feat(backend): enhance password handling in share and download controllers for improved security and error management

2026-05-26 15:13:30 +00:00 · 2025-07-07 15:30:37 +08:00
parent 71147451bb
commit 943a5a76d2
2 changed files with 30 additions and 11 deletions
--- a/backend/internal/controllers/download.go
+++ b/backend/internal/controllers/download.go
@@ -72,8 +72,17 @@ func VaildateShare(c echo.Context) error {
 	if shareInfo == nil {
 		return utils.HTTPErrorHandler(c, errors.New("分享不存在"))
 	}
-	if shareInfo.Password != "" && shareInfo.Password != r.Password {
-		return utils.HTTPErrorHandler(c, errors.New("分享密码错误"))
+	if shareInfo.Password != "" {
+		if r.Password == "" {
+			return utils.HTTPErrorHandler(c, errors.New("缺少分享密码"))
+		}
+		hash, err := utils.GeneratePasswordHash(r.Password)
+		if err != nil {
+			return utils.HTTPErrorHandler(c, err)
+		}
+		if hash != shareInfo.Password {
+			return utils.HTTPErrorHandler(c, errors.New("分享密码错误"))
+		}
 	}
 	// 如果下载次数为0，则设置为-1 防止空值问题
 	if shareInfo.ViewNum < 1 {
--- a/backend/internal/controllers/share.go
+++ b/backend/internal/controllers/share.go
@@ -64,17 +64,25 @@ func CreateShareInfo(c echo.Context) error {
 			return utils.HTTPErrorHandler(c, errors.New("分享文件状态错误"))
 		}
 	}
+	password := ""
+	if r.Config.Password != "" {
+		hash, err := utils.GeneratePasswordHash(r.Config.Password)
+		if err != nil {
+			return utils.HTTPErrorHandler(c, err)
+		}
+		password = hash
+	}

 	models.SetRedisShareInfo(id, models.RedisShareInfo{
-		Data:        r.Data,
-		Type:        r.Type,
-		CreatedAt:   time.Now().Unix(),
-		Owner:       cc.Auth.(string),
-		ViewNum:     r.Config.ViewNum,
-		Password:    r.Config.Password,
-		NotifyEmail: r.Config.NotifyEmail,
-		FileName:    r.FileName,
-		ExpireAt:    ExpireTime.Unix(),
+		Data:      r.Data,
+		Type:      r.Type,
+		CreatedAt: time.Now().Unix(),
+		Owner:     cc.Auth.(string),
+		ViewNum:   r.Config.ViewNum,
+		Password:  password,
+		// NotifyEmail: r.Config.NotifyEmail,
+		FileName: r.FileName,
+		ExpireAt: ExpireTime.Unix(),
 	})
 	var pickupCode string
 	if r.Config.HasPickupCode {
@@ -153,6 +161,7 @@ func GetShareInfo(c echo.Context) error {
 			"type":          shareInfo.Type,
 			"name":          shareInfo.FileName,
 			"download_nums": shareInfo.ViewNum,
+			"has_password":  shareInfo.Password != "",
 			"expire_at":     shareInfo.ExpireAt,
 			"owner":         shareInfo.Owner,
 			"size":          fileInfo.FileSize,
@@ -165,6 +174,7 @@ func GetShareInfo(c echo.Context) error {
 		"type":          shareInfo.Type,
 		"name":          shareInfo.FileName,
 		"download_nums": shareInfo.ViewNum,
+		"has_password":  shareInfo.Password != "",
 		"expire_at":     shareInfo.ExpireAt,
 		"owner":         shareInfo.Owner,
 	})