|
|
@ -1,4 +1,5 @@ |
|
|
|
const jwt = require('jsonwebtoken'); |
|
|
|
const jwt = require('jsonwebtoken'); |
|
|
|
|
|
|
|
const url = require('url'); |
|
|
|
|
|
|
|
|
|
|
|
app.get('/api/v2/search/users/:keyword*?', async (req, res) => { |
|
|
|
app.get('/api/v2/search/users/:keyword*?', async (req, res) => { |
|
|
|
try { |
|
|
|
try { |
|
|
@ -120,6 +121,10 @@ app.apiRouter.get('/api/v2/download/:token', async (req, res) => { |
|
|
|
try { |
|
|
|
try { |
|
|
|
const token = req.params.token, data = jwt.decode(token); |
|
|
|
const token = req.params.token, data = jwt.decode(token); |
|
|
|
if (!data) throw new ErrorMessage("无效的令牌。"); |
|
|
|
if (!data) throw new ErrorMessage("无效的令牌。"); |
|
|
|
|
|
|
|
if (url.parse(syzoj.utils.getCurrentLocation(req, true)).href !== url.parse(syzoj.config.site_for_download).href) { |
|
|
|
|
|
|
|
throw new ErrorMessage("无效的下载地址。"); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (verifyJWT(token)) { |
|
|
|
if (verifyJWT(token)) { |
|
|
|
res.download(data.filename, data.sendName); |
|
|
|
res.download(data.filename, data.sendName); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|