Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-03-04 20:00:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 Perform authentication on paths such as widgets, plugins, and templates https://github.com/siyuan-note/siyuan/issues/17118#issuecomment-3984053596

Browse source 
Signed-off-by: Daniel <845765@qq.com>
This commit is contained in:
Daniel 2026-03-02 21:35:01 +08:00
parent 3becde4d87
commit d1170e7b71
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
kernel/server/serve.go
View file

@ -369,6 +369,13 @@ func servePublic(ginServer *gin.Engine) {
func serveSnippets(ginServer *gin.Engine) {
ginServer.Handle("GET", "/snippets/*filepath", model.CheckAuth, func(c *gin.Context) {
filePath := strings.TrimPrefix(c.Request.URL.Path, "/snippets/")
if !model.IsAdminRoleContext(c) {
if "conf.json" == filePath {
c.Status(http.StatusUnauthorized)
return
}
}
ext := filepath.Ext(filePath)
name := strings.TrimSuffix(filePath, ext)
confSnippets, err := model.LoadSnippets()