github/siyuan
4
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-05-15 08:30:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Authenticate requests of assets other than 127.0.0.1 Fix https://github.com/siyuan-note/siyuan/issues/9388

Browse Source
This commit is contained in:
Daniel 2023-10-10 16:52:40 +08:00
parent 11786381cf
commit 6e9099ea12
No known key found for this signature in database
GPG Key ID: 86211BA83DF03017
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
kernel/model/session.go
View File

@ -183,6 +183,15 @@ func CheckAuth(c *gin.Context) {
} }
} }
if !strings.HasPrefix(c.Request.RemoteAddr, util.LocalHost) && !strings.HasPrefix(c.Request.RemoteAddr, "[::1]") {
// Authenticate requests of assets other than 127.0.0.1 https://github.com/siyuan-note/siyuan/issues/9388
if strings.HasPrefix(c.Request.RequestURI, "/assets/") {
c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed: for security reasons, please set [Access authorization code] when using non-127.0.0.1 access\n\n为安全起见使用非 127.0.0.1 访问时请设置 [访问授权码]"})
c.Abort()
return
}
}
c.Next() c.Next()
return return
} }
@ -197,8 +206,7 @@ func CheckAuth(c *gin.Context) {
} }
// 放过来自本机的某些请求 // 放过来自本机的某些请求
if strings.HasPrefix(c.Request.RemoteAddr, util.LocalHost) || if strings.HasPrefix(c.Request.RemoteAddr, util.LocalHost) || strings.HasPrefix(c.Request.RemoteAddr, "[::1]") {
strings.HasPrefix(c.Request.RemoteAddr, "[::1]") {
if strings.HasPrefix(c.Request.RequestURI, "/assets/") { if strings.HasPrefix(c.Request.RequestURI, "/assets/") {
c.Next() c.Next()
return return