feat(mobile): only allow request from mobile client to copy session

2022-12-19 17:35:39 +08:00 · 2022-12-19 17:35:39 +08:00 · bc0c374f00
commit bc0c374f00
parent e4c87483d6
3 changed files with 21 additions and 2 deletions
--- a/middleware/common.go
+++ b/middleware/common.go
@ -3,9 +3,11 @@ package middleware
 import (
 	"fmt"
 	model "github.com/cloudreve/Cloudreve/v3/models"
+	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
 	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
 	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
 	"github.com/gin-gonic/gin"
+	"net/http"
 )

 // HashID 将给定对象的HashID转换为真实ID
@ -60,3 +62,16 @@ func StaticResourceCache() gin.HandlerFunc {

 	}
 }
+
+// MobileRequestOnly
+func MobileRequestOnly() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.GetHeader(auth.CrHeaderPrefix+"ios") == "" {
+			c.Redirect(http.StatusMovedPermanently, model.GetSiteURL().String())
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/routers/controllers/user.go
+++ b/routers/controllers/user.go
@ -395,5 +395,4 @@ func UserPerformCopySession(c *gin.Context) {
 	} else {
 		c.JSON(200, ErrorResponse(err))
 	}
-
 }
--- a/routers/router.go
+++ b/routers/router.go
@ -234,7 +234,12 @@ func InitMasterRouter() *gin.Engine {
 				file.GET("archive/:sessionID/archive.zip", controllers.DownloadArchive)
 			}

-			sign.GET("user/session/copy/:id", controllers.UserPerformCopySession)
+			// Copy user session
+			sign.GET(
+				"user/session/copy/:id",
+				middleware.MobileRequestOnly(),
+				controllers.UserPerformCopySession,
+			)
 		}

 		// 从机的 RPC 通信