Conversation
* feat(123网盘): 添加123网盘离线下载功能 - 新增123网盘离线下载实现 - 添加相关API接口和常量配置 - 在路由和工具集中集成123网盘支持 * refactor(offline_download): 重构123网盘离线下载状态处理和类型定义 - 将离线下载相关类型定义从util.go移至types.go - 更新状态获取api * 移除了备选方案(/offline_download/task/status) (cherry picked from commit 642acf8bca50c1282c863c6f67dfcc1e029630f1)
fix(ci/issue): change unchecked regex Signed-off-by: KirCute <951206789@qq.com> (cherry picked from commit 27fdd03ec394d0d79459f873c4aef2e59464f0c2)
* 本优化减少了百度网盘驱动下文件列表的请求次数,能加快文件浏览速度。此前只要文件夹下有至少一个文件,都会至少发出2次列表请求。 Signed-off-by: hcrgm <hcrgm@qq.com> (cherry picked from commit 031b719bb0a30642f3a920ffff3d4244644b1543)
…010) * fix(driver/seafile): object not found when RootFolderPath != "/" * refactor(seafile): restructure Seafile driver for improved library handling and error management * add IsDir method to LibraryInfo type * improve initialization * add repoID to RepoItemResp and update List method to set repoID --------- Co-authored-by: Khoray <hhkorm@gmail.com> Co-authored-by: j2rong4cn <j2rong@qq.com> (cherry picked from commit a2573fb285e806c17c4e189871b89237dcf26559)
* fix(drivers/alias): default sort & substitute link * fix * fix (cherry picked from commit f0e53d18a8d71687e12f757fc268afc2c255fedb)
…(#2035) * fix(drivers/cloudreve_v4): add IsFolder attribute to Getter response Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> * refactor(drivers/cloudreve_v4): implement File.fileToObject method Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> * fix(drivers/cloudreve_v4): implement 404 not found for getter Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> --------- Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> (cherry picked from commit 29fcf5904acff340e738b84d8be1d19b1fee8e0e)
* fix(drivers/quark): apply html escaping in quark (cherry picked from commit 27732ccc88363b71faf837e68e0fc2f87feb792e)
…#1617) * fix(FsRemove): add validation for empty items in delete file list If Req.Names contains an empty string item, the whole directory will be removed. As a result we need add a simple guard to prevent such cases. Signed-off-by: huyuantao <huyuantao@ultrarisc.com> * fix(FsRemove): enhance validation to prevent unintended directory deletion 1. Use `utils.FixAndCleanPath` to correctly identify and block invalid names. 2. Change error handling from `return` to `continue`. Signed-off-by: huyuantao <huyuantao@ultrarisc.com> --------- Signed-off-by: huyuantao <huyuantao@ultrarisc.com> Co-authored-by: Pikachu Ren <40362270+PIKACHUIM@users.noreply.github.com> (cherry picked from commit d685bbfa9adc3037dc31813615ae9b3fe6d46993)
…with pagination and random chunk naming (#2034) * fix(drivers/teldrive): enhance file listing and upload functionality with pagination and random chunk naming * fix(drivers/teldrive): optimize file listing by removing unnecessary mutex and restructuring data handling * Update drivers/teldrive/meta.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Chaloemchai <chaloemchai.yy@gmail.com> --------- Signed-off-by: Chaloemchai <chaloemchai.yy@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> (cherry picked from commit f5421876548cd5462fd21714bb609141e09b27ba)
* feat(drivers/123open): support sha1 reuse api * fix(drivers/123open): fix typos (cherry picked from commit a121f861dcec9b7ef2fb4808e48456f50a567bab)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> (cherry picked from commit 8431c1b1e3166f1804b194eb4e600d023a238514)
Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> (cherry picked from commit 795a18b56533dcfa0dfd3cdf0cc67acabf0b7589)
(cherry picked from commit e41b683efbd12634cb5bf030b8604ff26178fa7f)
[skip ci] Add SECURITY.md Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> (cherry picked from commit db0e2ec1038d2ef51a5a9dafa7c2b20b59f36cc8)
In BeginAuthnRegistration (webauthn.go), missing return statements after error responses caused the function to continue executing with a nil authnInstance, potentially leading to a nil pointer panic. In OIDCLoginCallback and SSOLoginCallback (ssologin.go), missing return statements after GenerateToken/autoRegister errors caused the handler to send a second response, resulting in a superfluous response write. In SetThunderBrowser (offline_download.go), the default case of the storage type switch sent an error response but did not return, causing SaveSettingItems and tool initialization to continue executing even when driver type validation failed. (cherry picked from commit 9a2ba1dabe3a9006ef6260d4168f0c5fb0ed1364)
Remove properties from azure blob response fix azure blob prefix filter: prefix should be empty if it is "/" (cherry picked from commit 5eaef96078280c3814942e7de76dfe66ca1abe3d)
…OSS (#2222) * Initial plan * fix: honor HTTPS proxy for OSS uploads Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com> * Honor HTTPS proxy settings for 115/115 Open/PikPak OSS uploads Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com> * revert * chore --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com> Co-authored-by: jyxjjj <773933146@qq.com> (cherry picked from commit f3428e65bc126ed2c917289c4d9eb02f20cf58f8)
Fixed the issue of token verification for shared links. (cherry picked from commit e11b8a82e7dc500e7fb26fedbac68d557474b70e)
* feat(driver): support 123 official app api * fix(123_open): migrate api refresh to token.go Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> * fix(drivers/123_open): trigger proactive refresh with client credentials * fix(drivers/123_open): use client-credential token endpoint for local refresh Keep renewapi parsing for expires_in and map it to internal expiry time handling. * fix(drivers/123_open): limit proactive refresh to client credentials * fix(drivers/123_open): allow renewapi refresh token proactive init * fix(drivers/123_open): update API address to use renewapi endpoint * fix(drivers/123_open): simplify token refresh parsing * fix(drivers/123_open): unify token expiration to expiredAt --------- Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> Co-authored-by: MadDogOwner <xiaoran@xrgzs.top> Co-authored-by: Suyunmeng <Susus0175@proton.me> Co-authored-by: Suyunjing <suyunmeng@oplist.org.cn> (cherry picked from commit 9fdba3a730932fff6b52054b4b83f25ac35ac1a0)
