mirror of
https://github.com/hotomoe/hotomoe
synced 2024-12-12 21:58:12 +09:00
file - if 'name' param given, validate
This commit is contained in:
parent
8e62cc1efd
commit
a7762aea4f
@ -86,7 +86,7 @@ function send(data: Buffer, type: string, req: express.Request, res: express.Res
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async function sendFileById (req: express.Request, res: express.Response): Promise<void> {
|
async function sendFileById(req: express.Request, res: express.Response): Promise<void> {
|
||||||
// Validate id
|
// Validate id
|
||||||
if (!mongodb.ObjectID.isValid(req.params.id)) {
|
if (!mongodb.ObjectID.isValid(req.params.id)) {
|
||||||
res.status(400).send('incorrect id');
|
res.status(400).send('incorrect id');
|
||||||
@ -96,6 +96,12 @@ async function sendFileById (req: express.Request, res: express.Response): Promi
|
|||||||
const fileId = new mongodb.ObjectID(req.params.id);
|
const fileId = new mongodb.ObjectID(req.params.id);
|
||||||
const file = await DriveFile.findOne({ _id: fileId });
|
const file = await DriveFile.findOne({ _id: fileId });
|
||||||
|
|
||||||
|
// validate name
|
||||||
|
if (req.params.name !== undefined && req.params.name !== file.metadata.name) {
|
||||||
|
res.status(404).send('there is no file has given name');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (file == null) {
|
if (file == null) {
|
||||||
res.status(404).sendFile(`${__dirname}/assets/dummy.png`);
|
res.status(404).sendFile(`${__dirname}/assets/dummy.png`);
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user