Revert "Fix code scanning alert no. 23: Uncontrolled data used in path expression (#486)"

This reverts commit c2b3d19a5101d4a849ae2425a1cf5564a8b0ab94.

cmd/dashboard/controller/controller.go

@@ -213,33 +213,20 @@ func fallbackToFrontend(c *gin.Context) {
 		c.JSON(http.StatusOK, newErrorResponse(errors.New("404 Not Found")))
 		return
 	}
-	const safeDirAdmin = "./admin-dist"
-	const safeDirUser = "user-dist"
-
 	if strings.HasPrefix(c.Request.URL.Path, "/dashboard") {
 		stripPath := strings.TrimPrefix(c.Request.URL.Path, "/dashboard")
-		localFilePath := filepath.Join(safeDirAdmin, stripPath)
+		localFilePath := filepath.Join("./admin-dist", stripPath)
-		absPath, err := filepath.Abs(localFilePath)
+		if _, err := os.Stat(localFilePath); err == nil {
-		if err != nil || !strings.HasPrefix(absPath, safeDirAdmin) {
+			c.File(localFilePath)
-			c.JSON(http.StatusBadRequest, newErrorResponse(errors.New("Invalid file path")))
 			return
 		}
-		if _, err := os.Stat(absPath); err == nil {
+		c.File("admin-dist/index.html")
-			c.File(absPath)
-			return
-		}
-		c.File(filepath.Join(safeDirAdmin, "index.html"))
 		return
 	}
-	localFilePath := filepath.Join(safeDirUser, c.Request.URL.Path)
+	localFilePath := filepath.Join("user-dist", c.Request.URL.Path)
-	absPath, err := filepath.Abs(localFilePath)
+	if _, err := os.Stat(localFilePath); err == nil {
-	if err != nil || !strings.HasPrefix(absPath, safeDirUser) {
+		c.File(localFilePath)
-		c.JSON(http.StatusBadRequest, newErrorResponse(errors.New("Invalid file path")))
 		return
 	}
-	if _, err := os.Stat(absPath); err == nil {
+	c.File("user-dist/index.html")
-		c.File(absPath)
-		return
-	}
-	c.File(filepath.Join(safeDirUser, "index.html"))
 }