file - if 'name' param given, validate

author: otofune <otofune@gmail.com> 2017-11-07 09:18:40 +0900
committer: otofune <otofune@gmail.com> 2017-11-07 09:18:40 +0900
commit: a7762aea4fa0cade3614323a83d6f8d74ade924a (patch)
tree: e13cc2b5534582484224d5781d07ecaafa021609 /src
parent: file - unify '/:id' & '/:id/:name' (diff)
download: misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.tar.gz
misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.tar.bz2
misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/file/server.ts b/src/file/server.ts
index e83acd4f24..1152b650be 100644
--- a/src/file/server.ts
+++ b/src/file/server.ts
@@ -86,7 +86,7 @@ function send(data: Buffer, type: string, req: express.Request, res: express.Res
 	}
 }
 
-async function sendFileById (req: express.Request, res: express.Response): Promise<void> {
+async function sendFileById(req: express.Request, res: express.Response): Promise<void> {
 	// Validate id
 	if (!mongodb.ObjectID.isValid(req.params.id)) {
 		res.status(400).send('incorrect id');
@@ -96,6 +96,12 @@ async function sendFileById (req: express.Request, res: express.Response): Promi
 	const fileId = new mongodb.ObjectID(req.params.id);
 	const file = await DriveFile.findOne({ _id: fileId });
 
+	// validate name
+	if (req.params.name !== undefined && req.params.name !== file.metadata.name) {
+		res.status(404).send('there is no file has given name');
+		return;
+	}
+
 	if (file == null) {
 		res.status(404).sendFile(`${__dirname}/assets/dummy.png`);
 		return;
author	otofune <otofune@gmail.com>	2017-11-07 09:18:40 +0900
committer	otofune <otofune@gmail.com>	2017-11-07 09:18:40 +0900
commit	a7762aea4fa0cade3614323a83d6f8d74ade924a (patch)
tree	e13cc2b5534582484224d5781d07ecaafa021609 /src
parent	file - unify '/:id' & '/:id/:name' (diff)
download	misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.tar.gz misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.tar.bz2 misskey-a7762aea4fa0cade3614323a83d6f8d74ade924a.zip