ProjectHentai/alist
6
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 not allowed delete root folder

Browse Source
This commit is contained in:
微凉
2022-01-13 21:23:27 +08:00
parent 65a01251e9
commit b472c2ee18
9 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/controllers/account.go
View File

@ -28,7 +28,7 @@ func CreateAccount(c *gin.Context) {
}
driver, ok := base.GetDriver(req.Type)
if !ok {
common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400)
common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
return
}
now := time.Now()
@ -54,7 +54,7 @@ func SaveAccount(c *gin.Context) {
}
driver, ok := base.GetDriver(req.Type)
if !ok {
common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400)
common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
return
}
old, err := model.GetAccountById(req.ID)

7
server/controllers/file/delete.go
View File

@ -1,7 +1,6 @@
package file
import (
"errors"
"github.com/Xhofe/alist/drivers/base"
"github.com/Xhofe/alist/drivers/operate"
"github.com/Xhofe/alist/server/common"
@ -21,7 +20,7 @@ func DeleteFiles(c *gin.Context) {
return
}
if len(req.Names) == 0 {
common.ErrorResp(c, errors.New("empty file names"), 400)
common.ErrorStrResp(c, "Empty file names", 400)
return
}
for i, name := range req.Names {
@ -30,6 +29,10 @@ func DeleteFiles(c *gin.Context) {
common.ErrorResp(c, err, 500)
return
}
if path_ == "/" {
common.ErrorStrResp(c, "Delete root folder is not allowed", 400)
return
}
clearCache := false
if i == len(req.Names)-1 {
clearCache = true

5
server/controllers/file/upload.go
View File

@ -1,7 +1,6 @@
package file
import (
"errors"
"github.com/Xhofe/alist/conf"
"github.com/Xhofe/alist/drivers/base"
"github.com/Xhofe/alist/drivers/operate"
@ -19,11 +18,11 @@ func UploadFiles(c *gin.Context) {
password := c.PostForm("password")
meta, _ := model.GetMetaByPath(path)
if meta == nil || !meta.Upload {
common.ErrorResp(c, errors.New("not allow upload"), 403)
common.ErrorStrResp(c, "Not allow upload", 403)
return
}
if meta.Password != "" && meta.Password != password {
common.ErrorResp(c, errors.New("wrong password"), 403)
common.ErrorStrResp(c, "Wrong password", 403)
return
}
}

2
server/controllers/proxy.go
View File

@ -36,7 +36,7 @@ func Proxy(c *gin.Context) {
_, ok = c.Get("sign")
}
if !ok {
common.ErrorResp(c, fmt.Errorf("[%s] not allowed proxy", account.Name), 403)
common.ErrorStrResp(c, fmt.Sprintf("[%s] not allowed proxy", account.Name), 403)
return
}
}