ci: delete file after decompression

fix: no space left on device

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -21,7 +21,7 @@ body:
     attributes:
       label: Alist Version / Alist 版本
       description: What version of our software are you running?
-      placeholder: v2.0.0
+      placeholder: v3.xx.xx
     validations:
       required: true
   - type: input

.github/workflows/issue_question.yml

@@ -10,7 +10,7 @@ jobs:
     if: github.event.label.name == 'question'
     steps:
       - name: Create comment
-        uses: actions-cool/issues-helper@v3.4.0
+        uses: actions-cool/issues-helper@v3.5.1
         with:
           actions: 'create-comment'
           token: ${{ secrets.GITHUB_TOKEN }}

CONTRIBUTING.md

@@ -7,7 +7,7 @@
 Prerequisites:
 
 - [git](https://git-scm.com)
-- [Go 1.19+](https://golang.org/doc/install)
+- [Go 1.20+](https://golang.org/doc/install)
 - [gcc](https://gcc.gnu.org/)
 - [nodejs](https://nodejs.org/)
 

README.md

@@ -39,7 +39,7 @@
 
 ---
 
-English | [中文](./README_cn.md) | [Contributing](./CONTRIBUTING.md) | [CODE_OF_CONDUCT](./CODE_OF_CONDUCT.md)
+English | [中文](./README_cn.md)| [日本語](./README_ja.md) | [Contributing](./CONTRIBUTING.md) | [CODE_OF_CONDUCT](./CODE_OF_CONDUCT.md)
 
 ## Features
 
@@ -112,8 +112,7 @@ https://alist.nn.ci/guide/sponsor.html
 ### Special sponsors
 
 - [亚洲云 - 高防服务器|服务器租用|福州高防|广东电信|香港服务器|美国服务器|海外服务器 - 国内靠谱的企业级云计算服务提供商](https://www.asiayun.com/aff/QQCOOQKZ) (sponsored Chinese API server)
-- [找资源 - 阿里云盘资源搜索引擎](https://zhaoziyuan.la/)
-- [KinhDown 百度云盘不限速下载！永久免费！已稳定运行3年！非常可靠！Q群 -> 786799372](https://kinhdown.com)
+- [找资源 - 阿里云盘资源搜索引擎](https://zhaoziyuan.pw/)
 - [JetBrains: Essential tools for software developers and teams](https://www.jetbrains.com/)
 
 ## Contributors

README_cn.md

@@ -39,7 +39,7 @@
 
 ---
 
-[English](./README.md) | 中文 | [Contributing](./CONTRIBUTING.md) | [CODE_OF_CONDUCT](./CODE_OF_CONDUCT.md)
+[English](./README.md) | 中文 | [日本語](./README_ja.md) | [Contributing](./CONTRIBUTING.md) | [CODE_OF_CONDUCT](./CODE_OF_CONDUCT.md)
 
 ## 功能
 
@@ -110,8 +110,7 @@ AList 是一个开源软件，如果你碰巧喜欢这个项目，并希望我
 ### 特别赞助
 
 - [亚洲云 - 高防服务器|服务器租用|福州高防|广东电信|香港服务器|美国服务器|海外服务器 - 国内靠谱的企业级云计算服务提供商](https://www.asiayun.com/aff/QQCOOQKZ) (国内API服务器赞助)
-- [找资源 - 阿里云盘资源搜索引擎](https://zhaoziyuan.la/)
-- [KinhDown 百度云盘不限速下载！永久免费！已稳定运行3年！非常可靠！Q群 -> 786799372](https://kinhdown.com)
+- [找资源 - 阿里云盘资源搜索引擎](https://zhaoziyuan.pw/)
 - [JetBrains: Essential tools for software developers and teams](https://www.jetbrains.com/)
 
