feat(config): use encode/decode to handle url #249

2025-05-11 02:15:48 +02:00 · 2025-04-06 10:55:09 +00:00 · 2025-04-06 10:55:09 +00:00 · 191ddea309
commit 191ddea309
parent 4b8d26cf5b
19 changed files with 235 additions and 82 deletions
--- a/api/config/add.go
+++ b/api/config/add.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"time"
@ -28,8 +29,22 @@ func AddConfig(c *gin.Context) {

 	name := json.Name
 	content := json.Content
-	dir := nginx.GetConfPath(json.BaseDir)
-	path := filepath.Join(dir, json.Name)
+
+	// Decode paths from URL encoding
+	decodedBaseDir, err := url.QueryUnescape(json.BaseDir)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	decodedName, err := url.QueryUnescape(name)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	dir := nginx.GetConfPath(decodedBaseDir)
+	path := filepath.Join(dir, decodedName)
 	if !helper.IsUnderDirectory(path, nginx.GetConfPath()) {
 		c.JSON(http.StatusForbidden, gin.H{
 			"message": "filepath is not under the nginx conf path",
@ -53,7 +68,7 @@ func AddConfig(c *gin.Context) {
 		}
 	}

-	err := os.WriteFile(path, []byte(content), 0644)
+	err = os.WriteFile(path, []byte(content), 0644)
 	if err != nil {
 		cosy.ErrHandler(c, err)
 		return
--- a/api/config/get.go
+++ b/api/config/get.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"

@ -23,6 +24,19 @@ type APIConfigResp struct {
 func GetConfig(c *gin.Context) {
 	relativePath := c.Param("path")

+	// Ensure the path is correctly decoded - handle cases where it might be encoded multiple times
+	decodedPath := relativePath
+	var err error
+	// Try decoding until the path no longer changes
+	for {
+		newDecodedPath, decodeErr := url.PathUnescape(decodedPath)
+		if decodeErr != nil || newDecodedPath == decodedPath {
+			break
+		}
+		decodedPath = newDecodedPath
+	}
+	relativePath = decodedPath
+
 	absPath := nginx.GetConfPath(relativePath)
 	if !helper.IsUnderDirectory(absPath, nginx.GetConfPath()) {
 		c.JSON(http.StatusForbidden, gin.H{
--- a/api/config/list.go
+++ b/api/config/list.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"
 	"strings"

@ -16,7 +17,31 @@ func GetConfigs(c *gin.Context) {
 	name := c.Query("name")
 	sortBy := c.Query("sort_by")
 	order := c.DefaultQuery("order", "desc")
-	dir := c.DefaultQuery("dir", "/")
+
+	// Get directory parameter
+	encodedDir := c.DefaultQuery("dir", "/")
+
+	// Handle cases where the path might be encoded multiple times
+	dir := encodedDir
+	// Try decoding until the path no longer changes
+	for {
+		newDecodedDir, decodeErr := url.QueryUnescape(dir)
+		if decodeErr != nil {
+			cosy.ErrHandler(c, decodeErr)
+			return
+		}
+
+		if newDecodedDir == dir {
+			break
+		}
+		dir = newDecodedDir
+	}
+
+	// Ensure the directory path format is correct
+	dir = strings.TrimSpace(dir)
+	if dir != "/" && strings.HasSuffix(dir, "/") {
+		dir = strings.TrimSuffix(dir, "/")
+	}

 	configFiles, err := os.ReadDir(nginx.GetConfPath(dir))
 	if err != nil {
--- a/api/config/mkdir.go
+++ b/api/config/mkdir.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"

 	"github.com/0xJacky/Nginx-UI/internal/helper"
@ -18,7 +19,21 @@ func Mkdir(c *gin.Context) {
 	if !cosy.BindAndValid(c, &json) {
 		return
 	}
-	fullPath := nginx.GetConfPath(json.BasePath, json.FolderName)
+
+	// Ensure paths are properly URL unescaped
+	decodedBasePath, err := url.QueryUnescape(json.BasePath)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	decodedFolderName, err := url.QueryUnescape(json.FolderName)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	fullPath := nginx.GetConfPath(decodedBasePath, decodedFolderName)
 	if !helper.IsUnderDirectory(fullPath, nginx.GetConfPath()) {
 		c.JSON(http.StatusForbidden, gin.H{
 			"message": "You are not allowed to create a folder " +
@ -26,7 +41,7 @@ func Mkdir(c *gin.Context) {
 		})
 		return
 	}
-	err := os.Mkdir(fullPath, 0755)
+	err = os.Mkdir(fullPath, 0755)
 	if err != nil {
 		cosy.ErrHandler(c, err)
 		return
--- a/api/config/modify.go
+++ b/api/config/modify.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"time"
@ -23,6 +24,20 @@ type EditConfigJson struct {

 func EditConfig(c *gin.Context) {
 	relativePath := c.Param("path")
+
+	// Ensure the path is correctly decoded - handle cases where it might be encoded multiple times
+	decodedPath := relativePath
+	var err error
+	// Try decoding until the path no longer changes
+	for {
+		newDecodedPath, decodeErr := url.PathUnescape(decodedPath)
+		if decodeErr != nil || newDecodedPath == decodedPath {
+			break
+		}
+		decodedPath = newDecodedPath
+	}
+	relativePath = decodedPath
+
 	var json struct {
 		Content       string   `json:"content"`
 		SyncOverwrite bool     `json:"sync_overwrite"`
--- a/api/config/rename.go
+++ b/api/config/rename.go
@ -2,6 +2,7 @@ package config

 import (
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@ -32,8 +33,28 @@ func Rename(c *gin.Context) {
 		})
 		return
 	}
-	origFullPath := nginx.GetConfPath(json.BasePath, json.OrigName)
-	newFullPath := nginx.GetConfPath(json.BasePath, json.NewName)
+
+	// Decode paths from URL encoding
+	decodedBasePath, err := url.QueryUnescape(json.BasePath)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	decodedOrigName, err := url.QueryUnescape(json.OrigName)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	decodedNewName, err := url.QueryUnescape(json.NewName)
+	if err != nil {
+		cosy.ErrHandler(c, err)
+		return
+	}
+
+	origFullPath := nginx.GetConfPath(decodedBasePath, decodedOrigName)
+	newFullPath := nginx.GetConfPath(decodedBasePath, decodedNewName)
 	if !helper.IsUnderDirectory(origFullPath, nginx.GetConfPath()) ||
 		!helper.IsUnderDirectory(newFullPath, nginx.GetConfPath()) {
 		c.JSON(http.StatusForbidden, gin.H{