优化自定义页面设置，页面URL不再支持填写本地文件

2025-11-03 23:20:26 +08:00 · 2023-07-07 11:48:48 +08:00
parent a037546cfa
commit e6792b8188
2 changed files with 123 additions and 8 deletions
--- a/internal/rpc/services/service_http_page.go
+++ b/internal/rpc/services/service_http_page.go
@@ -3,8 +3,11 @@ package services
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/regexputils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/types"
 )

@@ -22,6 +25,34 @@ func (this *HTTPPageService) CreateHTTPPage(ctx context.Context, req *pb.CreateH

 	var tx = this.NullTx()

+	// validate
+	const maxURLLength = 512
+	const maxBodyLength = 32 * 1024
+
+	switch req.BodyType {
+	case shared.BodyTypeURL:
+		if len(req.Url) > maxURLLength {
+			return nil, errors.New("'url' too long")
+		}
+		if !regexputils.HTTPProtocol.MatchString(req.Url) {
+			return nil, errors.New("invalid 'url' format")
+		}
+
+		if len(req.Body) > maxBodyLength { // we keep short body for user experience
+			req.Body = ""
+		}
+	case shared.BodyTypeHTML:
+		if len(req.Body) > maxBodyLength {
+			return nil, errors.New("'body' too long")
+		}
+
+		if len(req.Url) > maxURLLength { // we keep short url for user experience
+			req.Url = ""
+		}
+	default:
+		return nil, errors.New("invalid 'bodyType': " + req.BodyType)
+	}
+
 	pageId, err := models.SharedHTTPPageDAO.CreatePage(tx, userId, req.StatusList, req.BodyType, req.Url, req.Body, types.Int(req.NewStatus))
 	if err != nil {
 		return nil, err
@@ -46,6 +77,34 @@ func (this *HTTPPageService) UpdateHTTPPage(ctx context.Context, req *pb.UpdateH
 		}
 	}

+	// validate
+	const maxURLLength = 512
+	const maxBodyLength = 32 * 1024
+
+	switch req.BodyType {
+	case shared.BodyTypeURL:
+		if len(req.Url) > maxURLLength {
+			return nil, errors.New("'url' too long")
+		}
+		if !regexputils.HTTPProtocol.MatchString(req.Url) {
+			return nil, errors.New("invalid 'url' format")
+		}
+
+		if len(req.Body) > maxBodyLength { // we keep short body for user experience
+			req.Body = ""
+		}
+	case shared.BodyTypeHTML:
+		if len(req.Body) > maxBodyLength {
+			return nil, errors.New("'body' too long")
+		}
+
+		if len(req.Url) > maxURLLength { // we keep short url for user experience
+			req.Url = ""
+		}
+	default:
+		return nil, errors.New("invalid 'bodyType': " + req.BodyType)
+	}
+
 	err = models.SharedHTTPPageDAO.UpdatePage(tx, req.HttpPageId, req.StatusList, req.BodyType, req.Url, req.Body, types.Int(req.NewStatus))
 	if err != nil {
 		return nil, err
--- a/internal/rpc/services/service_http_web.go
+++ b/internal/rpc/services/service_http_web.go
@@ -5,8 +5,10 @@ import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils/regexputils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/dbs"
 )

@@ -292,8 +294,53 @@ func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.U
 	}

 	var tx = this.NullTx()
+	var newShutdownJSON = req.ShutdownJSON
+	if len(req.ShutdownJSON) > 0 {
+		const maxURLLength = 512
+		const maxBodyLength = 32 * 1024

-	err = models.SharedHTTPWebDAO.UpdateWebShutdown(tx, req.HttpWebId, req.ShutdownJSON)
+		var shutdownConfig = &serverconfigs.HTTPShutdownConfig{}
+		err = json.Unmarshal(req.ShutdownJSON, shutdownConfig)
+		if err != nil {
+			return nil, err
+		}
+		err = shutdownConfig.Init()
+		if err != nil {
+			return nil, errors.New("validate config failed: " + err.Error())
+		}
+
+		switch shutdownConfig.BodyType {
+		case shared.BodyTypeURL:
+			if len(shutdownConfig.URL) > maxURLLength {
+				return nil, errors.New("'url' too long")
+			}
+			if !regexputils.HTTPProtocol.MatchString(shutdownConfig.URL) {
+				return nil, errors.New("invalid 'url' format")
+			}
+
+			if len(shutdownConfig.Body) > maxBodyLength { // we keep short body for user experience
+				shutdownConfig.Body = ""
+			}
+		case shared.BodyTypeHTML:
+			if len(shutdownConfig.Body) > maxBodyLength {
+				return nil, errors.New("'body' too long")
+			}
+
+			if len(shutdownConfig.URL) > maxURLLength { // we keep short url for user experience
+				shutdownConfig.URL = ""
+			}
+
+		default:
+			return nil, errors.New("invalid 'bodyType': " + shutdownConfig.BodyType)
+		}
+
+		newShutdownJSON, err = json.Marshal(shutdownConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPWebDAO.UpdateWebShutdown(tx, req.HttpWebId, newShutdownJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -319,14 +366,23 @@ func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.Upda
 	var tx = this.NullTx()

 	// 检查配置
-	var pages = []*serverconfigs.HTTPPageConfig{}
-	err = json.Unmarshal(req.PagesJSON, &pages)
-	if err != nil {
-		return nil, errors.New("decode 'pages' failed: " + err.Error())
-	}
 	var newPages = []*serverconfigs.HTTPPageConfig{}
-	for _, page := range pages {
-		newPages = append(newPages, &serverconfigs.HTTPPageConfig{Id: page.Id})
+	if len(req.PagesJSON) > 0 {
+		var pages = []*serverconfigs.HTTPPageConfig{}
+		err = json.Unmarshal(req.PagesJSON, &pages)
+
+		for _, page := range pages {
+			err = page.Init()
+			if err != nil {
+				return nil, errors.New("validate page failed: " + err.Error())
+			}
+
+			// reset not needed fields, keep "id" reference only
+			page.URL = ""
+			page.Body = ""
+
+			newPages = append(newPages, &serverconfigs.HTTPPageConfig{Id: page.Id})
+		}
 	}
 	newPagesJSON, err := json.Marshal(newPages)
 	if err != nil {