From 235d4776ebf4f91208e5e69a73768aa1e4203ec7 Mon Sep 17 00:00:00 2001 From: Rivery <9858560+xigongdaEricyang@users.noreply.github.com> Date: Tue, 15 Oct 2024 11:12:43 +0800 Subject: [PATCH] fix: add ext check in upload files (#803) * fix: add ext check in upload files * feat: change put method to post for unsecuring http method * feat: change put method to post for unsecuring http method --- app/config/service.ts | 2 +- server/api/studio/internal/service/file.go | 8 +++++++- server/api/studio/pkg/ecode/codes.go | 1 + server/api/studio/restapi/file.api | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/app/config/service.ts b/app/config/service.ts index e685c4ba..0f6dd009 100644 --- a/app/config/service.ts +++ b/app/config/service.ts @@ -62,7 +62,7 @@ const service = { return post('/api/files/update')(params, config); }, uploadFiles: (params?, config?) => { - return put('/api/files')(params, { ...config, headers: { 'Content-Type': 'multipart/form-data' } }); + return post('/api/files')(params, { ...config, headers: { 'Content-Type': 'multipart/form-data' } }); }, initSketch: (params, config?) => { return post(`/api/sketches/sketch`)(params, config); diff --git a/server/api/studio/internal/service/file.go b/server/api/studio/internal/service/file.go index 04346134..5dd303d4 100644 --- a/server/api/studio/internal/service/file.go +++ b/server/api/studio/internal/service/file.go @@ -204,10 +204,15 @@ func (f *fileService) FileUpload() error { return ecode.WithErrorMessage(ecode.ErrInternalServer, err, "upload failed") } for _, file := range files { + // 检查文件后缀 + ext := strings.ToLower(filepath.Ext(file.Filename)) + if ext != ".txt" && ext != ".csv" { + return ecode.WithErrorMessage(ecode.ErrInvalidParameter, fmt.Errorf("unsupported file type: %s", ext), "Only .txt and .csv files are supported") + } if file.Size == 0 || file.Header.Get("Content-Type") != "text/csv" { continue } - //csv file charset check for importer + charSet, err := checkCharset(file) if err != nil { logx.Infof("upload file error, check charset fail:%v", err) @@ -216,6 +221,7 @@ func (f *fileService) FileUpload() error { if charSet == "UTF-8" { continue } + path := filepath.Join(dir, file.Filename) if err = changeFileCharset2UTF8(path, charSet); err != nil { logx.Infof("upload file error:%v", err) diff --git a/server/api/studio/pkg/ecode/codes.go b/server/api/studio/pkg/ecode/codes.go index 6d51c4d4..256bd105 100644 --- a/server/api/studio/pkg/ecode/codes.go +++ b/server/api/studio/pkg/ecode/codes.go @@ -17,6 +17,7 @@ var ( ErrUnauthorized = newErrCode(CCUnauthorized, PlatformCode, 0, "ErrUnauthorized") // 40104000 ErrSession = newErrCode(CCUnauthorized, PlatformCode, 1, "ErrSession") // 40104001 ErrForbidden = newErrCode(CCForbidden, PlatformCode, 0, "ErrForbidden") // 40304000 + ErrInvalidParameter = newErrCode(CCForbidden, PlatformCode, 1, "ErrInvalidParameter") // 40304001 ErrNotFound = newErrCode(CCNotFound, PlatformCode, 0, "ErrNotFound") // 40404000 ErrInternalServer = newErrCode(CCInternalServer, PlatformCode, 0, "ErrInternalServer") // 50004000 ErrInternalDatabase = newErrCode(CCInternalServer, PlatformCode, 1, "ErrInternalDatabase") // 50004001 diff --git a/server/api/studio/restapi/file.api b/server/api/studio/restapi/file.api index 52c49393..3b8dc65f 100644 --- a/server/api/studio/restapi/file.api +++ b/server/api/studio/restapi/file.api @@ -30,7 +30,7 @@ type ( service studio-api { @doc "Upload File" @handler FileUpload - put /api/files + post /api/files @doc "delete file" @handler FileDestroy delete /api/files(FileDestroyRequest)