Refactor PDF generation process in membership API to ensure consistent directory creation for uploads. Update final PDF path handling to improve clarity and maintainability of the code.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Has been cancelled
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Has been cancelled
This commit is contained in:
Torsten Schulz (local)
@@ -348,6 +348,9 @@ export default defineEventHandler(async (event) => {
|
|||||||
// da Deploy-Artefakte dort je nach Setup schreibgeschützt sein können)
|
// da Deploy-Artefakte dort je nach Setup schreibgeschützt sein können)
|
||||||
const tempDir = getServerDataPath('tmp', 'latex')
|
const tempDir = getServerDataPath('tmp', 'latex')
|
||||||
await fs.mkdir(tempDir, { recursive: true })
|
await fs.mkdir(tempDir, { recursive: true })
|
||||||
|
const uploadsDir = getDataPath('uploads')
|
||||||
|
await fs.mkdir(uploadsDir, { recursive: true })
|
||||||
|
let finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// PDF-Template-Funktion aktiv: versuche Original-PDF-Template herunterzuladen und zu befüllen
|
// PDF-Template-Funktion aktiv: versuche Original-PDF-Template herunterzuladen und zu befüllen
|
||||||
@@ -589,14 +592,12 @@ export default defineEventHandler(async (event) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let usedTemplate = false
|
let usedTemplate = false
|
||||||
const uploadsDir = getDataPath('uploads')
|
|
||||||
await fs.mkdir(uploadsDir, { recursive: true })
|
|
||||||
try {
|
try {
|
||||||
const filled = await fillPdfTemplate(data)
|
const filled = await fillPdfTemplate(data)
|
||||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||||
// filename is generated from timestamp, not user input, path traversal prevented
|
// filename is generated from timestamp, not user input, path traversal prevented
|
||||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||||
const finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
|
finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
|
||||||
await fs.writeFile(finalPdfPath, filled)
|
await fs.writeFile(finalPdfPath, filled)
|
||||||
// Do NOT copy filled PDFs into public repo uploads to avoid accidental exposure.
|
// Do NOT copy filled PDFs into public repo uploads to avoid accidental exposure.
|
||||||
usedTemplate = true
|
usedTemplate = true
|
||||||
@@ -664,7 +665,7 @@ export default defineEventHandler(async (event) => {
|
|||||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||||
const pdfPath = path.join(tempDir, `${filename}.pdf`)
|
const pdfPath = path.join(tempDir, `${filename}.pdf`)
|
||||||
await fs.mkdir(uploadsDir, { recursive: true })
|
await fs.mkdir(uploadsDir, { recursive: true })
|
||||||
const finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
|
finalPdfPath = path.join(uploadsDir, `${filename}.pdf`)
|
||||||
await fs.copyFile(pdfPath, finalPdfPath)
|
await fs.copyFile(pdfPath, finalPdfPath)
|
||||||
|
|
||||||
// E-Mail senden via zentralen Service (pass full path)
|
// E-Mail senden via zentralen Service (pass full path)
|
||||||
|
|||||||
Reference in New Issue
Block a user