Return error message when failed to check file access (#737)

* Return error message when failed to check file access * Update python to 3.12.9 * Update ci python * Set error_msg to error_str --------- Co-authored-by: 杨赫然 <heran.yang@seafile.com>
2025-04-27 19:15:07 +00:00 · 2025-02-14 14:39:19 +08:00 · 2025-02-14 14:39:19 +08:00 · 7753e8e02a
commit 7753e8e02a
parent 9efe0b58fd
4 changed files with 18 additions and 7 deletions
--- a/fileserver/fileop.go
+++ b/fileserver/fileop.go
@ -372,8 +372,7 @@ func checkFileAccess(repoID, token, cookie, filePath, op, ipAddr, userAgent stri
 	status, body, err := utils.HttpCommon("POST", url, header, bytes.NewReader(msg))
 	if err != nil {
 		if status != http.StatusInternalServerError {
-			msg := "No permission to access file\n"
-			return "", &appError{nil, msg, http.StatusForbidden}
+			return "", &appError{nil, string(body), status}
 		} else {
 			err := fmt.Errorf("failed to get access token info: %v", err)
 			return "", &appError{err, "", http.StatusInternalServerError}
--- a/server/access-file.c
+++ b/server/access-file.c
@ -1496,6 +1496,7 @@ access_v2_cb(evhtp_request_t *req, void *arg)
 {
    SeafRepo *repo = NULL;
    char *error_str = NULL;
+    char *err_msg = NULL;
    char *token = NULL;
    char *user = NULL;
    char *dec_path = NULL;
@ -1555,9 +1556,15 @@ access_v2_cb(evhtp_request_t *req, void *arg)
        error_str = "Both token and cookie are not set\n";
        goto out;
    }
-    if (http_tx_manager_check_file_access (repo_id, token, cookie, dec_path, "download", ip_addr, user_agent, &user) < 0) {
-        error_str = "No permission to access file\n";
-        error_code = EVHTP_RES_FORBIDDEN;
+    int status = HTTP_OK;
+    if (http_tx_manager_check_file_access (repo_id, token, cookie, dec_path, "download", ip_addr, user_agent, &user, &status, &err_msg) < 0) {
+        if (status != HTTP_OK) {
+            error_str = err_msg;
+            error_code = status;
+        } else {
+            error_str = "Internal server error\n";
+            error_code = EVHTP_RES_SERVERR;
+        }
        goto out;
    }

@ -1633,6 +1640,7 @@ out:
        evbuffer_add_printf(req->buffer_out, "%s\n", error_str);
        evhtp_send_reply(req, error_code);
    }
+    g_free (err_msg);
 }

 static int
--- a/server/http-tx-mgr.c
+++ b/server/http-tx-mgr.c
@ -706,7 +706,8 @@ out:
 int
 http_tx_manager_check_file_access (const char *repo_id, const char *token, const char *cookie,
                                   const char *path, const char *op, const char *ip_addr,
-                                   const char *user_agent, char **user)
+                                   const char *user_agent, char **user,
+                                   int *status, char **err_msg)
 {
    Connection *conn = NULL;
    char *cookie_header;
@ -765,7 +766,9 @@ http_tx_manager_check_file_access (const char *repo_id, const char *token, const
        goto out;
    }

+    *status = rsp_status;
    if (rsp_status != HTTP_OK) {
+        *err_msg = parse_error_message (rsp_content, rsp_size);
        ret = -1;
        goto out;
    }
--- a/server/http-tx-mgr.h
+++ b/server/http-tx-mgr.h
@ -57,5 +57,6 @@ http_tx_manager_query_share_link_info (const char *token, const char *cookie, co
 int
 http_tx_manager_check_file_access (const char *repo_id, const char *token, const char *cookie,
                                   const char *path, const char *op, const char *ip_addr,
-                                   const char *user_agent, char **user);
+                                   const char *user_agent, char **user,
+                                   int *status, char **err_msg);
 #endif