fix: improve the backend verification for security entry settings (#7810)

Refs #7657
2025-02-08 01:20:07 +08:00 · 2025-02-06 18:15:06 +08:00 · 2025-02-06 18:15:06 +08:00 · 98c535a12c
commit 98c535a12c
parent ec46518936
1 changed files with 16 additions and 0 deletions
--- a/backend/app/api/v1/setting.go
+++ b/backend/app/api/v1/setting.go
@ -3,8 +3,10 @@ package v1
 import (
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"os"
 	"path"
+	"regexp"

 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
@ -53,6 +55,12 @@ func (b *BaseApi) UpdateSetting(c *gin.Context) {
 	if err := helper.CheckBindAndValidate(&req, c); err != nil {
 		return
 	}
+	if req.Key == "SecurityEntrance" {
+		if checkEntrancePattern(req.Value) {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, fmt.Errorf("regexp match string with %s failed", req.Value))
+			return
+		}
+	}

 	if err := settingService.Update(req.Key, req.Value); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
@ -391,3 +399,11 @@ func (b *BaseApi) UpdateApiConfig(c *gin.Context) {
 	}
 	helper.SuccessWithData(c, nil)
 }
+
+func checkEntrancePattern(val string) bool {
+	if len(val) == 0 {
+		return true
+	}
+	result, _ := regexp.MatchString("^[a-zA-Z0-9]{5,116}$", val)
+	return result
+}