Apps/ImageApi
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Check upload name to make sure its an image or video
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
Details

Browse Source 
The upload code should be additionally refactored to probably do a more
comprehensive check of if the file is an image or video.
This commit is contained in:
Cameron Cordes
2021-03-07 22:00:12 -05:00
parent 3611f46004
commit 3c02bcc8fb
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/auth.rs
View File

@@ -45,7 +45,10 @@ pub async fn login(
.unwrap();
HttpResponse::Ok().json(Token { token: &token })
} else {
error!("User not found during login: '{}'", creds.username);
error!(
"User not found during login or incorrect password: '{}'",
creds.username
);
HttpResponse::NotFound().finish()
}
}

11
src/files.rs
View File

@@ -1,4 +1,3 @@
use std::ffi::OsStr;
use std::fs::read_dir;
use std::io;
use std::io::Error;
@@ -22,13 +21,11 @@ pub fn list_files(dir: PathBuf) -> io::Result<Vec<PathBuf>> {
Ok(files)
}
fn is_image_or_video(path: &Path) -> bool {
let extension = &path
pub fn is_image_or_video(path: &Path) -> bool {
let extension = path
.extension()
.unwrap_or_else(|| OsStr::new(""))
.to_str()
.unwrap_or("")
.to_lowercase();
.and_then(|p| p.to_str())
.map_or(String::from(""), |p| p.to_lowercase());
extension == "png"
|| extension == "jpg"

4
src/main.rs
View File

@@ -28,7 +28,7 @@ use log::{debug, error, info};
use crate::data::Claims;
use crate::database::{add_favorite, get_favorites};
use crate::files::{is_valid_path, list_files};
use crate::files::{is_image_or_video, is_valid_path, list_files};
use crate::video::*;
mod auth;
@@ -131,7 +131,7 @@ async fn upload_image(_: Claims, mut payload: mp::Multipart) -> impl Responder {
if !file_content.is_empty() {
let full_path = PathBuf::from(&path).join(file_name.unwrap());
if let Some(full_path) = is_valid_path(full_path.to_str().unwrap_or("")) {
if !full_path.is_file() {
if !full_path.is_file() && is_image_or_video(&full_path) {
let mut file = File::create(full_path).unwrap();
file.write_all(&file_content).unwrap();
} else {