minor fixes

server/main.py

@@ -647,18 +647,12 @@ class CacheControlMiddleware:
             await self.app(scope, receive, send)
             return
 
-        # Add caching headers for static files
         async def send_wrapper(status, headers, *args, **kwargs):
-            # Add cache headers for static files
-            cache_headers = [
-                (b"cache-control", b"public, max-age=86400"),  # 24 hours
-                (b"etag", b'"file-etag"'),
-            ]
+            cache_headers = [(b"cache-control", b"public, max-age=86400")]
             headers = list(headers) + cache_headers
             await send(status, headers, *args, **kwargs)
 
-        # Use original send
-        await self.app(scope, receive, send)
+        await self.app(scope, receive, send_wrapper)
 
 
 app.add_middleware(CacheControlMiddleware)
@@ -962,7 +956,7 @@ async def get_pack_diff(
 
 
 @app.get("/pack/{pack_name}")
-async def get_pack_manifest(pack_name: str, request: Request):
+async def get_pack_manifest(pack_name: str, request: Request, current_user: dict = Depends(get_current_user)):
     """Get pack manifest with caching"""
     client_ip = request.client.host if request.client else "unknown"
     
@@ -1009,7 +1003,12 @@ async def get_pack_file(pack_name: str, file_path: str, request: Request):
     client_ip = request.client.host if request.client else None
     
     # Security: prevent path traversal
-    if ".." in file_path:
+    try:
+        full_path = full_path.resolve()
+        pack_root = (PACKS_DIR / pack_name).resolve()
+        if not str(full_path).startswith(str(pack_root)):
+            raise HTTPException(403, "Invalid file path")
+    except (ValueError, OSError):
         raise HTTPException(403, "Invalid file path")
     
     if not full_path.exists() or not full_path.is_file():
@@ -1461,28 +1460,6 @@ async def download_legacy_launcher():
     raise HTTPException(404, "No legacy launcher files available")
 
 
-@app.get("/launcher/download/zip/{filename}")
-async def download_launcher_zip(filename: str):
-    """Download specific launcher ZIP archive"""
-    if ".." in filename:
-        raise HTTPException(400, "Invalid filename")
-    
-    valid_patterns = ["ZernMCLauncher-", "ZernMC-win-"]
-    if not any(filename.startswith(p) for p in valid_patterns) or not filename.endswith(".zip"):
-        raise HTTPException(400, "Invalid filename")
-    
-    file_path = BUILDS_DIR / filename
-    
-    if not file_path.exists():
-        raise HTTPException(404, "ZIP file not found")
-    
-    return FileResponse(
-        path=file_path,
-        filename=filename,
-        media_type="application/zip"
-    )
-
-
 # ====================== ЛАУНЧЕР МЕТА ЭНДПОИНТЫ ======================
 
 @app.get("/launcher/meta")