feat: only log to std on debug/dev mode

From this commit, the guest user will be disabled by default

.github/workflows/build_docker.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   build_docker:
-    name: Docker
+    name: Build docker
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -36,4 +36,30 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64,linux/arm64
+
+  build_docker_with_aria2:
+    needs: build_docker
+    name: Build docker with aria2
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          repository: alist-org/with_aria2
+          ref: main
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Commit
+        run: |
+          git config --local user.email "i@nn.ci"
+          git config --local user.name "Noah Hsu"
+          git commit --allow-empty -m "Trigger build for ${{ github.sha }}"
+
+      - name: Push commit
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.MY_TOKEN }}
+          branch: main
+          repository: alist-org/with_aria2

.github/workflows/release_docker.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   release_docker:
-    name: Docker
+    name: Release Docker
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -39,4 +39,30 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386,linux/arm/v6,linux/s390x
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386,linux/arm/v6,linux/s390x
+
+  release_docker_with_aria2:
+    needs: release_docker
+    name: Release docker with aria2
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          repository: alist-org/with_aria2
+          ref: main
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Add tag
+        run: |
+          git config --local user.email "i@nn.ci"
+          git config --local user.name "Noah Hsu"
+          git tag -a ${{ github.ref_name }} -m "release ${{ github.ref_name }}"
+
+      - name: Push tags
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.MY_TOKEN }}
+          branch: main
+          repository: alist-org/with_aria2

drivers/139/driver.go

@@ -83,8 +83,7 @@ func (d *Yun139) MakeDir(ctx context.Context, parentDir model.Obj, dirName strin
 		}
 		pathname = "/orchestration/familyCloud/cloudCatalog/v1.0/createCloudDoc"
 	}
-	_, err := d.post(pathname,
+	_, err := d.post(pathname, data, nil)
-		data, nil)
 	return err
 }
 
@@ -222,6 +221,22 @@ func (d *Yun139) Remove(ctx context.Context, obj model.Obj) error {
 	return err
 }
 
+const (
+	_  = iota //ignore first value by assigning to blank identifier
+	KB = 1 << (10 * iota)
+	MB
+	GB
+	TB
+)
+
+func getPartSize(size int64) int64 {
+	// 网盘对于分片数量存在上限
+	if size/GB > 30 {
+		return 512 * MB
+	}
+	return 100 * MB
+}
+
 func (d *Yun139) Put(ctx context.Context, dstDir model.Obj, stream model.FileStreamer, up driver.UpdateProgress) error {
 	data := base.Json{
 		"manualRename": 2,
@@ -267,17 +282,17 @@ func (d *Yun139) Put(ctx context.Context, dstDir model.Obj, stream model.FileStr
 	// Progress
 	p := driver.NewProgress(stream.GetSize(), up)
 
-	var Default int64 = 104857600
+	var partSize = getPartSize(stream.GetSize())
-	part := (stream.GetSize() + Default - 1) / Default
+	part := (stream.GetSize() + partSize - 1) / partSize
 	for i := int64(0); i < part; i++ {
 		if utils.IsCanceled(ctx) {
 			return ctx.Err()
 		}
 
-		start := i * Default
+		start := i * partSize
 		byteSize := stream.GetSize() - start
-		if byteSize > Default {
+		if byteSize > partSize {
-			byteSize = Default
+			byteSize = partSize
 		}
 
 		limitReader := io.LimitReader(stream, byteSize)
@@ -301,6 +316,11 @@ func (d *Yun139) Put(ctx context.Context, dstDir model.Obj, stream model.FileStr
 			return err
 		}
 		log.Debugf("%+v", res)
+
+		if res.StatusCode != http.StatusOK {
+			return fmt.Errorf("unexpected status code: %d", res.StatusCode)
+		}
+
 		res.Body.Close()
 	}
 

