Updata:修改文件夹路径保护逻辑

2026-02-26 09:53:22 +08:00 · 2026-02-26 09:53:22 +08:00 · 1b798eeb93
commit 1b798eeb93
parent 1548e2e66a
1 changed files with 60 additions and 6 deletions
--- a/pkg/service/file/file.go
+++ b/pkg/service/file/file.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"context"
 	"errors"
-	"fmt"
 	"fonchain-fiee/api/files"
 	"fonchain-fiee/pkg/service"
 	"fonchain-fiee/pkg/service/bundle/common"
@ -102,13 +101,68 @@ func Create(ctx *gin.Context) {
 	service.Success(ctx, resp)
 }

+// 文件夹路径保护函数
+func isProtectedVideoPath(path string) bool {
+	path = strings.TrimSuffix(path, "/")
+	if path == "/fiee" || path == "/fiee/video" || path == "/fiee/video/old" {
+		return true
+	}
+	parts := strings.Split(strings.Trim(path, "/"), "/")
+	if len(parts) < 3 || parts[0] != "fiee" || parts[1] != "video" {
+		return false
+	}
+	// /fiee/video/<year> — 任意年
+	if len(parts) == 3 {
+		year, err := strconv.Atoi(parts[2])
+		return err == nil && year >= 1000 && year <= 9999
+	}
+	// /fiee/video/<year>/<year>-<month> — 任意月
+	if len(parts) == 4 {
+		year, errYear := strconv.Atoi(parts[2])
+		if errYear != nil || year < 1000 || year > 9999 {
+			return false
+		}
+		monthPart := parts[3]
+		idx := strings.Index(monthPart, "-")
+		if idx <= 0 {
+			return false
+		}
+		y, _ := strconv.Atoi(monthPart[:idx])
+		m, _ := strconv.Atoi(monthPart[idx+1:])
+		return y == year && m >= 1 && m <= 12
+	}
+	// /fiee/video/<year>/<year>-<month>/<year>-<month>-<day> — 任意日
+	if len(parts) == 5 {
+		year, errYear := strconv.Atoi(parts[2])
+		if errYear != nil || year < 1000 || year > 9999 {
+			return false
+		}
+		monthPart := parts[3]
+		idx := strings.Index(monthPart, "-")
+		if idx <= 0 {
+			return false
+		}
+		y, _ := strconv.Atoi(monthPart[:idx])
+		m, _ := strconv.Atoi(monthPart[idx+1:])
+		if y != year || m < 1 || m > 12 {
+			return false
+		}
+		dayPart := parts[4] // <year>-<month>-<day>
+		daySegs := strings.Split(dayPart, "-")
+		if len(daySegs) != 3 {
+			return false
+		}
+		dy, _ := strconv.Atoi(daySegs[0])
+		dm, _ := strconv.Atoi(daySegs[1])
+		dd, errDay := strconv.Atoi(daySegs[2])
+		return errDay == nil && dy == year && dm == m && dd >= 1 && dd <= 31
+	}
+	return false
+}
+
 func Delete(ctx *gin.Context) {
 	path := ctx.DefaultQuery("path", "/")
-	nowYear := time.Now().Year()
-	nowMonth := time.Now().Month()
-	nowYearPath := fmt.Sprintf("/fiee/video/%d", nowYear)
-	nowMonthPath := fmt.Sprintf("/fiee/video/%d/%d-%d", nowYear, nowYear, nowMonth)
-	if path == nowYearPath || path == nowMonthPath || path == "/fiee" || path == "/fiee/video" || path == "/fiee/video/old" {
+	if isProtectedVideoPath(path) {
 		service.Error(ctx, errors.New("无法删除该目录"))
 		return
 	}