diff --git a/fsv2/fstc b/fsv2/fstc index 0049f54..45a545d 100644 Binary files a/fsv2/fstc and b/fsv2/fstc differ diff --git a/fsv2/handler/serverinfo.go b/fsv2/handler/serverinfo.go index 0f771ea..3746d8f 100644 --- a/fsv2/handler/serverinfo.go +++ b/fsv2/handler/serverinfo.go @@ -2,19 +2,19 @@ package handler import ( "encoding/json" - "fmt" "net/http" "os" "path/filepath" - "strings" "xtcfs/config" + "xtcfs/util" ) // json 结构体 type Response struct { - Status string `json:"status"` //状态 - Data FilesListJson `json:"data"` //目录下的文件 - Scdir string `json:"curdir"` // 扫描的目录 + Status string `json:"status"` //状态 + Data FilesListJson `json:"data"` //目录下的文件 + Curdir string `json:"curdir"` // 扫描的目录 + WorksDir string `json:"workdir"` //监听目录 } // 文件输出的结构 @@ -30,13 +30,13 @@ type FilesListJson struct { // 遍历监视目录,发送到json中 func SerInfo(w http.ResponseWriter, r *http.Request) { // 监听的目录通过?p=的方式传入 - //urlpath := r.Header.Get("p") urlpath := r.URL.Query().Get("p") - upath := strings.TrimSuffix(urlpath, "nf") - fmt.Printf("upath is %s\n", upath) + // 防止逃逸,造成漏洞 + if urlpath == ".." { + urlpath = "." + } // 监听的根目录 - realFilePath := filepath.Join(config.G.FilePath, upath) - downloadPath := filepath.Join(filepath.Base(config.G.FilePath), r.URL.Path[1:]) + realFilePath := filepath.Join(config.G.FilePath, urlpath) // 时间目录的情况 fileInfo, err := os.Stat(realFilePath) if err != nil { @@ -44,58 +44,33 @@ func SerInfo(w http.ResponseWriter, r *http.Request) { return } - data := struct { - Rundir string - IsDir bool - FileName string - DownloadPath string - // Files []os.DirEntry - }{ - Rundir: config.G.FilePath, - DownloadPath: downloadPath, - } - // list json var flist FilesListJson - + //针对目录的情况才输出 + // todo 如果是文件的话 暂时不处理 if fileInfo.IsDir() { - data.IsDir = true // 遍历目录 files, err := os.ReadDir(realFilePath) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } - // data.Files = files - + // 遍历 for _, v := range files { flist.Flist = append(flist.Flist, FileJson{Fname: v.Name(), Dirflag: v.IsDir()}) } - } else { - data.FileName = filepath.Base(realFilePath) } // respone file list response := Response{ - Status: "success", - Scdir: upath, - Data: flist, - } - // 设置跨域响应头 - w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS,PUT,DELETET") - // w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Accept,Accept-Length,Accept-Encoding,X-XSRF-TOKEN,X-XSRF-TOKEN") - w.Header().Set("Access-Control-Allow-Headers", "*") - // - w.Header().Set("Content-Type", "application/json") - - // 如果是OPTIONS请求,返回200 OK - if r.Method == "OPTIONS" { - // fmt.Printf("options is now \n") - // w.WriteHeader(http.StatusOK) - return + Status: "success", + Curdir: urlpath, + WorksDir: config.G.FilePath, + Data: flist, } + // 开启跨域 + util.CorsHadler(w, r) json.NewEncoder(w).Encode(response) } diff --git a/fsv2/main.go b/fsv2/main.go index bc3568e..1b62e1b 100644 --- a/fsv2/main.go +++ b/fsv2/main.go @@ -26,7 +26,7 @@ func receiveClient() error { //go discovery.Listen() // 显示状态等 - http.HandleFunc("/", handler.ReceiveHandler) + // http.HandleFunc("/", handler.ReceiveHandler) // 服务信息 http.HandleFunc("/sc", handler.SerInfo) // 开启web 服务, diff --git a/fsv2/util/util.go b/fsv2/util/util.go index 207122a..4d6a75d 100644 --- a/fsv2/util/util.go +++ b/fsv2/util/util.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "fmt" "io" + "net/http" "os" "path" "path/filepath" @@ -206,3 +207,21 @@ func IsFileExist(filename string) bool { } return false } + +// 跨域函数 +func CorsHadler(w http.ResponseWriter, r *http.Request) { + // 设置跨域响应头 + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS,PUT,DELETET") + // w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Accept,Accept-Length,Accept-Encoding,X-XSRF-TOKEN,X-XSRF-TOKEN") + w.Header().Set("Access-Control-Allow-Headers", "*") + // + w.Header().Set("Content-Type", "application/json") + + // 如果是OPTIONS请求,返回200 OK + if r.Method == "OPTIONS" { + // fmt.Printf("options is now \n") + // w.WriteHeader(http.StatusOK) + return + } +}