => {
                 'Content-Type': 'text/html; charset=UTF-8',
                 'Cache-Control': 'no-cache',
             });
-            ctx.body = `<script>window.location = '/weibo/timeline/${uid}${routeParams ? `/${routeParams}` : ''}'</script>`;
+            ctx.html(`<script>window.location = '/weibo/timeline/${uid}${routeParams ? `/${routeParams}` : ''}'</script>`);
         }
     } else {
         const { app_key = '', redirect_url = ctx.req.origin + '/weibo/timeline/0' } = config.weibo;

website/docs/install/config.md

@@ -198,8 +198,6 @@ Configs in this sections are in beta stage, and **are turn off by default**. Ple
 
 `ALLOW_USER_SUPPLY_UNSAFE_DOMAIN`: allow users to provide a domain as a parameter to routes that are not in their allow list, respectively. Public instances are suggested to leave this value default, as it may lead to [Server-Side Request Forgery (SSRF)](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)
 
-`MEDIA_PROXY_KEY`: the access key for internal media proxy.
-
 ## Other Application Configurations
 
 `DISALLOW_ROBOT`: prevent indexing by search engine, default to enable, set false or 0 to disable

website/docs/routes/other.mdx

@@ -121,7 +121,7 @@ See [#app-store-mac-app-store](/routes/program-update#app-store-mac-app-store)
 
 <Route author="DIYgod" example="/scmp/coronavirus" path="/scmp/coronavirus" />
 
-### Macao Pagina Electrónica Especial Contra Epidemias: What’s New {#corona-virus-disease-2019-macao-pagina-electr%C3%B3nica-especial-contra-epidemias-what-s-new}
+### Macao Pagina Electrónica Especial Contra Epidemias: What’s New {#corona-virus-disease-2019-macao-pagina-electronica-especial-contra-epidemias-what-s-new}
 
 Official Website: [https://www.ssm.gov.mo/apps1/PreventWuhanInfection/en.aspx](https://www.ssm.gov.mo/apps1/PreventWuhanInfection/en.aspx)
 
@@ -442,10 +442,6 @@ It is recommended to use with clipping tools such as Notion Web Clipper.
 
 ## RSSHub {#rsshub}
 
-### Internal Media Proxy {#rsshub-internal-media-proxy}
-
-<Route author="TonyRL" example="/rsshub/m/key/https%3A%2F%2Fdocs.rsshub.app%2Fimg%2Flogo.png" path="/rsshub/m/:key/:url" paramsDesc={['Media Proxy Key', '`encodeURIComponent`ed URL address']} configRequired="1" />
-
 ### Transformation - HTML {#rsshub-transformation-html}
 
 Pass URL and transformation rules to convert HTML/JSON into RSS.

website/docs/routes/social-media.mdx

@@ -784,7 +784,7 @@ If the instance address is not `mastodon.social` or `pawoo.net`, then the route
 <Route author="synchrone" example="/telegram/channel/telegram" path="/telegram/channel/:username" paramsDesc={['Channel name, without @']} configRequired="1" />
 
 :::warning
-This route requires user-based `TELEGRAM_SESSION` which can be acquired and `MEDIA_PROXY_KEY`.
+This route requires user-based `TELEGRAM_SESSION`.
 :::
 
 ### Sticker Pack {#telegram-sticker-pack}

website/i18n/zh/docusaurus-plugin-content-docs/current/install/config.md

@@ -196,8 +196,6 @@ RSSHub 支持使用访问密钥 / 码进行访问控制。开启将会激活全
 
 `ALLOW_USER_SUPPLY_UNSAFE_DOMAIN`: 允许用户为路由提供域名作为参数。建议公共实例不要调整此选项，开启后可能会导致 [服务端请求伪造（SSRF）](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)
 
-`MEDIA_PROXY_KEY`: 内置多媒体代理的访问密钥
-
 ## 其他应用配置
 
 `DISALLOW_ROBOT`: 阻止搜索引擎收录，默认开启，设置 false 或 0 关闭