feat(mobile): only allow request from mobile client to copy session

cloudreve · Dec 19, 2022 · bc0c374 · bc0c374
1 parent e4c8748
commit bc0c374
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/middleware/common.go b/middleware/common.go
@@ -3,9 +3,11 @@ package middleware
 import (
 	"fmt"
 	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
 	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
 	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
 	"github.com/gin-gonic/gin"
+	"net/http"
 )
 
 // HashID 将给定对象的HashID转换为真实ID
@@ -60,3 +62,16 @@ func StaticResourceCache() gin.HandlerFunc {
 
 	}
 }
+
+// MobileRequestOnly
+func MobileRequestOnly() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.GetHeader(auth.CrHeaderPrefix+"ios") == "" {
+			c.Redirect(http.StatusMovedPermanently, model.GetSiteURL().String())
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
diff --git a/routers/controllers/user.go b/routers/controllers/user.go
@@ -395,5 +395,4 @@ func UserPerformCopySession(c *gin.Context) {
 	} else {
 		c.JSON(200, ErrorResponse(err))
 	}
-
 }
diff --git a/routers/router.go b/routers/router.go
@@ -234,7 +234,12 @@ func InitMasterRouter() *gin.Engine {
 				file.GET("archive/:sessionID/archive.zip", controllers.DownloadArchive)
 			}
 
-			sign.GET("user/session/copy/:id", controllers.UserPerformCopySession)
+			// Copy user session
+			sign.GET(
+				"user/session/copy/:id",
+				middleware.MobileRequestOnly(),
+				controllers.UserPerformCopySession,
+			)
 		}
 
 		// 从机的 RPC 通信
-Original file line number
+Diff line change
@@ Expand Up / @@ -395,5 +395,4 @@ func UserPerformCopySession(c *gin.Context) { @@
     	} else {
     		c.JSON(200, ErrorResponse(err))
     	}
     }