Try to add share code in download api.
This commit is contained in:
zicla
@ -94,7 +94,7 @@ func (this *AlienService) PreviewOrDownload(
|
||||
|
||||
tokenUser := this.userDao.CheckByUuid(downloadToken.UserUuid)
|
||||
if matter.UserUuid != tokenUser.Uuid {
|
||||
panic(result.CODE_WRAPPER_UNAUTHORIZED)
|
||||
panic(result.UNAUTHORIZED)
|
||||
}
|
||||
|
||||
//下载之后立即过期掉。如果是分块下载的,必须以最终获取到完整的数据为准。
|
||||
@ -106,7 +106,7 @@ func (this *AlienService) PreviewOrDownload(
|
||||
//判断文件的所属人是否正确
|
||||
operator := this.findUser(writer, request)
|
||||
if operator == nil || (operator.Role != USER_ROLE_ADMINISTRATOR && matter.UserUuid != operator.Uuid) {
|
||||
panic(result.CODE_WRAPPER_UNAUTHORIZED)
|
||||
panic(result.UNAUTHORIZED)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -65,7 +65,7 @@ func (this *BaseBean) findUser(writer http.ResponseWriter, request *http.Request
|
||||
//获取当前登录的用户,找不到就返回登录错误
|
||||
func (this *BaseBean) checkUser(writer http.ResponseWriter, request *http.Request) *User {
|
||||
if this.findUser(writer, request) == nil {
|
||||
panic(result.ConstWebResult(result.CODE_WRAPPER_LOGIN))
|
||||
panic(result.ConstWebResult(result.LOGIN))
|
||||
} else {
|
||||
return this.findUser(writer, request)
|
||||
}
|
||||
|
||||
@ -58,10 +58,10 @@ func (this *BaseController) Wrap(f func(writer http.ResponseWriter, request *htt
|
||||
|
||||
if user.Status == USER_STATUS_DISABLED {
|
||||
//判断用户是否被禁用。
|
||||
webResult = result.ConstWebResult(result.CODE_WRAPPER_USER_DISABLED)
|
||||
webResult = result.ConstWebResult(result.USER_DISABLED)
|
||||
} else {
|
||||
if qualifiedRole == USER_ROLE_ADMINISTRATOR && user.Role != USER_ROLE_ADMINISTRATOR {
|
||||
webResult = result.ConstWebResult(result.CODE_WRAPPER_UNAUTHORIZED)
|
||||
webResult = result.ConstWebResult(result.UNAUTHORIZED)
|
||||
} else {
|
||||
webResult = f(writer, request)
|
||||
}
|
||||
@ -98,16 +98,16 @@ func (this *BaseController) Success(data interface{}) *result.WebResult {
|
||||
var webResult *result.WebResult = nil
|
||||
if value, ok := data.(string); ok {
|
||||
//返回一句普通的消息
|
||||
webResult = &result.WebResult{Code: result.CODE_WRAPPER_OK.Code, Msg: value}
|
||||
webResult = &result.WebResult{Code: result.OK.Code, Msg: value}
|
||||
} else if value, ok := data.(*result.WebResult); ok {
|
||||
//返回一个webResult对象
|
||||
webResult = value
|
||||
} else if _, ok := data.(types.Nil); ok {
|
||||
//返回一个空指针
|
||||
webResult = result.ConstWebResult(result.CODE_WRAPPER_OK)
|
||||
webResult = result.ConstWebResult(result.OK)
|
||||
} else {
|
||||
//返回的类型不明确。
|
||||
webResult = &result.WebResult{Code: result.CODE_WRAPPER_OK.Code, Data: data}
|
||||
webResult = &result.WebResult{Code: result.OK.Code, Data: data}
|
||||
}
|
||||
return webResult
|
||||
}
|
||||
|
||||
@ -80,7 +80,7 @@ func (this *DavController) CheckCurrentUser(writer http.ResponseWriter, request
|
||||
//要求前端使用Basic的形式授权
|
||||
writer.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
|
||||
panic(result.ConstWebResult(result.CODE_WRAPPER_LOGIN))
|
||||
panic(result.ConstWebResult(result.LOGIN))
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@ type MatterController struct {
|
||||
downloadTokenDao *DownloadTokenDao
|
||||
imageCacheDao *ImageCacheDao
|
||||
shareDao *ShareDao
|
||||
shareService *ShareService
|
||||
bridgeDao *BridgeDao
|
||||
imageCacheService *ImageCacheService
|
||||
}
|
||||
@ -50,6 +51,11 @@ func (this *MatterController) Init() {
|
||||
this.shareDao = b
|
||||
}
|
||||
|
||||
b = core.CONTEXT.GetBean(this.shareService)
|
||||
if b, ok := b.(*ShareService); ok {
|
||||
this.shareService = b
|
||||
}
|
||||
|
||||
b = core.CONTEXT.GetBean(this.bridgeDao)
|
||||
if b, ok := b.(*BridgeDao); ok {
|
||||
this.bridgeDao = b
|
||||
@ -136,25 +142,14 @@ func (this *MatterController) Page(writer http.ResponseWriter, request *http.Req
|
||||
if puuid == "" {
|
||||
panic(result.BadRequest("puuid必填!"))
