From 98c535a12c0395567b4862e1fc5864aa1b1cc7b4 Mon Sep 17 00:00:00 2001
From: ssongliu <73214554+ssongliu@users.noreply.github.com>
Date: Thu, 6 Feb 2025 18:15:06 +0800
Subject: [PATCH] fix: improve the backend verification for security entry
 settings (#7810)

Refs #7657
---
 backend/app/api/v1/setting.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/backend/app/api/v1/setting.go b/backend/app/api/v1/setting.go
index 4c4aa0c46..54959749a 100644
--- a/backend/app/api/v1/setting.go
+++ b/backend/app/api/v1/setting.go
@@ -3,8 +3,10 @@ package v1
 import (
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"os"
 	"path"
+	"regexp"
 
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
@@ -53,6 +55,12 @@ func (b *BaseApi) UpdateSetting(c *gin.Context) {
 	if err := helper.CheckBindAndValidate(&req, c); err != nil {
 		return
 	}
+	if req.Key == "SecurityEntrance" {
+		if checkEntrancePattern(req.Value) {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, fmt.Errorf("regexp match string with %s failed", req.Value))
+			return
+		}
+	}
 
 	if err := settingService.Update(req.Key, req.Value); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
@@ -391,3 +399,11 @@ func (b *BaseApi) UpdateApiConfig(c *gin.Context) {
 	}
 	helper.SuccessWithData(c, nil)
 }
+
+func checkEntrancePattern(val string) bool {
+	if len(val) == 0 {
+		return true
+	}
+	result, _ := regexp.MatchString("^[a-zA-Z0-9]{5,116}$", val)
+	return result
+}