feat: Enhance anti-leech configuration with new options and improved UI

agent/app/service/website.go

@@ -2230,7 +2230,7 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 			}
 		}
 	}
-	if req.Enable {
+	if req.Enable || req.Cache {
 		exts := strings.Split(req.Extends, ",")
 		newDirective := components.Directive{
 			Name:       "location",
@@ -2240,49 +2240,84 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 		newBlock := &components.Block{}
 		newBlock.Directives = make([]components.IDirective, 0)
 		if req.Cache {
-			newBlock.Directives = append(newBlock.Directives, &components.Directive{
+			newBlock.AppendDirectives(&components.Directive{
 				Name:       "expires",
 				Parameters: []string{strconv.Itoa(req.CacheTime) + req.CacheUint},
 			})
 		}
-		newBlock.Directives = append(newBlock.Directives, &components.Directive{
+		if !req.LogEnable {
+			newBlock.AppendDirectives(&components.Directive{
+				Name:       "access_log",
+				Parameters: []string{"off"},
+			})
+		}
+		newBlock.AppendDirectives(&components.Directive{
 			Name:       "log_not_found",
 			Parameters: []string{"off"},
 		})
-		validDir := &components.Directive{
-			Name:       "valid_referers",
-			Parameters: []string{},
-		}
-		if req.NoneRef {
-			validDir.Parameters = append(validDir.Parameters, "none")
-		}
-		if len(req.ServerNames) > 0 {
-			validDir.Parameters = append(validDir.Parameters, strings.Join(req.ServerNames, " "))
-		}
-		newBlock.Directives = append(newBlock.Directives, validDir)
+		if req.Enable {
+			validDir := &components.Directive{
+				Name:       "valid_referers",
+				Parameters: []string{},
+			}
+			if req.NoneRef {
+				validDir.Parameters = append(validDir.Parameters, "none")
+			}
+			if req.Blocked {
+				validDir.Parameters = append(validDir.Parameters, "blocked")
+			}
+			if len(req.ServerNames) > 0 {
+				validDir.Parameters = append(validDir.Parameters, strings.Join(req.ServerNames, " "))
+			}
+			newBlock.AppendDirectives(validDir)
 
-		ifDir := &components.Directive{
-			Name:       "if",
-			Parameters: []string{"($invalid_referer)"},
+			ifDir := &components.Directive{
+				Name:       "if",
+				Parameters: []string{"($invalid_referer)"},
+			}
+			if !req.LogEnable {
+				ifDir.Block = &components.Block{
+					Directives: []components.IDirective{
+						&components.Directive{
+							Name:       "access_log",
+							Parameters: []string{"off"},
+						},
+						&components.Directive{
+							Name:       "return",
+							Parameters: []string{req.Return},
+						},
+					},
+				}
+			} else {
+				ifDir.Block = &components.Block{
+					Directives: []components.IDirective{
+						&components.Directive{
+							Name:       "return",
+							Parameters: []string{req.Return},
+						},
+					},
+				}
+			}
+			newBlock.AppendDirectives(ifDir)
 		}
-		ifDir.Block = &components.Block{
-			Directives: []components.IDirective{
+		if website.Type == constant.Deployment {
+			newBlock.AppendDirectives(
 				&components.Directive{
-					Name:       "return",
-					Parameters: []string{req.Return},
+					Name:       "proxy_set_header",
+					Parameters: []string{"Host", "$host"},
 				},
 				&components.Directive{
-					Name:       "access_log",
-					Parameters: []string{"off"},
+					Name:       "proxy_set_header",
+					Parameters: []string{"X-Real-IP", "$remote_addr"},
 				},
-			},
-		}
-		newBlock.Directives = append(newBlock.Directives, ifDir)
-		if website.Type == constant.Deployment {
-			newBlock.Directives = append(newBlock.Directives, &components.Directive{
-				Name:       "proxy_pass",
-				Parameters: []string{fmt.Sprintf("http://%s", website.Proxy)},
-			})
+				&components.Directive{
+					Name:       "proxy_set_header",
+					Parameters: []string{"X-Forwarded-For", "$proxy_add_x_forwarded_for"},
+				},
+				&components.Directive{
+					Name:       "proxy_pass",
+					Parameters: []string{fmt.Sprintf("http://%s", website.Proxy)},
+				})
 		}
 		newDirective.Block = newBlock
 		index := -1
@@ -2336,6 +2371,11 @@ func (w WebsiteService) GetAntiLeech(id uint) (*response.NginxAntiLeechRes, erro
 		}
 		lDirectives := location.GetBlock().GetDirectives()
 		for _, lDir := range lDirectives {
+			if lDir.GetName() == "access_log" {
+				if strings.Join(lDir.GetParameters(), "") == "off" {
+					res.LogEnable = false
+				}
+			}
 			if lDir.GetName() == "valid_referers" {
 				res.Enable = true
 				params := lDir.GetParameters()
@@ -2360,11 +2400,6 @@ func (w WebsiteService) GetAntiLeech(id uint) (*response.NginxAntiLeechRes, erro
 					if dir.GetName() == "return" {
 						res.Return = strings.Join(dir.GetParameters(), " ")
 					}
-					if dir.GetName() == "access_log" {
-						if strings.Join(dir.GetParameters(), "") == "off" {
-							res.LogEnable = false
-						}
-					}
 				}
 			}
 			if lDir.GetName() == "expires" {

