Fix token-based file downloads authentication #54

Merged
jimmy merged 1 commits from dev into main 2026-04-21 21:58:01 +08:00
2 changed files with 3 additions and 3 deletions
Showing only changes of commit f1b39d0a8a - Show all commits
+1 -1
View File
@@ -279,7 +279,7 @@ app.include_router(
gitea.router, prefix="/api/gitea", dependencies=[Depends(_inject_user), Depends(require_page("gitea"))] gitea.router, prefix="/api/gitea", dependencies=[Depends(_inject_user), Depends(require_page("gitea"))]
) )
app.include_router( app.include_router(
files.router, prefix="/api/files", dependencies=[Depends(_inject_user), Depends(require_page("files"))] files.router, prefix="/api/files"
) )
app.include_router( app.include_router(
system.router, prefix="/api/system", dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))] system.router, prefix="/api/system", dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))]
+2 -2
View File
@@ -66,7 +66,7 @@ def _sanitize_filename(name: str) -> str:
return name return name
@router.get("/browse") @router.get("/browse", dependencies=[Depends(require_admin())])
def browse(path: str = ""): def browse(path: str = ""):
try: try:
target = _safe_path(path) target = _safe_path(path)
@@ -94,7 +94,7 @@ def browse(path: str = ""):
return {"path": str(target.relative_to(BASE)), "entries": entries} return {"path": str(target.relative_to(BASE)), "entries": entries}
@router.post("/download-token") @router.post("/download-token", dependencies=[Depends(require_admin())])
def create_download_token(path: str): def create_download_token(path: str):
"""Generate a temporary download token for large file downloads.""" """Generate a temporary download token for large file downloads."""
try: try: