Add validate

Update file route
update action
2025-12-23 04:54:41 +00:00 · 2023-07-25 03:43:25 +01:00 · 2023-07-12 07:57:13 +01:00 · 2023-07-10 07:59:46 +01:00 · 2023-07-10 07:58:24 +01:00 · 2023-07-10 07:57:22 +01:00
4 changed files with 36 additions and 5 deletions
--- a/.github/workflows/push_test_server.yml
+++ b/.github/workflows/push_test_server.yml
@@ -2,7 +2,7 @@ name: Auto Publish Website
 on:
  push:
    branches:
-      - main
+      - community
 permissions:
  contents: write
 jobs:
@@ -19,7 +19,7 @@ jobs:
      - name: git global
        run: sudo git config --global --add safe.directory '*'
      - name: set version
-        run: sudo git tag v99.99.99-alpha
+        run: sudo git tag v00.00.00-alpha
        
      - name: Fetch all tags
        run: sudo git fetch --force --tags
@@ -44,7 +44,7 @@ jobs:
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
-          version: latest
+          version: 1.14.1
          args: release --rm-dist --snapshot
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -38,7 +38,7 @@ jobs:
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
-          version: latest
+          version: 1.14.1
          args: release --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/common/constants.go
+++ b/common/constants.go
@@ -2,6 +2,6 @@ package common

 const (
 	SERVICENAME = "casaos"
-	VERSION     = "0.4.4"
+	VERSION     = "0.4.4.1"
 	BODY        = " "
 )
--- a/route/v2.go
+++ b/route/v2.go
@@ -148,15 +148,46 @@ func InitV2DocRouter(docHTML string, docYAML string) http.Handler {

 func InitFile() http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := r.URL.Query().Get("token")
+		if len(token) == 0 {
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte(`{"message": "token not found"}`))
+			return
+		}
+
+		valid, _, errs := jwt.Validate(token, func() (*ecdsa.PublicKey, error) { return external.GetPublicKey(config.CommonInfo.RuntimePath) })
+		if errs != nil || !valid {
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte(`{"message": "validation failure"}`))
+			return
+		}
 		filePath := r.URL.Query().Get("path")
 		fileName := path.Base(filePath)
 		w.Header().Add("Content-Disposition", "attachment; filename*=utf-8''"+url.PathEscape(fileName))
 		http.ServeFile(w, r, filePath)
+		//http.ServeFile(w, r, filePath)
 	})
 }

 func InitDir() http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := r.URL.Query().Get("token")
+		if len(token) == 0 {
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte(`{"message": "token not found"}`))
+			return
+		}
+
+		valid, _, errs := jwt.Validate(token, func() (*ecdsa.PublicKey, error) { return external.GetPublicKey(config.CommonInfo.RuntimePath) })
+		if errs != nil || !valid {
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte(`{"message": "validation failure"}`))
+			return
+		}
 		t := r.URL.Query().Get("format")
 		files := r.URL.Query().Get("files")
Author	SHA1	Message	Date
LinkLeong	1cd5c92a4c	Add validate	2023-07-25 03:43:25 +01:00
LinkLeong	9d6381d7ac	Update file route	2023-07-12 07:57:13 +01:00
LinkLeong	e5b172627a	update action	2023-07-10 07:59:46 +01:00
LinkLeong	bbbb3b2f29	update action	2023-07-10 07:58:24 +01:00
LinkLeong	1453eac570	update gorelease version	2023-07-10 07:57:22 +01:00