Backups/OpenList
1
0
Fork 0
mirror of https://github.com/OpenListTeam/OpenList.git synced 2025-09-19 12:16:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(share): support custom proxy url (#1130)

Browse Source 
* feat(share): support custom proxy url

* fix(share): count access

* fix: maybe a path traversal vulnerability?
This commit is contained in:
KirCute
2025-08-28 22:11:19 +08:00
committed by GitHub
parent 04a5e58781
commit 14bf4ecb4c
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/handles/sharing.go
View File

@ -195,6 +195,7 @@ func SharingArchiveList(c *gin.Context, req *ArchiveListReq) {
func SharingDown(c *gin.Context) { func SharingDown(c *gin.Context) {
sid := c.Request.Context().Value(conf.SharingIDKey).(string) sid := c.Request.Context().Value(conf.SharingIDKey).(string)
path := c.Request.Context().Value(conf.PathKey).(string) path := c.Request.Context().Value(conf.PathKey).(string)
path = utils.FixAndCleanPath(path)
pwd := c.Query("pwd") pwd := c.Query("pwd")
s, err := op.GetSharingById(sid) s, err := op.GetSharingById(sid)
if err == nil { if err == nil {
@ -219,6 +220,13 @@ func SharingDown(c *gin.Context) {
return return
} }
if setting.GetBool(conf.ShareForceProxy) || common.ShouldProxy(storage, stdpath.Base(actualPath)) { if setting.GetBool(conf.ShareForceProxy) || common.ShouldProxy(storage, stdpath.Base(actualPath)) {
if _, ok := c.GetQuery("d"); !ok {
if url := common.GenerateDownProxyURL(storage.GetStorage(), unwrapPath); url != "" {
c.Redirect(302, url)
_ = countAccess(c.ClientIP(), s)
return
}
}
link, obj, err := op.Link(c.Request.Context(), storage, actualPath, model.LinkArgs{ link, obj, err := op.Link(c.Request.Context(), storage, actualPath, model.LinkArgs{
Header: c.Request.Header, Header: c.Request.Header,
Type: c.Query("type"), Type: c.Query("type"),
@ -252,6 +260,7 @@ func SharingArchiveExtract(c *gin.Context) {
} }
sid := c.Request.Context().Value(conf.SharingIDKey).(string) sid := c.Request.Context().Value(conf.SharingIDKey).(string)
path := c.Request.Context().Value(conf.PathKey).(string) path := c.Request.Context().Value(conf.PathKey).(string)
path = utils.FixAndCleanPath(path)
pwd := c.Query("pwd") pwd := c.Query("pwd")
innerPath := utils.FixAndCleanPath(c.Query("inner")) innerPath := utils.FixAndCleanPath(c.Query("inner"))
archivePass := c.Query("pass") archivePass := c.Query("pass")