Refactor file handling to prioritize internal data directories for backups and uploads; enhance error handling and logging for metadata and CSV operations.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
This commit is contained in:
Torsten Schulz (local)
@@ -2,20 +2,16 @@ import { promises as fs } from 'fs'
|
||||
import path from 'path'
|
||||
import { randomUUID } from 'crypto'
|
||||
|
||||
// Handle both dev and production paths
|
||||
// filename is always a hardcoded constant (e.g., 'termine.csv'), never user input
|
||||
// Use internal server/data directory for Termine CSV to avoid writing to public/
|
||||
const getDataPath = (filename) => {
|
||||
const cwd = process.cwd()
|
||||
|
||||
// In production (.output/server), working dir is .output
|
||||
|
||||
// Prefer server/data in both production and development
|
||||
// e.g. project-root/server/data/termine.csv or .output/server/data/termine.csv
|
||||
if (cwd.endsWith('.output')) {
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, '../public/data', filename)
|
||||
return path.join(cwd, '../server/data', filename)
|
||||
}
|
||||
|
||||
// In development, working dir is project root
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, 'public/data', filename)
|
||||
return path.join(cwd, 'server/data', filename)
|
||||
}
|
||||
|
||||
const TERMINE_FILE = getDataPath('termine.csv')
|
||||
|
||||
Reference in New Issue
Block a user