github
/
alist
mirror of https://github.com/Xhofe/alist
1
0
Fork 0
Code Issues Releases Wiki Activity
alist/server/middlewares/fsup.go

41 lines
978 B
Go
Raw Normal View History

fix: check password while upload (close #2444)
2022-11-22 08:14:01 +00:00
package middlewares
import (
"net/url"
stdpath "path"
"github.com/alist-org/alist/v3/internal/db"
"github.com/alist-org/alist/v3/internal/errs"
"github.com/alist-org/alist/v3/internal/model"
"github.com/alist-org/alist/v3/server/common"
"github.com/gin-gonic/gin"
"github.com/pkg/errors"
)
func FsUp(c *gin.Context) {
path := c.GetHeader("File-Path")
password := c.GetHeader("Password")
path, err := url.PathUnescape(path)
if err != nil {
common.ErrorResp(c, err, 400)
c.Abort()
return
}
user := c.MustGet("user").(*model.User)
path = stdpath.Join(user.BasePath, path)
meta, err := db.GetNearestMeta(stdpath.Dir(path))
if err != nil {
if !errors.Is(errors.Cause(err), errs.MetaNotFound) {
common.ErrorResp(c, err, 500, true)
c.Abort()
return
}
}
if !(common.CanAccess(user, meta, path, password) && (user.CanWrite() || common.CanWrite(meta, path))) {
common.ErrorResp(c, errs.PermissionDenied, 403)
c.Abort()
return
}
c.Next()
}