fix(ci/issue): change unchecked regex

Signed-off-by: KirCute <951206789@qq.com>
(cherry picked from commit 27fdd03ec394d0d79459f873c4aef2e59464f0c2)

* 本优化减少了百度网盘驱动下文件列表的请求次数，能加快文件浏览速度。此前只要文件夹下有至少一个文件，都会至少发出2次列表请求。

Signed-off-by: hcrgm <hcrgm@qq.com>
(cherry picked from commit 031b719bb0a30642f3a920ffff3d4244644b1543)

…010)

* fix(driver/seafile): object not found when RootFolderPath != "/"

* refactor(seafile): restructure Seafile driver for improved library handling and error management

* add IsDir method to LibraryInfo type

* improve initialization

* add repoID to RepoItemResp and update List method to set repoID

---------

Co-authored-by: Khoray <hhkorm@gmail.com>
Co-authored-by: j2rong4cn <j2rong@qq.com>
(cherry picked from commit a2573fb285e806c17c4e189871b89237dcf26559)

* fix(drivers/alias): default sort & substitute link

* fix

* fix

(cherry picked from commit f0e53d18a8d71687e12f757fc268afc2c255fedb)

…(#2035)

* fix(drivers/cloudreve_v4): add IsFolder attribute to Getter response

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>

* refactor(drivers/cloudreve_v4): implement File.fileToObject method

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>

* fix(drivers/cloudreve_v4): implement 404 not found for getter

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>

---------

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>
(cherry picked from commit 29fcf5904acff340e738b84d8be1d19b1fee8e0e)

* fix(drivers/quark): apply html escaping in quark

(cherry picked from commit 27732ccc88363b71faf837e68e0fc2f87feb792e)

…#1617)

* fix(FsRemove): add validation for empty items in delete file list

If Req.Names contains an empty string item, the whole directory will be removed. As a result we need add a simple guard to prevent such cases.

Signed-off-by: huyuantao <huyuantao@ultrarisc.com>

* fix(FsRemove): enhance validation to prevent unintended directory deletion

1. Use `utils.FixAndCleanPath` to correctly identify and block invalid names.
2. Change error handling from `return` to `continue`.

Signed-off-by: huyuantao <huyuantao@ultrarisc.com>

---------

Signed-off-by: huyuantao <huyuantao@ultrarisc.com>
Co-authored-by: Pikachu Ren <40362270+PIKACHUIM@users.noreply.github.com>
(cherry picked from commit d685bbfa9adc3037dc31813615ae9b3fe6d46993)

…with pagination and random chunk naming (#2034)

* fix(drivers/teldrive): enhance file listing and upload functionality with pagination and random chunk naming

* fix(drivers/teldrive): optimize file listing by removing unnecessary mutex and restructuring data handling

* Update drivers/teldrive/meta.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Chaloemchai <chaloemchai.yy@gmail.com>

---------

Signed-off-by: Chaloemchai <chaloemchai.yy@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
(cherry picked from commit f5421876548cd5462fd21714bb609141e09b27ba)

* feat(drivers/123open): support sha1 reuse api

* fix(drivers/123open): fix typos

(cherry picked from commit a121f861dcec9b7ef2fb4808e48456f50a567bab)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
(cherry picked from commit 8431c1b1e3166f1804b194eb4e600d023a238514)

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>
(cherry picked from commit 795a18b56533dcfa0dfd3cdf0cc67acabf0b7589)

(cherry picked from commit e41b683efbd12634cb5bf030b8604ff26178fa7f)

[skip ci]

Add SECURITY.md

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>
(cherry picked from commit db0e2ec1038d2ef51a5a9dafa7c2b20b59f36cc8)

In BeginAuthnRegistration (webauthn.go), missing return statements after
error responses caused the function to continue executing with a nil
authnInstance, potentially leading to a nil pointer panic.

In OIDCLoginCallback and SSOLoginCallback (ssologin.go), missing return
statements after GenerateToken/autoRegister errors caused the handler to
send a second response, resulting in a superfluous response write.

In SetThunderBrowser (offline_download.go), the default case of the
storage type switch sent an error response but did not return, causing
SaveSettingItems and tool initialization to continue executing even when
driver type validation failed.

(cherry picked from commit 9a2ba1dabe3a9006ef6260d4168f0c5fb0ed1364)

Remove properties from azure blob response

fix azure blob prefix filter: prefix should be empty if it is "/"

(cherry picked from commit 5eaef96078280c3814942e7de76dfe66ca1abe3d)

…OSS (#2222)

* Initial plan

* fix: honor HTTPS proxy for OSS uploads

Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com>

* Honor HTTPS proxy settings for 115/115 Open/PikPak OSS uploads

Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com>

* revert

* chore

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jyxjjj <16695261+jyxjjj@users.noreply.github.com>
Co-authored-by: jyxjjj <773933146@qq.com>
(cherry picked from commit f3428e65bc126ed2c917289c4d9eb02f20cf58f8)

Fixed the issue of token verification for shared links.

(cherry picked from commit e11b8a82e7dc500e7fb26fedbac68d557474b70e)

* feat(driver): support 123 official app api

* fix(123_open): migrate api refresh to token.go

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>

* fix(drivers/123_open): trigger proactive refresh with client credentials

* fix(drivers/123_open): use client-credential token endpoint for local refresh

Keep renewapi parsing for expires_in and map it to internal expiry time handling.

