Fix security issue and add go linter (#677)

* Fix security issue and add go linter * Fix error checked by golangci-lint * Delete jwt-go pkg --------- Co-authored-by: 杨赫然 <heran.yang@seafile.com>
2025-09-08 10:48:52 +00:00 · 2024-08-12 14:59:45 +08:00
parent 026a6d504f
commit 738716496a
19 changed files with 134 additions and 78 deletions
--- a/fileserver/sync_api.go
+++ b/fileserver/sync_api.go
@@ -17,8 +17,7 @@ import (
 	"sync"
 	"time"

-	jwt "github.com/dgrijalva/jwt-go"
-	"github.com/google/uuid"
+	jwt "github.com/golang-jwt/jwt/v5"
 	"github.com/gorilla/mux"
 	"github.com/haiwen/seafile-server/fileserver/blockmgr"
 	"github.com/haiwen/seafile-server/fileserver/commitmgr"
@@ -729,6 +728,7 @@ type MyClaims struct {
 	Exp      int64
 	RepoID   string `json:"repo_id"`
 	UserName string `json:"username"`
+	jwt.RegisteredClaims
 }

 func (*MyClaims) Valid() error {
@@ -765,6 +765,7 @@ func genJWTToken(repoID, user string) (string, error) {
 		time.Now().Add(time.Hour * 72).Unix(),
 		repoID,
 		user,
+		jwt.RegisteredClaims{},
 	}

 	token := jwt.NewWithClaims(jwt.GetSigningMethod("HS256"), &claims)
@@ -777,11 +778,6 @@ func genJWTToken(repoID, user string) (string, error) {
 	return tokenString, nil
 }

-func isValidUUID(u string) bool {
-	_, err := uuid.Parse(u)
-	return err == nil
-}
-
 func getFsObjIDCB(rsp http.ResponseWriter, r *http.Request) *appError {
 	recvChan := make(chan *calResult)