drivers/alist_v3/driver.go

@@ -108,7 +108,7 @@ func (d *AListV3) Move(ctx context.Context, srcObj, dstDir model.Obj) error {
 		SetResult(&resp).
 		SetHeader("Authorization", d.AccessToken).
 		SetBody(MoveCopyReq{
-			SrcDir: srcObj.GetPath(),
+			SrcDir: path.Dir(srcObj.GetPath()),
 			DstDir: dstDir.GetPath(),
 			Names:  []string{srcObj.GetName()},
 		}).Post(url)
@@ -135,7 +135,7 @@ func (d *AListV3) Copy(ctx context.Context, srcObj, dstDir model.Obj) error {
 		SetResult(&resp).
 		SetHeader("Authorization", d.AccessToken).
 		SetBody(MoveCopyReq{
-			SrcDir: srcObj.GetPath(),
+			SrcDir: path.Dir(srcObj.GetPath()),
 			DstDir: dstDir.GetPath(),
 			Names:  []string{srcObj.GetName()},
 		}).Post(url)
@@ -149,7 +149,7 @@ func (d *AListV3) Remove(ctx context.Context, obj model.Obj) error {
 		SetResult(&resp).
 		SetHeader("Authorization", d.AccessToken).
 		SetBody(RemoveReq{
-			Dir:   obj.GetPath(),
+			Dir:   path.Dir(obj.GetPath()),
 			Names: []string{obj.GetName()},
 		}).Post(url)
 	return checkResp(resp, err)

drivers/aliyundrive/driver.go

@@ -251,7 +251,11 @@ func (d *AliDrive) Put(ctx context.Context, dstDir model.Obj, stream model.FileS
 		if utils.IsCanceled(ctx) {
 			return ctx.Err()
 		}
-		req, err := http.NewRequest("PUT", partInfo.UploadUrl, io.LimitReader(file, DEFAULT))
+		url := partInfo.UploadUrl
+		if d.InternalUpload {
+			url = partInfo.InternalUploadUrl
+		}
+		req, err := http.NewRequest("PUT", url, io.LimitReader(file, DEFAULT))
 		if err != nil {
 			return err
 		}

drivers/aliyundrive/meta.go

@@ -11,6 +11,7 @@ type Addition struct {
 	OrderBy        string `json:"order_by" type:"select" options:"name,size,updated_at,created_at"`
 	OrderDirection string `json:"order_direction" type:"select" options:"ASC,DESC"`
 	RapidUpload    bool   `json:"rapid_upload"`
+	InternalUpload bool   `json:"internal_upload"`
 }
 
 var config = driver.Config{

drivers/aliyundrive/types.go

@@ -48,7 +48,8 @@ type UploadResp struct {
 	FileId       string `json:"file_id"`
 	UploadId     string `json:"upload_id"`
 	PartInfoList []struct {
-		UploadUrl string `json:"upload_url"`
+		UploadUrl         string `json:"upload_url"`
+		InternalUploadUrl string `json:"internal_upload_url"`
 	} `json:"part_info_list"`
 
 	RapidUpload bool `json:"rapid_upload"`

drivers/aliyundrive_share/driver.go

@@ -54,6 +54,7 @@ func (d *AliyundriveShare) Drop(ctx context.Context) error {
 	if d.cron != nil {
 		d.cron.Stop()
 	}
+	d.DriveId = ""
 	return nil
 }
 

drivers/baidu_netdisk/util.go

@@ -187,7 +187,7 @@ func (d *BaiduNetdisk) create(path string, size int64, isdir int, uploadid, bloc
 	params := map[string]string{
 		"method": "create",
 	}
-	data := fmt.Sprintf("path=%s&size=%d&isdir=%d", encodeURIComponent(path), size, isdir)
+	data := fmt.Sprintf("path=%s&size=%d&isdir=%d&rtype=3", encodeURIComponent(path), size, isdir)
 	if uploadid != "" {
 		data += fmt.Sprintf("&uploadid=%s&block_list=%s", uploadid, block_list)
 	}

drivers/google_drive/driver.go

@@ -56,7 +56,7 @@ func (d *GoogleDrive) Link(ctx context.Context, file model.Obj, args model.LinkA
 		return nil, err
 	}
 	link := model.Link{
-		URL: url + "&alt=media",
+		URL: url + "&alt=media&acknowledgeAbuse=true",
 		Header: http.Header{
 			"Authorization": []string{"Bearer " + d.AccessToken},
 		},

