From 33bf27327ce38dc1f62d0148bd0d3976dba37e51 Mon Sep 17 00:00:00 2001 From: amuliang <982632988@qq.com> Date: Sat, 5 Aug 2023 09:09:19 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BB=A3=E7=A0=81=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E6=80=A7=EF=BC=8C=E9=98=B2=E6=AD=A2=E7=9B=AE=E5=BD=95?= =?UTF-8?q?=E7=A9=BF=E8=B6=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/model/StoreModel.js | 10 +++++++++- html/index.html | 11 ++++++----- start/start.sh | 4 ++++ 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/app/model/StoreModel.js b/app/model/StoreModel.js index 2612ad2..45ea59b 100644 --- a/app/model/StoreModel.js +++ b/app/model/StoreModel.js @@ -16,10 +16,11 @@ function mkdirsSync(dirname) { } function storeResource(path, url) { + path = handlePath(path); return new Promise((resolve, reject) => { mkdirsSync(_path.dirname(path)); const writeableStream = fs.createWriteStream(path); - request.get(url).pipe(writeableStream).on('close', () => { + request.get({ url: url, timeout: 10000 }).pipe(writeableStream).on('close', () => { resolve(true); }); }); @@ -30,6 +31,7 @@ async function storeMusic(path, url) { } function storeLrc(path, content) { + path = handlePath(path); return new Promise((resolve, reject) => { mkdirsSync(_path.dirname(path)); fs.writeFileSync(path, content, { overwrite: true }); @@ -45,6 +47,12 @@ function checkMusicExists(path) { return fs.existsSync(path); } +function handlePath(path) { + // 必须保存到downloads目录,过滤关键字符防止目录穿越 + if(path.indexOf('/downloads/') != 0) path = '/downloads/' + path; + return path.replace('..', '').replace(/\.+/g, '.').replace(/\/+/g, '/').replace(/\\+/g, '\\'); +} + module.exports = { storeMusic, storeLrc, diff --git a/html/index.html b/html/index.html index 45698c7..426da19 100644 --- a/html/index.html +++ b/html/index.html @@ -27,7 +27,7 @@