135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

try to make swagger safer with send_file

Browse Source
This commit is contained in:
Oliver Gorwits
2020-04-19 11:22:28 +01:00
parent ed1cf3e2cd
commit da33478504
18 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/App/Netdisco/Configuration.pm
View File

@@ -221,7 +221,7 @@ if (setting('reports') and ref {} eq ref setting('reports')) {
config->{'reports'} = [ @{setting('system_reports')}, @{setting('reports')} ];
# set swagger ui location
config->{plugins}->{Swagger}->{ui_dir}
= dir(dist_dir('App-Netdisco'), 'swagger-ui')->absolute;
#config->{plugins}->{Swagger}->{ui_dir} =
#dir(dist_dir('App-Netdisco'), 'share', 'public', 'swagger-ui')->absolute;
true;

10
lib/App/Netdisco/Web.pm
View File

@@ -306,16 +306,12 @@ get $swagger_base => sub {
get $swagger_base.'/' => sub {
# user might request /swagger-ui/ initially (Plugin doesn't handle this)
params->{url} or redirect uri_for($swagger_base)->path;
my $file = $swagger->ui_dir->child('index.html');
send_error "file not found", 404 unless -f $file;
return $file->slurp;
send_file( 'swagger-ui/index.html' );
};
# omg the plugin uses system_path and we don't want to go there
get $swagger_base.'/**' => sub {
my $file = $swagger->ui_dir->child( @{ (splat())[0] } );
send_error "file not found", 404 unless -f $file;
send_file $file, system_path => 1;
send_file( join '/', 'swagger-ui', @{ (splat())[0] } );
};
# remove empty lines from CSV response