drivers/lanzou/driver.go

@@ -210,9 +210,11 @@ func (d *LanZou) Put(ctx context.Context, dstDir model.Obj, stream model.FileStr
 		_, err := d._post(d.BaseUrl+"/fileup.php", func(req *resty.Request) {
 			req.SetFormData(map[string]string{
 				"task":      "1",
+				"vie":       "2",
+				"ve":        "2",
 				"id":        "WU_FILE_0",
 				"name":      stream.GetName(),
-				"folder_id": dstDir.GetID(),
+				"folder_id_bb_n": dstDir.GetID(),
 			}).SetFileReader("upload_file", stream.GetName(), stream).SetContext(ctx)
 		}, &resp, true)
 		if err != nil {

drivers/local/driver.go

@@ -151,7 +151,7 @@ func (d *Local) Link(ctx context.Context, file model.Obj, args model.LinkArgs) (
 
 func (d *Local) MakeDir(ctx context.Context, parentDir model.Obj, dirName string) error {
 	fullPath := filepath.Join(parentDir.GetPath(), dirName)
-	err := os.MkdirAll(fullPath, 0700)
+	err := os.MkdirAll(fullPath, 0777)
 	if err != nil {
 		return err
 	}

drivers/onedrive/util.go

@@ -127,7 +127,7 @@ func (d *Onedrive) Request(url string, method string, callback base.ReqCallback,
 
 func (d *Onedrive) getFiles(path string) ([]File, error) {
 	var res []File
-	nextLink := d.GetMetaUrl(false, path) + "/children?$expand=thumbnails"
+	nextLink := d.GetMetaUrl(false, path) + "/children?$top=5000&$expand=thumbnails($select=medium)&$select=id,name,size,lastModifiedDateTime,content.downloadUrl,file,parentReference"
 	for nextLink != "" {
 		var files Files
 		_, err := d.Request(nextLink, http.MethodGet, nil, &files)

drivers/s3/util.go

@@ -148,6 +148,9 @@ func (d *S3) listV2(prefix string) ([]model.Obj, error) {
 			files = append(files, &file)
 		}
 		for _, object := range listObjectsResult.Contents {
+			if strings.HasSuffix(*object.Key, "/") {
+				continue
+			}
 			name := path.Base(*object.Key)
 			if name == getPlaceholderName(d.Placeholder) || name == d.Placeholder {
 				continue

go.mod

@@ -5,9 +5,10 @@ go 1.19
 require (
 	github.com/SheltonZhu/115driver v1.0.13
 	github.com/Xhofe/go-cache v0.0.0-20220723083548-714439c8af9a
-	github.com/aws/aws-sdk-go v1.44.174
+	github.com/aws/aws-sdk-go v1.44.194
 	github.com/blevesearch/bleve/v2 v2.3.6
 	github.com/caarlos0/env/v6 v6.10.1
+	github.com/caarlos0/env/v7 v7.0.0
 	github.com/deckarep/golang-set/v2 v2.1.0
 	github.com/disintegration/imaging v1.6.2
 	github.com/gin-contrib/cors v1.4.0
@@ -35,7 +36,7 @@ require (
 	gorm.io/driver/mysql v1.4.5
 	gorm.io/driver/postgres v1.4.6
 	gorm.io/driver/sqlite v1.4.4
-	gorm.io/gorm v1.24.3
+	gorm.io/gorm v1.24.5
 )
 
 require (

go.sum

@@ -16,6 +16,8 @@ github.com/aws/aws-sdk-go v1.44.173 h1:8kXIxvQnBpGhmR3Eof6SnCKgR0q5/L/3Qbv9vAC5w
 github.com/aws/aws-sdk-go v1.44.173/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go v1.44.174 h1:9lR4a6MKQW/t6YCG0ZKAt1GAkjdEPP8sWch/pfcuR0c=
 github.com/aws/aws-sdk-go v1.44.174/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.194 h1:1ZDK+QDcc5oRbZGgRZSz561eR8XVizXCeGpoZKo33NU=
+github.com/aws/aws-sdk-go v1.44.194/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/bits-and-blooms/bitset v1.2.0 h1:Kn4yilvwNtMACtf1eYDlG8H77R07mZSPbMjLyS07ChA=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/blevesearch/bleve/v2 v2.3.6 h1:NlntUHcV5CSWIhpugx4d/BRMGCiaoI8ZZXrXlahzNq4=
@@ -56,6 +58,7 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/caarlos0/env/v6 v6.10.1 h1:t1mPSxNpei6M5yAeu1qtRdPAK29Nbcf/n3G7x+b3/II=
 github.com/caarlos0/env/v6 v6.10.1/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc=
+github.com/caarlos0/env/v7 v7.0.0/go.mod h1:LPPWniDUq4JaO6Q41vtlyikhMknqymCLBw0eX4dcH1E=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -327,3 +330,5 @@ gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 gorm.io/gorm v1.24.2/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 gorm.io/gorm v1.24.3 h1:WL2ifUmzR/SLp85CSURAfybcHnGZ+yLSGSxgYXlFBHg=
 gorm.io/gorm v1.24.3/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/gorm v1.24.5 h1:g6OPREKqqlWq4kh/3MCQbZKImeB9e6Xgc4zD+JgNZGE=
+gorm.io/gorm v1.24.5/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=

