Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2025-12-12 15:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added more regex

Browse Source
This commit is contained in:
stratic-dev
2024-03-15 18:43:33 +00:00
parent 12b3dd1be3
commit 62a2fe9f73
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/signv2server/endpoints.go
View File

@@ -14,6 +14,7 @@ import (
"net/http"
"os"
"path/filepath"
"regexp"
"strings"
"time"
@@ -297,9 +298,15 @@ func (s *Server) ExportSave(w http.ResponseWriter, r *http.Request) {
func (s *Server) ScreenShotGet(w http.ResponseWriter, r *http.Request) {
// Get the 'id' parameter from the URL
vars := mux.Vars(r)
id := vars["id"]
token := vars["id"]
var tokenPattern = regexp.MustCompile(`[A-Za-z0-9]+`)
if !tokenPattern.MatchString(token) || token == "" {
http.Error(w, "Not Valid Token", http.StatusBadRequest)
}
// Open the image file
path := filepath.Join(s.erupeConfig.Screenshots.OutputDir, fmt.Sprintf("%s.jpg", id))
path := filepath.Join(s.erupeConfig.Screenshots.OutputDir, fmt.Sprintf("%s.jpg", token))
file, err := os.Open(path)
if err != nil {
http.Error(w, "Image not found", http.StatusNotFound)
@@ -335,9 +342,11 @@ func (s *Server) ScreenShot(w http.ResponseWriter, r *http.Request) {
if err != nil {
result = Result{Code: "400"}
}
var tokenPattern = regexp.MustCompile(`[A-Za-z0-9]+`)
token := r.FormValue("token")
if token == "" {
result = Result{Code: "400"}
if !tokenPattern.MatchString(token) || token == "" {
result = Result{Code: "401"}
}
// Validate file

2
server/signv2server/signv2_server.go
View File

@@ -53,7 +53,7 @@ func (s *Server) Start() error {
r.HandleFunc("/character/delete", s.DeleteCharacter)
r.HandleFunc("/character/export", s.ExportSave)
r.HandleFunc("/api/ss/bbs/upload.php", s.ScreenShot)
r.HandleFunc("/api/ss/bbs/{id:[A-Za-z0-9]+}", s.ScreenShotGet)
r.HandleFunc("/api/ss/bbs/{id}", s.ScreenShotGet)
handler := handlers.CORS(handlers.AllowedHeaders([]string{"Content-Type"}))(r)
s.httpServer.Handler = handlers.LoggingHandler(os.Stdout, handler)
s.httpServer.Addr = fmt.Sprintf(":%d", s.erupeConfig.SignV2.Port)