johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Backend: Add security-focused tests, harden WebDAV and use safe.Download

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2025-09-22 10:42:53 +02:00
parent a22babe3d1
commit 9ea5f0596c
29 changed files with 9905 additions and 7695 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/users_upload.go
View File

@@ -37,7 +37,7 @@ import (
// @Param files formData file true "one or more files to upload (repeat the field for multiple files)"
// @Success 200 {object} i18n.Response
// @Failure 400,401,403,413,429,507 {object} i18n.Response
// @Router /users/{uid}/upload/{token} [post]
// @Router /api/v1/users/{uid}/upload/{token} [post]
func UploadUserFiles(router *gin.RouterGroup) {
router.POST("/users/:uid/upload/:token", func(c *gin.Context) {
conf := get.Config()
@@ -273,7 +273,7 @@ func UploadCheckFile(destName string, rejectRaw bool, totalSizeLimit int64) (rem
// @Param options body form.UploadOptions true "processing options"
// @Success 200 {object} i18n.Response
// @Failure 400,401,403,404,409,429 {object} i18n.Response
// @Router /users/{uid}/upload/{token} [put]
// @Router /api/v1/users/{uid}/upload/{token} [put]
func ProcessUserUpload(router *gin.RouterGroup) {
router.PUT("/users/:uid/upload/:token", func(c *gin.Context) {
s := AuthAny(c, acl.ResourceFiles, acl.Permissions{acl.ActionManage, acl.ActionUpload})