#244 增加验证 规则及访问权限

app/admin/controller/api/Update.php

@@ -17,6 +17,7 @@ namespace app\admin\controller\api;
 
 use think\admin\Controller;
 use think\admin\service\ModuleService;
+use think\admin\service\SystemService;
 
 /**
  * 安装服务端支持
@@ -26,6 +27,16 @@ use think\admin\service\ModuleService;
 class Update extends Controller
 {
 
+    /**
+     * 访问环境拦截
+     */
+    protected function initialize()
+    {
+        if (!SystemService::instance()->checkRunMode('dev')) {
+            $this->error('只允许访问本地或官方代码！');
+        }
+    }
+
     /**
      * 读取文件内容
      */

vendor/composer/installed.json

@@ -958,17 +958,17 @@
     },
     {
         "name": "zoujingli/think-library",
-        "version": "v6.0.3",
+        "version": "v6.0.4",
-        "version_normalized": "6.0.3.0",
+        "version_normalized": "6.0.4.0",
         "source": {
             "type": "git",
             "url": "https://github.com/zoujingli/ThinkLibrary.git",
-            "reference": "77e7a89a681854da202aa5afa4170279ac6c44c4"
+            "reference": "90513f6dd77469528657c1a14c0d69e2eaea80a1"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/zoujingli/ThinkLibrary/zipball/77e7a89a681854da202aa5afa4170279ac6c44c4",
+            "url": "https://api.github.com/repos/zoujingli/ThinkLibrary/zipball/90513f6dd77469528657c1a14c0d69e2eaea80a1",
-            "reference": "77e7a89a681854da202aa5afa4170279ac6c44c4",
+            "reference": "90513f6dd77469528657c1a14c0d69e2eaea80a1",
             "shasum": "",
             "mirrors": [
                 {
@@ -985,7 +985,7 @@
             "ext-mbstring": "*",
             "topthink/framework": "^6.0"
         },
-        "time": "2020-09-02T03:41:53+00:00",
+        "time": "2020-09-04T04:22:19+00:00",
         "type": "library",
         "extra": {
             "think": {

vendor/services.php

@@ -1,5 +1,5 @@
 <?php 
-// This file is automatically generated at:2020-09-03 10:27:17
+// This file is automatically generated at:2020-09-04 12:46:23
 declare (strict_types = 1);
 return array (
   0 => 'think\\admin\\Library',

vendor/zoujingli/think-library/src/Library.php

@@ -41,7 +41,7 @@ class Library extends Service
     /**
      * 扩展库版本号
      */
-    const VERSION = '6.0.3';
+    const VERSION = '6.0.4';
 
     /**
      * 启动服务

vendor/zoujingli/think-library/src/service/ModuleService.php

@@ -190,10 +190,18 @@ class ModuleService extends Service
      */
     public function checkAllowDownload(string $name): bool
     {
+        // 禁止目录级别上跳
+        if (stripos($name, '../') !== false) {
+            return false;
+        }
         // 禁止下载数据库配置文件
         if (stripos($name, 'database.php') !== false) {
             return false;
         }
+        // 禁止非官方演示项目下载
+        if (stripos($this->app->request->domain(), 'thinkadmin.top') === false) {
+            return false;
+        }
         // 检查允许下载的文件规则
         foreach ($this->_getAllowDownloadRule() as $rule) {
             if (stripos($name, $rule) !== false) return true;

vendor/zoujingli/think-library/src/service/NodeService.php

@@ -60,10 +60,10 @@ class NodeService extends Service
     {
         if (empty($node)) return $this->getCurrent();
         if (count($attrs = explode('/', $node)) === 1) {
-            return $this->getCurrent('controller') . '/' . $node;
+            return $this->getCurrent('controller') . '/' . strtolower($node);
         } else {
             $attrs[1] = $this->nameTolower($attrs[1]);
-            return join('/', $attrs);
+            return strtolower(join('/', $attrs));
         }
     }