Validate alias represents real file before setting not found

This commit is contained in:
asonix 2023-07-07 13:33:27 -05:00
parent 9e7376d411
commit 3ccb8ecd8c
2 changed files with 19 additions and 11 deletions

View file

@ -602,14 +602,17 @@ async fn not_found_hash<R: FullRepo>(repo: &R) -> Result<Option<(Alias, R::Bytes
return Ok(None);
};
let alias = String::from_utf8_lossy(not_found.as_ref())
.parse::<Alias>()
.expect("Infallible");
let Some(alias) = Alias::from_slice(not_found.as_ref()) else {
tracing::warn!("Couldn't parse not-found alias");
return Ok(None);
};
repo.hash(&alias)
.await
.map(|opt| opt.map(|hash| (alias, hash)))
.map_err(Error::from)
let Some(hash) = repo.hash(&alias).await? else {
tracing::warn!("No hash found for not-found alias");
return Ok(None);
};
Ok(Some((alias, hash)))
}
/// Process files
@ -1005,8 +1008,13 @@ async fn set_not_found<R: FullRepo>(
) -> Result<HttpResponse, Error> {
let alias = json.into_inner().alias;
repo.set(NOT_FOUND_KEY, Vec::from(alias.to_string()).into())
.await?;
if repo.hash(&alias).await?.is_none() {
return Ok(HttpResponse::BadRequest().json(serde_json::json!({
"msg": "No hash associated with provided alias"
})));
}
repo.set(NOT_FOUND_KEY, alias.to_bytes().into()).await?;
Ok(HttpResponse::Created().json(serde_json::json!({
"msg": "ok",

View file

@ -746,7 +746,7 @@ impl Alias {
self.extension.as_deref()
}
fn to_bytes(&self) -> Vec<u8> {
pub(crate) fn to_bytes(&self) -> Vec<u8> {
let mut v = self.id.as_bytes().to_vec();
if let Some(ext) = self.extension() {
@ -756,7 +756,7 @@ impl Alias {
v
}
fn from_slice(bytes: &[u8]) -> Option<Self> {
pub(crate) fn from_slice(bytes: &[u8]) -> Option<Self> {
if let Ok(s) = std::str::from_utf8(bytes) {
Some(Self::from_existing(s))
} else if bytes.len() >= 16 {