frontend/src/lang/modules/en.ts

@@ -2415,6 +2415,16 @@ const message = {
         disableLeech: 'Disable anti-leech',
         ipv6: 'Listen IPv6',
         leechReturnError: 'Please fill in the HTTP status code',
+        blockedRef: 'Allow non-standard Referer',
+        accessControl: 'Anti-leech control',
+        leechcacheControl: 'Cache control',
+        leechlogControl: 'Log control',
+        logEnableControl: 'Log static asset requests',
+        leechSpecialValidHelper:
+            "When 'Allow empty Referer' is enabled, requests without a Referer (direct access, etc.) are not blocked; enabling 'Allow non-standard Referer' allows any Referer that does not start with http/https (client requests, etc.).",
+        leechInvalidReturnHelper: 'HTTP status code returned after blocking hotlinking requests',
+        leechlogControlHelper:
+            'Logs static asset requests; usually disabled in production to avoid excessive, noisy logs',
         selectAcme: 'Select Acme account',
         imported: 'Created manually',
         importType: 'Import type',

frontend/src/lang/modules/ja.ts

@@ -2328,6 +2328,16 @@ const message = {
         disableLeech: '反リーチを無効にします',
         ipv6: '緑',
         leechReturnError: 'HTTPステータスコードを入力してください',
+        blockedRef: '非標準のリファラーを許可',
+        accessControl: '反リーチ制御',
+        leechcacheControl: 'キャッシュ制御',
+        leechlogControl: 'ログ制御',
+        logEnableControl: '静的アセットのリクエストを記録',
+        leechSpecialValidHelper:
+            '「空のリファラーを許可」を有効にすると、リファラーのないリクエスト（直接アクセス等）はブロックされません。「非標準のリファラーを許可」を有効にすると、http/httpsで始まらないリファラー（クライアントからのリクエスト等）をすべて許可します。',
+        leechInvalidReturnHelper: 'ブロック後に返すHTTPステータスコード',
+        leechlogControlHelper:
+            '静的アセットのリクエストを記録します。運用環境では過剰で無意味なログを避けるため、通常は無効にします',
         selectAcme: 'ACMEアカウントを選択します',
         imported: '手動で作成されます',
         importType: 'インポートタイプ',

frontend/src/lang/modules/ko.ts

@@ -2288,6 +2288,16 @@ const message = {
         disableLeech: '링크 차단 비활성화',
         ipv6: 'IPv6 수신 대기',
         leechReturnError: 'HTTP 상태 코드를 입력하세요',
+        blockedRef: '비표준 참조 허용',
+        accessControl: '링크 차단 제어',
+        leechcacheControl: '캐시 제어',
+        leechlogControl: '로그 제어',
+        logEnableControl: '정적 리소스 요청 로그 기록',
+        leechSpecialValidHelper:
+            "'빈 참조 허용'을 활성화하면 리퍼러가 없는 요청(직접 접근 등)은 차단되지 않습니다. '비표준 참조 허용'을 활성화하면 http/https로 시작하지 않는 모든 리퍼러 요청(클라이언트 요청 등)을 허용합니다.",
+        leechInvalidReturnHelper: '차단된 요청에 대해 반환할 HTTP 상태 코드',
+        leechlogControlHelper:
+            '정적 리소스 요청을 기록합니다. 운영 환경에서는 과도하고 불필요한 로그를 피하기 위해 보통 비활성화합니다',
         selectAcme: 'Acme 계정 선택',
         imported: '수동으로 생성됨',
         importType: '가져오기 유형',

