Skip to content

Commit

Permalink
fix(secure): fix upload file secure problem #1
Browse files Browse the repository at this point in the history
  • Loading branch information
@maslow
maslow committed Aug 19, 2021
1 parent c168c9e commit 02caa37
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 18 deletions.
22 changes: 15 additions & 7 deletions packages/app-server/src/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,18 @@ export default class Config {
}

/**
* the file system driver: 'local', 'gridfs'
* the file system driver: 'localfs', 'gridfs'
*/
static get FILE_SYSTEM_DRIVER(): string {
return process.env['FILE_SYSTEM_DRIVER'] ?? 'gridfs'
static get FILE_SYSTEM_DRIVER(): 'gridfs' | 'localfs' {
return process.env['FILE_SYSTEM_DRIVER'] as any ?? 'gridfs'
}

/**
* if enable the unauthorized upload operation in `public` bucket: 'on' | 'off'.
* default is 'on'
*/
static get FILE_SYSTEM_ENABLE_UNAUTHORIZED_UPLOAD(): 'on' | 'off' {
return process.env['FILE_SYSTEM_ENABLE_UNAUTHORIZED_UPLOAD'] as any ?? 'on'
}

/**
Expand All @@ -72,8 +80,8 @@ export default class Config {
/**
* the logger level : 'fatal', 'error', 'warning', 'info', 'debug', 'trace'
*/
static get LOG_LEVEL(): string {
return process.env['LOG_LEVEL'] ?? (this.isProd ? 'info' : 'debug')
static get LOG_LEVEL(): 'fatal' | 'error' | 'warning' | 'info' | 'debug' | 'trace' {
return process.env['LOG_LEVEL'] as any ?? (this.isProd ? 'info' : 'debug')
}

/**
Expand All @@ -89,8 +97,8 @@ export default class Config {
* - `debug` means that only logging for debug invokes
* - `never` no logging any case
*/
static get ENABLE_CLOUD_FUNCTION_LOG(): string {
return (process.env.ENABLE_CLOUD_FUNCTION_LOG ?? 'always')
static get ENABLE_CLOUD_FUNCTION_LOG(): 'always' | 'debug' | 'never' {
return (process.env.ENABLE_CLOUD_FUNCTION_LOG as any ?? 'always')
}

/**
Expand Down
19 changes: 8 additions & 11 deletions packages/devops-admin/src/views/database/files.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,7 @@
</el-table-column>
<el-table-column label="类型" align="center">
<template slot-scope="{row}">
<span v-if="row.contentType">{{ row.contentType }}</span>
<span v-else>-</span>
<span>{{ getContentType(row) }}</span>
</template>
</el-table-column>
<el-table-column label="更新时间" width="180" align="center">
Expand Down Expand Up @@ -209,8 +208,7 @@ export default {
getFileUrl(file) {
assert(file && file.filename, 'invalid file or filename')
const base_url = process.env.VUE_APP_BASE_API_APP + '/file'
const bucket = this.bucket
const file_url = `${base_url}/${bucket}/${file.filename}`
const file_url = `${base_url}/${this.bucket}/${file.filename}`
if (this.bucket === 'public') {
return file_url
}
Expand All @@ -221,21 +219,20 @@ export default {
getUploadUrl() {
assert(this.bucket, 'empty bucket name got')
const base_url = process.env.VUE_APP_BASE_API_APP + '/file'
const bucket = this.bucket
const file_url = `${base_url}/upload/${bucket}`
if (this.bucket === 'public') {
return file_url
}
const file_url = `${base_url}/upload/${this.bucket}`
const token = getFileToken()
return file_url + `?token=${token}`
},
getContentType(row) {
return row?.metadata?.contentType ?? row?.contentType ?? 'unknown'
},
// 判断是否为图片类型
isImage(row) {
return row?.contentType?.startsWith('image/')
return this.getContentType(row)?.startsWith('image/')
},
// 判断是否为视频类型
isVideo(row) {
return row?.contentType?.startsWith('video/')
return this.getContentType(row).startsWith('video/')
},
// 获取文件显示大小
getFileSize(file) {
Expand Down

0 comments on commit 02caa37

Please sign in to comment.