judge: 绕过PERM_VIEW_PROBLEM_HIDDEN检查

packages/hydrojudge/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@hydrooj/hydrojudge",
     "bin": "bin/hydrojudge.js",
-    "version": "2.3.9",
+    "version": "2.3.10",
     "main": "package.json",
     "author": "undefined <i@undefined.moe>",
     "repository": "https://github.com/hydro-dev/Hydro.git",

packages/hydrojudge/src/hosts/hydro.ts

@@ -209,8 +209,8 @@ export default class Hydro {
             log.info(`Getting problem data: ${this.config.host}/${domainId}/${pid}`);
             if (next) next({ judge_text: '正在同步测试数据，请稍后' });
             await this.ensureLogin();
-            const res = await this.axios.post(`/d/${domainId}/p/${pid}/files`, {
-                operation: 'get_links',
+            const res = await this.axios.post(`/d/${domainId}/judge/files`, {
+                pid,
                 files: filenames,
             });
             for (const name in res.data.links) {

packages/hydrooj/package.json

@@ -1,6 +1,6 @@
 {
     "name": "hydrooj",
-    "version": "2.17.21",
+    "version": "2.17.22",
     "bin": "bin/hydrooj.js",
     "main": "dist/loader.js",
     "typings": "dist/loader.d.ts",

packages/hydrooj/src/handler/judge.ts

@@ -10,8 +10,9 @@ import * as domain from '../model/domain';
 import * as task from '../model/task';
 import * as bus from '../service/bus';
 import {
-    Route, Handler, Connection, ConnectionHandler,
+    Route, Handler, Connection, ConnectionHandler, post, Types,
 } from '../service/server';
+import storage from '../service/storage';
 
 const logger = new Logger('judge');
 
@@ -108,6 +109,23 @@ class JudgeHandler extends Handler {
     }
 }
 
+export class JudgeFilesDownloadHandler extends Handler {
+    @post('files', Types.Set)
+    @post('pid', Types.UnsignedInt)
+    async postGetLinks(domainId: string, files: Set<string>, pid: number) {
+        const pdoc = await problem.get(domainId, pid);
+        const links = {};
+        for (const file of files) {
+            // eslint-disable-next-line no-await-in-loop
+            links[file] = await storage.signDownloadLink(
+                `problem/${pdoc.domainId}/${pdoc.docId}/testdata/${file}`,
+                file, false, 'judge',
+            );
+        }
+        this.response.body.links = links;
+    }
+}
+
 class JudgeConnectionHandler extends ConnectionHandler {
     processing: any = null;
 
@@ -148,6 +166,7 @@ class JudgeConnectionHandler extends ConnectionHandler {
 
 export async function apply() {
     Route('judge', '/judge', JudgeHandler, builtin.PRIV.PRIV_JUDGE);
+    Route('judge_files_download', '/judge/files', JudgeFilesDownloadHandler, builtin.PRIV.PRIV_JUDGE);
     Connection('judge_conn', '/judge/conn', JudgeConnectionHandler, builtin.PRIV.PRIV_JUDGE);
 }
 

packages/hydrooj/src/handler/problem.ts

@@ -171,9 +171,7 @@ export class ProblemDetailHandler extends ProblemHandler {
         this.pdoc = await problem.get(domainId, pid, this.user._id);
         if (!this.pdoc) throw new ProblemNotFoundError(domainId, pid);
         if (this.pdoc.hidden && this.pdoc.owner !== this.user._id) {
-            if (!this.user.hasPriv(PRIV.PRIV_JUDGE)) {
-                this.checkPerm(PERM.PERM_VIEW_PROBLEM_HIDDEN);
-            }
+            this.checkPerm(PERM.PERM_VIEW_PROBLEM_HIDDEN);
         }
         await bus.serial('problem/get', this.pdoc, this);
         this.udoc = await user.getById(domainId, this.pdoc.owner);
@@ -403,9 +401,7 @@ export class ProblemFilesHandler extends ProblemDetailHandler {
     @param('testdata', Types.Boolean)
     @param('additional_file', Types.Boolean)
     async get(domainId: string, getTestdata = true, getAdditionalFile = true) {
-        const canReadData = this.user.hasPriv(PRIV.PRIV_JUDGE)
-            || this.user._id === this.pdoc.owner
-            || this.user.hasPerm(PERM.PERM_READ_PROBLEM_DATA);
+        const canReadData = this.user._id === this.pdoc.owner || this.user.hasPerm(PERM.PERM_READ_PROBLEM_DATA);
         this.response.body.testdata = (getTestdata && canReadData) ? this.pdoc.data : [];
         this.response.body.additional_file = (getAdditionalFile ? this.pdoc.additional_file : []);
         this.response.template = 'problem_files.html';
@@ -414,18 +410,15 @@ export class ProblemFilesHandler extends ProblemDetailHandler {
     @post('files', Types.Set)
     @post('type', Types.Range(['testdata', 'additional_file']), true)
     async postGetLinks(domainId: string, files: Set<string>, type = 'testdata') {
-        const isJudge = this.user.hasPriv(PRIV.PRIV_JUDGE);
-        if (type === 'testdata' && !isJudge) {
-            if (this.user._id !== this.pdoc.owner) {
-                this.checkPerm(PERM.PERM_READ_PROBLEM_DATA);
-            }
+        if (type === 'testdata' && this.user._id !== this.pdoc.owner) {
+            this.checkPerm(PERM.PERM_READ_PROBLEM_DATA);
         }
         const links = {};
         for (const file of files) {
             // eslint-disable-next-line no-await-in-loop
             links[file] = await storage.signDownloadLink(
                 `problem/${this.pdoc.domainId}/${this.pdoc.docId}/${type}/${file}`,
-                file, false, isJudge ? 'judge' : 'user',
+                file, false, 'user',
             );
         }
         this.response.body.links = links;