Merge remote-tracking branch 'origin/feat/1.4.5/file' into test

apache · Jan 13, 2025 · dae16c6 · dae16c6
2 parents dd4b3e8 + a5d826c
commit dae16c6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/internal/base/middleware/visit_img_auth.go b/internal/base/middleware/visit_img_auth.go
@@ -20,15 +20,21 @@
 package middleware
 
 import (
-	"github.com/apache/answer/internal/base/constant"
-	"github.com/gin-gonic/gin"
 	"net/http"
+	"os"
 	"strings"
+
+	"github.com/apache/answer/internal/base/constant"
+	"github.com/gin-gonic/gin"
 )
 
 // VisitAuth when user visit the site image, check visit token. This only for private mode.
 func (am *AuthUserMiddleware) VisitAuth() gin.HandlerFunc {
 	return func(ctx *gin.Context) {
+		if len(os.Getenv("SKIP_FILE_ACCESS_VERIFY")) > 0 {
+			ctx.Next()
+			return
+		}
 		// If visit brand image, no need to check visit token. Because the brand image is public.
 		if strings.HasPrefix(ctx.Request.URL.Path, "/uploads/branding/") {
 			ctx.Next()

diff --git a/internal/controller/user_controller.go b/internal/controller/user_controller.go
@@ -726,5 +726,5 @@ func (uc *UserController) setVisitCookies(ctx *gin.Context, visitToken string, f
 		return
 	}
 	ctx.SetCookie(constant.UserVisitCookiesCacheKey,
-		visitToken, constant.UserVisitCacheTime, "/", parsedURL.Host, true, true)
+		visitToken, constant.UserVisitCacheTime, "/", parsedURL.Hostname(), true, true)
 }