lywsvip/OpenList
1
0
Fork 0
mirror of https://github.com/OpenListTeam/OpenList.git synced 2026-05-06 23:31:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): add missing return after error responses (#2150)

Browse Source 
In BeginAuthnRegistration (webauthn.go), missing return statements after
error responses caused the function to continue executing with a nil
authnInstance, potentially leading to a nil pointer panic.

In OIDCLoginCallback and SSOLoginCallback (ssologin.go), missing return
statements after GenerateToken/autoRegister errors caused the handler to
send a second response, resulting in a superfluous response write.

In SetThunderBrowser (offline_download.go), the default case of the
storage type switch sent an error response but did not return, causing
SaveSettingItems and tool initialization to continue executing even when
driver type validation failed.
This commit is contained in:
Jealous
2026-03-16 07:22:55 -07:00
committed by GitHub
parent f3428e65bc
commit 9a2ba1dabe
3 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/handles/offline_download.go
View File

@@ -448,6 +448,7 @@ func SetThunderBrowser(c *gin.Context) {
case *thunder_browser.ThunderBrowser, *thunder_browser.ThunderBrowserExpert:
default:
common.ErrorStrResp(c, "unsupported storage driver for offline download, only ThunderBrowser is supported", 400)
return
}
}
items := []model.SettingItem{

3
server/handles/ssologin.go
View File

@@ -256,11 +256,13 @@ func OIDCLoginCallback(c *gin.Context) {
user, err = autoRegister(userID, userID, err)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
}
token, err := common.GenerateToken(user)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
if useCompatibility {
c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)
@@ -427,6 +429,7 @@ func SSOLoginCallback(c *gin.Context) {
token, err := common.GenerateToken(user)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
if usecompatibility {
c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)

3
server/handles/webauthn.go
View File

@@ -130,17 +130,20 @@ func BeginAuthnRegistration(c *gin.Context) {
authnInstance, err := authn.NewAuthnInstance(c)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
options, sessionData, err := authnInstance.BeginRegistration(user)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
val, err := json.Marshal(sessionData)
if err != nil {
common.ErrorResp(c, err, 400)
return
}
common.SuccessResp(c, gin.H{