ProjectHentai/alist
6
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: check password while upload (close #2444)

Browse Source
This commit is contained in:
Noah Hsu
2022-11-22 16:14:01 +08:00
parent c09800790b
commit 85e1350af8
6 changed files with 81 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/handles/fsread.go
View File

@ -66,11 +66,11 @@ func FsList(c *gin.Context) {
}
}
c.Set("meta", meta)
if !canAccess(user, meta, req.Path, req.Password) {
if !common.CanAccess(user, meta, req.Path, req.Password) {
common.ErrorStrResp(c, "password is incorrect", 403)
return
}
if !user.CanWrite() && !canWrite(meta, req.Path) && req.Refresh {
if !user.CanWrite() && !common.CanWrite(meta, req.Path) && req.Refresh {
common.ErrorStrResp(c, "Refresh without permission", 403)
return
}
@ -89,7 +89,7 @@ func FsList(c *gin.Context) {
Content: toObjResp(objs, req.Path, isEncrypt(meta, req.Path)),
Total: int64(total),
Readme: getReadme(meta, req.Path),
Write: user.CanWrite() || canWrite(meta, req.Path),
Write: user.CanWrite() || common.CanWrite(meta, req.Path),
Provider: provider,
})
}
@ -117,7 +117,7 @@ func FsDirs(c *gin.Context) {
}
}
c.Set("meta", meta)
if !canAccess(user, meta, req.Path, req.Password) {
if !common.CanAccess(user, meta, req.Path, req.Password) {
common.ErrorStrResp(c, "password is incorrect", 403)
return
}
@ -155,23 +155,6 @@ func getReadme(meta *model.Meta, path string) string {
return ""
}
func canAccess(user *model.User, meta *model.Meta, path string, password string) bool {
// if is not guest, can access
if user.CanAccessWithoutPassword() {
return true
}
// if meta is nil or password is empty, can access
if meta == nil || meta.Password == "" {
return true
}
// if meta doesn't apply to sub_folder, can access
if !utils.PathEqual(meta.Path, path) && !meta.PSub {
return true
}
// validate password
return meta.Password == password
}
func isEncrypt(meta *model.Meta, path string) bool {
if meta == nil || meta.Password == "" {
return false
@ -249,7 +232,7 @@ func FsGet(c *gin.Context) {
}
}
c.Set("meta", meta)
if !canAccess(user, meta, req.Path, req.Password) {
if !common.CanAccess(user, meta, req.Path, req.Password) {
common.ErrorStrResp(c, "password is incorrect", 403)
return
}
@ -355,7 +338,7 @@ func FsOther(c *gin.Context) {
}
}
c.Set("meta", meta)
if !canAccess(user, meta, req.Path, req.Password) {
if !common.CanAccess(user, meta, req.Path, req.Password) {
common.ErrorStrResp(c, "password is incorrect", 403)
return
}