Validate token return 403 for go (#523)

2025-09-07 02:10:05 +00:00 · 2021-12-02 18:30:22 +08:00
parent 273e44c18e
commit 96884a83a0
1 changed files with 5 additions and 1 deletions
--- a/fileserver/sync_api.go
+++ b/fileserver/sync_api.go
@@ -1034,7 +1034,11 @@ func validateToken(r *http.Request, repoID string, skipCache bool) (string, *app
 	}

 	if value, ok := tokenCache.Load(token); ok {
-		if info, ok := value.(*tokenInfo); ok && info.repoID == repoID {
+		if info, ok := value.(*tokenInfo); ok {
+			if info.repoID != repoID {
+				msg := "Invalid token"
+				return "", &appError{nil, msg, http.StatusForbidden}
+			}
 			return info.email, nil
 		}
 	}