fix(agent): fix agent host validatation and improve file path handling

agent/pkg/agent/config.go

@@ -131,7 +131,12 @@ func (cfg *AgentConfig) StartWithCerts(parent task.Parent, ca, crt, key []byte)
 }
 
 func (cfg *AgentConfig) Start(parent task.Parent) gperr.Error {
-	certData, err := os.ReadFile(certs.AgentCertsFilename(cfg.Addr))
+	filepath, ok := certs.AgentCertsFilepath(cfg.Addr)
+	if !ok {
+		return gperr.New("invalid agent host").Subject(cfg.Addr)
+	}
+
+	certData, err := os.ReadFile(filepath)
 	if err != nil {
 		return gperr.Wrap(err, "failed to read agent certs")
 	}

agent/pkg/certs/zip.go

@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/yusing/go-proxy/internal/common"
+	"github.com/yusing/go-proxy/internal/utils/strutils"
 )
 
 func writeFile(zipWriter *zip.Writer, name string, data []byte) error {
@@ -50,8 +51,15 @@ func ZipCert(ca, crt, key []byte) ([]byte, error) {
 	return data.Bytes(), nil
 }
 
-func AgentCertsFilename(host string) string {
+func isValidAgentHost(host string) bool {
-	return filepath.Join(common.AgentCertsBasePath, host+".zip")
+	return strutils.IsValidFilename(host + ".zip")
+}
+
+func AgentCertsFilepath(host string) (filepathOut string, ok bool) {
+	if !isValidAgentHost(host) {
+		return "", false
+	}
+	return filepath.Join(common.AgentCertsBasePath, host+".zip"), true
 }
 
 func ExtractCert(data []byte) (ca, crt, key []byte, err error) {

internal/api/v1/new_agent.go

@@ -126,8 +126,8 @@ func VerifyNewAgent(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	filename := certs.AgentCertsFilename(data.Host)
+	filename, ok := certs.AgentCertsFilepath(data.Host)
-	if !strutils.IsValidFilename(filename) {
+	if !ok {
 		gphttp.ClientError(w, gphttp.ErrInvalidKey("host"))
 		return
 	}