bdb5393835
Critical: - CORS: replace allow_any_origin + credentials with env-configured origins - XSS: escape HTML before dangerouslySetInnerHTML in search results - Path traversal: sanitize storage keys to reject ".." components - Auth missing: add Session requirement to git init/open/is-repo endpoints - Transaction: wrap issue cascade delete in DB transaction High: - Mutex poisoning: replace unwrap() with poison-recovering guards - Drop tokio::spawn: use runtime handle or fallback thread for lock release - Redis KEYS: replace with non-blocking SCAN for typing events - SSH panic: handle missing stdin/stdout/stderr gracefully - LFS auth: remove x-user-uid header injection vector, generate per-request tokens Medium: - Memory leak: remove Box::leak in provider normalization - Race conditions: query closed count directly instead of subtraction - Silent failures: add tracing::warn for AI tasks, room events, activity logs - Frontend nav: sync activeRoomId when initialRoomId prop changes - Duplicate nav: remove redundant setActiveRoom in delete handler - Callback conflict: skip undefined values in updateCallbacks merge - Stale closure: use wsClient state instead of wsClientRef.current in useMemo Low: - Captcha: validate captcha not empty before login submission - Broadcast capacity: reduce from 100K to 1000 - Error handling: add try/catch for removeMember and updateMemberRole - Loading state: show placeholder instead of null in RepositoryContextProvider - WebSocket: add heartbeat ping and jitter to reconnect backoff
85 lines
2.4 KiB
Rust
85 lines
2.4 KiB
Rust
use config::AppConfig;
|
|
use std::path::PathBuf;
|
|
|
|
#[derive(Clone)]
|
|
pub struct AppStorage {
|
|
pub base_path: PathBuf,
|
|
pub public_url_base: String,
|
|
}
|
|
|
|
impl AppStorage {
|
|
pub fn new(config: &AppConfig) -> anyhow::Result<Self> {
|
|
let base_path = config
|
|
.env
|
|
.get("STORAGE_PATH")
|
|
.map(PathBuf::from)
|
|
.unwrap_or_else(|| PathBuf::from("/data/files"));
|
|
|
|
let public_url_base = config
|
|
.env
|
|
.get("STORAGE_PUBLIC_URL")
|
|
.cloned()
|
|
.unwrap_or_else(|| "/files".to_string());
|
|
|
|
Ok(Self {
|
|
base_path,
|
|
public_url_base,
|
|
})
|
|
}
|
|
|
|
fn sanitize_key(key: &str) -> anyhow::Result<PathBuf> {
|
|
// Reject any key containing ".." components to prevent path traversal.
|
|
let path = PathBuf::from(key);
|
|
for component in path.components() {
|
|
if let std::path::Component::ParentDir = component {
|
|
anyhow::bail!("path traversal detected in key: {}", key);
|
|
}
|
|
}
|
|
Ok(path)
|
|
}
|
|
|
|
/// Write data to a local path and return the public URL.
|
|
pub async fn upload(
|
|
&self,
|
|
key: &str,
|
|
data: Vec<u8>,
|
|
) -> anyhow::Result<String> {
|
|
let safe_path = Self::sanitize_key(key)?;
|
|
let path = self.base_path.join(safe_path);
|
|
|
|
// Create parent directories
|
|
if let Some(parent) = path.parent() {
|
|
tokio::fs::create_dir_all(parent).await?;
|
|
}
|
|
|
|
tokio::fs::write(&path, &data).await?;
|
|
|
|
let url = format!(
|
|
"{}/{}",
|
|
self.public_url_base.trim_end_matches('/'),
|
|
key
|
|
);
|
|
Ok(url)
|
|
}
|
|
|
|
pub async fn delete(&self, key: &str) -> anyhow::Result<()> {
|
|
let safe_path = Self::sanitize_key(key)?;
|
|
let path = self.base_path.join(safe_path);
|
|
if path.exists() {
|
|
tokio::fs::remove_file(&path).await?;
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
/// Read a file by key and return (bytes, content_type).
|
|
pub async fn read(&self, key: &str) -> anyhow::Result<(Vec<u8>, String)> {
|
|
let safe_path = Self::sanitize_key(key)?;
|
|
let path = self.base_path.join(safe_path);
|
|
let data = tokio::fs::read(&path).await?;
|
|
let content_type = mime_guess2::from_path(&path)
|
|
.first_or_octet_stream()
|
|
.to_string();
|
|
Ok((data, content_type))
|
|
}
|
|
}
|