1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
package idec
import (
"errors"
"io"
"os"
"path/filepath"
"strings"
"gitrepo.ru/neonxp/idecnode/pkg/model"
)
var ErrFileNotAllowed = errors.New("file not allowed")
func (i *IDEC) FilesList(pauth string) ([]model.File, error) {
fileDirs := i.allowedDirs(pauth)
res := []model.File{}
for _, dir := range fileDirs {
files, err := filepath.Glob(dir + "/*")
if err != nil {
return nil, err
}
for _, f := range files {
fi, err := os.Stat(f)
if err != nil {
return nil, err
}
res = append(res, model.File{
Name: fi.Name(),
Size: fi.Size(),
FullName: strings.TrimPrefix(f, i.config.FilesDirectory),
})
}
}
return res, nil
}
func (i *IDEC) GetFile(pauth string, path string, w io.Writer) error {
file := filepath.Clean(filepath.Join(i.config.FilesDirectory, path))
allowed := false
allowedDirs := i.allowedDirs(pauth)
for _, dir := range allowedDirs {
if filepath.HasPrefix(file, dir) {
allowed = true
}
}
if !allowed {
return ErrFileNotAllowed
}
fp, err := os.Open(file)
if err != nil {
return err
}
defer fp.Close()
_, err = io.Copy(w, fp)
return err
}
func (i *IDEC) allowedDirs(pauth string) []string {
fileDirs := []string{
filepath.Join(i.config.FilesDirectory, "pub"),
}
if pauth != "" {
if _, err := i.GetPointByAuth(pauth); err == nil {
fileDirs = append(fileDirs, filepath.Join(i.config.FilesDirectory, "priv"))
}
}
return fileDirs
}
|
