From 858291876ba424ad82153ca1b081e345b5356b81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BE=AE=E5=87=89?=
 <36558727+Xhofe@users.noreply.github.com>
Date: Mon, 11 Jan 2021 16:53:48 +0800
Subject: [PATCH] =?UTF-8?q?:accept:=20=20origin=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bootstrap/config.go          |  2 +-
 bootstrap/update.go          |  7 +++++--
 conf/config.go               |  3 +--
 server/controllers/common.go |  4 ++--
 server/controllers/get.go    | 12 ++++++------
 server/controllers/list.go   | 14 +++++++-------
 server/controllers/search.go | 10 +++++-----
 server/controllers/utils.go  |  8 ++++----
 server/middlewares.go        | 25 +++++++++++--------------
 utils/check.go               | 28 ++++++++++++++++++++++++++++
 10 files changed, 70 insertions(+), 43 deletions(-)

diff --git a/bootstrap/config.go b/bootstrap/config.go
index ffe8c74c..355afbe6 100644
--- a/bootstrap/config.go
+++ b/bootstrap/config.go
@@ -26,6 +26,6 @@ func ReadConf(config string) bool {
 		return false
 	}
 	log.Debugf("config:%+v",conf.Conf)
-	conf.Origins = strings.Split(conf.Conf.Info.SiteUrl,",")
+	conf.Origins = strings.Split(conf.Conf.Server.SiteUrl,",")
 	return true
 }
\ No newline at end of file
diff --git a/bootstrap/update.go b/bootstrap/update.go
index e4832ddb..c688f0c2 100644
--- a/bootstrap/update.go
+++ b/bootstrap/update.go
@@ -3,6 +3,7 @@ package bootstrap
 import (
 	"encoding/json"
 	"github.com/Xhofe/alist/conf"
+	"github.com/Xhofe/alist/utils"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net/http"
@@ -32,8 +33,10 @@ func CheckUpdate() {
 		log.Warnf("解析更新失败:%s",err.Error())
 		return
 	}
-	if conf.VERSION == release.TagName {
-		log.Infof("当前已是最新版本:%s",release.TagName)
+	lasted:=release.TagName[1:]
+	now:=conf.VERSION[1:]
+	if utils.VersionCompare(lasted,now) != 1 {
+		log.Infof("当前已是最新版本:%s",conf.VERSION)
 	}else {
 		log.Infof("发现新版本:%s",release.TagName)
 		log.Infof("请至'%s'获取更新.",release.HtmlUrl)
diff --git a/conf/config.go b/conf/config.go
index 07db715f..e7feb462 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -3,8 +3,6 @@ package conf
 type Config struct {
 	Info struct{
 		Title			string		`yaml:"title" json:"title"`
-		SiteUrl 		string 		`yaml:"site_url" json:"site_url"`//网站url
-		BackendUrl		string		`yaml:"backend_url" json:"backend_url"`//后端地址
 		Logo			string		`yaml:"logo" json:"logo"`
 		FooterText		string		`yaml:"footer_text" json:"footer_text"`
 		FooterUrl		string		`yaml:"footer_url" json:"footer_url"`
@@ -24,6 +22,7 @@ type Config struct {
 		Port 			string 		`yaml:"port"`//端口
 		Search			bool		`yaml:"search" json:"search"`//允许搜索
 		Static			string		`yaml:"static"`
+		SiteUrl 		string 		`yaml:"site_url" json:"site_url"`//网站url
 	}	`yaml:"server"`
 	Cache struct{
 		Enable			bool		`yaml:"enable"`
diff --git a/server/controllers/common.go b/server/controllers/common.go
index 533a6d5a..37eac38a 100644
--- a/server/controllers/common.go
+++ b/server/controllers/common.go
@@ -2,7 +2,7 @@ package controllers
 
 import "github.com/gin-gonic/gin"
 
-func metaResponse(code int, msg string) gin.H {
+func MetaResponse(code int, msg string) gin.H {
 	return gin.H{
 		"meta":gin.H{
 			"code":code,
@@ -11,7 +11,7 @@ func metaResponse(code int, msg string) gin.H {
 	}
 }
 
