diff --git a/app/build.gradle.kts b/app/build.gradle.kts index c0072e7..a8a5efd 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -16,8 +16,8 @@ android { applicationId = "com.donut.mixfile" minSdk = 26 targetSdk = 35 - versionCode = 127 - versionName = "1.16.9" + versionCode = 128 + versionName = "1.16.10" testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner" vectorDrawables { diff --git a/app/src/main/java/com/donut/mixfile/server/core/aes/AES.kt b/app/src/main/java/com/donut/mixfile/server/core/aes/AES.kt index 3ed6489..ea89e42 100644 --- a/app/src/main/java/com/donut/mixfile/server/core/aes/AES.kt +++ b/app/src/main/java/com/donut/mixfile/server/core/aes/AES.kt @@ -56,7 +56,8 @@ suspend fun decryptAES( var size = 0 withContext(Dispatchers.IO) { while (!data.isClosedForRead) { - if (size >= limit) { + // +12字节ghash 大小,iv已读取 + if (size >= limit + 12) { throw Exception("分片文件过大") } val buffer = data.readRemaining(1024 * 64).readByteArray() diff --git a/app/src/main/java/com/donut/mixfile/server/core/objects/MixShareInfo.kt b/app/src/main/java/com/donut/mixfile/server/core/objects/MixShareInfo.kt index 3e65c90..bbc0c69 100644 --- a/app/src/main/java/com/donut/mixfile/server/core/objects/MixShareInfo.kt +++ b/app/src/main/java/com/donut/mixfile/server/core/objects/MixShareInfo.kt @@ -106,12 +106,13 @@ data class MixShareInfo( } }.execute { val contentLength = it.contentLength() ?: 0 - if (contentLength > (limit + headSize + 192)) { + // iv + ghash 各96位,12字节,共24字节 + if (contentLength > (limit + headSize + 24)) { throw Exception("分片文件过大") } val channel = it.bodyAsChannel() channel.discard(headSize.toLong()) - decryptAES(channel, ENCODER.decode(key), limit + 96) + decryptAES(channel, ENCODER.decode(key), limit) } val hash = Url(url).fragment.trim() if (hash.isNotEmpty()) { @@ -136,8 +137,8 @@ data class MixShareInfo( fun contentType() = fileName.parseFileMimeType() - suspend fun fetchMixFile(client: HttpClient): MixFile { - val decryptedBytes = fetchFile(url, client = client) + suspend fun fetchMixFile(client: HttpClient, referer: String = this.referer): MixFile { + val decryptedBytes = fetchFile(url, client = client, referer = referer) return MixFile.fromBytes(decryptedBytes) } diff --git a/app/src/main/java/com/donut/mixfile/server/core/routes/api/DownloadRoute.kt b/app/src/main/java/com/donut/mixfile/server/core/routes/api/DownloadRoute.kt index 305b6d1..2572df0 100644 --- a/app/src/main/java/com/donut/mixfile/server/core/routes/api/DownloadRoute.kt +++ b/app/src/main/java/com/donut/mixfile/server/core/routes/api/DownloadRoute.kt @@ -47,8 +47,13 @@ fun MixFileServer.getDownloadRoute(): RoutingHandler { suspend fun MixFileServer.respondMixFile(call: ApplicationCall, shareInfo: MixShareInfo) { val param = call.parameters + + val referer = param["referer"].ifNullOrBlank { shareInfo.referer } + + val name = param["name"].ifNullOrBlank { shareInfo.fileName } + val mixFile = try { - shareInfo.fetchMixFile(httpClient) + shareInfo.fetchMixFile(httpClient, referer) } catch (e: Exception) { call.respondText( "解析文件索引失败: ${e.stackTraceToString()}", @@ -57,10 +62,6 @@ suspend fun MixFileServer.respondMixFile(call: ApplicationCall, shareInfo: MixSh return } - val referer = param["referer"].ifNullOrBlank { shareInfo.referer } - - val name = param["name"].ifNullOrBlank { shareInfo.fileName } - var contentLength = shareInfo.fileSize val range: LongRange? = call.request.ranges()?.mergeToSingle(contentLength) call.response.apply {