From f8374201de362f62631079e3253af6b265eaedf3 Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Thu, 8 Aug 2024 10:56:31 +0800
Subject: [PATCH] :lock: Potential data export disclosure security
 vulnerability

---
 kernel/server/serve.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/server/serve.go b/kernel/server/serve.go
index c530395e2..d9855e0a8 100644
--- a/kernel/server/serve.go
+++ b/kernel/server/serve.go
@@ -172,7 +172,8 @@ func rewritePortJSON(pid, port string) {
 }
 
 func serveExport(ginServer *gin.Engine) {
-	ginServer.Static("/export/", filepath.Join(util.TempDir, "export"))
+	exportGroup := ginServer.Group("/export/", model.CheckAuth)
+	exportGroup.Static("/", filepath.Join(util.TempDir, "export"))
 }
 
 func serveWidgets(ginServer *gin.Engine) {