Gallardo7761/miarma-backend
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: password checking condition on private pastes

Browse Source 
change: password is now sent via http headers
This commit is contained in:
Jose
2026-03-16 01:22:39 +01:00
parent 3573f862eb
commit 66fb19fa0b
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mpaste/src/main/java/net/miarma/backend/mpaste/controller/PasteController.java
View File

@@ -38,7 +38,7 @@ public class PasteController {
@GetMapping("/{paste_key}")
public ResponseEntity<PasteDto.Response> getByKey(
@PathVariable("paste_key") String pasteKey,
@RequestParam(value = "password", required = false) String password
@RequestHeader(value = "X-Paste-Password", required = false) String password
) {
return ResponseEntity.ok(
PasteMapper.toResponse(pasteService.getByKey(pasteKey, password))

8
mpaste/src/main/java/net/miarma/backend/mpaste/service/PasteService.java
View File

@@ -46,7 +46,7 @@ public class PasteService {
.orElseThrow(() -> new NotFoundException("Paste not found"));
if(Boolean.TRUE.equals(paste.isPrivate())) {
if(password == null || passwordEncoder.matches(password, paste.getPassword())) {
if(password == null || !passwordEncoder.matches(password, paste.getPassword())) {
throw new ForbiddenException("Incorrect password");
}
}
@@ -63,6 +63,12 @@ public class PasteService {
public Paste create(Paste paste) {
PasteValidator.validate(paste);
if (Boolean.TRUE.equals(paste.isPrivate()) && paste.getPassword() != null) {
String encodedPassword = passwordEncoder.encode(paste.getPassword());
paste.setPassword(encodedPassword);
}
paste.setPasteId(UUID.randomUUID());
paste.setPasteKey(PasteKeyGenerator.generate(6));
return pasteRepository.save(paste);