 ## 贡献者

README_ja.md

@@ -0,0 +1,137 @@
+<div align="center">
+  <a href="https://alist.nn.ci"><img height="100px" alt="logo" src="https://cdn.jsdelivr.net/gh/alist-org/logo@main/logo.svg"/></a>
+  <p><em>🗂️Gin と Solidjs による、複数のストレージをサポートするファイルリストプログラム。</em></p>
+<div>
+  <a href="https://goreportcard.com/report/github.com/alist-org/alist/v3">
+    <img src="https://goreportcard.com/badge/github.com/alist-org/alist/v3" alt="latest version" />
+  </a>
+  <a href="https://github.com/Xhofe/alist/blob/main/LICENSE">
+    <img src="https://img.shields.io/github/license/Xhofe/alist" alt="License" />
+  </a>
+  <a href="https://github.com/Xhofe/alist/actions?query=workflow%3ABuild">
+    <img src="https://img.shields.io/github/actions/workflow/status/Xhofe/alist/build.yml?branch=main" alt="Build status" />
+  </a>
+  <a href="https://github.com/Xhofe/alist/releases">
+    <img src="https://img.shields.io/github/release/Xhofe/alist" alt="latest version" />
+  </a>
+  <a title="Crowdin" target="_blank" href="https://crwd.in/alist">
+    <img src="https://badges.crowdin.net/alist/localized.svg">
+  </a>
+</div>
+<div>
+  <a href="https://github.com/Xhofe/alist/discussions">
+    <img src="https://img.shields.io/github/discussions/Xhofe/alist?color=%23ED8936" alt="discussions" />
+  </a>
+  <a href="https://discord.gg/F4ymsH4xv2">
+    <img src="https://img.shields.io/discord/1018870125102895134?logo=discord" alt="discussions" />
+  </a>
+  <a href="https://github.com/Xhofe/alist/releases">
+    <img src="https://img.shields.io/github/downloads/Xhofe/alist/total?color=%239F7AEA&logo=github" alt="Downloads" />
+  </a>
+  <a href="https://hub.docker.com/r/xhofe/alist">
+    <img src="https://img.shields.io/docker/pulls/xhofe/alist?color=%2348BB78&logo=docker&label=pulls" alt="Downloads" />
+  </a>
+  <a href="https://alist.nn.ci/guide/sponsor.html">
+    <img src="https://img.shields.io/badge/%24-sponsor-F87171.svg" alt="sponsor" />
+  </a>
+</div>
+</div>
+
+---
+
+[English](./README.md) | [中文](./README_cn.md) | 日本語 | [Contributing](./CONTRIBUTING.md) | [CODE_OF_CONDUCT](./CODE_OF_CONDUCT.md)
+
+## 特徴
+
+- [x] マルチストレージ
+    - [x] ローカルストレージ
+    - [x] [Aliyundrive](https://www.aliyundrive.com/)
+    - [x] OneDrive / Sharepoint ([グローバル](https://www.office.com/), [cn](https://portal.partner.microsoftonline.cn),de,us)
+    - [x] [189cloud](https://cloud.189.cn) (Personal, Family)
+    - [x] [GoogleDrive](https://drive.google.com/)
+    - [x] [123pan](https://www.123pan.com/)
+    - [x] FTP / SFTP
+    - [x] [PikPak](https://www.mypikpak.com/)
+    - [x] [S3](https://aws.amazon.com/s3/)
+    - [x] [Seafile](https://seafile.com/)
+    - [x] [UPYUN Storage Service](https://www.upyun.com/products/file-storage)
+    - [x] WebDav(Support OneDrive/SharePoint without API)
+    - [x] Teambition([China](https://www.teambition.com/ ),[International](https://us.teambition.com/ ))
+    - [x] [Mediatrack](https://www.mediatrack.cn/)
+    - [x] [139yun](https://yun.139.com/) (Personal, Family)
+    - [x] [YandexDisk](https://disk.yandex.com/)
+    - [x] [BaiduNetdisk](http://pan.baidu.com/)
+    - [x] [Terabox](https://www.terabox.com/main)
+    - [x] [UC](https://drive.uc.cn)
+    - [x] [Quark](https://pan.quark.cn)
+    - [x] [Thunder](https://pan.xunlei.com)
+    - [x] [Lanzou](https://www.lanzou.com/)
+    - [x] [Aliyundrive share](https://www.aliyundrive.com/)
+    - [x] [Google photo](https://photos.google.com/)
+    - [x] [Mega.nz](https://mega.nz)
+    - [x] [Baidu photo](https://photo.baidu.com/)
+    - [x] SMB
+    - [x] [115](https://115.com/)
+    - [X] Cloudreve
+    - [x] [Dropbox](https://www.dropbox.com/)
+- [x] デプロイが簡単で、すぐに使える
+- [x] ファイルプレビュー (PDF, マークダウン, コード, プレーンテキスト, ...)
+- [x] ギャラリーモードでの画像プレビュー
+- [x] ビデオとオーディオのプレビュー、歌詞と字幕のサポート
+- [x] Office ドキュメントのプレビュー (docx, pptx, xlsx, ...)
+- [x] `README.md` のプレビューレンダリング
+- [x] ファイルのパーマリンクコピーと直接ダウンロード
+- [x] ダークモード
+- [x] 国際化
+- [x] 保護されたルート (パスワード保護と認証)
+- [x] WebDav (詳細は https://alist.nn.ci/guide/webdav.html を参照)
+- [x] [Docker デプロイ](https://hub.docker.com/r/xhofe/alist)
+- [x] Cloudflare ワーカープロキシ
+- [x] ファイル/フォルダパッケージのダウンロード
+- [x] ウェブアップロード(訪問者にアップロードを許可できる), 削除, mkdir, 名前変更, 移動, コピー
+- [x] オフラインダウンロード
+- [x] 二つのストレージ間でファイルをコピー
+
+## ドキュメント
+
+<https://alist.nn.ci/>
+
+## デモ
+
+<https://al.nn.ci>
+
+## ディスカッション
+
+一般的なご質問は[ディスカッションフォーラム](https://github.com/Xhofe/alist/discussions)をご利用ください。**問題はバグレポートと機能リクエストのみです。**
+
+## スポンサー
+
+AList はオープンソースのソフトウェアです。もしあなたがこのプロジェクトを気に入ってくださり、続けて欲しいと思ってくださるなら、ぜひスポンサーになってくださるか、1口でも寄付をしてくださるようご検討ください！すべての愛とサポートに感謝します:
+https://alist.nn.ci/guide/sponsor.html
+
+### スペシャルスポンサー
+
+- [亚洲云 - 高防服务器|服务器租用|福州高防|广东电信|香港服务器|美国服务器|海外服务器 - 国内靠谱的企业级云计算服务提供商](https://www.asiayun.com/aff/QQCOOQKZ) (sponsored Chinese API server)
+- [找资源 - 阿里云盘资源搜索引擎](https://zhaoziyuan.pw/)
+- [JetBrains: Essential tools for software developers and teams](https://www.jetbrains.com/)
+
+## コントリビューター
+
+これらの素晴らしい人々に感謝します:
+
+[![Contributors](http://contributors.nn.ci/api?repo=alist-org/alist&repo=alist-org/alist-web&repo=alist-org/docs)](https://github.com/alist-org/alist/graphs/contributors)
+
+## ライセンス
+
+`AList` は AGPL-3.0 ライセンスの下でライセンスされたオープンソースソフトウェアです。
+
+## 免責事項
+- このプログラムはフリーでオープンソースのプロジェクトです。ネットワークディスク上でファイルを共有するように設計されており、golang のダウンロードや学習に便利です。利用にあたっては関連法規を遵守し、悪用しないようお願いします;
+- このプログラムは、公式インターフェースの動作を破壊することなく、公式 sdk/インターフェースを呼び出すことで実装されています;
+- このプログラムは、302リダイレクト/トラフィック転送のみを行い、いかなるユーザーデータも傍受、保存、改ざんしません;
+- このプログラムを使用する前に、アカウントの禁止、ダウンロード速度の制限など、対応するリスクを理解し、負担する必要があります;
+- もし侵害があれば、[メール](mailto:i@nn.ci)で私に連絡してください。
+
+---
+
+> [@Blog](https://nn.ci/) · [@GitHub](https://github.com/Xhofe) · [@TelegramGroup](https://t.me/alist_chat) · [@Discord](https://discord.gg/F4ymsH4xv2)

build.sh

@@ -98,6 +98,7 @@ BuildRelease() {
     url="${BASE}${i}.tgz"
     curl -L -o "${i}.tgz" "${url}"
     sudo tar xf "${i}.tgz" --strip-components 1 -C /usr/local
+    rm -f "${i}.tgz"
   done
   OS_ARCHES=(linux-musl-amd64 linux-musl-arm64 linux-musl-arm linux-musl-mips linux-musl-mips64 linux-musl-mips64le linux-musl-mipsle linux-musl-ppc64le linux-musl-s390x)
   CGO_ARGS=(x86_64-linux-musl-gcc aarch64-linux-musl-gcc arm-linux-musleabihf-gcc mips-linux-musl-gcc mips64-linux-musl-gcc mips64el-linux-musl-gcc mipsel-linux-musl-gcc powerpc64le-linux-musl-gcc s390x-linux-musl-gcc)

drivers/115/util.go

@@ -1,10 +1,11 @@
 package _115
 
 import (
+	"crypto/tls"
 	"fmt"
 
 	"github.com/SheltonZhu/115driver/pkg/driver"
-	"github.com/alist-org/alist/v3/drivers/base"
+	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/pkg/errors"
 )
 
@@ -14,9 +15,11 @@ func (d *Pan115) login() error {
 	var err error
 	opts := []driver.Option{
 		driver.UA(UserAgent),
+		func(c *driver.Pan115Client) {
+			c.Client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: conf.Conf.TlsInsecureSkipVerify})
+		},
 	}
 	d.client = driver.New(opts...)
-	d.client.SetHttpClient(base.HttpClient)
 	cr := &driver.Credential{}
 	if d.Addition.QRCodeToken != "" {
 		s := &driver.QRCodeSession{

drivers/123/upload.go

@@ -34,6 +34,25 @@ func (d *Pan123) getS3PreSignedUrls(ctx context.Context, upReq *UploadResp, star
 	return &s3PreSignedUrls, nil
 }
 
+func (d *Pan123) getS3Auth(ctx context.Context, upReq *UploadResp, start, end int) (*S3PreSignedURLs, error) {
+	data := base.Json{
+		"StorageNode":     upReq.Data.StorageNode,
+		"bucket":          upReq.Data.Bucket,
+		"key":             upReq.Data.Key,
+		"partNumberEnd":   end,
+		"partNumberStart": start,
+		"uploadId":        upReq.Data.UploadId,
+	}
+	var s3PreSignedUrls S3PreSignedURLs
+	_, err := d.request(S3Auth, http.MethodPost, func(req *resty.Request) {
+		req.SetBody(data).SetContext(ctx)
+	}, &s3PreSignedUrls)
+	if err != nil {
+		return nil, err
+	}
+	return &s3PreSignedUrls, nil
+}
+
 func (d *Pan123) completeS3(ctx context.Context, upReq *UploadResp, file model.FileStreamer, isMultipart bool) error {
 	data := base.Json{
 		"StorageNode": upReq.Data.StorageNode,
@@ -51,11 +70,17 @@ func (d *Pan123) completeS3(ctx context.Context, upReq *UploadResp, file model.F
 }
 
