Skip to content

fix(share): support custom proxy url #1130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xrgzs merged 4 commits into from
Aug 28, 2025
Merged

fix(share): support custom proxy url #1130

xrgzs merged 4 commits into from
Aug 28, 2025

Conversation

@KirCute
Copy link
Member

@KirCute KirCute commented Aug 22, 2025

分享功能目前不会使用自定义代理,合并本PR后,对于提供了自定义代理URL的驱动内的分享文件,无论是否启用“强制代理分享请求”,都会使用自定义代理。

请注意:这种用法会暴露分享文件的真实路径

xrgzs
xrgzs reviewed Aug 22, 2025
View reviewed changes
Copy link
Member

@xrgzs xrgzs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenList Proxy 能使用 /api/fs/link 获取分享的文件下载信息吗?如果可以的话,还是做成配置项比较好

请注意:这种用法会暴露分享文件的真实路径

这样应该就不涉及这个问题

@KirCute
Copy link
Member Author

KirCute commented Aug 22, 2025

这样应该就不涉及这个问题

你说的是不是这样一个意思,如果驱动有自定义代理,那么服务器就“本地代理”这个“代理URL”来下载文件?但是根据我的理解,很多人使用 OpenList Proxy 是因为运行 OpenList 的服务器要么上行带宽不足,要么性能有限,不能本地代理,如果按这种套两次代理的设计不是就不能解决这个问题了

@xrgzs
Copy link
Member

xrgzs commented Aug 25, 2025
edited
Loading

OpenList Proxy 能使用 /api/fs/link 获取分享的文件下载信息吗

我试了下,不能,而且估计也不好实现计数

OpenList/server/handles/fsmanage.go

Lines 373 to 405 in b0dbbeb

// Link return real link, just for proxy program, it may contain cookie, so just allowed for admin
func Link(c *gin.Context) {
var req MkdirOrLinkReq
if err := c.ShouldBind(&req); err != nil {
common.ErrorResp(c, err, 400)
return
}
//user := c.Request.Context().Value(conf.UserKey).(*model.User)
//rawPath := stdpath.Join(user.BasePath, req.Path)
// why need not join base_path? because it's always the full path
rawPath := req.Path
storage, err := fs.GetStorage(rawPath, &fs.GetStoragesArgs{})
if err != nil {
common.ErrorResp(c, err, 500)
return
}
if storage.Config().NoLinkURL || storage.Config().OnlyLinkMFile {
common.SuccessResp(c, model.Link{
URL: fmt.Sprintf("%s/p%s?d&sign=%s",
common.GetApiUrl(c),
utils.EncodePath(rawPath, true),
sign.Sign(rawPath)),
})
return
}
link, _, err := fs.Link(c.Request.Context(), rawPath, model.LinkArgs{IP: c.ClientIP(), Header: c.Request.Header, Redirect: true})
if err != nil {
common.ErrorResp(c, err, 500)
return
}
defer link.Close()
common.SuccessResp(c, link)
}

@xrgzs xrgzs merged commit 14bf4ec into OpenListTeam:main Aug 28, 2025
12 checks passed
@KirCute KirCute deleted the fix/share branch September 1, 2025 10:16
ForSourceCodeAnalysis pushed a commit to ForSourceCodeAnalysis/OpenList that referenced this pull request Oct 4, 2025
@KirCute
fix(share): support custom proxy url (OpenListTeam#1130)
4418571 
* feat(share): support custom proxy url

* fix(share): count access

* fix: maybe a path traversal vulnerability?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xrgzs xrgzs xrgzs approved these changes

Assignees

No one assigned

Labels

enhancement go

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KirCute @xrgzs