Home Explore Help
Sign In
TC
/
arozos
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
arozos
/
mod
/
agi
/
agi.appdata.go

agi.appdata.go 3.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. package agi
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"errors"
    6. 

  6. 	"log"
    7. 

  7. 	"os"
    8. 

  8. 	"path/filepath"
    9. 

  9. 

  10. 	"github.com/robertkrimen/otto"
    11. 

  11. 	"imuslab.com/arozos/mod/agi/static"
    12. 

  12. 	"imuslab.com/arozos/mod/filesystem"
    13. 

  13. 	"imuslab.com/arozos/mod/utils"
    14. 

  14. )
    15. 

  15. 

  16. /*
    17. 

  17. 	AGI Appdata Access Library
    18. 

  18. 	Author: tobychui
    19. 

  19. 

  20. 	This library allow agi script to access files located in the web root
    21. 

  21. 	*This library provide READ ONLY function*
    22. 

  22. 	You cannot write to web folder due to security reasons. If you need to read write
    23. 

  23. 	web root (which is not recommended), ask the user to mount it to web:/ manually
    24. 

  24. */
    25. 

  25. 

  26. var webRoot string = "./web" //The web folder root
    27. 

  27. 

  28. func (g *Gateway) AppdataLibRegister() {
    29. 

  29. 	err := g.RegisterLib("appdata", g.injectAppdataLibFunctions)
    30. 

  30. 	if err != nil {
    31. 

  31. 		log.Fatal(err)
    32. 

  32. 	}
    33. 

  33. }
    34. 

  34. 

  35. func (g *Gateway) injectAppdataLibFunctions(payload *static.AgiLibInjectionPayload) {
    36. 

  36. 	vm := payload.VM
    37. 

  37. 

  38. 	vm.Set("_appdata_readfile", func(call otto.FunctionCall) otto.Value {
    39. 

  39. 		relpath, err := call.Argument(0).ToString()
    40. 

  40. 		if err != nil {
    41. 

  41. 			g.RaiseError(err)
    42. 

  42. 			return otto.FalseValue()
    43. 

  43. 		}
    44. 

  44. 

  45. 		//Check if this is path escape
    46. 

  46. 		escaped, err := static.CheckRootEscape(webRoot, filepath.Join(webRoot, relpath))
    47. 

  47. 		if err != nil {
    48. 

  48. 			g.RaiseError(err)
    49. 

  49. 			return otto.FalseValue()
    50. 

  50. 		}
    51. 

  51. 

  52. 		if escaped {
    53. 

  53. 			g.RaiseError(errors.New("Path escape detected"))
    54. 

  54. 			return otto.FalseValue()
    55. 

  55. 		}
    56. 

  56. 

  57. 		//Check if file exists
    58. 

  58. 		targetFile := filepath.Join(webRoot, relpath)
    59. 

  59. 		if utils.FileExists(targetFile) && !filesystem.IsDir(targetFile) {
    60. 

  60. 			content, err := os.ReadFile(targetFile)
    61. 

  61. 			if err != nil {
    62. 

  62. 				g.RaiseError(err)
    63. 

  63. 				return otto.FalseValue()
    64. 

  64. 			}
    65. 

  65. 

  66. 			//OK. Return the content of the file
    67. 

  67. 			result, _ := vm.ToValue(string(content))
    68. 

  68. 			return result
    69. 

  69. 		} else if filesystem.IsDir(targetFile) {
    70. 

  70. 			g.RaiseError(errors.New("Cannot read from directory"))
    71. 

  71. 			return otto.FalseValue()
    72. 

  72. 

  73. 		} else {
    74. 

  74. 			g.RaiseError(errors.New("File not exists"))
    75. 

  75. 			return otto.FalseValue()
    76. 

  76. 		}
    77. 

  77. 	})
    78. 

  78. 

  79. 	vm.Set("_appdata_listdir", func(call otto.FunctionCall) otto.Value {
    80. 

  80. 		relpath, err := call.Argument(0).ToString()
    81. 

  81. 		if err != nil {
    82. 

  82. 			g.RaiseError(err)
    83. 

  83. 			return otto.FalseValue()
    84. 

  84. 		}
    85. 

  85. 

  86. 		//Check if this is path escape
    87. 

  87. 		escaped, err := static.CheckRootEscape(webRoot, filepath.Join(webRoot, relpath))
    88. 

  88. 		if err != nil {
    89. 

  89. 			g.RaiseError(err)
    90. 

  90. 			return otto.FalseValue()
    91. 

  91. 		}
    92. 

  92. 

  93. 		if escaped {
    94. 

  94. 			g.RaiseError(errors.New("Path escape detected"))
    95. 

  95. 			return otto.FalseValue()
    96. 

  96. 		}
    97. 

  97. 

  98. 		//Check if file exists
    99. 

  99. 		targetFolder := filepath.Join(webRoot, relpath)
    100. 

  100. 		if utils.FileExists(targetFolder) && filesystem.IsDir(targetFolder) {
    101. 

  101. 			//Glob the directory for filelist
    102. 

  102. 			files, err := filepath.Glob(filepath.ToSlash(filepath.Clean(targetFolder)) + "/*")
    103. 

  103. 			if err != nil {
    104. 

  104. 				g.RaiseError(err)
    105. 

  105. 				return otto.FalseValue()
    106. 

  106. 			}
    107. 

  107. 

  108. 			results := []string{}
    109. 

  109. 			for _, file := range files {
    110. 

  110. 				rel, _ := filepath.Rel(webRoot, file)
    111. 

  111. 				rel = filepath.ToSlash(rel)
    112. 

  112. 				results = append(results, rel)
    113. 

  113. 			}
    114. 

  114. 

  115. 			js, _ := json.Marshal(results)
    116. 

  116. 

  117. 			//OK. Return the content of the file
    118. 

  118. 			result, _ := vm.ToValue(string(js))
    119. 

  119. 			return result
    120. 

  120. 

  121. 		} else {
    122. 

  122. 			g.RaiseError(errors.New("Directory not exists"))
    123. 

  123. 			return otto.FalseValue()
    124. 

  124. 		}
    125. 

  125. 	})
    126. 

  126. 

  127. 	//Wrap all the native code function into an imagelib class
    128. 

  128. 	vm.Run(`
    129. 

  129. 		var appdata = {};
    130. 

  130. 		appdata.readFile = _appdata_readfile;
    131. 

  131. 		appdata.listDir = _appdata_listdir;
    132. 

  132. 	`)
    133. 

  133. }
    134.