|
||||
}
|
||||
|
||||
dirMatter := this.matterDao.CheckByUuid(puuid)
|
||||
if !dirMatter.Dir {
|
||||
panic(result.BadRequest("puuid 对应的不是文件夹"))
|
||||
}
|
||||
|
||||
share := this.shareDao.CheckByUuid(shareUuid)
|
||||
//如果是自己的分享,可以不要提取码
|
||||
user := this.findUser(writer, request)
|
||||
if user == nil {
|
||||
if share.Code != shareCode {
|
||||
panic(result.Unauthorized("提取码错误!"))
|
||||
}
|
||||
} else {
|
||||
if user.Uuid != share.UserUuid {
|
||||
if share.Code != shareCode {
|
||||
panic(result.Unauthorized("提取码错误!"))
|
||||
}
|
||||
}
|
||||
}
|
||||
share := this.shareService.CheckShare(shareUuid, shareCode, user)
|
||||
|
||||
//验证 shareRootMatter是否在被分享。
|
||||
shareRootMatter := this.matterDao.CheckByUuid(shareRootUuid)
|
||||
|
||||
@ -282,37 +282,26 @@ func (this *ShareController) CheckShare(writer http.ResponseWriter, request *htt
|
||||
//如果是根目录,那么就传入root.
|
||||
shareUuid := request.FormValue("shareUuid")
|
||||
code := request.FormValue("code")
|
||||
|
||||
share := this.shareDao.CheckByUuid(shareUuid)
|
||||
//如果是自己的分享,可以不要提取码
|
||||
user := this.findUser(writer, request)
|
||||
if user == nil {
|
||||
if share.Code != code {
|
||||
panic(result.Unauthorized("提取码错误!"))
|
||||
}
|
||||
} else {
|
||||
if user.Uuid != share.UserUuid {
|
||||
if share.Code != code {
|
||||
panic(result.Unauthorized("提取码错误!"))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return share
|
||||
|
||||
return this.shareService.CheckShare(shareUuid, code, user)
|
||||
}
|
||||
|
||||
//浏览某个分享中的文件
|
||||
func (this *ShareController) Browse(writer http.ResponseWriter, request *http.Request) *result.WebResult {
|
||||
|
||||
//要求传参:shareUuid,code
|
||||
share := this.CheckShare(writer, request)
|
||||
bridges := this.bridgeDao.ListByShareUuid(share.Uuid)
|
||||
//如果是根目录,那么就传入root.
|
||||
shareUuid := request.FormValue("shareUuid")
|
||||
code := request.FormValue("code")
|
||||
|
||||
//当前查看的puuid。 puuid=root表示查看分享的根目录,其余表示查看某个文件夹下的文件。
|
||||
puuid := request.FormValue("puuid")
|
||||
rootUuid := request.FormValue("rootUuid")
|
||||
|
||||
user := this.findUser(writer, request)
|
||||
share := this.shareService.CheckShare(shareUuid, code, user)
|
||||
bridges := this.bridgeDao.ListByShareUuid(share.Uuid)
|
||||
|
||||
if puuid == "" {
|
||||
puuid = MATTER_ROOT
|
||||
}
|
||||
|
||||
@ -2,6 +2,8 @@ package rest
|
||||
|
||||
import (
|
||||
"github.com/eyebluecn/tank/code/core"
|
||||
"github.com/eyebluecn/tank/code/tool/result"
|
||||
"time"
|
||||
)
|
||||
|
||||
//@Service
|
||||
@ -35,3 +37,26 @@ func (this *ShareService) Detail(uuid string) *Share {
|
||||
|
||||
return share
|
||||
}
|
||||
|
||||
//验证一个shareUuid和shareCode是否匹配和有权限。
|
||||
func (this *ShareService) CheckShare(shareUuid string, code string, user *User) *Share {
|
||||
|
||||
share := this.shareDao.CheckByUuid(shareUuid)
|
||||
//如果是自己的分享,可以不要提取码
|
||||
if user == nil || user.Uuid != share.UserUuid {
|
||||
//没有登录,或者查看的不是自己的分享,要求有验证码
|
||||
if code == "" {
|
||||
panic(result.CustomWebResult(result.NEED_SHARE_CODE, "提取码必填"))
|
||||
} else if share.Code != code {
|
||||
panic(result.CustomWebResult(result.SHARE_CODE_ERROR, "提取码错误"))
|
||||
} else {
|
||||
if !share.ExpireInfinity {
|
||||
if share.ExpireTime.Before(time.Now()) {
|
||||
panic(result.BadRequest("分享已过期"))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return share
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user