 func (d *Pan123) newUpload(ctx context.Context, upReq *UploadResp, file model.FileStreamer, reader io.Reader, up driver.UpdateProgress) error {
-	chunkSize := int64(1024 * 1024 * 5)
+	chunkSize := int64(1024 * 1024 * 16)
 	// fetch s3 pre signed urls
 	chunkCount := int(math.Ceil(float64(file.GetSize()) / float64(chunkSize)))
-	// upload 10 chunks each batch
-	batchSize := 10
+	// only 1 batch is allowed
+	isMultipart := chunkCount > 1
+	batchSize := 1
+	getS3UploadUrl := d.getS3Auth
+	if isMultipart {
+		batchSize = 10
+		getS3UploadUrl = d.getS3PreSignedUrls
+	}
 	for i := 1; i <= chunkCount; i += batchSize {
 		if utils.IsCanceled(ctx) {
 			return ctx.Err()
@@ -65,7 +90,7 @@ func (d *Pan123) newUpload(ctx context.Context, upReq *UploadResp, file model.Fi
 		if end > chunkCount+1 {
 			end = chunkCount + 1
 		}
-		s3PreSignedUrls, err := d.getS3PreSignedUrls(ctx, upReq, start, end)
+		s3PreSignedUrls, err := getS3UploadUrl(ctx, upReq, start, end)
 		if err != nil {
 			return err
 		}
@@ -78,7 +103,7 @@ func (d *Pan123) newUpload(ctx context.Context, upReq *UploadResp, file model.Fi
 			if j == chunkCount {
 				curSize = file.GetSize() - (int64(chunkCount)-1)*chunkSize
 			}
-			err = d.uploadS3Chunk(ctx, upReq, s3PreSignedUrls, j, end, io.LimitReader(reader, chunkSize), curSize, false)
+			err = d.uploadS3Chunk(ctx, upReq, s3PreSignedUrls, j, end, io.LimitReader(reader, chunkSize), curSize, false, getS3UploadUrl)
 			if err != nil {
 				return err
 			}
@@ -89,7 +114,7 @@ func (d *Pan123) newUpload(ctx context.Context, upReq *UploadResp, file model.Fi
 	return d.completeS3(ctx, upReq, file, chunkCount > 1)
 }
 
-func (d *Pan123) uploadS3Chunk(ctx context.Context, upReq *UploadResp, s3PreSignedUrls *S3PreSignedURLs, cur, end int, reader io.Reader, curSize int64, retry bool) error {
+func (d *Pan123) uploadS3Chunk(ctx context.Context, upReq *UploadResp, s3PreSignedUrls *S3PreSignedURLs, cur, end int, reader io.Reader, curSize int64, retry bool, getS3UploadUrl func(ctx context.Context, upReq *UploadResp, start int, end int) (*S3PreSignedURLs, error)) error {
 	uploadUrl := s3PreSignedUrls.Data.PreSignedUrls[strconv.Itoa(cur)]
 	if uploadUrl == "" {
 		return fmt.Errorf("upload url is empty, s3PreSignedUrls: %+v", s3PreSignedUrls)
@@ -111,13 +136,13 @@ func (d *Pan123) uploadS3Chunk(ctx context.Context, upReq *UploadResp, s3PreSign
 			return fmt.Errorf("upload s3 chunk %d failed, status code: %d", cur, res.StatusCode)
 		}
 		// refresh s3 pre signed urls
-		newS3PreSignedUrls, err := d.getS3PreSignedUrls(ctx, upReq, cur, end)
+		newS3PreSignedUrls, err := getS3UploadUrl(ctx, upReq, cur, end)
 		if err != nil {
 			return err
 		}
 		s3PreSignedUrls.Data.PreSignedUrls = newS3PreSignedUrls.Data.PreSignedUrls
 		// retry
-		return d.uploadS3Chunk(ctx, upReq, s3PreSignedUrls, cur, end, reader, curSize, true)
+		return d.uploadS3Chunk(ctx, upReq, s3PreSignedUrls, cur, end, reader, curSize, true, getS3UploadUrl)
 	}
 	if res.StatusCode != http.StatusOK {
 		body, err := io.ReadAll(res.Body)

drivers/123/util.go

@@ -15,9 +15,10 @@ import (
 // do others that not defined in Driver interface
 
 const (
+	Api              = "https://www.123pan.com/api"
 	AApi             = "https://www.123pan.com/a/api"
 	BApi             = "https://www.123pan.com/b/api"
-	MainApi          = AApi
+	MainApi          = Api
 	SignIn           = MainApi + "/user/sign_in"
 	Logout           = MainApi + "/user/logout"
 	UserInfo         = MainApi + "/user/info"
@@ -33,6 +34,7 @@ const (
 	S3Auth           = MainApi + "/file/s3_upload_object/auth"
 	UploadCompleteV2 = MainApi + "/file/upload_complete/v2"
 	S3Complete       = MainApi + "/file/s3_complete_multipart_upload"
+	//AuthKeySalt      = "8-8D$sL8gPjom7bk#cY"
 )
 
 func (d *Pan123) login() error {
@@ -54,9 +56,10 @@ func (d *Pan123) login() error {
 		SetHeaders(map[string]string{
 			"origin":      "https://www.123pan.com",
 			"referer":     "https://www.123pan.com/",
-			"platform":    "web",
-			"app-version": "3",
-			"user-agent":  base.UserAgent,
+			"user-agent":  "Dart/2.19(dart:io)",
+			"platform":    "android",
+			"app-version": "36",
+			//"user-agent":  base.UserAgent,
 		}).
 		SetBody(body).Post(SignIn)
 	if err != nil {
@@ -70,15 +73,30 @@ func (d *Pan123) login() error {
 	return err
 }
 
+//func authKey(reqUrl string) (*string, error) {
+//	reqURL, err := url.Parse(reqUrl)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	nowUnix := time.Now().Unix()
+//	random := rand.Intn(0x989680)
+//
+//	p4 := fmt.Sprintf("%d|%d|%s|%s|%s|%s", nowUnix, random, reqURL.Path, "web", "3", AuthKeySalt)
+//	authKey := fmt.Sprintf("%d-%d-%x", nowUnix, random, md5.Sum([]byte(p4)))
+//	return &authKey, nil
+//}
+
 func (d *Pan123) request(url string, method string, callback base.ReqCallback, resp interface{}) ([]byte, error) {
 	req := base.RestyClient.R()
 	req.SetHeaders(map[string]string{
 		"origin":        "https://www.123pan.com",
 		"referer":       "https://www.123pan.com/",
 		"authorization": "Bearer " + d.AccessToken,
-		"platform":      "web",
-		"app-version":   "3",
-		"user-agent":    base.UserAgent,
+		"user-agent":    "Dart/2.19(dart:io)",
+		"platform":      "android",
+		"app-version":   "36",
+		//"user-agent":    base.UserAgent,
 	})
 	if callback != nil {
 		callback(req)
@@ -86,6 +104,11 @@ func (d *Pan123) request(url string, method string, callback base.ReqCallback, r
 	if resp != nil {
 		req.SetResult(resp)
 	}
+	//authKey, err := authKey(url)
+	//if err != nil {
+	//	return nil, err
+	//}
+	//req.SetQueryParam("auth-key", *authKey)
 	res, err := req.Execute(method, url)
 	if err != nil {
 		return nil, err

drivers/139/driver.go

@@ -300,6 +300,9 @@ func (d *Yun139) Put(ctx context.Context, dstDir model.Obj, stream model.FileStr
 
 	var partSize = getPartSize(stream.GetSize())
 	part := (stream.GetSize() + partSize - 1) / partSize
+	if part == 0 {
+		part = 1
+	}
 	for i := int64(0); i < part; i++ {
 		if utils.IsCanceled(ctx) {
 			return ctx.Err()
@@ -331,13 +334,11 @@ func (d *Yun139) Put(ctx context.Context, dstDir model.Obj, stream model.FileStr
 		if err != nil {
 			return err
 		}
+		_ = res.Body.Close()
 		log.Debugf("%+v", res)
-
 		if res.StatusCode != http.StatusOK {
 			return fmt.Errorf("unexpected status code: %d", res.StatusCode)
 		}
-
-		res.Body.Close()
 	}
 