internal/bootstrap/data/user.go

@@ -48,6 +48,7 @@ func initUser() {
 				Role:       model.GUEST,
 				BasePath:   "/",
 				Permission: 0,
+				Disabled:   true,
 			}
 			if err := db.CreateUser(guest); err != nil {
 				panic(err)

internal/bootstrap/db.go

@@ -51,7 +51,7 @@ func InitDB() {
 				if !(strings.HasSuffix(database.DBFile, ".db") && len(database.DBFile) > 3) {
 					log.Fatalf("db name error.")
 				}
-				dB, err = gorm.Open(sqlite.Open(fmt.Sprintf("%s?_journal=WAL&_locking=EXCLUSIVE&_vacuum=incremental",
+				dB, err = gorm.Open(sqlite.Open(fmt.Sprintf("%s?_journal=WAL&_vacuum=incremental",
 					database.DBFile)), gormConfig)
 			}
 		case "mysql":

internal/bootstrap/log.go

@@ -35,19 +35,22 @@ func setLog(l *logrus.Logger) {
 }
 
 func Log() {
-	log.SetOutput(logrus.StandardLogger().Out)
 	setLog(logrus.StandardLogger())
 	setLog(utils.Log)
 	logConfig := conf.Conf.Log
 	if logConfig.Enable {
-		mw := io.MultiWriter(os.Stdout, &lumberjack.Logger{
+		var w io.Writer = &lumberjack.Logger{
 			Filename:   logConfig.Name,
 			MaxSize:    logConfig.MaxSize, // megabytes
 			MaxBackups: logConfig.MaxBackups,
 			MaxAge:     logConfig.MaxAge,   //days
 			Compress:   logConfig.Compress, // disabled by default
-		})
+		}
-		logrus.SetOutput(mw)
+		if flags.Debug || flags.Dev {
+			w = io.MultiWriter(os.Stdout, w)
+		}
+		logrus.SetOutput(w)
 	}
+	log.SetOutput(logrus.StandardLogger().Out)
 	utils.Log.Infof("init logrus...")
 }

internal/conf/const.go

@@ -11,8 +11,6 @@ const (
 const (
 	// site
 	VERSION      = "version"
-	ApiUrl       = "api_url"
-	BasePath     = "base_path"
 	SiteTitle    = "site_title"
 	Announcement = "announcement"
 	AllowIndexed = "allow_indexed"

internal/model/user.go

@@ -18,6 +18,7 @@ type User struct {
 	Password string `json:"password"`                                  // password
 	BasePath string `json:"base_path"`                                 // base path
 	Role     int    `json:"role"`                                      // user's role
+	Disabled bool   `json:"disabled"`
 	// Determine permissions by bit
 	//  0: can see hidden files
 	//  1: can access without password

internal/search/build.go

@@ -31,6 +31,8 @@ func BuildIndex(ctx context.Context, indexPaths, ignorePaths []string, maxDepth
 		objCount uint64 = 0
 		fi       model.Obj
 	)
+	log.Infof("build index for: %+v", indexPaths)
+	log.Infof("ignore paths: %+v", ignorePaths)
 	Running.Store(true)
 	Quit = make(chan struct{}, 1)
 	indexMQ := mq.NewInMemoryMQ[ObjWithParent]()

