|
|
|
|
@ -2,6 +2,7 @@ package v1
@@ -2,6 +2,7 @@ package v1
|
|
|
|
|
|
|
|
|
|
import ( |
|
|
|
|
"io/ioutil" |
|
|
|
|
"path/filepath" |
|
|
|
|
"net/http" |
|
|
|
|
"strings" |
|
|
|
|
|
|
|
|
|
@ -18,7 +19,20 @@ import (
@@ -18,7 +19,20 @@ import (
|
|
|
|
|
func GetFile(c *gin.Context) { |
|
|
|
|
fileName := c.Param("fileName") |
|
|
|
|
log.Logger.Info(fileName) |
|
|
|
|
data, _ := ioutil.ReadFile(config.GetConfig().StaticPath.FilePath + fileName) |
|
|
|
|
|
|
|
|
|
// Prevent path traversal by extracting only the base filename
|
|
|
|
|
fileName = filepath.Base(fileName) |
|
|
|
|
if fileName == "." || fileName == "/" { |
|
|
|
|
c.JSON(http.StatusBadRequest, response.FailMsg("invalid file name")) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
filePath := filepath.Join(config.GetConfig().StaticPath.FilePath, fileName) |
|
|
|
|
data, err := ioutil.ReadFile(filePath) |
|
|
|
|
if err != nil { |
|
|
|
|
c.JSON(http.StatusNotFound, response.FailMsg("file not found")) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
c.Writer.Write(data) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
KONENET
2 weeks ago
committed by
GitHub