feat(share): support more secure file sharing (#991)

提供一种类似大多数网盘的文件分享操作，这种分享方式可以通过强制 Web 代理隐藏文件源路径，可以设置分享码、最大访问数和过期时间，并且不需要启用 guest 用户。在全局设置中可以调整： - 是否强制 Web 代理 - 是否允许预览 - 是否允许预览压缩文件 - 分享文件后，点击“复制链接”按钮复制的内容前端部分：OpenListTeam/OpenList-Frontend#156 文档部分：OpenListTeam/OpenList-Docs#130 Close #183 Close #526 Close #860 Close #892 Close #1079 * feat(share): support more secure file sharing * feat(share): add archive preview * fix(share): fix some bugs * feat(openlist_share): add openlist share driver * fix(share): lack unwrap when get virtual path * fix: use unwrapPath instead of path for virtual file name comparison * fix(share): change request method of /api/share/list from GET to Any * fix(share): path traversal vulnerability in sharing path check * 修复分享alias驱动的文件没开代理时无法获取URL * fix(sharing): update error message for sharing root link extraction --------- Co-authored-by: Suyunmeng <69945917+Suyunmeng@users.noreply.github.com> Co-authored-by: j2rong4cn <j2rong@qq.com>
2025-09-19 12:16:24 +08:00 · 2025-08-19 15:10:02 +08:00
parent 5d8bd258c0
commit e4c902dd93
28 changed files with 1698 additions and 94 deletions
--- a/internal/model/args.go
+++ b/internal/model/args.go
@ -77,6 +77,26 @@ type ArchiveDecompressArgs struct {
 	PutIntoNewDir bool
 }

+type SharingListArgs struct {
+	Refresh bool
+	Pwd     string
+}
+
+type SharingArchiveMetaArgs struct {
+	ArchiveMetaArgs
+	Pwd string
+}
+
+type SharingArchiveListArgs struct {
+	ArchiveListArgs
+	Pwd string
+}
+
+type SharingLinkArgs struct {
+	Pwd string
+	LinkArgs
+}
+
 type RangeReaderIF interface {
 	RangeRead(ctx context.Context, httpRange http_range.Range) (io.ReadCloser, error)
 }
--- a/internal/model/sharing.go
+++ b/internal/model/sharing.go
@ -0,0 +1,47 @@
+package model
+
+import "time"
+
+type SharingDB struct {
+	ID          string     `json:"id" gorm:"type:char(12);primaryKey"`
+	FilesRaw    string     `json:"-" gorm:"type:text"`
+	Expires     *time.Time `json:"expires"`
+	Pwd         string     `json:"pwd"`
+	Accessed    int        `json:"accessed"`
+	MaxAccessed int        `json:"max_accessed"`
+	CreatorId   uint       `json:"-"`
+	Disabled    bool       `json:"disabled"`
+	Remark      string     `json:"remark"`
+	Readme      string     `json:"readme" gorm:"type:text"`
+	Header      string     `json:"header" gorm:"type:text"`
+	Sort
+}
+
+type Sharing struct {
+	*SharingDB
+	Files   []string `json:"files"`
+	Creator *User    `json:"-"`
+}
+
+func (s *Sharing) Valid() bool {
+	if s.Disabled {
+		return false
+	}
+	if s.MaxAccessed > 0 && s.Accessed >= s.MaxAccessed {
+		return false
+	}
+	if len(s.Files) == 0 {
+		return false
+	}
+	if !s.Creator.CanShare() {
+		return false
+	}
+	if s.Expires != nil && !s.Expires.IsZero() && s.Expires.Before(time.Now()) {
+		return false
+	}
+	return true
+}
+
+func (s *Sharing) Verify(pwd string) bool {
+	return s.Pwd == "" || s.Pwd == pwd
+}
--- a/internal/model/user.go
+++ b/internal/model/user.go
@ -54,6 +54,7 @@ type User struct {
 	//   11: ftp/sftp write
 	//   12: can read archives
 	//   13: can decompress archives
+	//   14: can share
 	Permission int32  `json:"permission"`
 	OtpSecret  string `json:"-"`
 	SsoID      string `json:"sso_id"` // unique by sso platform
@ -145,6 +146,10 @@ func (u *User) CanDecompress() bool {
 	return (u.Permission>>13)&1 == 1
 }

+func (u *User) CanShare() bool {
+	return (u.Permission>>14)&1 == 1
+}
+
 func (u *User) JoinPath(reqPath string) (string, error) {
 	return utils.JoinBasePath(u.BasePath, reqPath)
 }