Updata:修改文件夹路径保护逻辑
This commit is contained in:
jiaji.H
parent
1548e2e66a
commit
1b798eeb93
@ -4,7 +4,6 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"fonchain-fiee/api/files"
|
"fonchain-fiee/api/files"
|
||||||
"fonchain-fiee/pkg/service"
|
"fonchain-fiee/pkg/service"
|
||||||
"fonchain-fiee/pkg/service/bundle/common"
|
"fonchain-fiee/pkg/service/bundle/common"
|
||||||
@ -102,13 +101,68 @@ func Create(ctx *gin.Context) {
|
|||||||
service.Success(ctx, resp)
|
service.Success(ctx, resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 文件夹路径保护函数
|
||||||
|
func isProtectedVideoPath(path string) bool {
|
||||||
|
path = strings.TrimSuffix(path, "/")
|
||||||
|
if path == "/fiee" || path == "/fiee/video" || path == "/fiee/video/old" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
parts := strings.Split(strings.Trim(path, "/"), "/")
|
||||||
|
if len(parts) < 3 || parts[0] != "fiee" || parts[1] != "video" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
// /fiee/video/<year> — 任意年
|
||||||
|
if len(parts) == 3 {
|
||||||
|
year, err := strconv.Atoi(parts[2])
|
||||||
|
return err == nil && year >= 1000 && year <= 9999
|
||||||
|
}
|
||||||
|
// /fiee/video/<year>/<year>-<month> — 任意月
|
||||||
|
if len(parts) == 4 {
|
||||||
|
year, errYear := strconv.Atoi(parts[2])
|
||||||
|
if errYear != nil || year < 1000 || year > 9999 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
monthPart := parts[3]
|
||||||
|
idx := strings.Index(monthPart, "-")
|
||||||
|
if idx <= 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
y, _ := strconv.Atoi(monthPart[:idx])
|
||||||
|
m, _ := strconv.Atoi(monthPart[idx+1:])
|
||||||
|
return y == year && m >= 1 && m <= 12
|
||||||
|
}
|
||||||
|
// /fiee/video/<year>/<year>-<month>/<year>-<month>-<day> — 任意日
|
||||||
|
if len(parts) == 5 {
|
||||||
|
year, errYear := strconv.Atoi(parts[2])
|
||||||
|
if errYear != nil || year < 1000 || year > 9999 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
monthPart := parts[3]
|
||||||
|
idx := strings.Index(monthPart, "-")
|
||||||
|
if idx <= 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
y, _ := strconv.Atoi(monthPart[:idx])
|
||||||
|
m, _ := strconv.Atoi(monthPart[idx+1:])
|
||||||
|
if y != year || m < 1 || m > 12 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
dayPart := parts[4] // <year>-<month>-<day>
|
||||||
|
daySegs := strings.Split(dayPart, "-")
|
||||||
|
if len(daySegs) != 3 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
dy, _ := strconv.Atoi(daySegs[0])
|
||||||
|
dm, _ := strconv.Atoi(daySegs[1])
|
||||||
|
dd, errDay := strconv.Atoi(daySegs[2])
|
||||||
|
return errDay == nil && dy == year && dm == m && dd >= 1 && dd <= 31
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func Delete(ctx *gin.Context) {
|
func Delete(ctx *gin.Context) {
|
||||||
path := ctx.DefaultQuery("path", "/")
|
path := ctx.DefaultQuery("path", "/")
|
||||||
nowYear := time.Now().Year()
|
if isProtectedVideoPath(path) {
|
||||||
nowMonth := time.Now().Month()
|
|
||||||
nowYearPath := fmt.Sprintf("/fiee/video/%d", nowYear)
|
|
||||||
nowMonthPath := fmt.Sprintf("/fiee/video/%d/%d-%d", nowYear, nowYear, nowMonth)
|
|
||||||
if path == nowYearPath || path == nowMonthPath || path == "/fiee" || path == "/fiee/video" || path == "/fiee/video/old" {
|
|
||||||
service.Error(ctx, errors.New("无法删除该目录"))
|
service.Error(ctx, errors.New("无法删除该目录"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user