mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-11 13:01:41 +00:00
fix: harden file serving
This commit is contained in:
Peter Steinberger
@@ -1,13 +1,23 @@
|
||||
import fs from "node:fs/promises";
|
||||
import type { Server } from "node:http";
|
||||
import path from "node:path";
|
||||
import express, { type Express } from "express";
|
||||
import { danger } from "../globals.js";
|
||||
import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
|
||||
import { SafeOpenError, openFileWithinRoot } from "../infra/fs-safe.js";
|
||||
import { detectMime } from "./mime.js";
|
||||
import { cleanOldMedia, getMediaDir } from "./store.js";
|
||||
import { cleanOldMedia, getMediaDir, MEDIA_MAX_BYTES } from "./store.js";
|
||||
|
||||
const DEFAULT_TTL_MS = 2 * 60 * 1000;
|
||||
const MAX_MEDIA_ID_CHARS = 200;
|
||||
const MEDIA_ID_PATTERN = /^[\p{L}\p{N}._-]+$/u;
|
||||
const MAX_MEDIA_BYTES = MEDIA_MAX_BYTES;
|
||||
|
||||
const isValidMediaId = (id: string) => {
|
||||
if (!id) return false;
|
||||
if (id.length > MAX_MEDIA_ID_CHARS) return false;
|
||||
if (id === "." || id === "..") return false;
|
||||
return MEDIA_ID_PATTERN.test(id);
|
||||
};
|
||||
|
||||
export function attachMediaRoutes(
|
||||
app: Express,
|
||||
@@ -18,26 +28,28 @@ export function attachMediaRoutes(
|
||||
|
||||
app.get("/media/:id", async (req, res) => {
|
||||
const id = req.params.id;
|
||||
const mediaRoot = (await fs.realpath(mediaDir)) + path.sep;
|
||||
const file = path.resolve(mediaRoot, id);
|
||||
if (!isValidMediaId(id)) {
|
||||
res.status(400).send("invalid path");
|
||||
return;
|
||||
}
|
||||
try {
|
||||
const lstat = await fs.lstat(file);
|
||||
if (lstat.isSymbolicLink()) {
|
||||
res.status(400).send("invalid path");
|
||||
const { handle, realPath, stat } = await openFileWithinRoot({
|
||||
rootDir: mediaDir,
|
||||
relativePath: id,
|
||||
});
|
||||
if (stat.size > MAX_MEDIA_BYTES) {
|
||||
await handle.close().catch(() => {});
|
||||
res.status(413).send("too large");
|
||||
return;
|
||||
}
|
||||
const realPath = await fs.realpath(file);
|
||||
if (!realPath.startsWith(mediaRoot)) {
|
||||
res.status(400).send("invalid path");
|
||||
return;
|
||||
}
|
||||
const stat = await fs.stat(realPath);
|
||||
if (Date.now() - stat.mtimeMs > ttlMs) {
|
||||
await handle.close().catch(() => {});
|
||||
await fs.rm(realPath).catch(() => {});
|
||||
res.status(410).send("expired");
|
||||
return;
|
||||
}
|
||||
const data = await fs.readFile(realPath);
|
||||
const data = await handle.readFile();
|
||||
await handle.close().catch(() => {});
|
||||
const mime = await detectMime({ buffer: data, filePath: realPath });
|
||||
if (mime) res.type(mime);
|
||||
res.send(data);
|
||||
@@ -47,7 +59,17 @@ export function attachMediaRoutes(
|
||||
fs.rm(realPath).catch(() => {});
|
||||
}, 50);
|
||||
});
|
||||
} catch {
|
||||
} catch (err) {
|
||||
if (err instanceof SafeOpenError) {
|
||||
if (err.code === "invalid-path") {
|
||||
res.status(400).send("invalid path");
|
||||
return;
|
||||
}
|
||||
if (err.code === "not-found") {
|
||||
res.status(404).send("not found");
|
||||
return;
|
||||
}
|
||||
}
|
||||
res.status(404).send("not found");
|
||||
}
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user