237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: add CSRF token to delete direct link request

Browse Source 
The DELETE /api/direct-link/:id endpoint requires CSRF validation.
Updated api_delete_direct_link to fetch CSRF token before sending
the request, matching the pattern used by api_delete_share.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
237899745
2026-04-04 00:44:05 +08:00
parent cf1935be1d
commit ceff377d90
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
desktop-client/src-tauri/src/lib.rs
View File

@@ -1054,13 +1054,18 @@ async fn api_delete_direct_link(
base_url: String, base_url: String,
link_id: i64, link_id: i64,
) -> Result<BridgeResponse, String> { ) -> Result<BridgeResponse, String> {
request_with_optional_csrf( if link_id <= 0 {
return Err("无效的直链ID".to_string());
}
let csrf_token = fetch_csrf_token(&state.client, &base_url).await?;
let path = format!("/api/direct-link/{}", link_id);
request_json(
&state.client, &state.client,
Method::DELETE, Method::DELETE,
&base_url, join_api_url(&base_url, &path),
&format!("/api/direct-link/{}", link_id),
None, None,
false, csrf_token,
) )
.await .await
} }