 	return nil

drivers/aliyundrive_open/driver.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/Xhofe/rateg"
 	"github.com/alist-org/alist/v3/drivers/base"
 	"github.com/alist-org/alist/v3/internal/driver"
 	"github.com/alist-org/alist/v3/internal/errs"
@@ -39,8 +40,14 @@ func (d *AliyundriveOpen) Init(ctx context.Context) error {
 		return err
 	}
 	d.DriveId = utils.Json.Get(res, "default_drive_id").ToString()
-	d.limitList = utils.LimitRateCtx(d.list, time.Second/4)
-	d.limitLink = utils.LimitRateCtx(d.link, time.Second)
+	d.limitList = rateg.LimitFnCtx(d.list, rateg.LimitFnOption{
+		Limit:  4,
+		Bucket: 1,
+	})
+	d.limitLink = rateg.LimitFnCtx(d.link, rateg.LimitFnOption{
+		Limit:  1,
+		Bucket: 1,
+	})
 	return nil
 }
 

drivers/aliyundrive_open/util.go

@@ -10,6 +10,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/op"
 	"github.com/alist-org/alist/v3/pkg/utils"
 	"github.com/go-resty/resty/v2"
+	log "github.com/sirupsen/logrus"
 )
 
 // do others that not defined in Driver interface
@@ -19,9 +20,9 @@ func (d *AliyundriveOpen) refreshToken() error {
 	if d.OauthTokenURL != "" && d.ClientID == "" {
 		url = d.OauthTokenURL
 	}
-	var resp base.TokenResp
+	//var resp base.TokenResp
 	var e ErrResp
-	_, err := base.RestyClient.R().
+	res, err := base.RestyClient.R().
 		ForceContentType("application/json").
 		SetBody(base.Json{
 			"client_id":     d.ClientID,
@@ -29,19 +30,21 @@ func (d *AliyundriveOpen) refreshToken() error {
 			"grant_type":    "refresh_token",
 			"refresh_token": d.RefreshToken,
 		}).
-		SetResult(&resp).
+		//SetResult(&resp).
 		SetError(&e).
 		Post(url)
 	if err != nil {
 		return err
 	}
+	log.Debugf("[ali_open] refresh token response: %s", res.String())
 	if e.Code != "" {
 		return fmt.Errorf("failed to refresh token: %s", e.Message)
 	}
-	if resp.RefreshToken == "" {
+	refresh, access := utils.Json.Get(res.Body(), "refresh_token").ToString(), utils.Json.Get(res.Body(), "access_token").ToString()
+	if refresh == "" {
 		return errors.New("failed to refresh token: refresh token is empty")
 	}
-	d.RefreshToken, d.AccessToken = resp.RefreshToken, resp.AccessToken
+	d.RefreshToken, d.AccessToken = refresh, access
 	op.MustSaveDriverStorage(d)
 	return nil
 }
@@ -65,6 +68,9 @@ func (d *AliyundriveOpen) requestReturnErrResp(uri, method string, callback base
 	req.SetError(&e)
 	res, err := req.Execute(method, d.base+uri)
 	if err != nil {
+		if res != nil {
+			log.Errorf("[aliyundrive_open] request error: %s", res.String())
+		}
 		return nil, err, nil
 	}
 	isRetry := len(retry) > 0 && retry[0]

drivers/aliyundrive_share/driver.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/Xhofe/rateg"
 	"github.com/alist-org/alist/v3/drivers/base"
 	"github.com/alist-org/alist/v3/internal/driver"
 	"github.com/alist-org/alist/v3/internal/errs"
@@ -52,8 +53,14 @@ func (d *AliyundriveShare) Init(ctx context.Context) error {
 			log.Errorf("%+v", err)
 		}
 	})
-	d.limitList = utils.LimitRateCtx(d.list, time.Second/4)
-	d.limitLink = utils.LimitRateCtx(d.link, time.Second)
+	d.limitList = rateg.LimitFnCtx(d.list, rateg.LimitFnOption{
+		Limit:  4,
+		Bucket: 1,
+	})
+	d.limitLink = rateg.LimitFnCtx(d.link, rateg.LimitFnOption{
+		Limit:  1,
+		Bucket: 1,
+	})
 	return nil
 }
 

drivers/baidu_netdisk/driver.go

@@ -1,7 +1,6 @@
 package baidu_netdisk
 
 import (
-	"bytes"
 	"context"
 	"crypto/md5"
 	"encoding/hex"
@@ -118,7 +117,6 @@ func (d *BaiduNetdisk) Put(ctx context.Context, dstDir model.Obj, stream model.F
 		_ = os.Remove(tempFile.Name())
 	}()
 	var Default int64 = 4 * 1024 * 1024
-	defaultByteData := make([]byte, Default)
 	count := int(math.Ceil(float64(stream.GetSize()) / float64(Default)))
 	var SliceSize int64 = 256 * 1024
 	// cal md5
@@ -130,20 +128,14 @@ func (d *BaiduNetdisk) Put(ctx context.Context, dstDir model.Obj, stream model.F
 	left := stream.GetSize()
 	for i := 0; i < count; i++ {
 		byteSize := Default
-		var byteData []byte
 		if left < Default {
 			byteSize = left
-			byteData = make([]byte, byteSize)
-		} else {
-			byteData = defaultByteData
 		}
 		left -= byteSize
-		_, err = io.ReadFull(tempFile, byteData)
+		_, err = io.Copy(io.MultiWriter(h1, h2), io.LimitReader(tempFile, byteSize))
 		if err != nil {
 			return err
 		}
-		h1.Write(byteData)
-		h2.Write(byteData)
 		block_list = append(block_list, fmt.Sprintf("\"%s\"", hex.EncodeToString(h2.Sum(nil))))
 		h2.Reset()
 	}
@@ -177,6 +169,7 @@ func (d *BaiduNetdisk) Put(ctx context.Context, dstDir model.Obj, stream model.F
 	params := map[string]string{
 		"method": "precreate",
 	}
+	log.Debugf("[baidu_netdisk] precreate data: %s", data)
 	var precreateResp PrecreateResp
 	_, err = d.post("/xpan/file", params, data, &precreateResp)
 	if err != nil {
@@ -199,24 +192,16 @@ func (d *BaiduNetdisk) Put(ctx context.Context, dstDir model.Obj, stream model.F
 			return ctx.Err()
 		}
 		byteSize := Default
-		var byteData []byte
 		if left < Default {
 			byteSize = left
-			byteData = make([]byte, byteSize)
-		} else {
-			byteData = defaultByteData
 		}
 		left -= byteSize
-		_, err = io.ReadFull(tempFile, byteData)
-		if err != nil {
-			return err
-		}
 		u := "https://d.pcs.baidu.com/rest/2.0/pcs/superfile2"
 		params["partseq"] = strconv.Itoa(partseq)
 		res, err := base.RestyClient.R().
 			SetContext(ctx).
 			SetQueryParams(params).
-			SetFileReader("file", stream.GetName(), bytes.NewReader(byteData)).
+			SetFileReader("file", stream.GetName(), io.LimitReader(tempFile, byteSize)).
 			Post(u)
 		if err != nil {
 			return err

drivers/baidu_netdisk/util.go

@@ -13,6 +13,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/op"
 	"github.com/alist-org/alist/v3/pkg/utils"
 	"github.com/go-resty/resty/v2"
+	log "github.com/sirupsen/logrus"
 )
 
