Yuerchu/disknext
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: 更新目录获取逻辑,确保路径以用户名开头并添加错误处理

Browse Source
This commit is contained in:
于小丘
2025-12-19 17:21:59 +08:00
parent 922692b820
commit 28401d6053
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
routers/controllers/directory.py
View File

@@ -27,17 +27,28 @@ directory_router = APIRouter(
async def router_directory_get( async def router_directory_get(
session: SessionDep, session: SessionDep,
user: Annotated[User, Depends(AuthRequired)], user: Annotated[User, Depends(AuthRequired)],
path: str = "" path: str
) -> DirectoryResponse: ) -> DirectoryResponse:
""" """
获取目录内容 获取目录内容
路径必须以用户名开头,如 /api/directory/admin 或 /api/directory/admin/docs
:param session: 数据库会话 :param session: 数据库会话
:param user: 当前登录用户 :param user: 当前登录用户
:param path: 目录路径 :param path: 目录路径(必须以用户名开头)
:return: 目录内容 :return: 目录内容
""" """
folder = await Object.get_by_path(session, user.id, path or "/", user.username) # 路径必须以用户名开头
path = path.strip("/")
if not path:
raise HTTPException(status_code=400, detail="路径不能为空,请使用 /{username} 格式")
path_parts = path.split("/")
if path_parts[0] != user.username:
raise HTTPException(status_code=403, detail="无权访问其他用户的目录")
folder = await Object.get_by_path(session, user.id, "/" + path, user.username)
if not folder: if not folder:
raise HTTPException(status_code=404, detail="目录不存在") raise HTTPException(status_code=404, detail="目录不存在")