YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: some fields of profile leaked without auth (#2408)

Browse Source 
* fix some fields of profile leaked without auth

* protect driver and dsn of profile
This commit is contained in:
Athurg Gooth
2023-10-20 17:41:21 +08:00
committed by GitHub
parent 1b105db958
commit fd5d51ee54
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/v1/system.go
View File

@ -72,7 +72,10 @@ func (s *APIV1Service) GetSystemStatus(c echo.Context) error {
ctx := c.Request().Context() ctx := c.Request().Context()
systemStatus := SystemStatus{ systemStatus := SystemStatus{
Profile: *s.Profile, Profile: profile.Profile{
Mode: s.Profile.Mode,
Version: s.Profile.Version,
},
// Allow sign up by default. // Allow sign up by default.
AllowSignUp: true, AllowSignUp: true,
MaxUploadSizeMiB: 32, MaxUploadSizeMiB: 32,

4
server/profile/profile.go
View File

@ -24,10 +24,10 @@ type Profile struct {
// Data is the data directory // Data is the data directory
Data string `json:"-"` Data string `json:"-"`
// DSN points to where memos stores its own data // DSN points to where memos stores its own data
DSN string `json:"dsn"` DSN string `json:"-"`
// Driver is the database driver // Driver is the database driver
// sqlite, mysql // sqlite, mysql
Driver string `json:"driver"` Driver string `json:"-"`
// Version is the current version of server // Version is the current version of server
Version string `json:"version"` Version string `json:"version"`
} }