 // do others that not defined in Driver interface
@@ -62,16 +63,17 @@ func (d *BaiduNetdisk) request(furl string, method string, callback base.ReqCall
 	if err != nil {
 		return nil, err
 	}
+	log.Debugf("[baidu_netdisk] req: %s, resp: %s", furl, res.String())
 	errno := utils.Json.Get(res.Body(), "errno").ToInt()
 	if errno != 0 {
-		if errno == -6 {
+		if utils.SliceContains([]int{111, -6}, errno) {
 			err = d.refreshToken()
 			if err != nil {
 				return nil, err
 			}
 			return d.request(furl, method, callback, resp)
 		}
-		return nil, fmt.Errorf("errno: %d, refer to https://pan.baidu.com/union/doc/", errno)
+		return nil, fmt.Errorf("req: [%s] ,errno: %d, refer to https://pan.baidu.com/union/doc/", furl, errno)
 	}
 	return res.Body(), nil
 }

drivers/terabox/util.go

@@ -3,15 +3,16 @@ package terbox
 import (
 	"encoding/base64"
 	"fmt"
-	"github.com/alist-org/alist/v3/drivers/base"
-	"github.com/alist-org/alist/v3/internal/model"
-	"github.com/alist-org/alist/v3/pkg/utils"
-	"github.com/go-resty/resty/v2"
 	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/alist-org/alist/v3/drivers/base"
+	"github.com/alist-org/alist/v3/internal/model"
+	"github.com/alist-org/alist/v3/pkg/utils"
+	"github.com/go-resty/resty/v2"
 )
 
 func (d *Terabox) request(furl string, method string, callback base.ReqCallback, resp interface{}) ([]byte, error) {
@@ -139,6 +140,11 @@ func (d *Terabox) linkOfficial(file model.Obj, args model.LinkArgs) (*model.Link
 	if err != nil {
 		return nil, err
 	}
+
+	if len(resp.Dlink) == 0 {
+		return nil, fmt.Errorf("fid %s no dlink found, errno: %d", file.GetID(), resp.Errno)
+	}
+
 	res, err := base.NoRedirectClient.R().SetHeader("Cookie", d.Cookie).SetHeader("User-Agent", base.UserAgent).Get(resp.Dlink[0].Dlink)
 	if err != nil {
 		return nil, err

go.mod

@@ -49,6 +49,7 @@ require (
 require (
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/RoaringBitmap/roaring v1.2.3 // indirect
+	github.com/Xhofe/rateg v0.0.0-20230728072201-251a4e1adad4 // indirect
 	github.com/aead/ecdh v0.2.0 // indirect
 	github.com/aliyun/aliyun-oss-go-sdk v2.2.5+incompatible // indirect
 	github.com/andreburgaud/crypt2go v1.1.0 // indirect
@@ -135,7 +136,7 @@ require (
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
-	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
+	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect

go.sum

@@ -6,6 +6,8 @@ github.com/SheltonZhu/115driver v1.0.14 h1:uW3dl8J9KDMw+3gPxQdhTysoGhw0/uI1484GT
 github.com/SheltonZhu/115driver v1.0.14/go.mod h1:00ixivHH5HqDj4S7kAWbkuUrjtsJTxc7cGv5RMw3RVs=
 github.com/Xhofe/go-cache v0.0.0-20220723083548-714439c8af9a h1:RenIAa2q4H8UcS/cqmwdT1WCWIAH5aumP8m8RpbqVsE=
 github.com/Xhofe/go-cache v0.0.0-20220723083548-714439c8af9a/go.mod h1:sSBbaOg90XwWKtpT56kVujF0bIeVITnPlssLclogS04=
+github.com/Xhofe/rateg v0.0.0-20230728072201-251a4e1adad4 h1:WnvifFgYyogPz2ZFvaVLk4gI/Co0paF92FmxSR6U1zY=
+github.com/Xhofe/rateg v0.0.0-20230728072201-251a4e1adad4/go.mod h1:8pWlL2rpusvx7Xa6yYaIWOJ8bR3gPdFBUT7OystyGOY=
 github.com/Xhofe/wopan-sdk-go v0.1.1 h1:dSrTxNYclqNuo9libjtC+R6C4RCen/inh/dUXd12vpM=
 github.com/Xhofe/wopan-sdk-go v0.1.1/go.mod h1:xWcUS7PoFLDD9gy2BK2VQfilEsZngLMz2Vkx3oF2zJY=
 github.com/aead/ecdh v0.2.0 h1:pYop54xVaq/CEREFEcukHRZfTdjiWvYIsZDXXrBapQQ=
@@ -210,6 +212,7 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
 github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
 github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@@ -394,6 +397,8 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=

internal/bootstrap/data/setting.go

@@ -154,13 +154,16 @@ func InitialSettings() []model.SettingItem {
 
 		// SSO settings
 		{Key: conf.SSOLoginEnabled, Value: "false", Type: conf.TypeBool, Group: model.SSO, Flag: model.PUBLIC},
-		{Key: conf.SSOLoginplatform, Type: conf.TypeSelect, Options: "Casdoor,Github,Microsoft,Google,Dingtalk,OIDC", Group: model.SSO, Flag: model.PUBLIC},
+		{Key: conf.SSOLoginPlatform, Type: conf.TypeSelect, Options: "Casdoor,Github,Microsoft,Google,Dingtalk,OIDC", Group: model.SSO, Flag: model.PUBLIC},
 		{Key: conf.SSOClientId, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOClientSecret, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOOrganizationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOApplicationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOEndpointName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOJwtPublicKey, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSOAutoRegister, Value: "false", Type: conf.TypeBool, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSODefaultDir, Value: "/", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSODefaultPermission, Value: "0", Type: conf.TypeNumber, Group: model.SSO, Flag: model.PRIVATE},
 
 		// qbittorrent settings
 		{Key: conf.QbittorrentUrl, Value: "http://admin:adminadmin@localhost:8080/", Type: conf.TypeString, Group: model.SINGLE, Flag: model.PRIVATE},

internal/conf/const.go

@@ -57,14 +57,17 @@ const (
 	IndexProgress = "index_progress"
 
 	//SSO
-	SSOClientId         = "sso_client_id"
-	SSOClientSecret     = "sso_client_secret"
-	SSOLoginEnabled     = "sso_login_enabled"
-	SSOLoginplatform    = "sso_login_platform"
-	SSOOrganizationName = "sso_organization_name"
-	SSOApplicationName  = "sso_application_name"
-	SSOEndpointName     = "sso_endpoint_name"
-	SSOJwtPublicKey     = "sso_jwt_public_key"
+	SSOClientId          = "sso_client_id"
+	SSOClientSecret      = "sso_client_secret"
+	SSOLoginEnabled      = "sso_login_enabled"
+	SSOLoginPlatform     = "sso_login_platform"
+	SSOOrganizationName  = "sso_organization_name"
+	SSOApplicationName   = "sso_application_name"
+	SSOEndpointName      = "sso_endpoint_name"
+	SSOJwtPublicKey      = "sso_jwt_public_key"
+	SSOAutoRegister      = "sso_auto_register"
+	SSODefaultDir        = "sso_default_dir"
+	SSODefaultPermission = "sso_default_permission"
 
