fix (#605): regression for sharing link

2025-11-04 05:27:04 +08:00 · 2023-05-22 21:51:30 +10:00
parent 2e05eb78e4
commit c4e5da9169
2 changed files with 23 additions and 34 deletions
--- a/server/common/crypto.go
+++ b/server/common/crypto.go
@ -16,6 +16,7 @@ import (
 	mathrand "math/rand"
 	"os"
 	"runtime"
+	"sort"
 	"sync"
 )

@ -192,42 +193,28 @@ func verify(something []byte) ([]byte, error) {
 // Create a unique ID that can be use to identify different session
 func GenerateID(ctx *App) string {
 	p := ""
-	params := ctx.Session
-	if params["type"] != "" {
-		p += "type =>" + params["type"]
-	}
-	if params["host"] != "" {
-		p += "host =>" + params["host"]
-	}
-	if params["hostname"] != "" {
-		p += "hostname =>" + params["hostname"]
-	}
-	if params["username"] != "" {
-		p += "username =>" + params["username"]
-	}
-	if params["user"] != "" {
-		p += "user =>" + params["user"]
-	}
-	if params["repo"] != "" {
-		p += "repo =>" + params["repo"]
-	}
-	if params["access_key_id"] != "" {
-		p += "access_key_id =>" + params["access_key_id"]
-	}
-	if params["endpoint"] != "" {
-		p += "endpoint =>" + params["endpoint"]
-	}
-	if params["bearer"] != "" {
-		p += "bearer =>" + params["bearer"]
-	}
-	if params["token"] != "" {
-		p += "token =>" + params["token"]
-	}

-	if p == "" {
-		return Hash("N/A", 20)
+	orderedKeys := make([]string, len(ctx.Session))
+	for key, _ := range ctx.Session {
+		orderedKeys = append(orderedKeys, key)
 	}
-	p += "salt => " + SECRET_KEY
+	sort.Strings(orderedKeys)
+
+	for _, key := range orderedKeys {
+		switch key {
+		case "timestamp":
+		case "password":
+		case "path":
+		default:
+			if val := ctx.Session[key]; val != "" {
+				p += key + "=>" + ctx.Session[key] + ", "
+			}
+		}
+	}
+	if p == "" {
+		return "na"
+	}
+	p += "salt=>" + SECRET_KEY
 	return Hash(p, 20)
 }

--- a/server/middleware/session.go
+++ b/server/middleware/session.go
@ -131,6 +131,7 @@ func CanManageShare(fn func(*App, http.ResponseWriter, *http.Request)) func(ctx
 		// the user that's currently logged in can manage the link. 2 scenarios here:
 		// 1) scenario 1: the user is the very same one that generated the shared link in the first place
 		ctx.Share = Share{}
+		ctx.Authorization = _extractAuthorization(req)
 		if ctx.Session, err = _extractSession(req, ctx); err != nil {
 			Log.Debug("middleware::session::share 'cannot extract session - %s'", err.Error())
 			SendErrorResult(res, err)
@ -147,6 +148,7 @@ func CanManageShare(fn func(*App, http.ResponseWriter, *http.Request)) func(ctx
 			SendErrorResult(res, err)
 			return
 		}
+		ctx.Authorization = _extractAuthorization(req)
 		if ctx.Session, err = _extractSession(req, ctx); err != nil {
 			Log.Debug("middleware::session::share 'cannot extract session 2 - %s'", err.Error())
 			SendErrorResult(res, err)