frontend/src/lang/modules/ms.ts

@@ -2383,6 +2383,16 @@ const message = {
         disableLeech: 'Matikan anti-leech',
         ipv6: 'Dengar IPv6',
         leechReturnError: 'Sila isikan kod status HTTP',
+        blockedRef: 'Benarkan referrer tidak standard',
+        accessControl: 'Kawalan anti-leech',
+        leechcacheControl: 'Kawalan cache',
+        leechlogControl: 'Kawalan log',
+        logEnableControl: 'Log permintaan aset statik',
+        leechSpecialValidHelper:
+            "Apabila 'Benarkan referrer kosong' didayakan, permintaan tanpa referrer (akses terus dan sebagainya) tidak akan disekat; mendayakan 'Benarkan referrer tidak standard' akan membenarkan mana-mana referrer yang tidak bermula dengan http/https (permintaan klien dan sebagainya).",
+        leechInvalidReturnHelper: 'Kod status HTTP yang dipulangkan selepas menyekat permintaan hotlink',
+        leechlogControlHelper:
+            'Merekod permintaan aset statik; biasanya dimatikan dalam produksi untuk mengelakkan log berlebihan yang tidak perlu',
         selectAcme: 'Pilih akaun Acme',
         imported: 'Dibuat secara manual',
         importType: 'Jenis import',

frontend/src/lang/modules/pt-br.ts

@@ -2381,6 +2381,16 @@ const message = {
         disableLeech: 'Desabilitar anti-leech',
         ipv6: 'Ouvir IPv6',
         leechReturnError: 'Por favor, preencha o código de status HTTP',
+        blockedRef: 'Permitir Referer não padrão',
+        accessControl: 'Controle anti-leech',
+        leechcacheControl: 'Controle de cache',
+        leechlogControl: 'Controle de log',
+        logEnableControl: 'Registrar solicitações de ativos estáticos',
+        leechSpecialValidHelper:
+            "Quando 'Permitir Referer vazio' estiver ativado, as solicitações sem Referer (acesso direto etc.) não serão bloqueadas; ao ativar 'Permitir Referer não padrão', qualquer Referer que não comece com http/https será permitido (solicitações de cliente etc.).",
+        leechInvalidReturnHelper: 'Código de status HTTP retornado após bloquear solicitações de hotlink',
+        leechlogControlHelper:
+            'Registra solicitações de ativos estáticos; geralmente desativado em produção para evitar logs excessivos e ruidosos',
         selectAcme: 'Selecionar conta Acme',
         imported: 'Criado manualmente',
         importType: 'Tipo de importação',

frontend/src/lang/modules/ru.ts

@@ -2379,6 +2379,16 @@ const message = {
         disableLeech: 'Отключить анти-лич',
         ipv6: 'Прослушивать IPv6',
         leechReturnError: 'Пожалуйста, заполните HTTP код статуса',
+        blockedRef: 'Разрешить нестандартный Referer',
+        accessControl: 'Управление анти-личем',
+        leechcacheControl: 'Управление кэшем',
+        leechlogControl: 'Управление журналом',
+        logEnableControl: 'Логировать запросы статических ресурсов',
+        leechSpecialValidHelper:
+            'При включённой опции «Разрешить пустой referrer» запросы без Referer (прямой доступ и т. п.) не блокируются; включение «Разрешить нестандартный Referer» пропускает любой Referer, не начинающийся с http/https (клиентские запросы и т. п.).',
+        leechInvalidReturnHelper: 'HTTP‑код статуса, возвращаемый после блокировки хотлинкинга',
+        leechlogControlHelper:
+            'Записывает запросы к статическим ресурсам; в продакшене обычно отключают, чтобы избежать избыточных и шумных логов',
         selectAcme: 'Выберите Acme аккаунт',
         imported: 'Создан вручную',
         importType: 'Тип импорта',

