fix: 修复图像服务接口中的路径越界访问和文件不存在错误处理

2025-06-06 22:58:51 +08:00 · 2025-06-06 22:58:51 +08:00 · 101a819663
commit 101a819663
parent 848f21b609
1 changed files with 17 additions and 10 deletions
--- a/screenshots_flask.py
+++ b/screenshots_flask.py
@ -10,19 +10,26 @@ SCREENSHOTS_DIR = PROJECT_ROOT / "screenshots"

@app.route('/image/<path:filename>')
 def serve_image(filename):
+    app = Flask(__name__)
+
+    PROJECT_ROOT = Path(__file__).parent.resolve()
+    SCREENSHOTS_DIR = PROJECT_ROOT / "screenshots"
+
+    @app.route('/image/<path:filename>')
+    def serve_image(filename):
        file_path = SCREENSHOTS_DIR / filename

        # 防止路径越界访问
        try:
            file_path.resolve().relative_to(SCREENSHOTS_DIR.resolve())
        except ValueError:
-        abort(403, "禁止访问目录外文件")
+            abort(403, description=f"禁止访问目录外文件: {file_path.resolve()}")

        if not file_path.exists():
-        abort(404, "文件不存在")
+            abort(404, description=f"文件不存在: {file_path.resolve()}")

        return send_file(file_path, as_attachment=False)


 if __name__ == '__main__':
-    app.run(host='0.0.0.0', debug=False, port=5000)
+    app.run(host='0.0.0.0', debug=True, port=5000)