feat: allow use token to access `WebDAV`

2023-08-07 14:20:17 +08:00 · 2023-08-07 14:20:17 +08:00 · ff5cf3f4fa
parent 5b6b2f427a
commit ff5cf3f4fa
1 changed files with 20 additions and 0 deletions
--- a/server/webdav.go
+++ b/server/webdav.go
@ -2,12 +2,15 @@ package server

 import (
 	"context"
+	"crypto/subtle"
 	"net/http"
 	"path"
+	"strings"

 	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/alist-org/alist/v3/internal/op"
+	"github.com/alist-org/alist/v3/internal/setting"
 	"github.com/alist-org/alist/v3/pkg/utils"
 	"github.com/alist-org/alist/v3/server/webdav"
 	"github.com/gin-gonic/gin"
@ -47,6 +50,23 @@ func WebDAVAuth(c *gin.Context) {
 	guest, _ := op.GetGuest()
 	username, password, ok := c.Request.BasicAuth()
 	if !ok {
+		bt := c.GetHeader("Authorization")
+		if strings.HasPrefix(bt, "Bearer") {
+			bt = strings.TrimPrefix(bt, "Bearer ")
+			token := setting.GetStr(conf.Token)
+			if token != "" && subtle.ConstantTimeCompare([]byte(bt), []byte(token)) == 1 {
+				admin, err := op.GetAdmin()
+				if err != nil {
+					log.Errorf("[webdav auth] failed get admin user: %+v", err)
+					c.Status(http.StatusInternalServerError)
+					c.Abort()
+					return
+				}
+				c.Set("user", admin)
+				c.Next()
+				return
+			}
+		}
 		if c.Request.Method == "OPTIONS" {
 			c.Set("user", guest)
 			c.Next()