From d8a66ca152951070a8e059e0cf864d9425f6a07d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B6=B5=E6=9B=A6?= Date: Sun, 14 Jul 2024 09:52:14 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=9F=B3=E4=B9=90?= =?UTF-8?q?=E8=B7=AF=E5=BE=84=E8=AE=BE=E7=BD=AE=E5=90=8E=E6=89=BE=E4=B8=8D?= =?UTF-8?q?=E5=88=B0=E9=9F=B3=E4=B9=90=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- xiaomusic/httpserver.py | 20 +++++++++++++++++++- xiaomusic/xiaomusic.py | 10 +++++----- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/xiaomusic/httpserver.py b/xiaomusic/httpserver.py index ad95ef3..f0a2391 100644 --- a/xiaomusic/httpserver.py +++ b/xiaomusic/httpserver.py @@ -1,5 +1,6 @@ import asyncio import json +from pathlib import Path import os import secrets from contextlib import asynccontextmanager @@ -73,7 +74,6 @@ def reset_http_server(): app.dependency_overrides[verification] = no_verification else: app.dependency_overrides = {} - app.mount("/music", StaticFiles(directory=config.music_path), name="music") def HttpInit(_xiaomusic): @@ -86,6 +86,24 @@ def HttpInit(_xiaomusic): reset_http_server() +@app.get("/music/{file_path:path}") +async def read_music_file(file_path: str): + base_dir = Path(config.music_path).resolve() + real_path = os.path.join(base_dir, file_path) + file_location = Path(real_path).resolve() + log.info(f"read_music_file. file_path:{file_path} real_path:{real_path}") + if not file_location.exists() or not file_location.is_file(): + raise HTTPException(status_code=404, detail="File not found") + + # 确保请求的文件在我们的基础目录下 + if base_dir not in file_location.parents: + raise HTTPException( + status_code=403, detail="Access to this file is not permitted" + ) + + return FileResponse(file_location) + + @app.get("/") async def read_index(): return FileResponse("xiaomusic/static/index.html") diff --git a/xiaomusic/xiaomusic.py b/xiaomusic/xiaomusic.py index f697fe7..881cc36 100644 --- a/xiaomusic/xiaomusic.py +++ b/xiaomusic/xiaomusic.py @@ -145,9 +145,9 @@ class XiaoMusic: async def poll_latest_ask(self): async with ClientSession() as session: while True: - #self.log.debug( + # self.log.debug( # f"Listening new message, timestamp: {self.last_timestamp}" - #) + # ) session._cookie_jar = self.cookie_jar # 拉取所有音箱的对话记录 @@ -158,11 +158,11 @@ class XiaoMusic: await asyncio.gather(*tasks) start = time.perf_counter() - #self.log.debug(f"Polling_event, timestamp: {self.last_timestamp}") + # self.log.debug(f"Polling_event, timestamp: {self.last_timestamp}") await self.polling_event.wait() if (d := time.perf_counter() - start) < 1: # sleep to avoid too many request - #self.log.debug(f"Sleep {d}, timestamp: {self.last_timestamp}") + # self.log.debug(f"Sleep {d}, timestamp: {self.last_timestamp}") await asyncio.sleep(1 - d) async def init_all_data(self, session): @@ -269,7 +269,7 @@ class XiaoMusic: hardware=hardware, timestamp=str(int(time.time() * 1000)), ) - #self.log.debug(f"url:{url} device_id:{device_id} hardware:{hardware}") + # self.log.debug(f"url:{url} device_id:{device_id} hardware:{hardware}") r = await session.get(url, timeout=timeout, cookies=cookies) except Exception as e: self.log.exception(f"Execption {e}")