mirror of
https://github.com/KaySar12/NextZen-UserService.git
synced 2025-03-15 23:25:35 +07:00
Adding Absolute Path Determination
This commit is contained in:
parent
3f4558e23c
commit
2fdbdcf1ec
@ -659,16 +659,21 @@ func GetUserImage(c *gin.Context) {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INVALID_PARAMS, Message: common_err.GetMsg(common_err.INVALID_PARAMS)})
|
||||
return
|
||||
}
|
||||
if !file.Exists(filePath) {
|
||||
absFilePath, err := filepath.Abs(filepath.Clean(filePath))
|
||||
if err != nil {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INVALID_PARAMS, Message: common_err.GetMsg(common_err.INVALID_PARAMS)})
|
||||
return
|
||||
}
|
||||
if !file.Exists(absFilePath) {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.FILE_DOES_NOT_EXIST, Message: common_err.GetMsg(common_err.FILE_DOES_NOT_EXIST)})
|
||||
return
|
||||
}
|
||||
if !strings.Contains(filePath, config.AppInfo.UserDataPath) {
|
||||
if !strings.Contains(absFilePath, config.AppInfo.UserDataPath) {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
|
||||
return
|
||||
}
|
||||
|
||||
matched, err := regexp.MatchString(`^/var/lib/casaos/\d`, filePath)
|
||||
matched, err := regexp.MatchString(`^/var/lib/casaos/\d`, absFilePath)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
|
||||
return
|
||||
@ -678,14 +683,11 @@ func GetUserImage(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
fileTmp, _ := os.Open(filePath)
|
||||
defer fileTmp.Close()
|
||||
|
||||
fileName := path.Base(filePath)
|
||||
fileName := path.Base(absFilePath)
|
||||
|
||||
// @tiger - RESTful 规范下不应该返回文件本身内容,而是返回文件的静态URL,由前端去解析
|
||||
c.Header("Content-Disposition", "attachment; filename*=utf-8''"+url2.PathEscape(fileName))
|
||||
c.File(filePath)
|
||||
c.File(absFilePath)
|
||||
}
|
||||
|
||||
func DeleteUserImage(c *gin.Context) {
|
||||
|
Loading…
Reference in New Issue
Block a user