github
/
alist
mirror of https://github.com/Xhofe/alist
1
0
Fork 0
Code Issues Releases Wiki Activity

🔒 not allowed delete root folder

pull/548/head
微凉 2022-01-13 21:23:27 +08:00
parent 65a01251e9
commit b472c2ee18
9 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/common/common.go
View File

@ -60,6 +60,16 @@ func ErrorResp(c *gin.Context, err error, code int) {
c.Abort() c.Abort()
} }
func ErrorStrResp(c *gin.Context, str string, code int) {
log.Error(str)
c.JSON(200, Resp{
Code: code,
Message: str,
Data: nil,
})
c.Abort()
}
func SuccessResp(c *gin.Context, data ...interface{}) { func SuccessResp(c *gin.Context, data ...interface{}) {
if len(data) == 0 { if len(data) == 0 {
c.JSON(200, Resp{ c.JSON(200, Resp{

4
server/controllers/account.go
View File

@ -28,7 +28,7 @@ func CreateAccount(c *gin.Context) {
} }
driver, ok := base.GetDriver(req.Type) driver, ok := base.GetDriver(req.Type)
if !ok { if !ok {
common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400) common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
return return
} }
now := time.Now() now := time.Now()
@ -54,7 +54,7 @@ func SaveAccount(c *gin.Context) {
} }
driver, ok := base.GetDriver(req.Type) driver, ok := base.GetDriver(req.Type)
if !ok { if !ok {
common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400) common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
return return
} }
old, err := model.GetAccountById(req.ID) old, err := model.GetAccountById(req.ID)

7
server/controllers/file/delete.go
View File

@ -1,7 +1,6 @@
package file package file
import ( import (
"errors"
"github.com/Xhofe/alist/drivers/base" "github.com/Xhofe/alist/drivers/base"
"github.com/Xhofe/alist/drivers/operate" "github.com/Xhofe/alist/drivers/operate"
"github.com/Xhofe/alist/server/common" "github.com/Xhofe/alist/server/common"
@ -21,7 +20,7 @@ func DeleteFiles(c *gin.Context) {
return return
} }
if len(req.Names) == 0 { if len(req.Names) == 0 {
common.ErrorResp(c, errors.New("empty file names"), 400) common.ErrorStrResp(c, "Empty file names", 400)
return return
} }
for i, name := range req.Names { for i, name := range req.Names {
@ -30,6 +29,10 @@ func DeleteFiles(c *gin.Context) {
common.ErrorResp(c, err, 500) common.ErrorResp(c, err, 500)
return return
} }
if path_ == "/" {
common.ErrorStrResp(c, "Delete root folder is not allowed", 400)
return
}
clearCache := false clearCache := false
if i == len(req.Names)-1 { if i == len(req.Names)-1 {
clearCache = true clearCache = true

5
server/controllers/file/upload.go
View File

@ -1,7 +1,6 @@
package file package file
import ( import (
"errors"
"github.com/Xhofe/alist/conf" "github.com/Xhofe/alist/conf"
"github.com/Xhofe/alist/drivers/base" "github.com/Xhofe/alist/drivers/base"
"github.com/Xhofe/alist/drivers/operate" "github.com/Xhofe/alist/drivers/operate"
@ -19,11 +18,11 @@ func UploadFiles(c *gin.Context) {
password := c.PostForm("password") password := c.PostForm("password")
meta, _ := model.GetMetaByPath(path) meta, _ := model.GetMetaByPath(path)
if meta == nil || !meta.Upload { if meta == nil || !meta.Upload {
common.ErrorResp(c, errors.New("not allow upload"), 403) common.ErrorStrResp(c, "Not allow upload", 403)
return return
} }
if meta.Password != "" && meta.Password != password { if meta.Password != "" && meta.Password != password {
common.ErrorResp(c, errors.New("wrong password"), 403) common.ErrorStrResp(c, "Wrong password", 403)
return return
} }
} }

