Add max-depth constrain. Fix issue #4.

eyebluecn · Jan 16, 2018 · 042bc6c · 042bc6c
1 parent 452c48c
commit 042bc6c
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 22 deletions.
diff --git a/rest/config.go b/rest/config.go
@@ -152,7 +152,7 @@ func PrepareConfigs() {
 	filePath := GetConfPath() + "/tank.json"
 	content, err := ioutil.ReadFile(filePath)
 	if err != nil {
-		LogWarning(fmt.Sprintf("无法找到配置文件：%s,%v", filePath, err))
+		LogWarning(fmt.Sprintf("无法找到配置文件，使用默认配置项：%s,%v", filePath, err))
 	} else {
 		// 用 json.Unmarshal
 		err := json.Unmarshal(content, CONFIG)

diff --git a/rest/matter_controller.go b/rest/matter_controller.go
@@ -65,18 +65,14 @@ func (this *MatterController) Detail(writer http.ResponseWriter, request *http.R
 		return this.Error("文件的uuid必填")
 	}
 
-	matter := this.matterDao.FindByUuid(uuid)
-
-	//组装file的内容，展示其父组件。
-	puuid := matter.Puuid
-	tmpMatter := matter
-	for puuid != "root" {
-		pFile := this.matterDao.FindByUuid(puuid)
-
-		tmpMatter.Parent = pFile
-		tmpMatter = pFile
-		puuid = pFile.Puuid
+	matter := this.matterService.Detail(uuid)
 
+	//验证当前之人是否有权限查看这么详细。
+	user := this.checkUser(writer, request)
+	if user.Role != USER_ROLE_ADMINISTRATOR {
+		if matter.UserUuid != user.Uuid {
+			panic("没有权限查看该文件")
+		}
 	}
 
 	return this.Success(matter)
@@ -89,10 +85,15 @@ func (this *MatterController) CreateDirectory(writer http.ResponseWriter, reques
 	puuid := request.FormValue("puuid")
 
 	name := request.FormValue("name")
+	name = strings.TrimSpace(name)
 	//验证参数。
 	if name == "" {
-		return this.Error("name参数必填")
+		return this.Error("name参数必填，并且不能全是空格")
+	}
+	if len(name) > 200 {
+		panic("name长度不能超过200")
 	}
+
 	if m, _ := regexp.MatchString(`[<>|*?/\\]`, name); m {
 		return this.Error(`名称中不能包含以下特殊符号：< > | * ? / \`)
 	}
@@ -104,9 +105,27 @@ func (this *MatterController) CreateDirectory(writer http.ResponseWriter, reques
 	}
 	user = this.userDao.CheckByUuid(userUuid)
 
-	if puuid != "" && puuid != "root" {
-		//找出上一级的文件夹。
-		this.matterDao.FindByUuidAndUserUuid(puuid, user.Uuid)
+	if puuid == "" {
+		panic("puuid必填")
+	}
+	if puuid != "root" {
+		//验证目标文件夹存在。
+		this.matterDao.CheckByUuidAndUserUuid(puuid, user.Uuid)
+
+		//获取上级的详情
+		pMatter := this.matterService.Detail(puuid)
+
+		//文件夹最多只能有32层。
+		count := 1
+		tmpMatter := pMatter
+		for tmpMatter != nil {
+			count++
+			tmpMatter = tmpMatter.Parent
+		}
+		if count >= 32 {
+			panic("文件夹最多32层")
+		}
+
 	}
 
 	//判断同级文件夹中是否有同名的文件。
@@ -224,7 +243,7 @@ func (this *MatterController) Upload(writer http.ResponseWriter, request *http.R
 		} else {
 			if puuid != "root" {
 				//找出上一级的文件夹。
-				this.matterDao.FindByUuidAndUserUuid(puuid, userUuid)
+				this.matterDao.CheckByUuidAndUserUuid(puuid, userUuid)
 
 			}
 		}
@@ -420,7 +439,6 @@ func (this *MatterController) Move(writer http.ResponseWriter, request *http.Req
 			return this.Error("【" + srcMatter.Name + "】在目标文件夹已经存在了，操作失败。")
 		}
 
-
 		//判断和目标文件夹是否是同一个主人。
 		if destUuid != "root" {
 			if srcMatter.UserUuid != destMatter.UserUuid {

diff --git a/rest/matter_dao.go b/rest/matter_dao.go
@@ -68,8 +68,8 @@ func (this *MatterDao) FindByUserUuidAndPuuidAndNameAndDirTrue(userUuid string,
 	return matter
 }
 
-//按照id和userUuid来查找。
-func (this *MatterDao) FindByUuidAndUserUuid(uuid string, userUuid string) *Matter {
+//按照id和userUuid来查找。找不到抛异常。
+func (this *MatterDao) CheckByUuidAndUserUuid(uuid string, userUuid string) *Matter {
 
 	// Read
 	var matter = &Matter{}

diff --git a/rest/matter_service.go b/rest/matter_service.go
@@ -50,8 +50,17 @@ func (this *MatterService) GetDirUuid(userUuid string, dir string) string {
 	//递归找寻文件的上级目录uuid.
 	folders := strings.Split(dir, "/")
 
+	if len(folders) > 32 {
+		panic("文件夹最多32层。")
+	}
+
 	puuid := "root"
 	for k, name := range folders {
+
+		if len(name) > 200 {
+			panic("每级文件夹的最大长度为200")
+		}
+
 		if k == 0 {
 			continue
 		}
@@ -75,10 +84,33 @@ func (this *MatterService) GetDirUuid(userUuid string, dir string) string {
 	return puuid
 }
 
+//获取某个文件的详情，会把父级依次倒着装进去。如果中途出错，直接抛出异常。
+func (this *MatterService) Detail(uuid string) *Matter {
+
+	matter := this.matterDao.CheckByUuid(uuid)
+
+	//组装file的内容，展示其父组件。
+	puuid := matter.Puuid
+	tmpMatter := matter
+	for puuid != "root" {
+		pFile := this.matterDao.CheckByUuid(puuid)
+		tmpMatter.Parent = pFile
+		tmpMatter = pFile
+		puuid = pFile.Puuid
+	}
+
+	return matter
+}
+
 //开始上传文件
 //上传文件. alien表明文件是否是应用使用的文件。
 func (this *MatterService) Upload(file multipart.File, user *User, puuid string, filename string, privacy bool, alien bool) *Matter {
 
+	//文件名不能太长。
+	if len(filename) > 200 {
+		panic("文件名不能超过200")
+	}
+
 	//获取文件应该存放在的物理路径的绝对路径和相对路径。
 	absolutePath, relativePath := GetUserFilePath(user.Username)
 	absolutePath = absolutePath + "/" + filename

diff --git a/rest/router.go b/rest/router.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"os"
 	"strings"
-
 )
 
 //用于处理所有前来的请求
@@ -117,7 +116,7 @@ func (this *Router) ServeHTTP(writer http.ResponseWriter, request *http.Request)
 			filePath = dir + "/index.html"
 			exists, _ = PathExists(filePath)
 			if !exists {
-				panic("404 not found")
+				panic(fmt.Sprintf("404 not found:%s", requestURI))
 			}
 		}