Skip to content
Permalink
Browse files
fix:only support http/https to convert,disabled to reach file system.
  • Loading branch information
lampnick committed Sep 8, 2021
1 parent 8126fb6 commit fffe90b7ce71017960ec44b320b8597e8b8d0d90
Showing with 51 additions and 4 deletions.
  1. +2 −0 CHANGELOG.md
  2. +6 −0 CHECKLIST.md
  3. +2 −2 Makefile
  4. +1 −1 SECURITY.md
  5. +1 −0 app/http.go
  6. +1 −1 common/const.go
  7. +2 −0 common/error_code.go
  8. +36 −0 middleware/params.go
@@ -1,3 +1,5 @@
### v0.3.1
- only support http/https to convert,disabled to reach file system.
### v0.3.0
- support waiting time for html convert to pdf
- support waiting time for html convert to image
@@ -0,0 +1,6 @@
# check list
- common/const.go Version
- CHANGELOG.md
- Makefile
- merge branch
- docker build and push to docker hub
@@ -1,8 +1,8 @@
.DEFAULT: help

IMAGE_NAME ?= lampnick/doctron
CENTOS_IMAGE_TAG ?= v0.3.0-centos
ALPINE_IMAGE_TAG ?= v0.3.0-alpine
CENTOS_IMAGE_TAG ?= v0.3.1-centos
ALPINE_IMAGE_TAG ?= v0.3.1-alpine

help: Makefile
@echo "Doctron is a document convert tools for html pdf image etc.\r\n"
@@ -6,7 +6,7 @@ Use this section to tell people about which versions of your project are
currently being supported with security updates.

| Version | Supported |
| ------- | ------------------ |
| 0.3.1 | ensure can't visit the file system |


## Reporting a Vulnerability
@@ -19,6 +19,7 @@ func NewDoctron() *iris.Application {
}
})
app.PartyFunc("/convert", func(convert router.Party) {
convert.Use(middleware.CheckParams)
convert.Use(middleware.AuthMiddleware)
convert.Use(middleware.CheckRateLimiting)
convert.Get("/html2pdf", controller.Html2PdfHandler)
@@ -1,4 +1,4 @@
package common

//Version Version
const Version = "0.3.0"
const Version = "0.3.1"
@@ -7,6 +7,7 @@ const (
InvalidParams = 10000001
InvalidUrl = 10000002
ApiRateLimitExceeded = 10000003
InvalidUrlScheme = 10000004
ConvertPdfFailed = 20000000
ConvertPdfWriteBytesFailed = 20000001
ConvertPdfUploadFailed = 20000002
@@ -28,6 +29,7 @@ var ErrMsg = map[int]string{
InvalidParams: "invalid params",
InvalidUrl: "invalid url",
ApiRateLimitExceeded: "api rate limit exceeded",
InvalidUrlScheme: "only support http/https",
ConvertPdfFailed: "failed convert html to pdf",
ConvertPdfWriteBytesFailed: "failed convert html to pdf. write bytes failed",
ConvertPdfUploadFailed: "failed convert html to pdf. upload failed",
@@ -0,0 +1,36 @@
package middleware

import (
"net/url"

"github.com/kataras/iris/v12"
"github.com/lampnick/doctron/common"
)

func CheckParams(ctx iris.Context) {
webUrl := ctx.URLParam("url")
if webUrl == "" {
outputDTO := common.NewDefaultOutputDTO(nil)
outputDTO.Code = common.InvalidUrl
_, _ = common.NewJsonOutput(ctx, outputDTO)
return
}

u, err := url.Parse(webUrl)
if err != nil {
outputDTO := common.NewDefaultOutputDTO(nil)
outputDTO.Code = common.InvalidUrl
outputDTO.Message = err.Error()
_, _ = common.NewJsonOutput(ctx, outputDTO)
return
}

if u.Scheme != "http" && u.Scheme != "https" {
outputDTO := common.NewDefaultOutputDTO(nil)
outputDTO.Code = common.InvalidUrlScheme
_, _ = common.NewJsonOutput(ctx, outputDTO)
return
}

ctx.Next()
}

0 comments on commit fffe90b

Please sign in to comment.