 	// qbittorrent
 	QbittorrentUrl      = "qbittorrent_url"

internal/fs/put.go

@@ -36,7 +36,7 @@ func putAsTask(dstDirPath string, file *model.FileStream) error {
 	UploadTaskManager.Submit(task.WithCancelCtx(&task.Task[uint64]{
 		Name: fmt.Sprintf("upload %s to [%s](%s)", file.GetName(), storage.GetStorage().MountPath, dstDirActualPath),
 		Func: func(task *task.Task[uint64]) error {
-			return op.Put(task.Ctx, storage, dstDirActualPath, file, nil, true)
+			return op.Put(task.Ctx, storage, dstDirActualPath, file, task.SetProgress, true)
 		},
 	}))
 	return nil

internal/model/args.go

@@ -25,6 +25,7 @@ type Link struct {
 	Status     int            // status maybe 200 or 206, etc
 	FilePath   *string        // local file, return the filepath
 	Expiration *time.Duration // url expiration time
+	IPCacheKey bool           // add ip to cache key
 	//Handle     func(w http.ResponseWriter, r *http.Request) error `json:"-"` // custom handler
 	Writer WriterFunc `json:"-"` // custom writer
 }

internal/model/user.go

@@ -33,7 +33,7 @@ type User struct {
 	//  10: can add qbittorrent tasks
 	Permission int32  `json:"permission"`
 	OtpSecret  string `json:"-"`
-	SsoID      string `json:"sso_id"`
+	SsoID      string `json:"sso_id"` // unique by sso platform
 }
 
 func (u User) IsGuest() bool {

internal/op/fs.go

@@ -243,7 +243,7 @@ func Link(ctx context.Context, storage driver.Driver, path string, args model.Li
 	if file.IsDir() {
 		return nil, nil, errors.WithStack(errs.NotFile)
 	}
-	key := Key(storage, path) + ":" + args.IP
+	key := Key(storage, path)
 	if link, ok := linkCache.Get(key); ok {
 		return link, file, nil
 	}
@@ -253,6 +253,9 @@ func Link(ctx context.Context, storage driver.Driver, path string, args model.Li
 			return nil, errors.Wrapf(err, "failed get link")
 		}
 		if link.Expiration != nil {
+			if link.IPCacheKey {
+				key = key + ":" + args.IP
+			}
 			linkCache.Set(key, link, cache.WithEx[*model.Link](*link.Expiration))
 		}
 		return link, nil
@@ -563,6 +566,9 @@ func Put(ctx context.Context, storage driver.Driver, dstDirPath string, file *mo
 			err := Remove(ctx, storage, tempPath)
 			if err != nil {
 				return err
+			} else {
+				key := Key(storage, stdpath.Join(dstDirPath, file.GetName()))
+				linkCache.Del(key)
 			}
 		}
 	}

internal/qbittorrent/client.go

@@ -3,12 +3,13 @@ package qbittorrent
 import (
 	"bytes"
 	"errors"
-	"github.com/alist-org/alist/v3/pkg/utils"
 	"io"
 	"mime/multipart"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+
+	"github.com/alist-org/alist/v3/pkg/utils"
 )
 
 type Client interface {
@@ -213,7 +214,7 @@ type TorrentInfo struct {
 	Hash              string        `json:"hash"`               //
 	LastActivity      int           `json:"last_activity"`      // 上次活跃的时间（Unix Epoch）
 	MagnetURI         string        `json:"magnet_uri"`         // 与此 torrent 对应的 Magnet URI
-	MaxRatio          int           `json:"max_ratio"`          // 种子/上传停止种子前的最大共享比率
+	MaxRatio          float64       `json:"max_ratio"`          // 种子/上传停止种子前的最大共享比率
 	MaxSeedingTime    int           `json:"max_seeding_time"`   // 停止种子种子前的最长种子时间（秒）
 	Name              string        `json:"name"`               //
 	NumComplete       int           `json:"num_complete"`       //

pkg/utils/fn_limiter.go

@@ -1,114 +0,0 @@
-package utils
-
-import (
-	"context"
-	"reflect"
-	"time"
-)
-
-func LimitRateReflect(f interface{}, interval time.Duration) func(...interface{}) []interface{} {
-	// Use closures to save the time of the last function call
-	var lastCall time.Time
-
-	fValue := reflect.ValueOf(f)
-	fType := fValue.Type()
-
-	if fType.Kind() != reflect.Func {
-		panic("f must be a function")
-	}
-
-	//if fType.NumOut() == 0 {
-	//	panic("f must have at least one output parameter")
-	//}
-
-	outCount := fType.NumOut()
-	outTypes := make([]reflect.Type, outCount)
-
-	for i := 0; i < outCount; i++ {
-		outTypes[i] = fType.Out(i)
-	}
-
-	// Returns a new function, which is used to limit the function to be called only once at a specified time interval
-	return func(args ...interface{}) []interface{} {
-		// Calculate the time interval since the last function call
-		elapsed := time.Since(lastCall)
-		// If the interval is less than the specified time, wait for the remaining time
-		if elapsed < interval {
-			time.Sleep(interval - elapsed)
-		}
-		// Update the time of the last function call
-		lastCall = time.Now()
-
-		inCount := fType.NumIn()
-		in := make([]reflect.Value, inCount)
-
-		if len(args) != inCount {
-			panic("wrong number of arguments")
-		}
-
-		for i := 0; i < inCount; i++ {
-			in[i] = reflect.ValueOf(args[i])
-		}
-
-		out := fValue.Call(in)
-
-		if len(out) != outCount {
-			panic("function returned wrong number of values")
-		}
-
-		result := make([]interface{}, outCount)
-
-		for i := 0; i < outCount; i++ {
-			result[i] = out[i].Interface()
-		}
-
-		return result
-	}
-}
-
-type Fn[T any, R any] func(T) (R, error)
-type FnCtx[T any, R any] func(context.Context, T) (R, error)
-
-func LimitRate[T any, R any](f Fn[T, R], interval time.Duration) Fn[T, R] {
-	// Use closures to save the time of the last function call
-	var lastCall time.Time
-	// Returns a new function, which is used to limit the function to be called only once at a specified time interval
-	return func(t T) (R, error) {
-		// Calculate the time interval since the last function call
-		elapsed := time.Since(lastCall)
-		// If the interval is less than the specified time, wait for the remaining time
-		if elapsed < interval {
-			time.Sleep(interval - elapsed)
-		}
-		// Update the time of the last function call
-		lastCall = time.Now()
-		// Execute the function that needs to be limited
-		return f(t)
-	}
-}
-
-func LimitRateCtx[T any, R any](f FnCtx[T, R], interval time.Duration) FnCtx[T, R] {
-	// Use closures to save the time of the last function call
-	var lastCall time.Time
-	// Returns a new function, which is used to limit the function to be called only once at a specified time interval
-	return func(ctx context.Context, t T) (R, error) {
-		// Calculate the time interval since the last function call
-		elapsed := time.Since(lastCall)
-		// If the interval is less than the specified time, wait for the remaining time
-		if elapsed < interval {
-			t := time.NewTimer(interval - elapsed)
-			select {
-			case <-ctx.Done():
-				t.Stop()
-				var zero R
-				return zero, ctx.Err()
-			case <-t.C:
-
-			}
-		}
-		// Update the time of the last function call
-		lastCall = time.Now()
-		// Execute the function that needs to be limited
-		return f(ctx, t)
-	}
-}

pkg/utils/fn_limiter_test.go

@@ -1,59 +0,0 @@
-package utils_test
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	"github.com/alist-org/alist/v3/pkg/utils"
-)
-
-func myFunction(a int) (int, error) {
-	// do something
-	return a + 1, nil
-}
-
-func TestLimitRate(t *testing.T) {
-	myLimitedFunction := utils.LimitRate(myFunction, time.Second)
-	result, _ := myLimitedFunction(1)
-	t.Log(result) // Output: 2
-	result, _ = myLimitedFunction(2)
-	t.Log(result) // Output: 3
-}
-
-type Test struct {
-	limitFn func(string) (string, error)
-}
-
-func (t *Test) myFunction(a string) (string, error) {
-	// do something
-	return a + " world", nil
-}
-
-func TestLimitRateStruct(t *testing.T) {
-	test := &Test{}
-	test.limitFn = utils.LimitRate(test.myFunction, time.Second)
-	result, _ := test.limitFn("hello")
-	t.Log(result) // Output: hello world
-	result, _ = test.limitFn("hi")
-	t.Log(result) // Output: hi world
-}
-
-func myFunctionCtx(ctx context.Context, a int) (int, error) {
-	// do something
-	return a + 1, nil
-}
-func TestLimitRateCtx(t *testing.T) {
-	myLimitedFunction := utils.LimitRateCtx(myFunctionCtx, time.Second)
-	result, _ := myLimitedFunction(context.Background(), 1)
-	t.Log(result) // Output: 2
-	ctx, cancel := context.WithCancel(context.Background())
-	go func() {
-		time.Sleep(500 * time.Millisecond)
-		cancel()
-	}()
-	result, err := myLimitedFunction(ctx, 2)
-	t.Log(result, err) // Output: 0 context canceled
-	result, _ = myLimitedFunction(context.Background(), 3)
-	t.Log(result) // Output: 4
-}

