-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(drivers): add fine-grained control for link signing #3924
Conversation
NOT TESTED: TokenKV Function
Add File based KV func
I found that the original Sign function is enough to complete the link signature, and only need to add simple configuration items to meet the requirements.
…e settings. It should be working now.
Thanks for opening this pull request! Please check out our contributing guidelines. |
After testing, only proxy url works, I will push a new commit to support direct url. (Tonight) |
I can't understand why you do this? |
Something similar to UpYun's Token anti-leech, because the existing Local storage can obtain files without any verification, which is not safe. I think it can be easily implemented by using the existing Sign function. But obviously last night I only did the part of the Proxy link, and the Direct link mode still lacks protection. In addition, in a special case, the link will be generated as a proxy link, but the proxy link function is not enabled, and the Sign parameter is also generated, although it is never been used. (For me, this problem occurs when accessing AList directly through Localhost.) So I added a judgement to clean up the redundant Sign parameter after generation. |
I don't think it's necessary to add sign for a single special driver, beacuse there is a global config to control this. If you want more fine-grained control, add |
ok i'll try it tonight. |
Can enable sign for every driver now. Bug: When sign enabled, in download page, Copy link doesn't contain a sign. (Not done yet)
Response of fsread function does not contain sign.
It's done! Tested on Local Driver and Aliyundrive Driver. |
- Add back public/dist/README.md - Enable sign when DownProxyUrl is enabled - Merge needSign() to isEncrypt() in fsread.go
… feature/download-link-auth
All fixed. |
Congrats on merging your first pull request! We here at behavior bot are proud of you! |
Provide link signature authentication option for Local Driver.
Reuse the original Sign function for link signature.
Clear the sign parameter for URLs that don't require a signature.