From efc0f49b66375edcd780c6f106eda3655134545d Mon Sep 17 00:00:00 2001
From: CrescentLeaf <crescentleaf@noreply.codeberg.org>
Date: Thu, 25 Sep 2025 14:19:45 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=96=87=E4=BB=B6=E6=AC=8A=E9=99=90?=
 =?UTF-8?q?=E6=AA=A2=E9=A9=97=20*=20=E5=9F=BA=E6=96=BC=E8=AE=80=E5=8F=96?=
 =?UTF-8?q?=20Cookie=20=E4=B8=AD=E7=9A=84=E9=A9=97=E8=AD=89=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF=20*=20=E5=9B=A0=E7=82=BA=20ServiceWorker=20=E9=9C=80?=
 =?UTF-8?q?=E8=A6=81=E5=AE=89=E5=85=A8=E7=9A=84=E4=B8=8A=E4=B8=8B=E6=96=87?=
 =?UTF-8?q?,=20=E8=80=8C=E6=88=91=E6=83=B3=E8=A6=81=E5=88=B0=E8=99=95?=
 =?UTF-8?q?=E5=8F=AF=E7=94=A8,=20=E5=9B=A0=E6=AD=A4=E6=9A=AB=E6=99=82?=
 =?UTF-8?q?=E6=8A=98=E4=B8=AD=E4=BD=BF=E7=94=A8=E9=80=99=E5=80=8B=E8=BE=A6?=
 =?UTF-8?q?=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/api/FileTokenManager.ts | 59 ----------------------------------
 server/main.ts                 | 25 +++++++++++---
 2 files changed, 21 insertions(+), 63 deletions(-)
 delete mode 100644 server/api/FileTokenManager.ts

diff --git a/server/api/FileTokenManager.ts b/server/api/FileTokenManager.ts
deleted file mode 100644
index a781617..0000000
--- a/server/api/FileTokenManager.ts
+++ /dev/null
@@ -1,59 +0,0 @@
-import { Buffer } from "node:buffer"
-import config from "../config.ts"
-import User from "../data/User.ts"
-import crypto from 'node:crypto'
-import Token from "./Token.ts"
-
-function normalizeKey(key: string, keyLength = 32) {
-    const hash = crypto.createHash('sha256')
-    hash.update(key)
-    const keyBuffer = hash.digest()
-    return keyLength ? keyBuffer.slice(0, keyLength) : keyBuffer
-}
-
-export default class FileTokenManager {
-    static makeAuth(user: User) {
-        return crypto.createHash("sha256").update(user.bean.id + user.getPassword() + config.salt + '_file').digest().toString('hex')
-    }
-    static encode(token: Token) {
-        return crypto.createCipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update(
-            JSON.stringify(token)
-        ).toString('hex')
-    }
-    static decode(token: string) {
-        if (token == null) throw new Error('令牌為空!')
-        try {
-            return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update(
-                Buffer.from(token, 'hex')
-            ).toString()) as Token
-        } catch(e) {
-            throw new Error('令牌無效!')
-        }
-    }
-
-    /**
-     * 簽發文件令牌
-     */
-    static make(user: User, device_id: string) {
-        const time = Date.now()
-        return this.encode({
-            author: user.bean.id,
-            auth: this.makeAuth(user),
-            made_time: time,
-            // 過期時間: 2分鐘
-            expired_time: time + (1 * 1000 * 60 * 2),
-            device_id: device_id
-        })
-    }
-    /**
-     * 校驗文件令牌
-     */
-    static check(user: User, token: string) {
-        const tk = this.decode(token)
-
-        return (
-            this.makeAuth(user) == tk.auth
-            && tk.expired_time < Date.now()
-        )
-    }
-}
diff --git a/server/main.ts b/server/main.ts
index abebb4a..b67775c 100644
--- a/server/main.ts
+++ b/server/main.ts
@@ -11,21 +11,38 @@ import process from "node:process"
 import chalk from "chalk"
 import child_process from "node:child_process"
 import FileManager from "./data/FileManager.ts"
+import TokenManager from "./api/TokenManager.ts"
+import UserChatLinker from "./data/UserChatLinker.ts"
 import path from "node:path"
+import cookieParser from 'cookie-parser'
 
 const app = express()
 app.use('/', express.static(config.data_path + '/page_compiled'))
+app.use(cookieParser())
 app.get('/uploaded_files/:hash', (req, res) => {
     const hash = req.params.hash as string
+    res.setHeader('Content-Type', 'text/plain')
     if (hash == null) {
-        res.sendStatus(404)
-        res.send("404 Not Found")
+        res.send("404 Not Found", 404)
         return
     }
     const file = FileManager.findByHash(hash)
+    
+    if (file.getChatId() != null) {
+        const userToken = TokenManager.decode(req.cookies.token)
+        console.log(userToken, req.cookies.device_id)
+        if (!TokenManager.checkToken(userToken, req.cookies.device_id)) {
+            res.send("401 UnAuthorized", 401)
+            return
+        }
+        if (!UserChatLinker.checkUserIsLinkedToChat(userToken.author, file.getChatId())) {
+            res.send("403 Forbidden", 403)
+            return
+        }
+    }
+    
     if (file == null) {
-        res.sendStatus(404)
-        res.send("404 Not Found")
+        res.send("404 Not Found", 404)
         return
     }