2
server/controllers/proxy.go
View File

@ -36,7 +36,7 @@ func Proxy(c *gin.Context) {
_, ok = c.Get("sign") _, ok = c.Get("sign")
} }
if !ok { if !ok {
common.ErrorResp(c, fmt.Errorf("[%s] not allowed proxy", account.Name), 403) common.ErrorStrResp(c, fmt.Sprintf("[%s] not allowed proxy", account.Name), 403)
return return
} }
} }

3
server/middlewares/account.go
View File

@ -1,7 +1,6 @@
package middlewares package middlewares
import ( import (
"fmt"
"github.com/Xhofe/alist/model" "github.com/Xhofe/alist/model"
"github.com/Xhofe/alist/server/common" "github.com/Xhofe/alist/server/common"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
@ -9,7 +8,7 @@ import (
func CheckAccount(c *gin.Context) { func CheckAccount(c *gin.Context) {
if model.AccountsCount() == 0 { if model.AccountsCount() == 0 {
common.ErrorResp(c, fmt.Errorf("no accounts,please add one first"), 1001) common.ErrorStrResp(c, "No accounts,please add one first", 1001)
return return
} }
c.Next() c.Next()

3
server/middlewares/auth.go
View File

@ -1,7 +1,6 @@
package middlewares package middlewares
import ( import (
"fmt"
"github.com/Xhofe/alist/conf" "github.com/Xhofe/alist/conf"
"github.com/Xhofe/alist/server/common" "github.com/Xhofe/alist/server/common"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
@ -20,7 +19,7 @@ func Auth(c *gin.Context) {
//} //}
//if token != utils.GetMD5Encode(password.Value) { //if token != utils.GetMD5Encode(password.Value) {
if token != conf.Token { if token != conf.Token {
common.ErrorResp(c, fmt.Errorf("wrong password"), 401) common.ErrorStrResp(c, "Wrong password", 401)
return return
} }
c.Next() c.Next()

3
server/middlewares/down.go
View File

@ -1,7 +1,6 @@
package middlewares package middlewares
import ( import (
"fmt"
"github.com/Xhofe/alist/conf" "github.com/Xhofe/alist/conf"
"github.com/Xhofe/alist/server/common" "github.com/Xhofe/alist/server/common"
"github.com/Xhofe/alist/utils" "github.com/Xhofe/alist/utils"
@ -20,7 +19,7 @@ func DownCheck(c *gin.Context) {
} }
pw := c.Query("pw") pw := c.Query("pw")
if !common.CheckDownLink(utils.Dir(rawPath), pw, utils.Base(rawPath)) { if !common.CheckDownLink(utils.Dir(rawPath), pw, utils.Base(rawPath)) {
common.ErrorResp(c, fmt.Errorf("wrong password"), 401) common.ErrorStrResp(c, "Wrong password", 401)
c.Abort() c.Abort()
return return
} }

5
server/middlewares/path.go
View File

@ -1,7 +1,6 @@
package middlewares package middlewares
import ( import (
"fmt"
"github.com/Xhofe/alist/conf" "github.com/Xhofe/alist/conf"
"github.com/Xhofe/alist/model" "github.com/Xhofe/alist/model"
"github.com/Xhofe/alist/server/common" "github.com/Xhofe/alist/server/common"
@ -25,13 +24,13 @@ func PathCheck(c *gin.Context) {
meta, err := model.GetMetaByPath(req.Path) meta, err := model.GetMetaByPath(req.Path)
if err == nil { if err == nil {
if meta.Password != "" && meta.Password != req.Password { if meta.Password != "" && meta.Password != req.Password {
common.ErrorResp(c, fmt.Errorf("wrong password"), 401) common.ErrorStrResp(c, "Wrong password", 401)
c.Abort() c.Abort()
return return
} }
} else if conf.GetBool("check parent folder") { } else if conf.GetBool("check parent folder") {
if !common.CheckParent(utils.Dir(req.Path), req.Password) { if !common.CheckParent(utils.Dir(req.Path), req.Password) {
common.ErrorResp(c, fmt.Errorf("wrong password"), 401) common.ErrorStrResp(c, "Wrong password", 401)
c.Abort() c.Abort()
return return
} }