feat: token and reset

server/controllers/setting.go

@@ -1,13 +1,35 @@
 package controllers
 
 import (
+	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/alist-org/alist/v3/internal/db"
 	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/pkg/utils/random"
 	"github.com/alist-org/alist/v3/server/common"
 	"github.com/gin-gonic/gin"
 	"strconv"
 )
 
+func ResetToken(c *gin.Context) {
+	token := random.Token()
+	item := model.SettingItem{Key: "token", Value: token, Type: conf.TypeString, Group: model.SINGLE, Flag: model.PRIVATE}
+	if err := db.SaveSettingItem(item); err != nil {
+		common.ErrorResp(c, err, 500)
+		return
+	}
+	common.SuccessResp(c, token)
+}
+
+func GetSetting(c *gin.Context) {
+	key := c.Query("key")
+	item, err := db.GetSettingItemByKey(key)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	common.SuccessResp(c, item)
+}
+
 func SaveSettings(c *gin.Context) {
 	var req []model.SettingItem
 	if err := c.ShouldBind(&req); err != nil {

server/middlewares/auth.go

@@ -3,6 +3,7 @@ package middlewares
 import (
 	"github.com/alist-org/alist/v3/internal/db"
 	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/internal/setting"
 	common2 "github.com/alist-org/alist/v3/server/common"
 	"github.com/gin-gonic/gin"
 )
@@ -11,6 +12,17 @@ import (
 // if token is empty, set user to guest
 func Auth(c *gin.Context) {
 	token := c.GetHeader("Authorization")
+	if token == setting.GetByKey("token") {
+		admin, err := db.GetAdmin()
+		if err != nil {
+			common2.ErrorResp(c, err, 500)
+			c.Abort()
+			return
+		}
+		c.Set("user", admin)
+		c.Next()
+		return
+	}
 	if token == "" {
 		guest, err := db.GetGuest()
 		if err != nil {

server/router.go

@@ -43,13 +43,15 @@ func Init(r *gin.Engine) {
 	driver.GET("/items", controllers.GetDriverItems)
 
 	setting := admin.Group("/setting")
+	setting.GET("/get", controllers.GetSetting)
 	setting.GET("/list", controllers.ListSettings)
 	setting.POST("/save", controllers.SaveSettings)
 	setting.POST("/delete", controllers.DeleteSetting)
+	setting.POST("/reset_token", controllers.ResetToken)
 
 	public := api.Group("/public")
 	public.GET("/settings", controllers.PublicSettings)
-	public.GET("/list", controllers.FsList)
+	public.Any("/list", controllers.FsList)
 	public.GET("/get", controllers.FsGet)
 }