From a73f78e85387f2967605a202cf7620b458997769 Mon Sep 17 00:00:00 2001
From: Daniel Lando <daniel.sorridi@gmail.com>
Date: Thu, 15 Apr 2021 08:46:32 +0200
Subject: [PATCH] fix: prevent 404 errors in store when using nginx

---
 app.js                 | 80 ++++++++++++++++++------------------------
 src/apis/ConfigApis.js | 14 +++++---
 2 files changed, 43 insertions(+), 51 deletions(-)

diff --git a/app.js b/app.js
index 6ed7d4930b..12caa7d88b 100644
--- a/app.js
+++ b/app.js
@@ -179,7 +179,7 @@ async function startServer (host, port) {
  * @returns {string} The path is it's safe, thorws otherwise
  */
 function getSafePath (req) {
-  let reqPath = req.params.path
+  let reqPath = req.query.path
 
   if (typeof reqPath !== 'string') {
     throw Error('Invalid path')
@@ -830,54 +830,45 @@ app.post('/api/importConfig', apisLimiter, isAuthenticated, async function (
   }
 })
 
-// get config
+// if no path provided return all store dir files/folders, otherwise return the file content
 app.get('/api/store', storeLimiter, isAuthenticated, async function (req, res) {
   try {
-    async function parseDir (dir) {
-      const toReturn = []
-      const files = await fs.readdir(dir)
-      for (const file of files) {
-        const entry = {
-          name: path.basename(file),
-          path: utils.joinPath(dir, file)
-        }
-        const stats = await fs.lstat(entry.path)
-        if (stats.isDirectory()) {
-          entry.children = await parseDir(entry.path)
-        } else {
-          entry.ext = file.split('.').pop()
-        }
-
-        entry.size = utils.humanSize(stats.size)
-        toReturn.push(entry)
-      }
-      return toReturn
-    }
+    let data
+    if (req.query.path) {
+      const reqPath = getSafePath(req)
 
-    const data = await parseDir(storeDir)
+      const stat = await fs.lstat(reqPath)
 
-    res.json({ success: true, data: data })
-  } catch (error) {
-    logger.error(error.message)
-    return res.json({ success: false, message: error.message })
-  }
-})
-
-app.get('/api/store/:path', storeLimiter, isAuthenticated, async function (
-  req,
-  res
-) {
-  try {
-    const reqPath = getSafePath(req)
+      if (!stat.isFile()) {
+        throw Error('Path is not a file')
+      }
 
-    const stat = await fs.lstat(reqPath)
+      data = await fs.readFile(reqPath, 'utf8')
+    } else {
+      async function parseDir (dir) {
+        const toReturn = []
+        const files = await fs.readdir(dir)
+        for (const file of files) {
+          const entry = {
+            name: path.basename(file),
+            path: utils.joinPath(dir, file)
+          }
+          const stats = await fs.lstat(entry.path)
+          if (stats.isDirectory()) {
+            entry.children = await parseDir(entry.path)
+          } else {
+            entry.ext = file.split('.').pop()
+          }
+
+          entry.size = utils.humanSize(stats.size)
+          toReturn.push(entry)
+        }
+        return toReturn
+      }
 
-    if (!stat.isFile()) {
-      throw Error('Path is not a file')
+      data = await parseDir(storeDir)
     }
 
-    const data = await fs.readFile(reqPath, 'utf8')
-
     res.json({ success: true, data: data })
   } catch (error) {
     logger.error(error.message)
@@ -885,10 +876,7 @@ app.get('/api/store/:path', storeLimiter, isAuthenticated, async function (
   }
 })
 
-app.put('/api/store/:path', storeLimiter, isAuthenticated, async function (
-  req,
-  res
-) {
+app.put('/api/store', storeLimiter, isAuthenticated, async function (req, res) {
   try {
     const reqPath = getSafePath(req)
 
@@ -907,7 +895,7 @@ app.put('/api/store/:path', storeLimiter, isAuthenticated, async function (
   }
 })
 
-app.delete('/api/store/:path', storeLimiter, isAuthenticated, async function (
+app.delete('/api/store', storeLimiter, isAuthenticated, async function (
   req,
   res
 ) {
diff --git a/src/apis/ConfigApis.js b/src/apis/ConfigApis.js
index a68e1f5c00..cd0672348c 100644
--- a/src/apis/ConfigApis.js
+++ b/src/apis/ConfigApis.js
@@ -95,17 +95,21 @@ export default {
     return response.data
   },
   async getFile (path) {
-    const response = await request.get('/store/' + encodeURIComponent(path))
+    const response = await request.get('/store', { params: { path } })
     return response.data
   },
   async writeFile (path, content) {
-    const response = await request.put('/store/' + encodeURIComponent(path), {
-      content
-    })
+    const response = await request.put(
+      '/store',
+      {
+        content
+      },
+      { params: { path } }
+    )
     return response.data
   },
   async deleteFile (path) {
-    const response = await request.delete('/store/' + encodeURIComponent(path))
+    const response = await request.delete('/store', { params: { path } })
     return response.data
   },
   downloadZip (files) {