forked from mirror/MCSM-Daemon
新增 依靠任务令牌的下载文件功能
This commit is contained in:
Suwings
parent
c8e269b3fc
commit
86f7e93565
2
.gitignore
vendored
2
.gitignore
vendored
@ -21,7 +21,7 @@ McserverConfig.json
|
||||
core/*.json
|
||||
public/common/URL.js
|
||||
property.js
|
||||
|
||||
test.txt
|
||||
#vscode
|
||||
*.code-workspace
|
||||
|
||||
|
||||
@ -1,31 +1,52 @@
|
||||
/*
|
||||
* @Author: Copyright 2021 Suwings
|
||||
* @Date: 2021-07-14 16:13:18
|
||||
* @LastEditTime: 2021-07-14 17:30:21
|
||||
* @LastEditTime: 2021-07-15 17:37:52
|
||||
* @Description:
|
||||
*/
|
||||
import Router from "@koa/router";
|
||||
import fs from "fs-extra";
|
||||
import path from "path";
|
||||
import { missionPassport } from "../service/mission_passport";
|
||||
import InstanceSubsystem from "../service/system_instance";
|
||||
import FileManager from "../service/system_file";
|
||||
|
||||
const router = new Router();
|
||||
|
||||
// 定义 HTTP 首页展示路由
|
||||
router.all("/", async (ctx) => {
|
||||
ctx.body = "Copyright(c) 2021 MCSManager | Status: OK.";
|
||||
ctx.body = "MCSManager Deamon: Copyright(c) 2021 Suwings | Status: OK.";
|
||||
ctx.status = 200;
|
||||
});
|
||||
|
||||
// 文件下载路由
|
||||
router.get("/download/:id/:name", async (ctx) => {
|
||||
router.get("/download/:key", async (ctx) => {
|
||||
try {
|
||||
const target = "D:/文件上传/test.zip";
|
||||
const key = ctx.params.key;
|
||||
// 从任务中心取任务
|
||||
const mission = missionPassport.getMission(key, "download");
|
||||
if (!mission) return ctx.body = "No task, Access denied | 无下载任务,非法访问";
|
||||
const instance = InstanceSubsystem.getInstance(mission.parameter.instanceUuid);
|
||||
if (!instance) {
|
||||
missionPassport.deleteMission(key);
|
||||
return ctx.body = "Access denied | 实例不存在";
|
||||
}
|
||||
const cwd = instance.config.cwd;
|
||||
const target = path.join(cwd, mission.parameter.fileName);
|
||||
const ext = path.extname(target);
|
||||
// 检查文件跨目录安全隐患
|
||||
const fileManager = new FileManager(cwd);
|
||||
if (!fileManager.check(target)) {
|
||||
missionPassport.deleteMission(key);
|
||||
return ctx.body = "Access denied | 参数有攻击行为,已阻止";
|
||||
}
|
||||
// 开始给用户下载文件
|
||||
ctx.type = ext;
|
||||
console.log("正在下载:", ext);
|
||||
ctx.body = fs.createReadStream(target);
|
||||
ctx.body = fs.createReadStream(target)
|
||||
// 任务已执行,销毁护照
|
||||
missionPassport.deleteMission(key);
|
||||
} catch (error) {
|
||||
ctx.body = "ERROR";
|
||||
ctx.body = `下载出错: ${error.message}`;
|
||||
ctx.status = 500;
|
||||
}
|
||||
});
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* @Author: Copyright(c) 2020 Suwings
|
||||
* @Date: 2020-11-23 17:45:02
|
||||
* @LastEditTime: 2021-07-15 16:02:26
|
||||
* @LastEditTime: 2021-07-15 16:32:50
|
||||
* @Description: 身份认证控制器组
|
||||
* @Projcet: MCSManager Daemon
|
||||
* @License: MIT
|
||||
@ -12,7 +12,7 @@ import { missionPassport } from "../service/mission_passport";
|
||||
import * as protocol from "../service/protocol";
|
||||
|
||||
const ONE_HOUR_TIME = 3600000;
|
||||
const TASK_MAX_TIME = 4;
|
||||
const TASK_MAX_TIME = 1;
|
||||
|
||||
// 注册临时任务护照
|
||||
routerApp.on("passport/register", (ctx, data) => {
|
||||
|
||||
17
src/tools/filepath.ts
Normal file
17
src/tools/filepath.ts
Normal file
@ -0,0 +1,17 @@
|
||||
/*
|
||||
* @Author: Copyright(c) 2020 Suwings
|
||||
* @Date: 2021-07-15 16:55:07
|
||||
* @LastEditTime: 2021-07-15 16:57:17
|
||||
* @Description:
|
||||
* @Projcet: MCSManager Daemon
|
||||
* @License: MIT
|
||||
*/
|
||||
|
||||
|
||||
export function checkFileName(fileName: string) {
|
||||
const blackKeys = ["/", "\\", "|", "?", "*", ">", "<", ";", '"', "'"];
|
||||
for (const ch of blackKeys) {
|
||||
if (fileName.includes(ch)) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user