frontend/src/lang/modules/tr.ts

@@ -2443,6 +2443,16 @@ const message = {
         disableLeech: 'Sömürü karşıtını devre dışı bırak',
         ipv6: 'IPv6’yı dinle',
         leechReturnError: 'Lütfen HTTP durum kodunu doldurun',
+        blockedRef: 'Standart olmayan Referer’e izin ver',
+        accessControl: 'Sömürü karşıtı kontrol',
+        leechcacheControl: 'Önbellek kontrolü',
+        leechlogControl: 'Günlük kontrolü',
+        logEnableControl: 'Statik varlık isteklerini günlüğe al',
+        leechSpecialValidHelper:
+            "'Boş yönlendirme izni ver' etkinse yönlendiricisi olmayan istekler (doğrudan erişim vb.) engellenmez; 'Standart olmayan Referer’e izin ver' etkinse http/https ile başlamayan tüm Referer isteklerine (istemci istekleri vb.) izin verilir.",
+        leechInvalidReturnHelper: 'Hotlink isteklerini engelledikten sonra döndürülecek HTTP durum kodu',
+        leechlogControlHelper:
+            'Statik varlık isteklerini kaydeder; üretimde genellikle aşırı ve gereksiz günlüklerden kaçınmak için kapatılır',
         selectAcme: 'Acme hesabını seç',
         imported: 'Manuel olarak oluşturuldu',
         importType: 'İçe aktarma türü',

frontend/src/lang/modules/zh-Hant.ts

@@ -2254,6 +2254,15 @@ const message = {
         disableLeech: '禁用防盜鏈',
         ipv6: '監聽 IPV6',
         leechReturnError: '請填寫 HTTP 狀態碼',
+        blockedRef: '允許非標準 Referer',
+        accessControl: '防盜鏈控制',
+        leechcacheControl: '快取控制',
+        leechlogControl: '日誌控制',
+        logEnableControl: '記錄靜態資源請求日誌',
+        leechSpecialValidHelper:
+            '啟用「允許 Referer 為空」時，不會阻止無 Referer 的請求（直接訪問等）；啟用「允許非標準 Referer」時，會放行任何不以 http/https 開頭的 Referer 請求（客戶端請求等）',
+        leechInvalidReturnHelper: '攔截盜鏈請求後返回的 HTTP 狀態碼',
+        leechlogControlHelper: '記錄靜態資源的請求，生產環境通常可關閉以避免過多無意義的日誌',
         selectAcme: '選擇 Acme 賬號',
         imported: '手動創建',
         importType: '導入方式',

frontend/src/lang/modules/zh.ts

@@ -2238,12 +2238,21 @@ const message = {
         leechLog: '记录防盗链日志',
         accessDomain: '允许的域名',
         leechReturn: '响应资源',
-        noneRef: '允许来源为空',
+        noneRef: '允许 Referer 为空',
         disable: '未启用',
         disableLeechHelper: '是否禁用防盗链',
         disableLeech: '禁用防盗链',
         ipv6: '监听 IPV6',
         leechReturnError: '请填写 HTTP 状态码',
+        blockedRef: '允许非标准 Referer',
+        accessControl: '防盗链控制',
+        leechcacheControl: '缓存控制',
+        leechlogControl: '日志控制',
+        logEnableControl: '记录静态资源请求日志',
+        leechSpecialValidHelper:
+            '允许 Referer 为空启用时，不会阻止无 Referer 的请求（直接访问等），启用非标准 Referer 时会放行任何不以 http/https 开头的 Referer 请求（客户端请求等）',
+        leechInvalidReturnHelper: '拦截盗链请求后，返回的 HTTP 状态码',
+        leechlogControlHelper: '记录静态资源的请求，生产环境通常可以关闭避免过多无意义的日志',
         selectAcme: '选择 acme 账号',
         imported: '手动创建',
         importType: '导入方式',