ThePain/CasaOS
1
0
Fork 0
mirror of https://github.com/IceWhaleTech/CasaOS.git synced 2025-11-07 15:19:44 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add validate

Browse Source
This commit is contained in:
LinkLeong 2023-07-25 03:43:25 +01:00
parent 9d6381d7ac
commit 1cd5c92a4c
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/constants.go
View File

@ -2,6 +2,6 @@ package common
const ( const (
SERVICENAME = "casaos" SERVICENAME = "casaos"
VERSION = "0.4.4" VERSION = "0.4.4.1"
BODY = " " BODY = " "
) )

30
route/v2.go
View File

@ -148,6 +148,21 @@ func InitV2DocRouter(docHTML string, docYAML string) http.Handler {
func InitFile() http.Handler { func InitFile() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.URL.Query().Get("token")
if len(token) == 0 {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"message": "token not found"}`))
return
}
valid, _, errs := jwt.Validate(token, func() (*ecdsa.PublicKey, error) { return external.GetPublicKey(config.CommonInfo.RuntimePath) })
if errs != nil || !valid {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"message": "validation failure"}`))
return
}
filePath := r.URL.Query().Get("path") filePath := r.URL.Query().Get("path")
fileName := path.Base(filePath) fileName := path.Base(filePath)
w.Header().Add("Content-Disposition", "attachment; filename*=utf-8''"+url.PathEscape(fileName)) w.Header().Add("Content-Disposition", "attachment; filename*=utf-8''"+url.PathEscape(fileName))
@ -158,6 +173,21 @@ func InitFile() http.Handler {
func InitDir() http.Handler { func InitDir() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.URL.Query().Get("token")
if len(token) == 0 {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"message": "token not found"}`))
return
}
valid, _, errs := jwt.Validate(token, func() (*ecdsa.PublicKey, error) { return external.GetPublicKey(config.CommonInfo.RuntimePath) })
if errs != nil || !valid {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"message": "validation failure"}`))
return
}
t := r.URL.Query().Get("format") t := r.URL.Query().Get("format")
files := r.URL.Query().Get("files") files := r.URL.Query().Get("files")