forked from MTSR/mapserver
47 lines
1.0 KiB
Go
47 lines
1.0 KiB
Go
|
package web
|
||
|
|
|
||
|
|
import (
|
||
|
|
"errors"
|
||
|
|
"net/http"
|
||
|
|
"os"
|
||
|
|
"strings"
|
||
|
|
)
|
||
|
|
|
||
|
|
func (api *Api) GetSkin(resp http.ResponseWriter, req *http.Request) {
|
||
|
|
filename := strings.TrimPrefix(req.URL.Path, "/api/skins/")
|
||
|
|
// there should be no remaining path elements - abort if there are any - prevent escaping into FS
|
||
|
|
if strings.Contains(filename, "/") {
|
||
|
|
resp.WriteHeader(http.StatusNotFound)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
// we should only be serving PNG images
|
||
|
|
if !strings.HasSuffix(filename, ".png") {
|
||
|
|
resp.WriteHeader(http.StatusNotFound)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
filePath := api.Context.Config.Skins.SkinsPath + "/" + filename
|
||
|
|
|
||
|
|
content, err := os.ReadFile(filePath)
|
||
|
|
// make file not found more sensible
|
||
|
|
if errors.Is(err, os.ErrNotExist) {
|
||
|
|
resp.WriteHeader(http.StatusNotFound)
|
||
|
|
return
|
||
|
|
} else if err != nil {
|
||
|
|
resp.WriteHeader(http.StatusInternalServerError)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
// return the file content when available
|
||
|
|
if content != nil {
|
||
|
|
resp.Write(content)
|
||
|
|
resp.Header().Add("content-type", "image/png")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
// fallback
|
||
|
|
resp.WriteHeader(http.StatusNotFound)
|
||
|
|
resp.Write([]byte(filename))
|
||
|
|
}
|