From 94479ceae206cacfc64ffa0d53f989b06c36932b Mon Sep 17 00:00:00 2001 From: han2015 <1019850453@qq.com> Date: Thu, 5 Jun 2025 14:14:19 +0800 Subject: [PATCH] v0.3.2 add permited member info --- build/doc/sql/schema-3.1.0.sql | 1 + code/rest/share_controller.go | 24 +++++++++++++++++++----- code/rest/share_model.go | 3 ++- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/build/doc/sql/schema-3.1.0.sql b/build/doc/sql/schema-3.1.0.sql index 0f29c9d..545402f 100644 --- a/build/doc/sql/schema-3.1.0.sql +++ b/build/doc/sql/schema-3.1.0.sql @@ -152,6 +152,7 @@ CREATE TABLE `tank31_share` ( `expire_infinity` tinyint(1) NOT NULL DEFAULT '0', `expire_time` timestamp NOT NULL DEFAULT '2018-01-01 00:00:00', `permit_list` varchar(2048) DEFAULT NULL, + `permit_infos` varchar(4096) NOT NULL, PRIMARY KEY (`uuid`), UNIQUE KEY `uuid` (`uuid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; diff --git a/code/rest/share_controller.go b/code/rest/share_controller.go index d28f094..4e9e0a6 100644 --- a/code/rest/share_controller.go +++ b/code/rest/share_controller.go @@ -3,6 +3,7 @@ package rest import ( "encoding/base64" "net/http" + "regexp" "strconv" "strings" "time" @@ -157,11 +158,13 @@ func (this *ShareController) Create(writer http.ResponseWriter, request *http.Re if permitListStr != "" { length := request.FormValue("len") + infoStr := request.FormValue("permitInfos") permited, err := checkFormatOfPermitList(permitListStr, length) if err != nil { panic(result.BadRequest("illegal data")) } share.PermitList = permited + share.PermitInfos = infoStr } this.shareDao.Create(share) @@ -196,21 +199,32 @@ func (this *ShareController) Permits(writer http.ResponseWriter, request *http.R //通过users参数进行逻辑分支处理 if update == "true" && permitList != "" { length := request.FormValue("len") + //todo: 最好对字符串的安全性加一些检验,如特殊字符 + infoStr := request.FormValue("permitInfos") + illegal, _ := regexp.MatchString(`[@\&?#%><;/=*]`, infoStr) + permited, err := checkFormatOfPermitList(permitList, length) + if err != nil || illegal { + panic(result.BadRequest("illegal data")) + } + user := this.checkUser(request) if share.UserUuid != user.Uuid { panic(result.Unauthorized("have no permission for editing")) } - permited, err := checkFormatOfPermitList(permitList, length) - if err != nil { - panic(result.BadRequest("illegal data")) - } share.PermitList = permited + share.PermitInfos = infoStr this.shareDao.Save(share) return this.Success(nil) } - return this.Success(strings.Split(share.PermitList, "|")) + return this.Success(struct { + Permited []string `json:"permited"` + Infos []string `json:"infos"` + }{ + Permited: strings.Split(share.PermitList, "|"), + Infos: strings.Split(share.PermitInfos, "|"), + }) } func checkFormatOfPermitList(permitList, length string) (string, error) { diff --git a/code/rest/share_model.go b/code/rest/share_model.go index 14ace59..d3c3790 100644 --- a/code/rest/share_model.go +++ b/code/rest/share_model.go @@ -28,7 +28,8 @@ type Share struct { ShareType string `json:"shareType" gorm:"type:varchar(45)"` Username string `json:"username" gorm:"type:varchar(45)"` UserUuid string `json:"userUuid" gorm:"type:char(36)"` - PermitList string `json:"permitList" gorm:"type:char(2048)"` + PermitList string `json:"permitList" gorm:"type:text(2048)"` + PermitInfos string `json:"permitInfos" gorm:"type:text(4096)"` DownloadTimes int64 `json:"downloadTimes" gorm:"type:bigint(20) not null;default:0"` Code string `json:"code" gorm:"type:varchar(45) not null"` ExpireInfinity bool `json:"expireInfinity" gorm:"type:tinyint(1) not null;default:0"`