Always check for file extension (#103)

2025-07-18 13:42:02 +08:00 · 2022-03-15 11:13:13 +08:00 · 2022-03-15 11:13:13 +08:00 · 88daad2a05
commit 88daad2a05
parent 3890db9077
2 changed files with 9 additions and 14 deletions
--- a/config.go
+++ b/config.go
@ -22,7 +22,7 @@ var (
 	prefetch, proxyMode      bool
 	remoteRaw                = "remote-raw"
 	config                   Config
-	version                  = "0.4.1"
+	version                  = "0.4.2"
 	releaseUrl               = "https://github.com/webp-sh/webp_server_go/releases/latest/download/"
 )

--- a/router.go
+++ b/router.go
@ -29,6 +29,14 @@ func convert(c *fiber.Ctx) error {
 	var imgFilename = path.Base(reqURI) // pure filename, 123.jpg
 	log.Debugf("Incoming connection from %s %s", c.IP(), imgFilename)

+	if !checkAllowedType(imgFilename) {
+		msg := "File extension not allowed! " + imgFilename
+		log.Warn(msg)
+		c.Status(http.StatusBadRequest)
+		_ = c.Send([]byte(msg))
+		return nil
+	}
+
 	goodFormat := guessSupportedFormat(&c.Request().Header)

 	// old browser only, send the original image or fetch from remote and send.
@ -43,19 +51,6 @@ func convert(c *fiber.Ctx) error {
 		}
 	}

-	if !checkAllowedType(imgFilename) {
-		msg := "File extension not allowed! " + imgFilename
-		log.Warn(msg)
-		if imageExists(rawImageAbs) {
-			c.Set("ETag", genEtag(rawImageAbs))
-			return c.SendFile(rawImageAbs)
-		} else {
-			c.Status(http.StatusBadRequest)
-			_ = c.Send([]byte(msg))
-			return nil
-		}
-	}
-
 	if proxyMode {
 		return proxyHandler(c, reqURI)
 	}