Apps/ImageApi
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

File upload working

Browse Source
This commit is contained in:
Cameron Cordes
2020-09-11 19:32:10 -04:00
parent fe23586059
commit 426c695b47
4 changed files with 123 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/files.rs
View File

@@ -58,6 +58,17 @@ fn is_valid_full_path(base: &Path, path: &str) -> Option<PathBuf> {
}
})
.ok()
} else if let Ok(path) = path.canonicalize().and_then(|path| {
if path.starts_with(base) {
Ok(path)
} else {
Err(io::Error::new(
io::ErrorKind::Other,
"Path below base directory",
))
}
}) {
Some(path)
} else {
None
}
@@ -102,6 +113,27 @@ mod tests {
);
}
#[test]
fn build_from_absolute_path_test() {
let base = env::temp_dir();
let mut test_file = PathBuf::from(&base);
test_file.push("test.png");
File::create(&test_file).unwrap();
assert!(is_valid_full_path(&base, test_file.to_str().unwrap()).is_some());
let path = "relative/path/test.png";
let mut test_file = PathBuf::from(&base);
test_file.push(path);
create_dir_all(test_file.parent().unwrap()).unwrap();
File::create(test_file).unwrap();
assert_eq!(
Some(PathBuf::from("/tmp/relative/path/test.png")),
is_valid_full_path(&base, path)
);
}
#[test]
fn png_valid_extension_test() {
assert!(is_image_or_video(Path::new("image.png")));

55
src/main.rs
View File

@@ -3,13 +3,17 @@ extern crate diesel;
extern crate rayon;
use actix_files::NamedFile;
use actix_multipart as mp;
use actix_web::web::{HttpRequest, HttpResponse, Json};
use actix_web::{get, post, web, App, HttpServer, Responder};
use chrono::{Duration, Utc};
use data::{AddFavoriteRequest, LoginRequest, ThumbnailRequest};
use futures::stream::StreamExt;
use jsonwebtoken::{encode, EncodingKey, Header};
use rayon::prelude::*;
use serde::Serialize;
use std::fs::File;
use std::io::prelude::*;
use std::path::{Path, PathBuf};
use crate::data::{secret_key, Claims, CreateAccountRequest, Token};
@@ -119,6 +123,56 @@ async fn get_image(
}
}
#[post("/image")]
async fn upload_image(_: Claims, mut payload: mp::Multipart) -> impl Responder {
let mut file_content: Vec<_> = Vec::new();
let mut file_name: Option<String> = None;
let mut file_path: Option<String> = None;
while let Some(Ok(mut part)) = payload.next().await {
if let Some(content_type) = part.content_disposition() {
println!("{:?}", content_type);
if let Some(filename) = content_type.get_filename() {
println!("Name: {:?}", filename);
file_name = Some(filename.to_string());
while let Some(Ok(data)) = part.next().await {
file_content.extend_from_slice(data.as_ref());
}
} else if content_type.get_name().map_or(false, |name| name == "path") {
while let Some(Ok(data)) = part.next().await {
if let Ok(path) = std::str::from_utf8(&data) {
file_path = Some(path.to_string())
}
}
}
}
}
let path = file_path.unwrap_or_else(|| dotenv::var("BASE_PATH").unwrap());
if !file_content.is_empty() {
let full_path = PathBuf::from(&path);
if let Some(mut full_path) = is_valid_path(full_path.to_str().unwrap_or("")) {
// TODO: Validate this file_name as is subject to path traversals which could lead to
// writing outside the base dir.
full_path = full_path.join(file_name.unwrap());
if !full_path.is_file() {
let mut file = File::create(full_path).unwrap();
file.write_all(&file_content).unwrap();
} else {
return HttpResponse::BadRequest().body("File already exists");
}
} else {
return HttpResponse::BadRequest().body("Path was not valid");
}
} else {
return HttpResponse::BadRequest().body("No file body read");
}
HttpResponse::Ok().finish()
}
#[post("/video/generate")]
async fn generate_video(_claims: Claims, body: web::Json<ThumbnailRequest>) -> impl Responder {
let filename = PathBuf::from(&body.path);
@@ -257,6 +311,7 @@ async fn main() -> std::io::Result<()> {
.service(login)
.service(list_photos)
.service(get_image)
.service(upload_image)
.service(generate_video)
.service(stream_video)
.service(get_video_part)