No auth can download file

[su7th]

Please make sure of the following things

• I have read the documentation.
• I'm sure there are no duplicate issues or discussions.
• I'm sure it's due to alist and not something else(such as Dependencies or Operational).
• I'm sure I'm using the latest version

Alist Version / Alist 版本

v3.14.0

Driver used / 使用的存储驱动

阿里云盘OPEN

Describe the bug / 问题描述

Alist在知道文件路径的情况下无需认证即可下载文件，即使当前访客账户已关闭，即使目标文件在访客账户基本路径之外，你只需调用下载接口http://example.com/d加上文件的路径，这可能存在安全隐患；

Alist can download files without authentication when knowing the file path. Even if the current guest account is closed, even if the target file is outside the basic path of the guest account, you only need to call the download interface http://example.com/d add the path of the file, This may pose a safety hazard.

For example: https://fanscloud.net:5443/d/Adrive/DCIM/Wallpaper/0e3a8fee3823941f6748799025889b3f_3840x2160.jpg

Reproduction / 复现链接

.

Logs / 日志

No response

[github-actions]

See

1. 50% Quark upload some file failed. #3076

[anwen-anyi]

请打开签名全部

---

Please open and sign all

[su7th]

ok, i see, tks~