server/handles/ssologin.go

@@ -11,8 +11,10 @@ import (
 
 	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/alist-org/alist/v3/internal/db"
+	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/alist-org/alist/v3/internal/setting"
 	"github.com/alist-org/alist/v3/pkg/utils"
+	"github.com/alist-org/alist/v3/pkg/utils/random"
 	"github.com/alist-org/alist/v3/server/common"
 	"github.com/coreos/go-oidc"
 	"github.com/gin-gonic/gin"
@@ -20,14 +22,15 @@ import (
 	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
 	"golang.org/x/oauth2"
+	"gorm.io/gorm"
 )
 
 var opts = totp.ValidateOpts{
 	// state verify won't expire in 30 secs, which is quite enough for the callback
 	Period: 30,
-	Skew: 1,
+	Skew:   1,
 	// in some OIDC providers(such as Authelia), state parameter must be at least 8 characters
-	Digits: otp.DigitsEight,
+	Digits:    otp.DigitsEight,
 	Algorithm: otp.AlgorithmSHA1,
 }
 
@@ -35,7 +38,7 @@ func SSOLoginRedirect(c *gin.Context) {
 	method := c.Query("method")
 	enabled := setting.GetBool(conf.SSOLoginEnabled)
 	clientId := setting.GetStr(conf.SSOClientId)
-	platform := setting.GetStr(conf.SSOLoginplatform)
+	platform := setting.GetStr(conf.SSOLoginPlatform)
 	var r_url string
 	var redirect_uri string
 	if enabled {
@@ -76,7 +79,7 @@ func SSOLoginRedirect(c *gin.Context) {
 				return
 			}
 			// generate state parameter
-			state,err := totp.GenerateCodeCustom(base32.StdEncoding.EncodeToString([]byte(oauth2Config.ClientSecret)), time.Now(), opts)
+			state, err := totp.GenerateCodeCustom(base32.StdEncoding.EncodeToString([]byte(oauth2Config.ClientSecret)), time.Now(), opts)
 			if err != nil {
 				common.ErrorStrResp(c, err.Error(), 400)
 				return
@@ -118,13 +121,39 @@ func GetOIDCClient(c *gin.Context) (*oauth2.Config, error) {
 	}, nil
 }
 
+func autoRegister(username, userID string, err error) (*model.User, error) {
+	if !errors.Is(err, gorm.ErrRecordNotFound) || !setting.GetBool(conf.SSOAutoRegister) {
+		return nil, err
+	}
+	if username == "" {
+		return nil, errors.New("cannot get username from SSO provider")
+	}
+	user := &model.User{
+		ID:         0,
+		Username:   username,
+		Password:   random.String(16),
+		Permission: int32(setting.GetInt(conf.SSODefaultPermission, 0)),
+		BasePath:   setting.GetStr(conf.SSODefaultDir),
+		Role:       0,
+		Disabled:   false,
+		SsoID:      userID,
+	}
+	if err = db.CreateUser(user); err != nil {
+		if strings.HasPrefix(err.Error(), "UNIQUE constraint failed") && strings.HasSuffix(err.Error(), "username") {
+			user.Username = user.Username + "_" + userID
+			if err = db.CreateUser(user); err != nil {
+				return nil, err
+			}
+		} else {
+			return nil, err
+		}
+	}
+	return user, nil
+}
+
 func OIDCLoginCallback(c *gin.Context) {
 	argument := c.Query("method")
-	enabled := setting.GetBool(conf.SSOLoginEnabled)
 	clientId := setting.GetStr(conf.SSOClientId)
-	if !enabled {
-		common.ErrorResp(c, errors.New("invalid request"), 500)
-	}
 	endpoint := setting.GetStr(conf.SSOEndpointName)
 	provider, err := oidc.NewProvider(c, endpoint)
 	if err != nil {
@@ -170,7 +199,7 @@ func OIDCLoginCallback(c *gin.Context) {
 	}
 	claims := UserInfo{}
 	if err := idToken.Claims(&claims); err != nil {
-		c.Error(err)
+		common.ErrorResp(c, err, 400)
 		return
 	}
 	UserID := claims.Name
@@ -189,7 +218,10 @@ func OIDCLoginCallback(c *gin.Context) {
 	if argument == "sso_get_token" {
 		user, err := db.GetUserBySSOID(UserID)
 		if err != nil {
-			common.ErrorResp(c, err, 400)
+			user, err = autoRegister(UserID, UserID, err)
+			if err != nil {
+				common.ErrorResp(c, err, 400)
+			}
 		}
 		token, err := common.GenerateToken(user.Username)
 		if err != nil {
@@ -209,133 +241,145 @@ func OIDCLoginCallback(c *gin.Context) {
 }
 