-func dataResponse(data interface{}) gin.H {
+func DataResponse(data interface{}) gin.H {
 	return gin.H{
 		"meta":gin.H{
 			"code":200,
diff --git a/server/controllers/get.go b/server/controllers/get.go
index adcb66a0..d9744794 100644
--- a/server/controllers/get.go
+++ b/server/controllers/get.go
@@ -12,7 +12,7 @@ import (
 func Get(c *gin.Context) {
 	var get alidrive.GetReq
 	if err := c.ShouldBindJSON(&get); err != nil {
-		c.JSON(200,metaResponse(400,"Bad Request"))
+		c.JSON(200, MetaResponse(400,"Bad Request"))
 		return
 	}
 	log.Debugf("get:%+v",get)
@@ -22,25 +22,25 @@ func Get(c *gin.Context) {
 	//	file,exist:=conf.Cache.Get(cacheKey)
 	//	if exist {
 	//		log.Debugf("使用了缓存:%s",cacheKey)
-	//		c.JSON(200,dataResponse(file))
+	//		c.JSON(200,DataResponse(file))
 	//		return
 	//	}
 	//}
 	file,err:=alidrive.GetFile(get.FileId)
 	if err !=nil {
-		c.JSON(200,metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	paths,err:=alidrive.GetPaths(get.FileId)
 	if err!=nil {
-		c.JSON(200,metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	file.Paths=*paths
 	//if conf.Conf.Cache.Enable {
 	//	conf.Cache.Set(cacheKey,file,cache.DefaultExpiration)
 	//}
-	c.JSON(200,dataResponse(file))
+	c.JSON(200, DataResponse(file))
 }
 
 func Down(c *gin.Context) {
@@ -58,7 +58,7 @@ func Down(c *gin.Context) {
 	//}
 	file,err:=alidrive.GetFile(fileId)
 	if err != nil {
-		c.JSON(200, metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	//if conf.Conf.Cache.Enable {
diff --git a/server/controllers/list.go b/server/controllers/list.go
index 4e5b4448..2099841c 100644
--- a/server/controllers/list.go
+++ b/server/controllers/list.go
@@ -17,7 +17,7 @@ type ListReq struct {
 func List(c *gin.Context) {
 	var list ListReq
 	if err := c.ShouldBindJSON(&list);err!=nil {
-		c.JSON(200, metaResponse(400,"Bad Request"))
+		c.JSON(200, MetaResponse(400,"Bad Request"))
 		return
 	}
 	log.Debugf("list:%+v",list)
@@ -27,7 +27,7 @@ func List(c *gin.Context) {
 		files,exist:=conf.Cache.Get(cacheKey)
 		if exist {
 			log.Debugf("使用了缓存:%s",cacheKey)
-			c.JSON(200, dataResponse(files))
+			c.JSON(200, DataResponse(files))
 			return
 		}
 	}
@@ -47,21 +47,21 @@ func List(c *gin.Context) {
 		files,err=alidrive.GetList(list.ParentFileId,list.Limit,list.Marker,list.OrderBy,list.OrderDirection)
 	}
 	if err!=nil {
-		c.JSON(200, metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	password:=alidrive.HasPassword(files)
 	if password!="" && password!=list.Password {
 		if list.Password=="" {
-			c.JSON(200, metaResponse(401,"need password."))
+			c.JSON(200, MetaResponse(401,"need password."))
 			return
 		}
-		c.JSON(200, metaResponse(401,"wrong password."))
+		c.JSON(200, MetaResponse(401,"wrong password."))
 		return
 	}
 	paths,err:=alidrive.GetPaths(list.ParentFileId)
 	if err!=nil {
-		c.JSON(200, metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	files.Paths=*paths
@@ -69,5 +69,5 @@ func List(c *gin.Context) {
 	if conf.Conf.Cache.Enable {
 		conf.Cache.Set(cacheKey,files,cache.DefaultExpiration)
 	}
-	c.JSON(200, dataResponse(files))
+	c.JSON(200, DataResponse(files))
 }
\ No newline at end of file
diff --git a/server/controllers/search.go b/server/controllers/search.go
index dcb5e7e9..f343a1b8 100644
--- a/server/controllers/search.go
+++ b/server/controllers/search.go
@@ -11,12 +11,12 @@ import (
 
 func Search(c *gin.Context) {
 	if !conf.Conf.Server.Search {
-		c.JSON(200, metaResponse(403,"Not allow search."))
+		c.JSON(200, MetaResponse(403,"Not allow search."))
 		return
 	}
 	var search alidrive.SearchReq
 	if err := c.ShouldBindJSON(&search); err != nil {
-		c.JSON(200, metaResponse(400,"Bad Request"))
+		c.JSON(200, MetaResponse(400,"Bad Request"))
 		return
 	}
 	log.Debugf("search:%+v",search)
@@ -26,7 +26,7 @@ func Search(c *gin.Context) {
 		files,exist:=conf.Cache.Get(cacheKey)
 		if exist {
 			log.Debugf("使用了缓存:%s",cacheKey)
-			c.JSON(200, dataResponse(files))
+			c.JSON(200, DataResponse(files))
 			return
 		}
 	}
@@ -39,11 +39,11 @@ func Search(c *gin.Context) {
 	//}
 	files,err:=alidrive.Search(search.Query,search.Limit,search.OrderBy)
 	if err != nil {
-		c.JSON(200, metaResponse(500,err.Error()))
+		c.JSON(200, MetaResponse(500,err.Error()))
 		return
 	}
 	if conf.Conf.Cache.Enable {
 		conf.Cache.Set(cacheKey,files,cache.DefaultExpiration)
 	}
-	c.JSON(200, dataResponse(files))
+	c.JSON(200, DataResponse(files))
 }
\ No newline at end of file
diff --git a/server/controllers/utils.go b/server/controllers/utils.go
index 971a96aa..78246b1c 100644
--- a/server/controllers/utils.go
+++ b/server/controllers/utils.go
@@ -6,7 +6,7 @@ import (
 )
 
