feat: 1.7.0 (#103)

feat: getObject 新增校验 Key

Author: livehigh

demo-album/lib/cos-wx-sdk-v5.js

@@ -1,6 +1,6 @@
 {
   "name": "cos-wx-sdk-v5",
-  "version": "1.6.2",
+  "version": "1.7.0",
   "description": "小程序 SDK for [腾讯云对象存储服务](https://cloud.tencent.com/product/cos)",
   "main": "demo/lib/cos-wx-sdk-v5.min.js",
   "scripts": {

demo-album/lib/cos-wx-sdk-v5.min.js

@@ -2020,6 +2020,14 @@ function listObjectVersions(params, callback) {
  * @param  {Object}  data                                   为对应的 object 数据，包括 body 和 headers
  */
 function getObject(params, callback) {
+  if (this.options.ObjectKeySimplifyCheck) {
+    // getObject 的 Key 需要校验，避免调用成 getBucket
+    var formatKey = util.simplifyPath(params.Key);
+    if (formatKey === '/') {
+      callback(util.error(new Error('The Getobject Key is illegal')));
+      return;
+    }
+  }
   var reqParams = params.Query || {};
   var reqParamsStr = params.QueryString || '';
   var tracker = params.tracker;

demo/lib/cos-wx-sdk-v5.js

@@ -39,6 +39,7 @@ var defaultOptions = {
   SimpleUploadMethod: 'postObject', // 高级上传内部判断需要走简单上传时，指定的上传方法，可选postObject或putObject
   AutoSwitchHost: false,
   CopySourceParser: null, // 自定义拷贝源解析器
+  ObjectKeySimplifyCheck: true, // 开启合并校验 getObject Key
   /** 上报相关配置 **/
   DeepTracker: false, // 上报时是否对每个分块上传做单独上报
   TrackerDelay: 5000, // 周期性上报，单位毫秒。0代表实时上报

demo/lib/cos-wx-sdk-v5.min.js

@@ -743,6 +743,21 @@ const encodeBase64 = function (str, safe) {
   return base64Str;
 };
 
+var simplifyPath = function (path) {
+  const names = path.split('/');
+  const stack = [];
+  for (const name of names) {
+    if (name === '..') {
+      if (stack.length) {
+        stack.pop();
+      }
+    } else if (name.length && name !== '.') {
+      stack.push(name);
+    }
+  }
+  return '/' + stack.join('/');
+};
+
 var util = {
   noop: noop,
   formatParams: formatParams,
@@ -778,6 +793,7 @@ var util = {
   error: error,
   getSourceParams: getSourceParams,
   encodeBase64: encodeBase64,
+  simplifyPath: simplifyPath
 };
 
 module.exports = util;