 func SSOLoginCallback(c *gin.Context) {
+	enabled := setting.GetBool(conf.SSOLoginEnabled)
+	if !enabled {
+		common.ErrorResp(c, errors.New("sso login is disabled"), 500)
+	}
 	argument := c.Query("method")
-	if argument == "get_sso_id" || argument == "sso_get_token" {
-		enabled := setting.GetBool(conf.SSOLoginEnabled)
-		clientId := setting.GetStr(conf.SSOClientId)
-		platform := setting.GetStr(conf.SSOLoginplatform)
-		clientSecret := setting.GetStr(conf.SSOClientSecret)
-		var url1, url2, additionalbody, scope, authstring, idstring string
-		switch platform {
-		case "Github":
-			url1 = "https://github.com/login/oauth/access_token"
-			url2 = "https://api.github.com/user"
-			additionalbody = ""
-			authstring = "code"
-			scope = "read:user"
-			idstring = "id"
-		case "Microsoft":
-			url1 = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
-			url2 = "https://graph.microsoft.com/v1.0/me"
-			additionalbody = "&grant_type=authorization_code"
-			scope = "user.read"
-			authstring = "code"
-			idstring = "id"
-		case "Google":
-			url1 = "https://oauth2.googleapis.com/token"
-			url2 = "https://www.googleapis.com/oauth2/v1/userinfo"
-			additionalbody = "&grant_type=authorization_code"
-			scope = "https://www.googleapis.com/auth/userinfo.profile"
-			authstring = "code"
-			idstring = "id"
-		case "Dingtalk":
-			url1 = "https://api.dingtalk.com/v1.0/oauth2/userAccessToken"
-			url2 = "https://api.dingtalk.com/v1.0/contact/users/me"
-			authstring = "authCode"
-			idstring = "unionId"
-		case "Casdoor":
-			endpoint := strings.TrimSuffix(setting.GetStr(conf.SSOEndpointName), "/")
-			url1 = endpoint + "/api/login/oauth/access_token"
-			url2 = endpoint + "/api/userinfo"
-			additionalbody = "&grant_type=authorization_code"
-			scope = "profile"
-			authstring = "code"
-			idstring = "preferred_username"
-		case "OIDC":
-			OIDCLoginCallback(c)
-			return
-		default:
-			common.ErrorStrResp(c, "invalid platform", 400)
-			return
-		}
-		if enabled {
-			callbackCode := c.Query(authstring)
-			if callbackCode == "" {
-				common.ErrorStrResp(c, "No code provided", 400)
-				return
-			}
-			var resp *resty.Response
-			var err error
-			if platform == "Dingtalk" {
-				resp, err = ssoClient.R().SetHeader("content-type", "application/json").SetHeader("Accept", "application/json").
-					SetBody(map[string]string{
-						"clientId":     clientId,
-						"clientSecret": clientSecret,
-						"code":         callbackCode,
-						"grantType":    "authorization_code",
-					}).
-					Post(url1)
-			} else {
-				resp, err = ssoClient.R().SetHeader("content-type", "application/x-www-form-urlencoded").SetHeader("Accept", "application/json").
-					SetBody("client_id=" + clientId + "&client_secret=" + clientSecret + "&code=" + callbackCode + "&redirect_uri=" + common.GetApiUrl(c.Request) + "/api/auth/sso_callback?method=" + argument + "&scope=" + scope + additionalbody).
-					Post(url1)
-			}
-			if err != nil {
-				common.ErrorResp(c, err, 400)
-				return
-			}
-			if platform == "Dingtalk" {
-				accessToken := utils.Json.Get(resp.Body(), "accessToken").ToString()
-				resp, err = ssoClient.R().SetHeader("x-acs-dingtalk-access-token", accessToken).
-					Get(url2)
-			} else {
-				accessToken := utils.Json.Get(resp.Body(), "access_token").ToString()
-				resp, err = ssoClient.R().SetHeader("Authorization", "Bearer "+accessToken).
-					Get(url2)
-			}
-			if err != nil {
-				common.ErrorResp(c, err, 400)
-				return
-			}
-			UserID := utils.Json.Get(resp.Body(), idstring).ToString()
-			if UserID == "0" {
-				common.ErrorResp(c, errors.New("error occured"), 400)
-				return
-			}
-			if argument == "get_sso_id" {
-				html := fmt.Sprintf(`<!DOCTYPE html>
+	if !utils.SliceContains([]string{"get_sso_id", "sso_get_token"}, argument) {
+		common.ErrorResp(c, errors.New("invalid request"), 500)
+	}
+	clientId := setting.GetStr(conf.SSOClientId)
+	platform := setting.GetStr(conf.SSOLoginPlatform)
+	clientSecret := setting.GetStr(conf.SSOClientSecret)
+	var tokenUrl, userUrl, scope, authField, idField, usernameField string
+	additionalForm := make(map[string]string)
+	switch platform {
+	case "Github":
+		tokenUrl = "https://github.com/login/oauth/access_token"
+		userUrl = "https://api.github.com/user"
+		authField = "code"
+		scope = "read:user"
+		idField = "id"
+		usernameField = "login"
+	case "Microsoft":
+		tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
+		userUrl = "https://graph.microsoft.com/v1.0/me"
+		additionalForm["grant_type"] = "authorization_code"
+		scope = "user.read"
+		authField = "code"
+		idField = "id"
+		usernameField = "displayName"
+	case "Google":
+		tokenUrl = "https://oauth2.googleapis.com/token"
+		userUrl = "https://www.googleapis.com/oauth2/v1/userinfo"
+		additionalForm["grant_type"] = "authorization_code"
+		scope = "https://www.googleapis.com/auth/userinfo.profile"
+		authField = "code"
+		idField = "id"
+		usernameField = "name"
+	case "Dingtalk":
+		tokenUrl = "https://api.dingtalk.com/v1.0/oauth2/userAccessToken"
+		userUrl = "https://api.dingtalk.com/v1.0/contact/users/me"
+		authField = "authCode"
+		idField = "unionId"
+		usernameField = "nick"
+	case "Casdoor":
+		endpoint := strings.TrimSuffix(setting.GetStr(conf.SSOEndpointName), "/")
+		tokenUrl = endpoint + "/api/login/oauth/access_token"
+		userUrl = endpoint + "/api/userinfo"
+		additionalForm["grant_type"] = "authorization_code"
+		scope = "profile"
+		authField = "code"
+		idField = "sub"
+		usernameField = "preferred_username"
+	case "OIDC":
+		OIDCLoginCallback(c)
+		return
+	default:
+		common.ErrorStrResp(c, "invalid platform", 400)
+		return
+	}
+	callbackCode := c.Query(authField)
+	if callbackCode == "" {
+		common.ErrorStrResp(c, "No code provided", 400)
+		return
+	}
+	var resp *resty.Response
+	var err error
+	if platform == "Dingtalk" {
+		resp, err = ssoClient.R().SetHeader("content-type", "application/json").SetHeader("Accept", "application/json").
+			SetBody(map[string]string{
+				"clientId":     clientId,
+				"clientSecret": clientSecret,
+				"code":         callbackCode,
+				"grantType":    "authorization_code",
+			}).
+			Post(tokenUrl)
+	} else {
+		resp, err = ssoClient.R().SetHeader("Accept", "application/json").
+			SetFormData(map[string]string{
+				"client_id":     clientId,
+				"client_secret": clientSecret,
+				"code":          callbackCode,
+				"redirect_uri":  common.GetApiUrl(c.Request) + "/api/auth/sso_callback?method=" + argument,
+				"scope":         scope,
+			}).SetFormData(additionalForm).Post(tokenUrl)
+	}
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	if platform == "Dingtalk" {
+		accessToken := utils.Json.Get(resp.Body(), "accessToken").ToString()
+		resp, err = ssoClient.R().SetHeader("x-acs-dingtalk-access-token", accessToken).
+			Get(userUrl)
+	} else {
+		accessToken := utils.Json.Get(resp.Body(), "access_token").ToString()
+		resp, err = ssoClient.R().SetHeader("Authorization", "Bearer "+accessToken).
+			Get(userUrl)
+	}
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	userID := utils.Json.Get(resp.Body(), idField).ToString()
+	if utils.SliceContains([]string{"", "0"}, userID) {
+		common.ErrorResp(c, errors.New("error occured"), 400)
+		return
+	}
+	if argument == "get_sso_id" {
+		html := fmt.Sprintf(`<!DOCTYPE html>
 				<head></head>
 				<body>
 				<script>
 				window.opener.postMessage({"sso_id": "%s"}, "*")
 				window.close()
 				</script>
-				</body>`, UserID)
-				c.Data(200, "text/html; charset=utf-8", []byte(html))
-				return
-			}
-			if argument == "sso_get_token" {
-				user, err := db.GetUserBySSOID(UserID)
-				if err != nil {
-					common.ErrorResp(c, err, 400)
-				}
-				token, err := common.GenerateToken(user.Username)
-				if err != nil {
-					common.ErrorResp(c, err, 400)
-				}
-				html := fmt.Sprintf(`<!DOCTYPE html>
-				<head></head>
-				<body>
-				<script>
-				window.opener.postMessage({"token":"%s"}, "*")
-				window.close()
-				</script>
-				</body>`, token)
-				c.Data(200, "text/html; charset=utf-8", []byte(html))
-				return
-			}
-		} else {
-			common.ErrorResp(c, errors.New("invalid request"), 500)
+				</body>`, userID)
+		c.Data(200, "text/html; charset=utf-8", []byte(html))
+		return
+	}
+	username := utils.Json.Get(resp.Body(), usernameField).ToString()
+	user, err := db.GetUserBySSOID(userID)
+	if err != nil {
+		user, err = autoRegister(username, userID, err)
+		if err != nil {
+			common.ErrorResp(c, err, 400)
+			return
 		}
 	}
+	token, err := common.GenerateToken(user.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+	}
+	html := fmt.Sprintf(`<!DOCTYPE html>
+							<head></head>
+							<body>
+							<script>
+							window.opener.postMessage({"token":"%s"}, "*")
+							window.close()
+							</script>
+							</body>`, token)
+	c.Data(200, "text/html; charset=utf-8", []byte(html))
 }