github
/
Cloudreve
mirror of https://github.com/cloudreve/Cloudreve
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(webdav): option to disable system file uploads (#2871)

pull/2892/head
Aaron Liu 2025-09-12 14:04:51 +08:00
parent fe7cf5d0d8
commit a581851f84
4 changed files with 23 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
assets

@ -1 +1 @@
Subproject commit e53eb86a326475487eec2dd831307b6fe71f57ae Subproject commit dcf21d5eb9fbb635e81ab3c13b44e1233db5cac9

1
inventory/types/types.go
View File

@ -257,6 +257,7 @@ func FileTypeFromString(s string) FileType {
const ( const (
DavAccountReadOnly DavAccountOption = iota DavAccountReadOnly DavAccountOption = iota
DavAccountProxy DavAccountProxy
DavAccountDisableSysFiles
) )
const ( const (

17
pkg/webdav/webdav.go
View File

@ -9,6 +9,12 @@ import (
"context" "context"
"errors" "errors"
"fmt" "fmt"
"net/http"
"net/url"
"path"
"strings"
"time"
"github.com/cloudreve/Cloudreve/v4/application/dependency" "github.com/cloudreve/Cloudreve/v4/application/dependency"
"github.com/cloudreve/Cloudreve/v4/ent" "github.com/cloudreve/Cloudreve/v4/ent"
"github.com/cloudreve/Cloudreve/v4/inventory" "github.com/cloudreve/Cloudreve/v4/inventory"
@ -26,11 +32,6 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/samber/lo" "github.com/samber/lo"
"golang.org/x/tools/container/intsets" "golang.org/x/tools/container/intsets"
"net/http"
"net/url"
"path"
"strings"
"time"
) )
const ( const (
@ -228,6 +229,12 @@ func handlePut(c *gin.Context, user *ent.User, fm manager.FileManager) (status i
return purposeStatusCodeFromError(err), err return purposeStatusCodeFromError(err), err
} }
if user.Edges.DavAccounts[0].Options.Enabled(int(types.DavAccountDisableSysFiles)) {
if strings.HasPrefix(reqPath.Name(), ".") {
return http.StatusMethodNotAllowed, nil
}
}
release, ls, status, err := confirmLock(c, fm, user, ancestor, nil, uri, nil) release, ls, status, err := confirmLock(c, fm, user, ancestor, nil, uri, nil)
if err != nil { if err != nil {
return status, err return status, err

13
service/setting/webdav.go
View File

@ -86,10 +86,11 @@ func (service *ListDavAccountsService) List(c *gin.Context) (*ListDavAccountResp
type ( type (
CreateDavAccountService struct { CreateDavAccountService struct {
Uri string `json:"uri" binding:"required"` Uri string `json:"uri" binding:"required"`
Name string `json:"name" binding:"required,min=1,max=255"` Name string `json:"name" binding:"required,min=1,max=255"`
Readonly bool `json:"readonly"` Readonly bool `json:"readonly"`
Proxy bool `json:"proxy"` Proxy bool `json:"proxy"`
DisableSysFiles bool `json:"disable_sys_files"`
} }
CreateDavAccountParamCtx struct{} CreateDavAccountParamCtx struct{}
) )
@ -173,6 +174,10 @@ func (service *CreateDavAccountService) validateAndGetBs(user *ent.User) (*bools
boolset.Set(types.DavAccountReadOnly, true, &bs) boolset.Set(types.DavAccountReadOnly, true, &bs)
} }
if service.DisableSysFiles {
boolset.Set(types.DavAccountDisableSysFiles, true, &bs)
}
if service.Proxy && user.Edges.Group.Permissions.Enabled(int(types.GroupPermissionWebDAVProxy)) { if service.Proxy && user.Edges.Group.Permissions.Enabled(int(types.GroupPermissionWebDAVProxy)) {
boolset.Set(types.DavAccountProxy, true, &bs) boolset.Set(types.DavAccountProxy, true, &bs)
} }