Gallardo7761/miarma-backend
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: password checking condition on private pastes

Browse Source 
change: password is now sent via http headers
This commit is contained in:
Jose
2026-03-16 01:22:39 +01:00
parent 3573f862eb
commit 66fb19fa0b
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/pom.xml
View File

@@ -83,7 +83,7 @@
<dependency> <dependency>
<groupId>net.miarma</groupId> <groupId>net.miarma</groupId>
<artifactId>backlib</artifactId> <artifactId>backlib</artifactId>
<version>1.1.0</version> <version>1.1.1</version>
</dependency> </dependency>
</dependencies> </dependencies>

2
mpaste/src/main/java/net/miarma/backend/mpaste/controller/PasteController.java
View File

@@ -38,7 +38,7 @@ public class PasteController {
@GetMapping("/{paste_key}") @GetMapping("/{paste_key}")
public ResponseEntity<PasteDto.Response> getByKey( public ResponseEntity<PasteDto.Response> getByKey(
@PathVariable("paste_key") String pasteKey, @PathVariable("paste_key") String pasteKey,
@RequestParam(value = "password", required = false) String password @RequestHeader(value = "X-Paste-Password", required = false) String password
) { ) {
return ResponseEntity.ok( return ResponseEntity.ok(
PasteMapper.toResponse(pasteService.getByKey(pasteKey, password)) PasteMapper.toResponse(pasteService.getByKey(pasteKey, password))

8
mpaste/src/main/java/net/miarma/backend/mpaste/service/PasteService.java
View File

@@ -46,7 +46,7 @@ public class PasteService {
.orElseThrow(() -> new NotFoundException("Paste not found")); .orElseThrow(() -> new NotFoundException("Paste not found"));
if(Boolean.TRUE.equals(paste.isPrivate())) { if(Boolean.TRUE.equals(paste.isPrivate())) {
if(password == null || passwordEncoder.matches(password, paste.getPassword())) { if(password == null || !passwordEncoder.matches(password, paste.getPassword())) {
throw new ForbiddenException("Incorrect password"); throw new ForbiddenException("Incorrect password");
} }
} }
@@ -63,6 +63,12 @@ public class PasteService {
public Paste create(Paste paste) { public Paste create(Paste paste) {
PasteValidator.validate(paste); PasteValidator.validate(paste);
if (Boolean.TRUE.equals(paste.isPrivate()) && paste.getPassword() != null) {
String encodedPassword = passwordEncoder.encode(paste.getPassword());
paste.setPassword(encodedPassword);
}
paste.setPasteId(UUID.randomUUID()); paste.setPasteId(UUID.randomUUID());
paste.setPasteKey(PasteKeyGenerator.generate(6)); paste.setPasteKey(PasteKeyGenerator.generate(6));
return pasteRepository.save(paste); return pasteRepository.save(paste);