This repository was archived by the owner on Nov 13, 2024. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +3
-0
lines changed
Expand file tree Collapse file tree 1 file changed +3
-0
lines changed Original file line number Diff line number Diff line change @@ -37,12 +37,14 @@ router.all("/", async (ctx) => {
3737// 文件下载路由
3838router . get ( "/download/:key/:fileName" , async ( ctx ) => {
3939 const key = ctx . params . key ;
40+ const paramsFileName = ctx . params . fileName ;
4041 try {
4142 // 从任务中心取任务
4243 const mission = missionPassport . getMission ( key , "download" ) ;
4344 if ( ! mission ) throw new Error ( ( ctx . body = "No task, Access denied | 无下载任务,非法访问" ) ) ;
4445 const instance = InstanceSubsystem . getInstance ( mission . parameter . instanceUuid ) ;
4546 if ( ! instance ) throw new Error ( "实例不存在" ) ;
47+ if ( ! FileManager . checkFileName ( paramsFileName ) ) throw new Error ( "用户文件下载名不符合规范" ) ;
4648
4749 const cwd = instance . config . cwd ;
4850 const fileRelativePath = mission . parameter . fileName ;
@@ -52,6 +54,7 @@ router.get("/download/:key/:fileName", async (ctx) => {
5254 if ( ! fileManager . check ( fileRelativePath ) ) throw new Error ( ( ctx . body = "Access denied | 参数不正确" ) ) ;
5355
5456 // 开始给用户下载文件
57+ ctx . response . set ( "Content-Disposition" , `attachment; filename="${ paramsFileName } ) ;
5558 ctx . type = ext ;
5659 ctx . body = fs . createReadStream ( fileManager . toAbsolutePath ( fileRelativePath ) ) ;
5760 // 任务已执行,销毁护照
You can’t perform that action at this time.
0 commit comments