hrms-bangkok/hrms-edm
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

refactor: prevent user from create folder with illegal chars

Browse source
This commit is contained in:
Methapon2001 2023-11-21 10:01:57 +07:00
parent 6718b4a10b
commit d3a32e2f8a
No known key found for this signature in database
GPG key ID: 849924FEF46BD132
4 changed files with 38 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Prototype/server/src/controllers/cabinetController.ts
View file

@ -17,7 +17,7 @@ import minioClient from "../storage";
import { EhrFolder } from "../interfaces/ehr-fs";
import HttpStatusCode from "../interfaces/http-status";
import { listFolder } from "../utils/minio";
import { listFolder, replaceIllegalChars } from "../utils/minio";
@Route("cabinet")
export class CabinetController extends Controller {
@ -37,7 +37,7 @@ export class CabinetController extends Controller {
@Body() body: { name: string },
) {
const uploaded = await minioClient
.putObject("ehr", `${body.name}/.keep`, "", 0, {
.putObject("ehr", `${replaceIllegalChars(body.name)}/.keep`, "", 0, {
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
})
@ -62,7 +62,9 @@ export class CabinetController extends Controller {
stream.on("data", (v) => {
if (!(v && v.name)) return;
const destination = `${body.name}/${v.name.slice(cabinetName.length + 1)}`;
const destination = `${replaceIllegalChars(body.name)}/${v.name.slice(
cabinetName.length + 1,
)}`;
const source = `/ehr/${v.name}`;
const cond = new Minio.CopyConditions();

8
Prototype/server/src/controllers/drawerController.ts
View file

@ -17,7 +17,7 @@ import minioClient from "../storage";
import HttpStatusCode from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import { listFolder, pathExist } from "../utils/minio";
import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
@Route("/cabinet/{cabinetName}/drawer")
export class DrawerController extends Controller {
@ -42,7 +42,7 @@ export class DrawerController extends Controller {
}
const uploaded = await minioClient
.putObject("ehr", `${cabinetName}/${body.name}/.keep`, "", 0, {
.putObject("ehr", `${cabinetName}/${replaceIllegalChars(body.name)}/.keep`, "", 0, {
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
})
@ -76,7 +76,9 @@ export class DrawerController extends Controller {
stream.on("data", (v) => {
if (!(v && v.name)) return;
const destination = `${cabinetName}/${body.name}/${v.name.slice(fullpath.length)}`;
const destination = `${cabinetName}/${replaceIllegalChars(body.name)}/${v.name.slice(
fullpath.length,
)}`;
const source = `/ehr/${v.name}`;
const cond = new Minio.CopyConditions();

22
Prototype/server/src/controllers/folderController.ts
View file

@ -17,7 +17,7 @@ import * as Minio from "minio";
import HttpError from "../interfaces/http-error";
import HttpStatusCode from "../interfaces/http-status";
import { listFolder, pathExist } from "../utils/minio";
import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
import { EhrFolder } from "../interfaces/ehr-fs";
import minioClient from "../storage";
@ -54,10 +54,16 @@ export class FolderController extends Controller {
}
const uploaded = await minioClient
.putObject("ehr", `${cabinetName}/${drawerName}/${body.name}/.keep`, "", 0, {
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
})
.putObject(
"ehr",
`${cabinetName}/${drawerName}/${replaceIllegalChars(body.name)}/.keep`,
"",
0,
{
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
},
)
.catch((e) => console.error(e));
if (!uploaded) {
@ -92,9 +98,9 @@ export class FolderController extends Controller {
stream.on("data", (v) => {
if (!(v && v.name)) return;
const destination = `${cabinetName}/${drawerName}/${body.name}/${v.name.slice(
fullpath.length,
)}`;
const destination = `${cabinetName}/${drawerName}/${replaceIllegalChars(
body.name,
)}/${v.name.slice(fullpath.length)}`;
const source = `/ehr/${v.name}`;
const cond = new Minio.CopyConditions();

22
Prototype/server/src/controllers/subFolderController.ts
View file

@ -17,7 +17,7 @@ import * as Minio from "minio";
import HttpError from "../interfaces/http-error";
import HttpStatusCode from "../interfaces/http-status";
import { listFolder, pathExist } from "../utils/minio";
import { listFolder, pathExist, replaceIllegalChars } from "../utils/minio";
import { EhrFolder } from "../interfaces/ehr-fs";
import minioClient from "../storage";
@ -59,10 +59,16 @@ export class SubFolderController extends Controller {
}
const uploaded = await minioClient
.putObject("ehr", `${cabinetName}/${drawerName}/${folderName}/${body.name}/.keep`, "", 0, {
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
})
.putObject(
"ehr",
`${cabinetName}/${drawerName}/${folderName}/${replaceIllegalChars(body.name)}/.keep`,
"",
0,
{
createdAt: new Date().toISOString(),
createdBy: request.user.preferred_username,
},
)
.catch((e) => console.error(e));
if (!uploaded) {
@ -98,9 +104,9 @@ export class SubFolderController extends Controller {
stream.on("data", (v) => {
if (!(v && v.name)) return;
const destination = `${cabinetName}/${drawerName}/${folderName}/${body.name}/${v.name.slice(
fullpath.length,
)}`;
const destination = `${cabinetName}/${drawerName}/${folderName}/${replaceIllegalChars(
body.name,
)}/${v.name.slice(fullpath.length)}`;
const source = `/ehr/${v.name}`;
const cond = new Minio.CopyConditions();