diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index b4d3e01..d6e7688 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -3,6 +3,7 @@ package ru.micord.ervu.controller; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.Arrays; +import java.util.List; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; @@ -39,6 +40,8 @@ import javax.servlet.http.HttpServletRequest; */ @RestController public class ExtractController { + private static final List ALLOWED_FORMATS = List.of("1", "2"); + private final PersonalDataService personalDataService; private final ReplyingKafkaService replyingKafkaService; private final AuditService auditService; @@ -64,6 +67,10 @@ public class ExtractController { @GetMapping(value = "/extract/{formatRegistry}") public ResponseEntity getExtract(HttpServletRequest servletRequest, @PathVariable String formatRegistry) { + if (!ALLOWED_FORMATS.contains(formatRegistry)) { + return ResponseEntity.badRequest().build(); + } + UserIdsPair userIdsPair = SecurityUtil.getUserIdsPair(); String ervuId = userIdsPair.getErvuId(); ConsumerRecord record; diff --git a/frontend/src/ts/ervu/component/button/ExtractLoadService.ts b/frontend/src/ts/ervu/component/button/ExtractLoadService.ts index 82d95d3..7e58644 100644 --- a/frontend/src/ts/ervu/component/button/ExtractLoadService.ts +++ b/frontend/src/ts/ervu/component/button/ExtractLoadService.ts @@ -38,6 +38,11 @@ export class ExtractLoadService extends Behavior { observe: 'response' }).toPromise() .then((response) => { + if (!response.ok) { + this.errorEvent.trigger(); + return; + } + const data = window.URL.createObjectURL(response.body); const link = document.createElement("a"); link.href = data;