feat(webdav): option to disable system file uploads (#2871)

2025-09-12 14:04:51 +08:00 · 2025-09-12 14:04:51 +08:00 · a581851f84
parent fe7cf5d0d8
commit a581851f84
4 changed files with 23 additions and 10 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit e53eb86a326475487eec2dd831307b6fe71f57ae
+Subproject commit dcf21d5eb9fbb635e81ab3c13b44e1233db5cac9
--- a/inventory/types/types.go
+++ b/inventory/types/types.go
@ -257,6 +257,7 @@ func FileTypeFromString(s string) FileType {
 const (
 	DavAccountReadOnly DavAccountOption = iota
 	DavAccountProxy
+	DavAccountDisableSysFiles
 )

 const (
--- a/pkg/webdav/webdav.go
+++ b/pkg/webdav/webdav.go
@ -9,6 +9,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+	"time"
+
 	"github.com/cloudreve/Cloudreve/v4/application/dependency"
 	"github.com/cloudreve/Cloudreve/v4/ent"
 	"github.com/cloudreve/Cloudreve/v4/inventory"
@ -26,11 +32,6 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/samber/lo"
 	"golang.org/x/tools/container/intsets"
-	"net/http"
-	"net/url"
-	"path"
-	"strings"
-	"time"
 )

 const (
@ -228,6 +229,12 @@ func handlePut(c *gin.Context, user *ent.User, fm manager.FileManager) (status i
 		return purposeStatusCodeFromError(err), err
 	}

+	if user.Edges.DavAccounts[0].Options.Enabled(int(types.DavAccountDisableSysFiles)) {
+		if strings.HasPrefix(reqPath.Name(), ".") {
+			return http.StatusMethodNotAllowed, nil
+		}
+	}
+
 	release, ls, status, err := confirmLock(c, fm, user, ancestor, nil, uri, nil)
 	if err != nil {
 		return status, err
--- a/service/setting/webdav.go
+++ b/service/setting/webdav.go
@ -86,10 +86,11 @@ func (service *ListDavAccountsService) List(c *gin.Context) (*ListDavAccountResp

 type (
 	CreateDavAccountService struct {
-		Uri      string `json:"uri" binding:"required"`
-		Name     string `json:"name" binding:"required,min=1,max=255"`
-		Readonly bool   `json:"readonly"`
-		Proxy    bool   `json:"proxy"`
+		Uri             string `json:"uri" binding:"required"`
+		Name            string `json:"name" binding:"required,min=1,max=255"`
+		Readonly        bool   `json:"readonly"`
+		Proxy           bool   `json:"proxy"`
+		DisableSysFiles bool   `json:"disable_sys_files"`
 	}
 	CreateDavAccountParamCtx struct{}
 )
@ -173,6 +174,10 @@ func (service *CreateDavAccountService) validateAndGetBs(user *ent.User) (*bools
 		boolset.Set(types.DavAccountReadOnly, true, &bs)
 	}

+	if service.DisableSysFiles {
+		boolset.Set(types.DavAccountDisableSysFiles, true, &bs)
+	}
+
 	if service.Proxy && user.Edges.Group.Permissions.Enabled(int(types.GroupPermissionWebDAVProxy)) {
 		boolset.Set(types.DavAccountProxy, true, &bs)
 	}