chore: ignore password for get current user

internal/db/meta.go

@@ -9,6 +9,7 @@ import (
 	"github.com/pkg/errors"
 	"gorm.io/gorm"
 	stdpath "path"
+	"time"
 )
 
 var metaCache = cache.NewMemCache(cache.WithShards[*model.Meta](2))
@@ -41,7 +42,7 @@ func GetMetaByPath(path string) (*model.Meta, error) {
 		if err := db.Where(meta).First(&meta).Error; err != nil {
 			return nil, errors.Wrapf(err, "failed select meta")
 		}
-		metaCache.Set(path, &meta)
+		metaCache.Set(path, &meta, cache.WithEx[*model.Meta](time.Hour))
 		return &meta, nil
 	})
 	return meta, err

internal/db/user.go

@@ -6,6 +6,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/alist-org/alist/v3/pkg/singleflight"
 	"github.com/pkg/errors"
+	"time"
 )
 
 var userCache = cache.NewMemCache(cache.WithShards[*model.User](2))
@@ -40,7 +41,7 @@ func GetUserByName(username string) (*model.User, error) {
 		if err := db.Where(user).First(&user).Error; err != nil {
 			return nil, errors.Wrapf(err, "failed find user")
 		}
-		userCache.Set(username, &user)
+		userCache.Set(username, &user, cache.WithEx[*model.User](time.Hour))
 		return &user, nil
 	})
 	return user, err

internal/server/controllers/login.go

@@ -60,5 +60,6 @@ func Login(c *gin.Context) {
 // if token is empty, return guest user
 func CurrentUser(c *gin.Context) {
 	user := c.MustGet("user").(*model.User)
+	user.Password = ""
 	common.SuccessResp(c, gin.H{"user": user})
 }

internal/server/middlewares/auth.go

@@ -11,7 +11,12 @@ import (
 func Auth(c *gin.Context) {
 	token := c.GetHeader("Authorization")
 	if token == "" {
-		guest, _ := db.GetGuest()
+		guest, err := db.GetGuest()
+		if err != nil {
+			common.ErrorResp(c, err, 500, true)
+			c.Abort()
+			return
+		}
 		c.Set("user", guest)
 		c.Next()
 		return