✨ Support read-only publish service

* 🎨 kernel supports read-only publishing services * 🐛 Fix authentication vulnerabilities * 🎨 Protect secret information * 🎨 Adjust the permission control * 🎨 Adjust the permission control * 🎨 Fixed the vulnerability that `getFile` gets file `conf.json` * 🎨 Add API `/api/setting/setPublish` * 🎨 Add API `/api/setting/getPublish` * 🐛 Fixed the issue that PWA-related files could not pass BasicAuth * 🎨 Add a settings panel for publishing features * 📝 Add guide for `Publish Service` * 📝 Update Japanese user guide * 🎨 Merge fixed static file services
2025-12-17 07:00:12 +01:00 · 2024-06-12 21:03:51 +08:00 · 2024-06-12 21:03:51 +08:00 · ba2193403d
commit ba2193403d
parent 536879cb84
47 changed files with 3690 additions and 375 deletions
--- a/kernel/api/system.go
+++ b/kernel/api/system.go
@ -17,7 +17,6 @@
 package api

 import (
-	"github.com/88250/lute"
 	"net/http"
 	"os"
 	"path/filepath"
@ -25,6 +24,8 @@ import (
 	"sync"
 	"time"

+	"github.com/88250/lute"
+
 	"github.com/88250/gulu"
 	"github.com/gin-gonic/gin"
 	"github.com/siyuan-note/logging"
@ -218,6 +219,17 @@ func getConf(c *gin.Context) {
 		maskedConf.Sync.Stat = model.Conf.Language(53)
 	}

+	// REF: https://github.com/siyuan-note/siyuan/issues/11364
+	role := model.GetGinContextRole(c)
+	if model.IsReadOnlyRole(role) {
+		maskedConf.ReadOnly = true
+	}
+	if !model.IsValidRole(role, []model.Role{
+		model.RoleAdministrator,
+	}) {
+		model.HideConfSecret(maskedConf)
+	}
+
 	ret.Data = map[string]interface{}{
 		"conf":  maskedConf,
 		"start": !util.IsUILoaded,