feat(share): support more secure file sharing (#991)

提供一种类似大多数网盘的文件分享操作，这种分享方式可以通过强制 Web 代理隐藏文件源路径，可以设置分享码、最大访问数和过期时间，并且不需要启用 guest 用户。在全局设置中可以调整： - 是否强制 Web 代理 - 是否允许预览 - 是否允许预览压缩文件 - 分享文件后，点击“复制链接”按钮复制的内容前端部分：OpenListTeam/OpenList-Frontend#156 文档部分：OpenListTeam/OpenList-Docs#130 Close #183 Close #526 Close #860 Close #892 Close #1079 * feat(share): support more secure file sharing * feat(share): add archive preview * fix(share): fix some bugs * feat(openlist_share): add openlist share driver * fix(share): lack unwrap when get virtual path * fix: use unwrapPath instead of path for virtual file name comparison * fix(share): change request method of /api/share/list from GET to Any * fix(share): path traversal vulnerability in sharing path check * 修复分享alias驱动的文件没开代理时无法获取URL * fix(sharing): update error message for sharing root link extraction --------- Co-authored-by: Suyunmeng <69945917+Suyunmeng@users.noreply.github.com> Co-authored-by: j2rong4cn <j2rong@qq.com>
2025-09-19 12:16:24 +08:00 · 2025-08-19 15:10:02 +08:00
parent 5d8bd258c0
commit e4c902dd93
28 changed files with 1698 additions and 94 deletions
--- a/internal/model/sharing.go
+++ b/internal/model/sharing.go
@ -0,0 +1,47 @@
+package model
+
+import "time"
+
+type SharingDB struct {
+	ID          string     `json:"id" gorm:"type:char(12);primaryKey"`
+	FilesRaw    string     `json:"-" gorm:"type:text"`
+	Expires     *time.Time `json:"expires"`
+	Pwd         string     `json:"pwd"`
+	Accessed    int        `json:"accessed"`
+	MaxAccessed int        `json:"max_accessed"`
+	CreatorId   uint       `json:"-"`
+	Disabled    bool       `json:"disabled"`
+	Remark      string     `json:"remark"`
+	Readme      string     `json:"readme" gorm:"type:text"`
+	Header      string     `json:"header" gorm:"type:text"`
+	Sort
+}
+
+type Sharing struct {
+	*SharingDB
+	Files   []string `json:"files"`
+	Creator *User    `json:"-"`
+}
+
+func (s *Sharing) Valid() bool {
+	if s.Disabled {
+		return false
+	}
+	if s.MaxAccessed > 0 && s.Accessed >= s.MaxAccessed {
+		return false
+	}
+	if len(s.Files) == 0 {
+		return false
+	}
+	if !s.Creator.CanShare() {
+		return false
+	}
+	if s.Expires != nil && !s.Expires.IsZero() && s.Expires.Before(time.Now()) {
+		return false
+	}
+	return true
+}
+
+func (s *Sharing) Verify(pwd string) bool {
+	return s.Pwd == "" || s.Pwd == pwd
+}