diff options
Diffstat (limited to 'app/Controllers/Http/ServiceController.js')
| -rw-r--r-- | app/Controllers/Http/ServiceController.js | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/app/Controllers/Http/ServiceController.js b/app/Controllers/Http/ServiceController.js index 3d10cb4..1be0484 100644 --- a/app/Controllers/Http/ServiceController.js +++ b/app/Controllers/Http/ServiceController.js | |||
| @@ -6,6 +6,7 @@ const Helpers = use('Helpers'); | |||
| 6 | const { v4: uuid } = require('uuid'); | 6 | const { v4: uuid } = require('uuid'); |
| 7 | const path = require('path'); | 7 | const path = require('path'); |
| 8 | const fs = require('fs-extra'); | 8 | const fs = require('fs-extra'); |
| 9 | const sanitize = require('sanitize-filename'); | ||
| 9 | 10 | ||
| 10 | class ServiceController { | 11 | class ServiceController { |
| 11 | // Create a new service for user | 12 | // Create a new service for user |
| @@ -231,10 +232,21 @@ class ServiceController { | |||
| 231 | } | 232 | } |
| 232 | 233 | ||
| 233 | async icon({ params, response }) { | 234 | async icon({ params, response }) { |
| 234 | const { id } = params; | 235 | let { id } = params; |
| 236 | |||
| 237 | id = sanitize(id); | ||
| 238 | if (id === '') { | ||
| 239 | return response.status(404).send({ | ||
| 240 | status: "Icon doesn't exist", | ||
| 241 | }); | ||
| 242 | } | ||
| 235 | 243 | ||
| 236 | const iconPath = path.join(Helpers.tmpPath('uploads'), id); | 244 | const iconPath = path.join(Helpers.tmpPath('uploads'), id); |
| 237 | if (!(await fs.exists(iconPath))) { | 245 | |
| 246 | try { | ||
| 247 | await fs.access(iconPath); | ||
| 248 | } catch { | ||
| 249 | // File not available. | ||
| 238 | return response.status(404).send({ | 250 | return response.status(404).send({ |
| 239 | status: "Icon doesn't exist", | 251 | status: "Icon doesn't exist", |
| 240 | }); | 252 | }); |