diff --git a/fileserver/fileop.go b/fileserver/fileop.go index b188cbfa..dfd6d449 100644 --- a/fileserver/fileop.go +++ b/fileserver/fileop.go @@ -3499,7 +3499,7 @@ type ShareLinkInfo struct { ShareType string `json:"share_type"` } -func queryShareLinkInfo(token, opType string) (*ShareLinkInfo, *appError) { +func queryShareLinkInfo(token, cookie, opType string) (*ShareLinkInfo, *appError) { claims := SeahubClaims{ time.Now().Add(time.Second * 300).Unix(), true, @@ -3512,10 +3512,13 @@ func queryShareLinkInfo(token, opType string) (*ShareLinkInfo, *appError) { err := fmt.Errorf("failed to sign jwt token: %v", err) return nil, &appError{err, "", http.StatusInternalServerError} } - url := fmt.Sprintf("%s?token=%s&type=%s", seahubURL+"/share-link-info/", token, opType) + url := fmt.Sprintf("%s?token=%s&type=%s", seahubURL+"/check-share-link-access/", token, opType) header := map[string][]string{ "Authorization": {"Token " + tokenString}, } + if cookie != "" { + header["Cookie"] = []string{cookie} + } status, body, err := utils.HttpCommon("GET", url, header, nil) if err != nil { err := fmt.Errorf("failed to get share link info: %v", err) @@ -3548,7 +3551,8 @@ func accessLinkCB(rsp http.ResponseWriter, r *http.Request) *appError { return &appError{nil, msg, http.StatusBadRequest} } token := parts[1] - info, appErr := queryShareLinkInfo(token, "file") + cookie := r.Header.Get("Cookie") + info, appErr := queryShareLinkInfo(token, cookie, "file") if appErr != nil { return appErr } diff --git a/server/access-file.c b/server/access-file.c index b36a2c4a..75224437 100644 --- a/server/access-file.c +++ b/server/access-file.c @@ -1682,7 +1682,8 @@ access_link_cb(evhtp_request_t *req, void *arg) token = parts[1]; - info = http_tx_manager_query_share_link_info (token, "file"); + const char *cookie = evhtp_kv_find (req->headers_in, "Cookie"); + info = http_tx_manager_query_share_link_info (token, cookie, "file"); if (!info) { error_str = "Link token not found\n"; error_code = EVHTP_RES_FORBIDDEN; diff --git a/server/http-tx-mgr.c b/server/http-tx-mgr.c index 0204d2e0..7cc6350a 100644 --- a/server/http-tx-mgr.c +++ b/server/http-tx-mgr.c @@ -580,10 +580,11 @@ parse_share_link_info (const char *rsp_content, int rsp_size) } SeafileShareLinkInfo * -http_tx_manager_query_share_link_info (const char *token, const char *type) +http_tx_manager_query_share_link_info (const char *token, const char *cookie, const char *type) { Connection *conn = NULL; char *token_header; + char *cookie_header; struct curl_slist *headers = NULL; int ret = 0; CURL *curl; @@ -609,12 +610,17 @@ http_tx_manager_query_share_link_info (const char *token, const char *type) curl = conn->curl; headers = curl_slist_append (headers, "User-Agent: Seafile/"SEAFILE_CLIENT_VERSION" ("USER_AGENT_OS")"); token_header = g_strdup_printf ("Authorization: Token %s", jwt_token); + if (cookie) { + cookie_header = g_strdup_printf ("Cookie: %s", cookie); + headers = curl_slist_append (headers, cookie_header); + g_free (cookie_header); + } headers = curl_slist_append (headers, token_header); headers = curl_slist_append (headers, "Content-Type: application/json"); g_free (token_header); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); - url = g_strdup_printf("%s/share-link-info/?token=%s&type=%s", seaf->seahub_url, token, type); + url = g_strdup_printf("%s/check-share-link-access/?token=%s&type=%s", seaf->seahub_url, token, type); ret = http_get_common (curl, url, jwt_token, &rsp_status, &rsp_content, &rsp_size, NULL, NULL, TRUE); if (ret < 0) { diff --git a/server/http-tx-mgr.h b/server/http-tx-mgr.h index 3db2bdd7..daabc0bc 100644 --- a/server/http-tx-mgr.h +++ b/server/http-tx-mgr.h @@ -50,5 +50,5 @@ char * http_tx_manager_get_nickname (const char *modifier); SeafileShareLinkInfo * -http_tx_manager_query_share_link_info (const char *token, const char *type); +http_tx_manager_query_share_link_info (const char *token, const char *cookie, const char *type); #endif