* fix(drivers/123_open): limit proactive refresh to client credentials

* fix(drivers/123_open): allow renewapi refresh token proactive init

* fix(drivers/123_open): update API address to use renewapi endpoint

* fix(drivers/123_open): simplify token refresh parsing

* fix(drivers/123_open): unify token expiration to expiredAt

---------

Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>
Co-authored-by: MadDogOwner <xiaoran@xrgzs.top>
Co-authored-by: Suyunmeng <Susus0175@proton.me>
Co-authored-by: Suyunjing <suyunmeng@oplist.org.cn>
(cherry picked from commit 9fdba3a730932fff6b52054b4b83f25ac35ac1a0)

* fix(drivers/openlist): pass through frontend refresh flag
* fix(drivers/openlist): gate refresh flag forwarding by config

(cherry picked from commit 9e49adc3536a52572c496e11c4f555007da6467d)

…e (#2294)

(cherry picked from commit 12c9bdbd568bca15b6963433050e8d3499b262be)

(cherry picked from commit da26e72beeed608c4d4bf3add1e6b801fba32bae)

… and CI workflows (#2330)

(cherry picked from commit 8d39d636be112532d89ff83a5de4cb9fd62c0883)

* refactor(permission): rename permission check functions for clarity

- User.CanWrite() → User.CanCreateFilesOrFolders()
- common.CanWrite() → common.CanWriteContentBypassUserPerms()
- common.IsApply() → common.MetaCoversPath()

Improves code readability by making function names more descriptive.
The new MetaCoversPath name clearly indicates it checks if a meta rule
covers a specific path. It better conveys that it's a query function
rather than an action, and the applyToSubFolder parameter is more
explicit than applySub.

Also adds comprehensive test coverage:
- 10 tests for MetaCoversPath core logic
- 6 tests for CanWriteContent
UserPerms
- 7 tests for getReadme
- 5 tests for getHeader
- 6 tests for isEncrypt
- 9 tests for whetherHide

Total: 43 test scenarios covering all path matching and permission
inheritance logic. Tests verify both normal behavior and bug fixes
for Readme/Header information leakage and write permission bypass.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat(permission): implement fine-grained user permissions for read/write operations

Add per-user read and write permission controls at the meta level to enable
more granular access control beyond the existing permission flags.

Key changes:
- Add ReadUsers/WriteUsers fields to Meta model with sub-directory inheritance flags
- Implement CanRead and CanWrite permission check functions in server/common
- Filter file list results based on user read permissions
- Add permission checks across all file operations (FTP, HTTP handlers, WebDAV)
- Simplify error handling pattern for MetaNotFound errors throughout codebase

This allows administrators to restrict specific users from accessing or modifying
certain paths, providing finer control over file system permissions.

Note: Batch and recursive operations (FsMove, FsCopy, FsRemove, FsRecursiveMove,
FsBatchRename, FsRegexRename) currently check parent directory permissions only.
Individual item permission checks are not performed for performance reasons.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* test(permission): add comprehensive tests for CanRead, CanWrite, and combined permission checks

Add TestCanRead, TestCanWrite, TestCanAccessWithReadPermissions, and
TestWritePermissionCombinations to validate the three-layer permission
system including nil user/meta, sub-path inheritance, user whitelists,
and root-level restrictions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(webdav): use safe type assertion for MetaPassKey to prevent panic

Bearer-token and OPTIONS auth paths do not set MetaPassKey in context,
causing a panic when handlers perform a forced type assertion on nil.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(permission): treat nil user as system context in CanRead/CanWrite

Previously, CanRead/CanWrite returned false for nil user, causing
filterReadableObjs to return an empty list when fs.List is called from
internal contexts without a user (e.g. context.Background()). A nil user
represents an internal/system call and should bypass per-user restrictions,
consistent with how whetherHide already handles nil user.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(fsmanage): prevent path traversal in FsRemove

The previous check only skipped names that resolved to "/", but did not
prevent traversal to sibling directories (e.g. "../secret"), which could
bypass the CanWrite permission check that is only applied to req.Dir.

Replace with a post-join prefix check to ensure each resolved path stays
within reqPath.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(webdav): align MetaPassKey behavior with FTP auth logic

For guest users, the WebDAV password input serves as the meta folder
password (consistent with FTP anonymous/guest handling). For authenticated
users, MetaPassKey is set to empty string since their login password is
not the meta folder password.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(permission): require write auth for fs list refresh

* refactor(permission): use MetaCoversPath in CanRead/CanWrite for consistency

Replace inline `(Sub || meta.Path == path)` logic with MetaCoversPath,
consistent with CanWriteContentBypassUserPerms. Also fix a copy-paste
error in the CanWrite comment (read → write).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Pikachu Ren <40362270+PIKACHUIM@users.noreply.github.com>
(cherry picked from commit d85f084acb69b23221dd0ad948bb4354f103f00f)

…itch (#2296)

- Switch default SQLite path to github.com/glebarez/sqlite to reduce CGO dependency pressure.
- Introduce a unified openSQLite entry in bootstrap and split driver selection by build tags.
- Add sqlite_cgo_compat fallback for linux mips, mips64, loong64 and mipsle to keep legacy target builds working.
- Update build.sh musl build flow to apply compatibility tag for mips-family targets.
- Update beta_release workflow to pass compatibility tag cleanly and avoid conflicting flag composition.

(cherry picked from commit 7bea29c18e4e7ba49a7909e505b5f8225bc7cfb8)