 func Info(c *gin.Context) {
-	c.JSON(200, dataResponse(conf.Conf.Info))
+	c.JSON(200, DataResponse(conf.Conf.Info))
 }
 
 func RefreshCache(c *gin.Context) {
@@ -14,12 +14,12 @@ func RefreshCache(c *gin.Context) {
 	if conf.Conf.Cache.Enable {
 		if password == conf.Conf.Cache.RefreshPassword {
 			conf.Cache.Flush()
-			c.JSON(200,metaResponse(200,"flush success."))
+			c.JSON(200, MetaResponse(200,"flush success."))
 			return
 		}
-		c.JSON(200,metaResponse(401,"wrong password."))
+		c.JSON(200, MetaResponse(401,"wrong password."))
 		return
 	}
-	c.JSON(200,metaResponse(400,"disabled cache."))
+	c.JSON(200, MetaResponse(400,"disabled cache."))
 	return
 }
\ No newline at end of file
diff --git a/server/middlewares.go b/server/middlewares.go
index da25323b..e408a6b6 100644
--- a/server/middlewares.go
+++ b/server/middlewares.go
@@ -2,31 +2,28 @@ package server
 
 import (
 	"github.com/Xhofe/alist/conf"
+	"github.com/Xhofe/alist/server/controllers"
 	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
-	"net/http"
 )
 
 func CrosHandler() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		method := context.Request.Method
 		// 设置跨域
-		if conf.Conf.Info.SiteUrl=="*"||utils.ContainsString(conf.Origins,context.GetHeader("Origin"))!=-1 {
-			context.Header("Access-Control-Allow-Origin",context.GetHeader("Origin"))
-		}else {
-			context.Header("Access-Control-Allow-Origin", conf.Conf.Info.SiteUrl)//跨域访问
-		}
+		context.Header("Access-Control-Allow-Origin",context.GetHeader("Origin"))
 		context.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE,UPDATE")
-		context.Header("Access-Control-Allow-Headers", "Content-Length,session,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, Keep-Alive, User-Agent, Cache-Control, Content-Type, Pragma")
-		context.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar")
+		context.Header("Access-Control-Allow-Headers", "Content-Length,session,Accept, Origin, Host, Connection, Accept-Encoding, Accept-Language, Keep-Alive, User-Agent, Cache-Control, Content-Type")
+		context.Header("Access-Control-Expose-Headers", "Content-Length,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified")
 		context.Header("Access-Control-Max-Age", "172800")
-		context.Header("Access-Control-Allow-Credentials", "true")
-		//context.Set("content-type", "application/json")  //设置返回格式是json
-
-		if method == "OPTIONS" {
-			context.JSON(http.StatusOK, gin.H{})
+		// 信任域名
+		if conf.Conf.Server.SiteUrl!="*"&&utils.ContainsString(conf.Origins,context.GetHeader("Origin"))==-1 {
+			context.JSON(200,controllers.MetaResponse(413,"The origin is not in the site_url list, please configure it correctly."))
+			context.Abort()
+		}
+		if method == "OPTIONS" {
+			context.AbortWithStatus(204)
 		}
-
 		//处理请求
 		context.Next()
 	}
diff --git a/utils/check.go b/utils/check.go
index 5dcc2800..f676501e 100644
--- a/utils/check.go
+++ b/utils/check.go
@@ -3,6 +3,8 @@ package utils
 import (
 	log "github.com/sirupsen/logrus"
 	"net/url"
+	"strconv"
+	"strings"
 )
 
 func GetCode(rawUrl string) string {
@@ -24,4 +26,30 @@ func ContainsString(array []string, val string) (index int) {
 		}
 	}
 	return
+}
+
+func VersionCompare(version1, version2 string) int {
+	a := strings.Split(version1, ".")
+	b := strings.Split(version2, ".")
+	flag := 1
+	if len(a) > len(b) {
+		a, b = b, a
+		flag = -1
+	}
+	for i := range a {
+		x, _ := strconv.Atoi(a[i])
+		y, _ := strconv.Atoi(b[i])
+		if x < y {
+			return -1 * flag
+		} else if x > y {
+			return 1 * flag
+		}
+	}
+	for _, v:= range b[len(a):] {
+		y, _ := strconv.Atoi(v)
+		if y > 0 {
+			return -1 * flag
+		}
+	}
+	return 0
 }
\ No newline at end of file