fix: add ext check in upload files (#803)

* fix: add ext check in upload files

* feat: change put method to  post for unsecuring http method

* feat: change put method to  post for unsecuring http method

Author: xigongdaEricyang

app/config/service.ts

@@ -62,7 +62,7 @@ const service = {
     return post('/api/files/update')(params, config);
   },
   uploadFiles: (params?, config?) => {
-    return put('/api/files')(params, { ...config, headers: { 'Content-Type': 'multipart/form-data' } });
+    return post('/api/files')(params, { ...config, headers: { 'Content-Type': 'multipart/form-data' } });
   },
   initSketch: (params, config?) => {
     return post(`/api/sketches/sketch`)(params, config);

server/api/studio/internal/service/file.go

@@ -204,10 +204,15 @@ func (f *fileService) FileUpload() error {
 		return ecode.WithErrorMessage(ecode.ErrInternalServer, err, "upload failed")
 	}
 	for _, file := range files {
+		// 检查文件后缀
+		ext := strings.ToLower(filepath.Ext(file.Filename))
+		if ext != ".txt" && ext != ".csv" {
+			return ecode.WithErrorMessage(ecode.ErrInvalidParameter, fmt.Errorf("unsupported file type: %s", ext), "Only .txt and .csv files are supported")
+		}
 		if file.Size == 0 || file.Header.Get("Content-Type") != "text/csv" {
 			continue
 		}
-		//csv file charset check for importer
+
 		charSet, err := checkCharset(file)
 		if err != nil {
 			logx.Infof("upload file error, check charset fail:%v", err)
@@ -216,6 +221,7 @@ func (f *fileService) FileUpload() error {
 		if charSet == "UTF-8" {
 			continue
 		}
+
 		path := filepath.Join(dir, file.Filename)
 		if err = changeFileCharset2UTF8(path, charSet); err != nil {
 			logx.Infof("upload file error:%v", err)

server/api/studio/pkg/ecode/codes.go

@@ -17,6 +17,7 @@ var (
 	ErrUnauthorized     = newErrCode(CCUnauthorized, PlatformCode, 0, "ErrUnauthorized")       // 40104000
 	ErrSession          = newErrCode(CCUnauthorized, PlatformCode, 1, "ErrSession")            // 40104001
 	ErrForbidden        = newErrCode(CCForbidden, PlatformCode, 0, "ErrForbidden")             // 40304000
+	ErrInvalidParameter = newErrCode(CCForbidden, PlatformCode, 1, "ErrInvalidParameter")      // 40304001
 	ErrNotFound         = newErrCode(CCNotFound, PlatformCode, 0, "ErrNotFound")               // 40404000
 	ErrInternalServer   = newErrCode(CCInternalServer, PlatformCode, 0, "ErrInternalServer")   // 50004000
 	ErrInternalDatabase = newErrCode(CCInternalServer, PlatformCode, 1, "ErrInternalDatabase") // 50004001

server/api/studio/restapi/file.api

@@ -30,7 +30,7 @@ type (
 service studio-api {
 	@doc "Upload File"
 	@handler FileUpload
-	put /api/files
+	post /api/files
 	@doc "delete file"
 	@handler FileDestroy
 	delete /api/files(FileDestroyRequest)