fix: /verify Endpoint für PW-Check ohne Auto-Download
This commit is contained in:
@@ -41,6 +41,16 @@ router.get('/:token', (req, res) => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// POST /:token/verify – nur Passwort prüfen, kein Download
|
||||||
|
router.post('/:token/verify', async (req, res) => {
|
||||||
|
const s = getShare(req.params.token);
|
||||||
|
if (!s) return res.status(404).json({ error: 'Nicht gefunden' });
|
||||||
|
if (isExpired(s)) return res.status(410).json({ error: 'Link abgelaufen' });
|
||||||
|
const ok = await bcrypt.compare(req.body?.password || '', s.password_hash);
|
||||||
|
if (!ok) return res.status(403).json({ error: 'Falsches Passwort' });
|
||||||
|
res.json({ ok: true, file_name: s.file_name, file_size: s.file_size, mime_type: s.mime_type, is_folder: !!s.folder_id });
|
||||||
|
});
|
||||||
|
|
||||||
// POST /:token/download – Datei herunterladen
|
// POST /:token/download – Datei herunterladen
|
||||||
router.post('/:token/download', async (req, res) => {
|
router.post('/:token/download', async (req, res) => {
|
||||||
const s = getShare(req.params.token);
|
const s = getShare(req.params.token);
|
||||||
|
|||||||
@@ -2951,23 +2951,13 @@ function PublicFileShare({ token }) {
|
|||||||
setFiles(d.files || []);
|
setFiles(d.files || []);
|
||||||
setPhase('ready');
|
setPhase('ready');
|
||||||
} else {
|
} else {
|
||||||
// Datei: erst PW testen via Download (streams bei Erfolg)
|
// Datei: nur PW prüfen via /verify (kein Download)
|
||||||
const res = await fetch(BASE + '/download', {
|
const res = await fetch(BASE + '/verify', {
|
||||||
method:'POST', headers:{'Content-Type':'application/json'},
|
method:'POST', headers:{'Content-Type':'application/json'},
|
||||||
body: JSON.stringify({ password: pw }),
|
body: JSON.stringify({ password: pw }),
|
||||||
});
|
});
|
||||||
if (!res.ok) {
|
|
||||||
const d = await res.json().catch(() => ({}));
|
const d = await res.json().catch(() => ({}));
|
||||||
setErrMsg(d.error || 'Falsches Passwort');
|
if (!res.ok) { setErrMsg(d.error || 'Falsches Passwort'); return; }
|
||||||
return;
|
|
||||||
}
|
|
||||||
// Korrekt → Download starten + Phase wechseln
|
|
||||||
const blob = await res.blob();
|
|
||||||
const objUrl = URL.createObjectURL(blob);
|
|
||||||
const a = document.createElement('a');
|
|
||||||
a.href = objUrl; a.download = info.file_name || 'download';
|
|
||||||
document.body.appendChild(a); a.click(); document.body.removeChild(a);
|
|
||||||
setTimeout(() => URL.revokeObjectURL(objUrl), 5000);
|
|
||||||
setPassword(pw);
|
setPassword(pw);
|
||||||
setPhase('ready');
|
setPhase('ready');
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user