diff --git a/internal/core/api.go b/internal/core/api.go index 2c2835ab..d90456ab 100644 --- a/internal/core/api.go +++ b/internal/core/api.go @@ -278,9 +278,9 @@ func newAPI( group := router.Group("/", a.mwLog) group.GET("/v1/config/get", a.onConfigGet) group.POST("/v1/config/set", a.onConfigSet) - group.POST("/v1/config/paths/add/:name", a.onConfigPathsAdd) - group.POST("/v1/config/paths/edit/:name", a.onConfigPathsEdit) - group.POST("/v1/config/paths/remove/:name", a.onConfigPathsDelete) + group.POST("/v1/config/paths/add/*name", a.onConfigPathsAdd) + group.POST("/v1/config/paths/edit/*name", a.onConfigPathsEdit) + group.POST("/v1/config/paths/remove/*name", a.onConfigPathsDelete) group.GET("/v1/paths/list", a.onPathsList) group.GET("/v1/rtspsessions/list", a.onRTSPSessionsList) group.POST("/v1/rtspsessions/kick/:id", a.onRTSPSessionsKick) @@ -383,14 +383,19 @@ func (a *api) onConfigSet(ctx *gin.Context) { } func (a *api) onConfigPathsAdd(ctx *gin.Context) { + name := ctx.Param("name") + if len(name) < 2 || name[0] != '/' { + ctx.AbortWithStatus(http.StatusBadRequest) + return + } + name = name[1:] + in, err := loadConfPathData(ctx) if err != nil { ctx.AbortWithStatus(http.StatusBadRequest) return } - name := ctx.Param("name") - a.mutex.Lock() defer a.mutex.Unlock() @@ -422,14 +427,19 @@ func (a *api) onConfigPathsAdd(ctx *gin.Context) { } func (a *api) onConfigPathsEdit(ctx *gin.Context) { + name := ctx.Param("name") + if len(name) < 2 || name[0] != '/' { + ctx.AbortWithStatus(http.StatusBadRequest) + return + } + name = name[1:] + in, err := loadConfPathData(ctx) if err != nil { ctx.AbortWithStatus(http.StatusBadRequest) return } - name := ctx.Param("name") - a.mutex.Lock() defer a.mutex.Unlock() @@ -461,6 +471,11 @@ func (a *api) onConfigPathsEdit(ctx *gin.Context) { func (a *api) onConfigPathsDelete(ctx *gin.Context) { name := ctx.Param("name") + if len(name) < 2 || name[0] != '/' { + ctx.AbortWithStatus(http.StatusBadRequest) + return + } + name = name[1:] a.mutex.Lock() defer a.mutex.Unlock() diff --git a/internal/core/api_test.go b/internal/core/api_test.go index be78d319..a0ebe223 100644 --- a/internal/core/api_test.go +++ b/internal/core/api_test.go @@ -87,7 +87,7 @@ func TestAPIConfigPathsAdd(t *testing.T) { require.Equal(t, true, ok) defer p.close() - err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/mypath", map[string]interface{}{ + err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/my/path", map[string]interface{}{ "source": "rtsp://127.0.0.1:9999/mypath", "sourceOnDemand": true, }, nil) @@ -97,7 +97,7 @@ func TestAPIConfigPathsAdd(t *testing.T) { err = httpRequest(http.MethodGet, "http://localhost:9997/v1/config/get", nil, &out) require.NoError(t, err) require.Equal(t, "rtsp://127.0.0.1:9999/mypath", - out["paths"].(map[string]interface{})["mypath"].(map[string]interface{})["source"]) + out["paths"].(map[string]interface{})["my/path"].(map[string]interface{})["source"]) } func TestAPIConfigPathsEdit(t *testing.T) { @@ -105,13 +105,13 @@ func TestAPIConfigPathsEdit(t *testing.T) { require.Equal(t, true, ok) defer p.close() - err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/mypath", map[string]interface{}{ + err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/my/path", map[string]interface{}{ "source": "rtsp://127.0.0.1:9999/mypath", "sourceOnDemand": true, }, nil) require.NoError(t, err) - err = httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/edit/mypath", map[string]interface{}{ + err = httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/edit/my/path", map[string]interface{}{ "source": "rtsp://127.0.0.1:9998/mypath", "sourceOnDemand": true, }, nil) @@ -124,7 +124,7 @@ func TestAPIConfigPathsEdit(t *testing.T) { } err = httpRequest(http.MethodGet, "http://localhost:9997/v1/config/get", nil, &out) require.NoError(t, err) - require.Equal(t, "rtsp://127.0.0.1:9998/mypath", out.Paths["mypath"].Source) + require.Equal(t, "rtsp://127.0.0.1:9998/mypath", out.Paths["my/path"].Source) } func TestAPIConfigPathsRemove(t *testing.T) { @@ -132,13 +132,13 @@ func TestAPIConfigPathsRemove(t *testing.T) { require.Equal(t, true, ok) defer p.close() - err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/mypath", map[string]interface{}{ + err := httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/add/my/path", map[string]interface{}{ "source": "rtsp://127.0.0.1:9999/mypath", "sourceOnDemand": true, }, nil) require.NoError(t, err) - err = httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/remove/mypath", nil, nil) + err = httpRequest(http.MethodPost, "http://localhost:9997/v1/config/paths/remove/my/path", nil, nil) require.NoError(t, err) var out struct { @@ -146,7 +146,7 @@ func TestAPIConfigPathsRemove(t *testing.T) { } err = httpRequest(http.MethodGet, "http://localhost:9997/v1/config/get", nil, &out) require.NoError(t, err) - _, ok = out.Paths["mypath"] + _, ok = out.Paths["my/path"] require.Equal(t, false, ok) }