internal/search/util.go

@@ -53,9 +53,10 @@ func updateIgnorePaths() {
 					res, err := base.RestyClient.R().Get(url)
 					if err == nil {
 						allowIndexed = utils.Json.Get(res.Body(), "data", conf.AllowIndexed).ToBool()
+						v3Visited[addition.Address] = allowIndexed
 					}
 				}
-				if allowIndexed {
+				if !allowIndexed {
 					ignorePaths = append(ignorePaths, storage.GetStorage().MountPath)
 				}
 			} else {

pkg/utils/path.go

@@ -75,7 +75,17 @@ func EncodePath(path string, all ...bool) string {
 }
 
 func JoinBasePath(basePath, reqPath string) (string, error) {
-	if strings.HasSuffix(reqPath, "..") || strings.Contains(reqPath, "../") {
+	/** relative path:
+	 * 1. ..
+	 * 2. ../
+	 * 3. /..
+	 * 4. /../
+	 * 5. /a/b/..
+	 */
+	if reqPath == ".." ||
+		strings.HasSuffix(reqPath, "/..") ||
+		strings.HasPrefix(reqPath, "../") ||
+		strings.Contains(reqPath, "/../") {
 		return "", errs.RelativePath
 	}
 	return stdpath.Join(FixAndCleanPath(basePath), FixAndCleanPath(reqPath)), nil

server/common/base.go

@@ -3,24 +3,27 @@ package common
 import (
 	"fmt"
 	"net/http"
+	stdpath "path"
 	"strings"
 
 	"github.com/alist-org/alist/v3/internal/conf"
-	"github.com/alist-org/alist/v3/internal/setting"
 )
 
 func GetApiUrl(r *http.Request) string {
 	api := conf.Conf.SiteURL
-	if api == "" {
+	if strings.HasPrefix(api, "http") {
-		api = setting.GetStr(conf.ApiUrl)
+		return api
 	}
 	if r != nil && api == "" {
 		protocol := "http"
-		if r.TLS != nil {
+		if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
 			protocol = "https"
 		}
-		api = fmt.Sprintf("%s://%s", protocol, r.Host)
+		host := r.Host
-
+		if r.Header.Get("X-Forwarded-Host") != "" {
+			host = r.Header.Get("X-Forwarded-Host")
+		}
+		api = fmt.Sprintf("%s://%s", protocol, stdpath.Join(host, api))
 	}
 	strings.TrimSuffix(api, "/")
 	return api

server/handles/user.go

@@ -67,6 +67,10 @@ func UpdateUser(c *gin.Context) {
 	if req.OtpSecret == "" {
 		req.OtpSecret = user.OtpSecret
 	}
+	if req.Disabled && req.IsAdmin() {
+		common.ErrorStrResp(c, "admin user can not be disabled", 400)
+		return
+	}
 	if err := op.UpdateUser(&req); err != nil {
 		common.ErrorResp(c, err, 500)
 	} else {

server/middlewares/auth.go

@@ -33,6 +33,11 @@ func Auth(c *gin.Context) {
 			c.Abort()
 			return
 		}
+		if guest.Disabled {
+			common.ErrorStrResp(c, "Guest user is disabled, login please", 401)
+			c.Abort()
+			return
+		}
 		c.Set("user", guest)
 		log.Debugf("use empty token: %+v", guest)
 		c.Next()
@@ -50,6 +55,11 @@ func Auth(c *gin.Context) {
 		c.Abort()
 		return
 	}
+	if user.Disabled {
+		common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
+		c.Abort()
+		return
+	}
 	c.Set("user", user)
 	log.Debugf("use login token: %+v", user)
 	c.Next()

server/static/config.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 
 	"github.com/alist-org/alist/v3/internal/conf"
-	"github.com/alist-org/alist/v3/internal/setting"
 	"github.com/alist-org/alist/v3/pkg/utils"
 )
 
@@ -25,11 +24,6 @@ func getSiteConfig() SiteConfig {
 		BasePath: u.Path,
 		Cdn:      strings.ReplaceAll(strings.TrimSuffix(conf.Conf.Cdn, "/"), "$version", conf.WebVersion),
 	}
-	// try to get old config
-	if siteConfig.ApiURL == "" {
-		siteConfig.ApiURL = setting.GetStr(conf.ApiUrl)
-		siteConfig.BasePath = setting.GetStr(conf.BasePath)
-	}
 	if siteConfig.BasePath != "" {
 		siteConfig.BasePath = utils.FixAndCleanPath(siteConfig.BasePath)
 	}