From acd4083399d6227b9bef01aa355ca2c265fa489f Mon Sep 17 00:00:00 2001
From: Noah Hsu <i@nn.ci>
Date: Sun, 26 Jun 2022 16:55:37 +0800
Subject: [PATCH] chore: ignore password for get current user

---
 internal/db/meta.go                  | 3 ++-
 internal/db/user.go                  | 3 ++-
 internal/server/controllers/login.go | 1 +
 internal/server/middlewares/auth.go  | 7 ++++++-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/internal/db/meta.go b/internal/db/meta.go
index 10604363..9327dcfb 100644
--- a/internal/db/meta.go
+++ b/internal/db/meta.go
@@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 	"gorm.io/gorm"
 	stdpath "path"
+	"time"
 )
 
 var metaCache = cache.NewMemCache(cache.WithShards[*model.Meta](2))
@@ -41,7 +42,7 @@ func GetMetaByPath(path string) (*model.Meta, error) {
 		if err := db.Where(meta).First(&meta).Error; err != nil {
 			return nil, errors.Wrapf(err, "failed select meta")
 		}
-		metaCache.Set(path, &meta)
+		metaCache.Set(path, &meta, cache.WithEx[*model.Meta](time.Hour))
 		return &meta, nil
 	})
 	return meta, err
diff --git a/internal/db/user.go b/internal/db/user.go
index ee2c23a4..b1987619 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -6,6 +6,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/alist-org/alist/v3/pkg/singleflight"
 	"github.com/pkg/errors"
+	"time"
 )
 
 var userCache = cache.NewMemCache(cache.WithShards[*model.User](2))
@@ -40,7 +41,7 @@ func GetUserByName(username string) (*model.User, error) {
 		if err := db.Where(user).First(&user).Error; err != nil {
 			return nil, errors.Wrapf(err, "failed find user")
 		}
-		userCache.Set(username, &user)
+		userCache.Set(username, &user, cache.WithEx[*model.User](time.Hour))
 		return &user, nil
 	})
 	return user, err
diff --git a/internal/server/controllers/login.go b/internal/server/controllers/login.go
index 4a7edf84..f59303a6 100644
--- a/internal/server/controllers/login.go
+++ b/internal/server/controllers/login.go
@@ -60,5 +60,6 @@ func Login(c *gin.Context) {
 // if token is empty, return guest user
 func CurrentUser(c *gin.Context) {
 	user := c.MustGet("user").(*model.User)
+	user.Password = ""
 	common.SuccessResp(c, gin.H{"user": user})
 }
diff --git a/internal/server/middlewares/auth.go b/internal/server/middlewares/auth.go
index 9e757b40..c5aabff9 100644
--- a/internal/server/middlewares/auth.go
+++ b/internal/server/middlewares/auth.go
@@ -11,7 +11,12 @@ import (
 func Auth(c *gin.Context) {
 	token := c.GetHeader("Authorization")
 	if token == "" {
-		guest, _ := db.GetGuest()
+		guest, err := db.GetGuest()
+		if err != nil {
+			common.ErrorResp(c, err, 500, true)
+			c.Abort()
+			return
+		}
 		c.Set("user", guest)
 		c.Next()
 		return