Added tests and better path validation
Secure video endpoints.
This commit is contained in:
Cameron Cordes
26
src/main.rs
26
src/main.rs
@@ -14,7 +14,7 @@ use std::path::{Path, PathBuf};
|
||||
|
||||
use crate::data::{Claims, CreateAccountRequest, Token};
|
||||
use crate::database::{create_user, get_user, user_exists};
|
||||
use crate::files::list_files;
|
||||
use crate::files::{is_valid_path, list_files};
|
||||
use crate::video::*;
|
||||
|
||||
mod data;
|
||||
@@ -89,23 +89,6 @@ struct PhotosResponse<'a> {
|
||||
dirs: &'a [String],
|
||||
}
|
||||
|
||||
fn is_valid_path(path: &str) -> Option<PathBuf> {
|
||||
match path {
|
||||
path if path.contains("..") => None,
|
||||
|
||||
path => {
|
||||
let path = PathBuf::from(path);
|
||||
if path.is_relative() {
|
||||
let mut full_path = PathBuf::from(dotenv::var("BASE_PATH").unwrap());
|
||||
full_path.push(path);
|
||||
Some(full_path)
|
||||
} else {
|
||||
None
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[get("/image")]
|
||||
async fn get_image(
|
||||
_claims: Claims,
|
||||
@@ -156,7 +139,7 @@ async fn generate_video(_claims: Claims, body: web::Json<ThumbnailRequest>) -> i
|
||||
}
|
||||
|
||||
#[get("/video/stream")]
|
||||
async fn stream_video(request: HttpRequest, path: web::Query<ThumbnailRequest>) -> impl Responder {
|
||||
async fn stream_video(request: HttpRequest, _: Claims, path: web::Query<ThumbnailRequest>) -> impl Responder {
|
||||
let playlist = &path.path;
|
||||
println!("Playlist: {}", playlist);
|
||||
|
||||
@@ -168,7 +151,7 @@ async fn stream_video(request: HttpRequest, path: web::Query<ThumbnailRequest>)
|
||||
}
|
||||
|
||||
#[get("/video/{path}")]
|
||||
async fn get_video_part(request: HttpRequest, path: web::Path<ThumbnailRequest>) -> impl Responder {
|
||||
async fn get_video_part(request: HttpRequest, _: Claims , path: web::Path<ThumbnailRequest>) -> impl Responder {
|
||||
let part = &path.path;
|
||||
println!("Video part: {}", part);
|
||||
|
||||
@@ -209,7 +192,8 @@ async fn create_thumbnails() {
|
||||
if ext == "mp4" || ext == "mov" {
|
||||
let relative_path = &entry.path().strip_prefix(&images).unwrap();
|
||||
let thumb_path = Path::new(thumbnail_directory).join(relative_path);
|
||||
std::fs::create_dir_all(&thumb_path.parent().unwrap()).expect("Error creating directory");
|
||||
std::fs::create_dir_all(&thumb_path.parent().unwrap())
|
||||
.expect("Error creating directory");
|
||||
generate_video_thumbnail(entry.path(), &thumb_path);
|
||||
false
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user