alist/server/common/check.go

package common

import (
	"path"
	"regexp"
	"strings"

	"github.com/alist-org/alist/v3/internal/model"
	"github.com/alist-org/alist/v3/pkg/utils"
)

func CanWrite(meta *model.Meta, path string) bool {
	if meta == nil || !meta.Write {
		return false
	}
	return meta.WSub || meta.Path == path
}

func IsApply(metaPath, reqPath string, applySub bool) bool {
	if utils.PathEqual(metaPath, reqPath) {
		return true
	}
	return utils.IsSubPath(reqPath, metaPath) && applySub
}

func CanAccess(user *model.User, meta *model.Meta, reqPath string, password string) bool {
	// if the reqPath is in hide (only can check the nearest meta) and user can't see hides, can't access
	if meta != nil && !user.CanSeeHides() && meta.Hide != "" &&
		IsApply(meta.Path, path.Dir(reqPath), meta.HSub) { // the meta should apply to the parent of current path
		for _, hide := range strings.Split(meta.Hide, "\n") {
			re := regexp.MustCompile(hide)
			if re.MatchString(path.Base(reqPath)) {
				return false
			}
		}
	}
	// if is not guest and can access without password
	if user.CanAccessWithoutPassword() {
		return true
	}
	// if meta is nil or password is empty, can access
	if meta == nil || meta.Password == "" {
		return true
	}
	// if meta doesn't apply to sub_folder, can access
	if !utils.PathEqual(meta.Path, reqPath) && !meta.PSub {
		return true
	}
	// validate password
	return meta.Password == password
}
fix: check password while upload (close #2444) 2022-11-22 08:14:01 +00:00			`package common`

			`import (`
fix: hide apply to sub path without enable (close #3661) 2023-02-28 10:43:52 +00:00			`"path"`
fix: add hide check to `canAccess` (close #2532) 2022-11-30 14:01:33 +00:00			`"regexp"`
			`"strings"`

fix: check password while upload (close #2444) 2022-11-22 08:14:01 +00:00			`"github.com/alist-org/alist/v3/internal/model"`
			`"github.com/alist-org/alist/v3/pkg/utils"`
			`)`

			`func CanWrite(meta *model.Meta, path string) bool {`
			`if meta == nil \|\| !meta.Write {`
			`return false`
			`}`
			`return meta.WSub \|\| meta.Path == path`
			`}`

fix: hide apply to sub path without enable (close #3661) 2023-02-28 10:43:52 +00:00			`func IsApply(metaPath, reqPath string, applySub bool) bool {`
			`if utils.PathEqual(metaPath, reqPath) {`
			`return true`
			`}`
			`return utils.IsSubPath(reqPath, metaPath) && applySub`
			`}`

fix: add hide check to `canAccess` (close #2532) 2022-11-30 14:01:33 +00:00			`func CanAccess(user model.User, meta model.Meta, reqPath string, password string) bool {`
			`// if the reqPath is in hide (only can check the nearest meta) and user can't see hides, can't access`
fix: hide apply to sub path without enable (close #3661) 2023-02-28 10:43:52 +00:00			`if meta != nil && !user.CanSeeHides() && meta.Hide != "" &&`
			`IsApply(meta.Path, path.Dir(reqPath), meta.HSub) { // the meta should apply to the parent of current path`
fix: add hide check to `canAccess` (close #2532) 2022-11-30 14:01:33 +00:00			`for _, hide := range strings.Split(meta.Hide, "\n") {`
			`re := regexp.MustCompile(hide)`
fix: slice bounds out of range on `CanAccess` check 2023-03-05 07:29:53 +00:00			`if re.MatchString(path.Base(reqPath)) {`
fix: add hide check to `canAccess` (close #2532) 2022-11-30 14:01:33 +00:00			`return false`
			`}`
			`}`
			`}`
			`// if is not guest and can access without password`
fix: check password while upload (close #2444) 2022-11-22 08:14:01 +00:00			`if user.CanAccessWithoutPassword() {`
			`return true`
			`}`
			`// if meta is nil or password is empty, can access`
			`if meta == nil \|\| meta.Password == "" {`
			`return true`
			`}`
			`// if meta doesn't apply to sub_folder, can access`
fix: add hide check to `canAccess` (close #2532) 2022-11-30 14:01:33 +00:00			`if !utils.PathEqual(meta.Path, reqPath) && !meta.PSub {`
fix: check password while upload (close #2444) 2022-11-22 08:14:01 +00:00			`return true`
			`}`
			`// validate password`
			`return meta.Password == password`
			`}`