fix: /verify Endpoint für PW-Check ohne Auto-Download
This commit is contained in:
@@ -41,6 +41,16 @@ router.get('/:token', (req, res) => {
|
||||
});
|
||||
});
|
||||
|
||||
// POST /:token/verify – nur Passwort prüfen, kein Download
|
||||
router.post('/:token/verify', async (req, res) => {
|
||||
const s = getShare(req.params.token);
|
||||
if (!s) return res.status(404).json({ error: 'Nicht gefunden' });
|
||||
if (isExpired(s)) return res.status(410).json({ error: 'Link abgelaufen' });
|
||||
const ok = await bcrypt.compare(req.body?.password || '', s.password_hash);
|
||||
if (!ok) return res.status(403).json({ error: 'Falsches Passwort' });
|
||||
res.json({ ok: true, file_name: s.file_name, file_size: s.file_size, mime_type: s.mime_type, is_folder: !!s.folder_id });
|
||||
});
|
||||
|
||||
// POST /:token/download – Datei herunterladen
|
||||
router.post('/:token/download', async (req, res) => {
|
||||
const s = getShare(req.params.token);
|
||||
|
||||
Reference in New Issue
Block a user