gitea-mirror/zipline
1
0
Fork 0
mirror of https://github.com/diced/zipline.git synced 2026-06-12 10:51:17 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: block thumbnails on files w/ passwords

Browse Source
This commit is contained in:
diced
2026-06-01 17:25:31 -07:00
parent e3789446c2
commit e6382b3881
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server/routes/raw/[id].ts
+8 -1
View File
@@ -4,6 +4,7 @@ import { parseRange } from '@/lib/api/range';
import { config } from '@/lib/config';
import { datasource } from '@/lib/datasource';
import { prisma } from '@/lib/db';
import { sanitizeFilename } from '@/lib/fs';
import { log } from '@/lib/logger';
import { guess } from '@/lib/mimes';
import { TimedCache } from '@/lib/timedCache';
@@ -34,10 +35,16 @@ export const rawFileHandler = async (
const { id } = req.params;
const { token, download } = req.query;
const idSanitized = sanitizeFilename(id);
if (!idSanitized) return res.callNotFound();
if (id.startsWith('.thumbnail')) {
const thumbnail = await prisma.thumbnail.findFirst({
where: {
path: id,
path: idSanitized,
file: {
password: null,
},
},
});