Implement parameter processing

2025-03-11 19:31:12 +08:00 · 2025-03-11 19:31:12 +08:00 · 37a4f83701
commit 37a4f83701
parent 3f6f7ea629
2 changed files with 29 additions and 6 deletions
--- a/src/index.js
+++ b/src/index.js
@ -13,7 +13,7 @@ import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 export default {
 	async fetch(request, env, ctx) {
 		const url = new URL(request.url);
-		const key = url.pathname;
+		const rawKey = url.pathname.slice(1); // remove leading slash
 		
 		if (url.hostname !== '127.0.0.1' && url.protocol === 'http:') {
 			return new Response(null, { status: 301, headers: {
@ -21,6 +21,10 @@ export default {
 			}});
 		}
 		
+		if (!rawKey) {
+			return new Response('Invalid key', { status: 400 });
+		}
+		
 		let endpoint, accessKeyId, secretAccessKey, region, bucket;
 		switch (url.searchParams.get('backend')) {
 			case 'r2':
@ -34,7 +38,7 @@ export default {
 				endpoint = env.COS_GLOBAL_ENDPOINT;
 				accessKeyId = env.COS_GLOBAL_ACCESS_KEY_ID;
 				secretAccessKey = env.COS_GLOBAL_SECRET_ACCESS_KEY;
-				region = 'accelerate';
+				region = env.COS_GLOBAL_REGION;
 				bucket = env.COS_GLOBAL_BUCKET;
 				break;
 			case 'cos-cn':
@ -47,6 +51,14 @@ export default {
 			default:
 				return new Response('Invalid backend', { status: 400 });
 		}
+
+		const expId = url.searchParams.get('expId');
+		const participantId = url.searchParams.get('participantId');
+		const pat = /^[a-zA-Z0-9]{1,64}$/;
+		if (!expId || !participantId || expId.includes('/') || !participantId.match(pat)) {
+			// prevent path traversal
+			return new Response('Invalid expId or participantId', { status: 400 });
+		}
 		
 		const client = new S3Client({
 			endpoint,
@ -56,8 +68,11 @@ export default {
 			signatureVersion: 'v4',
 		});
 		
-		const command = new PutObjectCommand({ Bucket: bucket, Key: key });
-  		const signedUrl = await getSignedUrl(client, command, { expiresIn: 24*60*60 });
+		const command = new PutObjectCommand({
+			Bucket: bucket,
+			Key: `${expId}/${participantId}/${rawKey}`
+		});
+  		const signedUrl = await getSignedUrl(client, command, { expiresIn: 12*60*60 });
 		return new Response(signedUrl);
 	},
 };
--- a/wrangler.jsonc
+++ b/wrangler.jsonc
@ -12,7 +12,7 @@
 	"compatibility_date": "2025-03-10",
 	"observability": {
 		"enabled": true
-	}
+	},
 	/**
 	 * Smart Placement
 	 * Docs: https://developers.cloudflare.com/workers/configuration/smart-placement/#smart-placement
@ -30,7 +30,15 @@
 	 * Environment Variables
 	 * https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables
 	 */
-	// "vars": { "MY_VARIABLE": "production_value" },
+	"vars": {
+		"R2_BUCKET": "experiment",
+		"COS_GLOBAL_ENDPOINT": "https://cos.accelerate.myqcloud.com",
+		"COS_GLOBAL_REGION": "accelerate",
+		"COS_GLOBAL_BUCKET": "hoshino-exp-1304089692",
+		"COS_CN_ENDPOINT": "https://cos.ap-beijing.myqcloud.com",
+		"COS_CN_REGION": "ap-beijing",
+		"COS_CN_BUCKET": "hoshino-exp-cn-1304089692",
+	}
 	/**
 	 * Note: Use secrets to store sensitive data.
 	 * https://developers.cloudflare.com/workers/configuration/secrets/