安全修复:加固CSRF与凭证保护并修复越权风险
This commit is contained in:
@@ -325,6 +325,10 @@ class KDocsUploader:
|
||||
if self._context is None:
|
||||
storage_state = getattr(config, "KDOCS_LOGIN_STATE_FILE", "data/kdocs_login_state.json")
|
||||
if use_storage_state and os.path.exists(storage_state):
|
||||
try:
|
||||
os.chmod(storage_state, 0o600)
|
||||
except Exception:
|
||||
pass
|
||||
self._context = self._browser.new_context(storage_state=storage_state)
|
||||
else:
|
||||
self._context = self._browser.new_context()
|
||||
@@ -837,8 +841,18 @@ class KDocsUploader:
|
||||
def _save_login_state(self) -> None:
|
||||
try:
|
||||
storage_state = getattr(config, "KDOCS_LOGIN_STATE_FILE", "data/kdocs_login_state.json")
|
||||
os.makedirs(os.path.dirname(storage_state), exist_ok=True)
|
||||
state_dir = os.path.dirname(storage_state)
|
||||
if state_dir:
|
||||
os.makedirs(state_dir, mode=0o700, exist_ok=True)
|
||||
try:
|
||||
os.chmod(state_dir, 0o700)
|
||||
except Exception:
|
||||
pass
|
||||
self._context.storage_state(path=storage_state)
|
||||
try:
|
||||
os.chmod(storage_state, 0o600)
|
||||
except Exception:
|
||||
pass
|
||||
except Exception as e:
|
||||
logger.warning(f"[KDocs] 保存登录态失败: {e}")
|
||||
|
||||
|
||||
@@ -538,9 +538,8 @@ def take_screenshot_for_account(
|
||||
# 标记账号正在截图(防止重复提交截图任务)
|
||||
account.is_running = True
|
||||
|
||||
|
||||
user_info = database.get_user_by_id(user_id)
|
||||
username_prefix = user_info["username"] if user_info else f"user{user_id}"
|
||||
username_prefix = f"u{int(user_id)}"
|
||||
|
||||
def screenshot_task(
|
||||
browser_instance, user_id, account_id, account, browse_type, source, task_start_time, browse_result
|
||||
|
||||
Reference in New Issue
Block a user