Check upload name to make sure its an image or video
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
The upload code should be additionally refactored to probably do a more comprehensive check of if the file is an image or video.
This commit is contained in:
Cameron Cordes
@@ -45,7 +45,10 @@ pub async fn login(
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
HttpResponse::Ok().json(Token { token: &token })
|
HttpResponse::Ok().json(Token { token: &token })
|
||||||
} else {
|
} else {
|
||||||
error!("User not found during login: '{}'", creds.username);
|
error!(
|
||||||
|
"User not found during login or incorrect password: '{}'",
|
||||||
|
creds.username
|
||||||
|
);
|
||||||
HttpResponse::NotFound().finish()
|
HttpResponse::NotFound().finish()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
11
src/files.rs
11
src/files.rs
@@ -1,4 +1,3 @@
|
|||||||
use std::ffi::OsStr;
|
|
||||||
use std::fs::read_dir;
|
use std::fs::read_dir;
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::io::Error;
|
use std::io::Error;
|
||||||
@@ -22,13 +21,11 @@ pub fn list_files(dir: PathBuf) -> io::Result<Vec<PathBuf>> {
|
|||||||
Ok(files)
|
Ok(files)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn is_image_or_video(path: &Path) -> bool {
|
pub fn is_image_or_video(path: &Path) -> bool {
|
||||||
let extension = &path
|
let extension = path
|
||||||
.extension()
|
.extension()
|
||||||
.unwrap_or_else(|| OsStr::new(""))
|
.and_then(|p| p.to_str())
|
||||||
.to_str()
|
.map_or(String::from(""), |p| p.to_lowercase());
|
||||||
.unwrap_or("")
|
|
||||||
.to_lowercase();
|
|
||||||
|
|
||||||
extension == "png"
|
extension == "png"
|
||||||
|| extension == "jpg"
|
|| extension == "jpg"
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ use log::{debug, error, info};
|
|||||||
|
|
||||||
use crate::data::Claims;
|
use crate::data::Claims;
|
||||||
use crate::database::{add_favorite, get_favorites};
|
use crate::database::{add_favorite, get_favorites};
|
||||||
use crate::files::{is_valid_path, list_files};
|
use crate::files::{is_image_or_video, is_valid_path, list_files};
|
||||||
use crate::video::*;
|
use crate::video::*;
|
||||||
|
|
||||||
mod auth;
|
mod auth;
|
||||||
@@ -131,7 +131,7 @@ async fn upload_image(_: Claims, mut payload: mp::Multipart) -> impl Responder {
|
|||||||
if !file_content.is_empty() {
|
if !file_content.is_empty() {
|
||||||
let full_path = PathBuf::from(&path).join(file_name.unwrap());
|
let full_path = PathBuf::from(&path).join(file_name.unwrap());
|
||||||
if let Some(full_path) = is_valid_path(full_path.to_str().unwrap_or("")) {
|
if let Some(full_path) = is_valid_path(full_path.to_str().unwrap_or("")) {
|
||||||
if !full_path.is_file() {
|
if !full_path.is_file() && is_image_or_video(&full_path) {
|
||||||
let mut file = File::create(full_path).unwrap();
|
let mut file = File::create(full_path).unwrap();
|
||||||
file.write_all(&file_content).unwrap();
|
file.write_all(&file_content).unwrap();
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user