Feature: Pixiv反代服务器可以设置跳过证书验证/The Pixiv reverse server can be set to skip certificate validation

[tiehu]

Sources

Pixiv, Lolicon

Describe the problem related to the feature request

对于能够访问Pixiv的网络环境而言，相较于几个不太稳定的Pixiv公共反代服务器，自己在本地搭建一个反代服务器是更加可靠的方案。由于这些反代服务器仅供本地主机使用，所以通常会直接用自签证书，这会导致[W] session Error: unable to get local issuer certificate错误。

Describe the solution you'd like

希望增加一个选项，允许Pixiv反代跳过证书验证，以便于和本地的反代服务器搭配使用。

Describe alternatives you've considered

实际上，对用户而言，简单地将NODE_TLS_REJECT_UNAUTHORIZED环境变量设置为0也可以跳过证书验证，但这会对所有站点生效，并不是很合适。

Additional context

No response

[MaikoTan]

Suppose you could access Pixiv directly without a reverse proxy server, instead of hosting a reverse proxy server locally, fetching the images by the plugin itself might be a better solution. Since the verification of Pixiv is checking the Referrer header only, which could be achieved by adding a route on the Koishi instance or caching the image to a temp server. Especially there are many users who already had their temp server configured.

假设您可以在没有反向代理服务器的情况下直接访问 Pixiv，而不是在本地托管反向代理服务器，通过插件本身获取图像可能是更好的解决方案。由于 Pixiv 的验证仅检查 Referrer 标头，这可以通过在Koishi实例上添加路由或将图像缓存到临时服务器来实现。特别是有许多用户已经配置了临时服务器。

[tiehu]

Suppose you could access Pixiv directly without a reverse proxy server, instead of hosting a reverse proxy server locally, fetching the images by the plugin itself might be a better solution. Since the verification of Pixiv is checking the Referrer header only, which could be achieved by adding a route on the Koishi instance or caching the image to a temp server. Especially there are many users who already had their temp server configured.

假设您可以在没有反向代理服务器的情况下直接访问 Pixiv，而不是在本地托管反向代理服务器，通过插件本身获取图像可能是更好的解决方案。由于 Pixiv 的验证仅检查 Referrer 标头，这可以通过在Koishi实例上添加路由或将图像缓存到临时服务器来实现。特别是有许多用户已经配置了临时服务器。

Can this be done from the user side without updating the plugin? Could you please tell me the specific steps?

[MaikoTan]

Can this be done from the user side without updating the plugin? Could you please tell me the specific steps?

Unfortunately no. But I have opened a new PR that adds multiple bypass methods in #150 , see if this resolves your issue.

Preview:

[tiehu]

Can this be done from the user side without updating the plugin? Could you please tell me the specific steps?

Unfortunately no. But I have opened a new PR that adds multiple bypass methods in #150 , see if this resolves your issue.

Preview:

Thank you! It looks good, but I still have a few questions:

1. Does this require Koishi to run on the public network (and have a domain)?

2. If Koishi is running on the public network, can anyone access the reverse proxy service? (I don't want this to be another public Pixiv reverse proxy service, ideally only listening for requests from local sources)

[MaikoTan]

1. Does this require Koishi to run on the public network (and have a domain)?

Yes if you're using the second method (使用插件反代).

2. If Koishi is running on the public network, can anyone access the reverse proxy service? (I don't want this to be another public Pixiv reverse proxy service, ideally only listening for requests from local sources)

I have not investigated here, so I am not sure if it would be publicly accessible when you're using the second method. But the method 1 or 3 would be always safe!

EDIT: I have found a solution to restrict the access with images url that the plugin sent, I would implement it tonight or tomorrow.

[MaikoTan]

See here if you're concerning the security issue:

https://booru.koishi.chat/zh-CN/plugins/pixiv.html#%E7%AA%81%E7%A0%B4-pixiv-%E6%A3%80%E6%B5%8B

[tiehu]

See here if you're concerning the security issue:

https://booru.koishi.chat/zh-CN/plugins/pixiv.html#%E7%AA%81%E7%A0%B4-pixiv-%E6%A3%80%E6%B5%8B

Excellent! Thank you very much.

[tiehu]

By the way, I think the lolicon image source also needs the same configuration item, can you add it?

[MaikoTan]

By the way, I think the lolicon image source also needs the same configuration item, can you add it?

I would refactor the plugin as soon as possible, and these configurations would be shared with lolicon as well. As for now, to prevent code duplication, unfortunately I would not change it until the refactoring.