From 3181c076b25421fc10c21145d31e60007d6e5d0f Mon Sep 17 00:00:00 2001 From: Elliot Chen Date: Tue, 2 Jan 2024 20:57:55 +0800 Subject: [PATCH] feat: add {uuid} in path template when using local storage or S3 (#2696) Add {uuid} in path template when using local storage or S3 Add an addition tag `{uuid}` to the `replacePathTemplate`. It is a workaround to leak the public links of a resource when using S3-based object storage. Currently, all resource blobs stored in S3 (R2, OSS) are set to be public. It is insecure as the resources for the private memos are also accessible on the Internet. Using an additional {uuid} might reduce this risk. Meanwhile, it is also possible to avoid filename conflict --- api/v1/resource.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/v1/resource.go b/api/v1/resource.go index f8935d1b..4297819c 100644 --- a/api/v1/resource.go +++ b/api/v1/resource.go @@ -354,6 +354,8 @@ func replacePathTemplate(path, filename string) string { return fmt.Sprintf("%02d", t.Minute()) case "{second}": return fmt.Sprintf("%02d", t.Second()) + case "{uuid}": + return util.GenUUID() } return s })