* fix(drivers/openlist): pass through frontend refresh flag * fix(drivers/openlist): gate refresh flag forwarding by config (cherry picked from commit 9e49adc3536a52572c496e11c4f555007da6467d)
…e (#2294) (cherry picked from commit 12c9bdbd568bca15b6963433050e8d3499b262be)
(cherry picked from commit da26e72beeed608c4d4bf3add1e6b801fba32bae)
… and CI workflows (#2330) (cherry picked from commit 8d39d636be112532d89ff83a5de4cb9fd62c0883)
* refactor(permission): rename permission check functions for clarity - User.CanWrite() → User.CanCreateFilesOrFolders() - common.CanWrite() → common.CanWriteContentBypassUserPerms() - common.IsApply() → common.MetaCoversPath() Improves code readability by making function names more descriptive. The new MetaCoversPath name clearly indicates it checks if a meta rule covers a specific path. It better conveys that it's a query function rather than an action, and the applyToSubFolder parameter is more explicit than applySub. Also adds comprehensive test coverage: - 10 tests for MetaCoversPath core logic - 6 tests for CanWriteContent UserPerms - 7 tests for getReadme - 5 tests for getHeader - 6 tests for isEncrypt - 9 tests for whetherHide Total: 43 test scenarios covering all path matching and permission inheritance logic. Tests verify both normal behavior and bug fixes for Readme/Header information leakage and write permission bypass. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat(permission): implement fine-grained user permissions for read/write operations Add per-user read and write permission controls at the meta level to enable more granular access control beyond the existing permission flags. Key changes: - Add ReadUsers/WriteUsers fields to Meta model with sub-directory inheritance flags - Implement CanRead and CanWrite permission check functions in server/common - Filter file list results based on user read permissions - Add permission checks across all file operations (FTP, HTTP handlers, WebDAV) - Simplify error handling pattern for MetaNotFound errors throughout codebase This allows administrators to restrict specific users from accessing or modifying certain paths, providing finer control over file system permissions. Note: Batch and recursive operations (FsMove, FsCopy, FsRemove, FsRecursiveMove, FsBatchRename, FsRegexRename) currently check parent directory permissions only. Individual item permission checks are not performed for performance reasons. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * test(permission): add comprehensive tests for CanRead, CanWrite, and combined permission checks Add TestCanRead, TestCanWrite, TestCanAccessWithReadPermissions, and TestWritePermissionCombinations to validate the three-layer permission system including nil user/meta, sub-path inheritance, user whitelists, and root-level restrictions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(webdav): use safe type assertion for MetaPassKey to prevent panic Bearer-token and OPTIONS auth paths do not set MetaPassKey in context, causing a panic when handlers perform a forced type assertion on nil. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(permission): treat nil user as system context in CanRead/CanWrite Previously, CanRead/CanWrite returned false for nil user, causing filterReadableObjs to return an empty list when fs.List is called from internal contexts without a user (e.g. context.Background()). A nil user represents an internal/system call and should bypass per-user restrictions, consistent with how whetherHide already handles nil user. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(fsmanage): prevent path traversal in FsRemove The previous check only skipped names that resolved to "/", but did not prevent traversal to sibling directories (e.g. "../secret"), which could bypass the CanWrite permission check that is only applied to req.Dir. Replace with a post-join prefix check to ensure each resolved path stays within reqPath. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(webdav): align MetaPassKey behavior with FTP auth logic For guest users, the WebDAV password input serves as the meta folder password (consistent with FTP anonymous/guest handling). For authenticated users, MetaPassKey is set to empty string since their login password is not the meta folder password. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(permission): require write auth for fs list refresh * refactor(permission): use MetaCoversPath in CanRead/CanWrite for consistency Replace inline `(Sub || meta.Path == path)` logic with MetaCoversPath, consistent with CanWriteContentBypassUserPerms. Also fix a copy-paste error in the CanWrite comment (read → write). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Pikachu Ren <40362270+PIKACHUIM@users.noreply.github.com> (cherry picked from commit d85f084acb69b23221dd0ad948bb4354f103f00f)
…itch (#2296) - Switch default SQLite path to github.com/glebarez/sqlite to reduce CGO dependency pressure. - Introduce a unified openSQLite entry in bootstrap and split driver selection by build tags. - Add sqlite_cgo_compat fallback for linux mips, mips64, loong64 and mipsle to keep legacy target builds working. - Update build.sh musl build flow to apply compatibility tag for mips-family targets. - Update beta_release workflow to pass compatibility tag cleanly and avoid conflicting flag composition. (cherry picked from commit 7bea29c18e4e7ba49a7909e505b5f8225bc7cfb8)
|
如果跨多个组件,请使用主要组件作为前缀,并在标题中枚举、描述中说明。 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.