From 0faad2fbdb5767d19bc8a34bbafd1ff3b9c4c7b2 Mon Sep 17 00:00:00 2001
From: Cameron Cordes <cameronc.dev@gmail.com>
Date: Sun, 21 Jan 2024 21:35:36 -0500
Subject: [PATCH] Ensure Move endpoint does not overwrite an existing file

---
 src/files.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/files.rs b/src/files.rs
index a46b026..94d2347 100644
--- a/src/files.rs
+++ b/src/files.rs
@@ -192,11 +192,21 @@ pub async fn move_file<FS: FileSystemAccess>(
     request: web::Json<MoveFileRequest>,
 ) -> HttpResponse {
     match is_valid_full_path(&app_state.base_path, &request.source, false)
+        .ok_or(ErrorKind::InvalidData)
         .and_then(|source| {
             is_valid_full_path(&app_state.base_path, &request.destination, true)
+                .ok_or(ErrorKind::InvalidData)
+                .and_then(|dest| {
+                    if dest.exists() {
+                        error!("Destination already exists, not moving file: {:?}", source);
+
+                        Err(ErrorKind::AlreadyExists)
+                    } else {
+                        Ok(dest)
+                    }
+                })
                 .map(|dest| (source, dest))
         })
-        .ok_or(ErrorKind::InvalidData)
         .map(|(source, dest)| file_system.move_file(source, dest))
     {
         Ok(_) => {