🔒 not allowed delete root folder

2022-01-13 21:23:27 +08:00 · 2022-01-13 21:23:27 +08:00 · b472c2ee18
parent 65a01251e9
commit b472c2ee18
9 changed files with 27 additions and 19 deletions
--- a/server/common/common.go
+++ b/server/common/common.go
@ -60,6 +60,16 @@ func ErrorResp(c *gin.Context, err error, code int) {
 	c.Abort()
 }

+func ErrorStrResp(c *gin.Context, str string, code int) {
+	log.Error(str)
+	c.JSON(200, Resp{
+		Code:    code,
+		Message: str,
+		Data:    nil,
+	})
+	c.Abort()
+}
+
 func SuccessResp(c *gin.Context, data ...interface{}) {
 	if len(data) == 0 {
 		c.JSON(200, Resp{
--- a/server/controllers/account.go
+++ b/server/controllers/account.go
@ -28,7 +28,7 @@ func CreateAccount(c *gin.Context) {
 	}
 	driver, ok := base.GetDriver(req.Type)
 	if !ok {
-		common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400)
+		common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
 		return
 	}
 	now := time.Now()
@ -54,7 +54,7 @@ func SaveAccount(c *gin.Context) {
 	}
 	driver, ok := base.GetDriver(req.Type)
 	if !ok {
-		common.ErrorResp(c, fmt.Errorf("no [%s] driver", req.Type), 400)
+		common.ErrorStrResp(c, fmt.Sprintf("No [%s] driver", req.Type), 400)
 		return
 	}
 	old, err := model.GetAccountById(req.ID)
--- a/server/controllers/file/delete.go
+++ b/server/controllers/file/delete.go
@ -1,7 +1,6 @@
 package file

 import (
-	"errors"
 	"github.com/Xhofe/alist/drivers/base"
 	"github.com/Xhofe/alist/drivers/operate"
 	"github.com/Xhofe/alist/server/common"
@ -21,7 +20,7 @@ func DeleteFiles(c *gin.Context) {
 		return
 	}
 	if len(req.Names) == 0 {
-		common.ErrorResp(c, errors.New("empty file names"), 400)
+		common.ErrorStrResp(c, "Empty file names", 400)
 		return
 	}
 	for i, name := range req.Names {
@ -30,6 +29,10 @@ func DeleteFiles(c *gin.Context) {
 			common.ErrorResp(c, err, 500)
 			return
 		}
+		if path_ == "/" {
+			common.ErrorStrResp(c, "Delete root folder is not allowed", 400)
+			return
+		}
 		clearCache := false
 		if i == len(req.Names)-1 {
 			clearCache = true
--- a/server/controllers/file/upload.go
+++ b/server/controllers/file/upload.go
@ -1,7 +1,6 @@
 package file

 import (
-	"errors"
 	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/drivers/base"
 	"github.com/Xhofe/alist/drivers/operate"
@ -19,11 +18,11 @@ func UploadFiles(c *gin.Context) {
 		password := c.PostForm("password")
 		meta, _ := model.GetMetaByPath(path)
 		if meta == nil || !meta.Upload {
-			common.ErrorResp(c, errors.New("not allow upload"), 403)
+			common.ErrorStrResp(c, "Not allow upload", 403)
 			return
 		}
 		if meta.Password != "" && meta.Password != password {
-			common.ErrorResp(c, errors.New("wrong password"), 403)
+			common.ErrorStrResp(c, "Wrong password", 403)
 			return
 		}
 	}
--- a/server/controllers/proxy.go
+++ b/server/controllers/proxy.go
@ -36,7 +36,7 @@ func Proxy(c *gin.Context) {
 			_, ok = c.Get("sign")
 		}
 		if !ok {
-			common.ErrorResp(c, fmt.Errorf("[%s] not allowed proxy", account.Name), 403)
+			common.ErrorStrResp(c, fmt.Sprintf("[%s] not allowed proxy", account.Name), 403)
 			return
 		}
 	}
--- a/server/middlewares/account.go
+++ b/server/middlewares/account.go
@ -1,7 +1,6 @@
 package middlewares

 import (
-	"fmt"
 	"github.com/Xhofe/alist/model"
 	"github.com/Xhofe/alist/server/common"
 	"github.com/gin-gonic/gin"
@ -9,8 +8,8 @@ import (

 func CheckAccount(c *gin.Context) {
 	if model.AccountsCount() == 0 {
-		common.ErrorResp(c, fmt.Errorf("no accounts,please add one first"), 1001)
+		common.ErrorStrResp(c, "No accounts,please add one first", 1001)
 		return
 	}
 	c.Next()
-}
+}
--- a/server/middlewares/auth.go
+++ b/server/middlewares/auth.go
@ -1,7 +1,6 @@
 package middlewares

 import (
-	"fmt"
 	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/server/common"
 	"github.com/gin-gonic/gin"
@ -20,8 +19,8 @@ func Auth(c *gin.Context) {
 	//}
 	//if token != utils.GetMD5Encode(password.Value) {
 	if token != conf.Token {
-		common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
+		common.ErrorStrResp(c, "Wrong password", 401)
 		return
 	}
 	c.Next()
-}
+}
--- a/server/middlewares/down.go
+++ b/server/middlewares/down.go
@ -1,7 +1,6 @@
 package middlewares

 import (
-	"fmt"
 	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/server/common"
 	"github.com/Xhofe/alist/utils"
@ -20,7 +19,7 @@ func DownCheck(c *gin.Context) {
 	}
 	pw := c.Query("pw")
 	if !common.CheckDownLink(utils.Dir(rawPath), pw, utils.Base(rawPath)) {
-		common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
+		common.ErrorStrResp(c, "Wrong password", 401)
 		c.Abort()
 		return
 	}
--- a/server/middlewares/path.go
+++ b/server/middlewares/path.go
@ -1,7 +1,6 @@
 package middlewares

 import (
-	"fmt"
 	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/model"
 	"github.com/Xhofe/alist/server/common"
@ -25,13 +24,13 @@ func PathCheck(c *gin.Context) {
 	meta, err := model.GetMetaByPath(req.Path)
 	if err == nil {
 		if meta.Password != "" && meta.Password != req.Password {
-			common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
+			common.ErrorStrResp(c, "Wrong password", 401)
 			c.Abort()
 			return
 		}
 	} else if conf.GetBool("check parent folder") {
 		if !common.CheckParent(utils.Dir(req.Path), req.Password) {
-			common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
+			common.ErrorStrResp(c, "Wrong password", 401)
 			c.Abort()
 			return
 		}