From d3a32e2f8a961eb51ce16d6e1bba725881d75847 Mon Sep 17 00:00:00 2001
From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com>
Date: Tue, 21 Nov 2023 10:01:57 +0700
Subject: [PATCH] refactor: prevent user from create folder with illegal chars

---
 .../src/controllers/cabinetController.ts      |  8 ++++---
 .../src/controllers/drawerController.ts       |  8 ++++---
 .../src/controllers/folderController.ts       | 22 ++++++++++++-------
 .../src/controllers/subFolderController.ts    | 22 ++++++++++++-------
 4 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/Prototype/server/src/controllers/cabinetController.ts b/Prototype/server/src/controllers/cabinetController.ts
index 7e64364..e7e7102 100644
--- a/Prototype/server/src/controllers/cabinetController.ts
+++ b/Prototype/server/src/controllers/cabinetController.ts
@@ -17,7 +17,7 @@ import minioClient from "../storage";
 
 import { EhrFolder } from "../interfaces/ehr-fs";
 import HttpStatusCode from "../interfaces/http-status";
-import { listFolder } from "../utils/minio";
+import { listFolder, replaceIllegalChars } from "../utils/minio";
 
 @Route("cabinet")
 export class CabinetController extends Controller {
@@ -37,7 +37,7 @@ export class CabinetController extends Controller {
     @Body() body: { name: string },
   ) {
     const uploaded = await minioClient
-      .putObject("ehr", `${body.name}/.keep`, "", 0, {
+      .putObject("ehr", `${replaceIllegalChars(body.name)}/.keep`, "", 0, {
         createdAt: new Date().toISOString(),
         createdBy: request.user.preferred_username,
       })
@@ -62,7 +62,9 @@ export class CabinetController extends Controller {
       stream.on("data", (v) => {
         if (!(v && v.name)) return;
 
-        const destination = `${body.name}/${v.name.slice(cabinetName.length + 1)}`;
+        const destination = `${replaceIllegalChars(body.name)}/${v.name.slice(
+          cabinetName.length + 1,
+        )}`;
         const source = `/ehr/${v.name}`;
         const cond = new Minio.CopyConditions();
 
diff --git a/Prototype/server/src/controllers/drawerController.ts b/Prototype/server/src/controllers/drawerController.ts
index 4bf9002..6fe5d21 100644
--- a/Prototype/server/src/controllers/drawerController.ts
+++ b/Prototype/server/src/controllers/drawerController.ts
@@ -17,7 +17,7 @@ import minioClient from "../storage";
 
 import HttpStatusCode from "../interfaces/http-status";
 import HttpError from "../interfaces/http-error";
-import { listFolder, pathExist } from "../utils/minio";
+import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
 
 @Route("/cabinet/{cabinetName}/drawer")
 export class DrawerController extends Controller {
@@ -42,7 +42,7 @@ export class DrawerController extends Controller {
     }
 
     const uploaded = await minioClient
-      .putObject("ehr", `${cabinetName}/${body.name}/.keep`, "", 0, {
+      .putObject("ehr", `${cabinetName}/${replaceIllegalChars(body.name)}/.keep`, "", 0, {
         createdAt: new Date().toISOString(),
         createdBy: request.user.preferred_username,
       })
@@ -76,7 +76,9 @@ export class DrawerController extends Controller {
       stream.on("data", (v) => {
         if (!(v && v.name)) return;
 
-        const destination = `${cabinetName}/${body.name}/${v.name.slice(fullpath.length)}`;
+        const destination = `${cabinetName}/${replaceIllegalChars(body.name)}/${v.name.slice(
+          fullpath.length,
+        )}`;
         const source = `/ehr/${v.name}`;
         const cond = new Minio.CopyConditions();
 
diff --git a/Prototype/server/src/controllers/folderController.ts b/Prototype/server/src/controllers/folderController.ts
index d7e4a47..5c7c35d 100644
--- a/Prototype/server/src/controllers/folderController.ts
+++ b/Prototype/server/src/controllers/folderController.ts
@@ -17,7 +17,7 @@ import * as Minio from "minio";
 
 import HttpError from "../interfaces/http-error";
 import HttpStatusCode from "../interfaces/http-status";
-import { listFolder, pathExist } from "../utils/minio";
+import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
 import { EhrFolder } from "../interfaces/ehr-fs";
 import minioClient from "../storage";
 
@@ -54,10 +54,16 @@ export class FolderController extends Controller {
     }
 
     const uploaded = await minioClient
-      .putObject("ehr", `${cabinetName}/${drawerName}/${body.name}/.keep`, "", 0, {
-        createdAt: new Date().toISOString(),
-        createdBy: request.user.preferred_username,
-      })
+      .putObject(
+        "ehr",
+        `${cabinetName}/${drawerName}/${replaceIllegalChars(body.name)}/.keep`,
+        "",
+        0,
+        {
+          createdAt: new Date().toISOString(),
+          createdBy: request.user.preferred_username,
+        },
+      )
       .catch((e) => console.error(e));
 
     if (!uploaded) {
@@ -92,9 +98,9 @@ export class FolderController extends Controller {
       stream.on("data", (v) => {
         if (!(v && v.name)) return;
 
-        const destination = `${cabinetName}/${drawerName}/${body.name}/${v.name.slice(
-          fullpath.length,
-        )}`;
+        const destination = `${cabinetName}/${drawerName}/${replaceIllegalChars(
+          body.name,
+        )}/${v.name.slice(fullpath.length)}`;
         const source = `/ehr/${v.name}`;
         const cond = new Minio.CopyConditions();
 
diff --git a/Prototype/server/src/controllers/subFolderController.ts b/Prototype/server/src/controllers/subFolderController.ts
index f72a2d4..abf6192 100644
--- a/Prototype/server/src/controllers/subFolderController.ts
+++ b/Prototype/server/src/controllers/subFolderController.ts
@@ -17,7 +17,7 @@ import * as Minio from "minio";
 
 import HttpError from "../interfaces/http-error";
 import HttpStatusCode from "../interfaces/http-status";
-import { listFolder, pathExist } from "../utils/minio";
+import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
 import { EhrFolder } from "../interfaces/ehr-fs";
 import minioClient from "../storage";
 
@@ -59,10 +59,16 @@ export class SubFolderController extends Controller {
     }
 
     const uploaded = await minioClient
-      .putObject("ehr", `${cabinetName}/${drawerName}/${folderName}/${body.name}/.keep`, "", 0, {
-        createdAt: new Date().toISOString(),
-        createdBy: request.user.preferred_username,
-      })
+      .putObject(
+        "ehr",
+        `${cabinetName}/${drawerName}/${folderName}/${replaceIllegalChars(body.name)}/.keep`,
+        "",
+        0,
+        {
+          createdAt: new Date().toISOString(),
+          createdBy: request.user.preferred_username,
+        },
+      )
       .catch((e) => console.error(e));
 
     if (!uploaded) {
@@ -98,9 +104,9 @@ export class SubFolderController extends Controller {
       stream.on("data", (v) => {
         if (!(v && v.name)) return;
 
-        const destination = `${cabinetName}/${drawerName}/${folderName}/${body.name}/${v.name.slice(
-          fullpath.length,
-        )}`;
+        const destination = `${cabinetName}/${drawerName}/${folderName}/${replaceIllegalChars(
+          body.name,
+        )}/${v.name.slice(fullpath.length)}`;
         const source = `/ehr/${v.name}`;
         const cond = new Minio.CopyConditions();