Yuerchu/disknext
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix: patch storage quota bypass and harden auth security
All checks were successful
Test / test (push) Successful in 2m11s
Details

Browse Source 
- Fix WebDAV chunked PUT bypassing storage quota when remaining_quota <= 0
- Add QuotaLimitedWriter to enforce quota during streaming writes
- Clean up residual files on write failure in end_write()
- Add Magic Link replay attack prevention via TokenStore
- Reject startup when JWT SECRET_KEY is not configured
- Sanitize OAuth callback and Magic Link log output

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
于小丘
2026-02-17 22:20:43 +08:00
parent 40b6a31c98
commit 7200df6d87
5 changed files with 84 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
routers/api/v1/user/__init__.py
View File

@@ -318,7 +318,7 @@ async def router_user_magic_link(
site_url = site_url_setting.value if site_url_setting else "http://localhost"
# TODO: 发送邮件(包含 {site_url}/auth/magic-link?token={token}
logger.info(f"Magic Link token 已生成: {token} (邮件发送待实现)")
logger.info(f"Magic Link token 已 {request.email} 生成 (邮件发送待实现)")
@user_router.post(