feature/handle-duplicate-file-name-upload #22
@@ -459,7 +459,10 @@ mod tests {
|
|||||||
#[test]
|
#[test]
|
||||||
fn directory_traversal_test() {
|
fn directory_traversal_test() {
|
||||||
let base = env::temp_dir();
|
let base = env::temp_dir();
|
||||||
assert_eq!(None, is_valid_full_path(&base, &PathBuf::from("../"), false));
|
assert_eq!(
|
||||||
|
None,
|
||||||
|
is_valid_full_path(&base, &PathBuf::from("../"), false)
|
||||||
|
);
|
||||||
assert_eq!(None, is_valid_full_path(&base, &PathBuf::from(".."), false));
|
assert_eq!(None, is_valid_full_path(&base, &PathBuf::from(".."), false));
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
None,
|
None,
|
||||||
|
|||||||
25
src/main.rs
25
src/main.rs
@@ -26,11 +26,12 @@ use actix_web::{
|
|||||||
web::{self, BufMut, BytesMut},
|
web::{self, BufMut, BytesMut},
|
||||||
App, HttpRequest, HttpResponse, HttpServer, Responder,
|
App, HttpRequest, HttpResponse, HttpServer, Responder,
|
||||||
};
|
};
|
||||||
|
use chrono::Utc;
|
||||||
use diesel::sqlite::Sqlite;
|
use diesel::sqlite::Sqlite;
|
||||||
use notify::{watcher, DebouncedEvent, RecursiveMode, Watcher};
|
use notify::{watcher, DebouncedEvent, RecursiveMode, Watcher};
|
||||||
use rayon::prelude::*;
|
use rayon::prelude::*;
|
||||||
|
|
||||||
use log::{debug, error, info};
|
use log::{debug, error, info, warn};
|
||||||
|
|
||||||
use crate::auth::login;
|
use crate::auth::login;
|
||||||
use crate::data::*;
|
use crate::data::*;
|
||||||
@@ -165,8 +166,21 @@ async fn upload_image(
|
|||||||
let mut file = File::create(full_path).unwrap();
|
let mut file = File::create(full_path).unwrap();
|
||||||
file.write_all(&file_content).unwrap();
|
file.write_all(&file_content).unwrap();
|
||||||
} else {
|
} else {
|
||||||
error!("File already exists: {:?}", full_path);
|
warn!("File already exists: {:?}", full_path);
|
||||||
return HttpResponse::BadRequest().body("File already exists");
|
|
||||||
|
let new_path = format!(
|
||||||
|
"{:?}_{}.{:?}",
|
||||||
|
full_path.file_stem(),
|
||||||
|
Utc::now(),
|
||||||
|
full_path
|
||||||
|
.extension()
|
||||||
|
.expect("Uploaded file should have an extension")
|
||||||
|
);
|
||||||
|
let mut file = File::create(new_path).unwrap();
|
||||||
|
file.write_all(&file_content).unwrap();
|
||||||
|
|
||||||
|
create_thumbnails();
|
||||||
|
return HttpResponse::Ok().finish();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
error!("Invalid path for upload: {:?}", full_path);
|
error!("Invalid path for upload: {:?}", full_path);
|
||||||
@@ -175,6 +189,8 @@ async fn upload_image(
|
|||||||
} else {
|
} else {
|
||||||
return HttpResponse::BadRequest().body("No file body read");
|
return HttpResponse::BadRequest().body("No file body read");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
create_thumbnails();
|
||||||
HttpResponse::Ok().finish()
|
HttpResponse::Ok().finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -217,7 +233,8 @@ async fn stream_video(
|
|||||||
debug!("Playlist: {}", playlist);
|
debug!("Playlist: {}", playlist);
|
||||||
|
|
||||||
// Extract video playlist dir to dotenv
|
// Extract video playlist dir to dotenv
|
||||||
if !playlist.starts_with("tmp") && is_valid_full_path(&app_state.base_path, playlist, false).is_some()
|
if !playlist.starts_with("tmp")
|
||||||
|
&& is_valid_full_path(&app_state.base_path, playlist, false).is_some()
|
||||||
{
|
{
|
||||||
HttpResponse::BadRequest().finish()
|
HttpResponse::BadRequest().finish()
|
||||||
} else if let Ok(file) = NamedFile::open(playlist) {
|
} else if let Ok(file) = NamedFile::open(playlist) {
|
||||||
|
|||||||
Reference in New Issue
Block a user