2022-06-21 11:00:56 +00:00
|
|
|
mod create_dir;
|
|
|
|
mod delete;
|
|
|
|
mod download;
|
|
|
|
mod list;
|
|
|
|
mod upload;
|
2022-04-24 19:31:50 +00:00
|
|
|
|
2022-06-21 11:00:56 +00:00
|
|
|
/// Handle `/api/fs/*` requests
|
2022-04-24 19:31:50 +00:00
|
|
|
pub fn app() -> axum::Router {
|
2022-05-07 13:19:36 +00:00
|
|
|
use axum::routing::{delete, get, post};
|
2022-04-24 19:31:50 +00:00
|
|
|
|
2022-04-24 20:07:41 +00:00
|
|
|
axum::Router::new()
|
|
|
|
.route("/list", post(list::handle))
|
|
|
|
.route("/upload", post(upload::handle))
|
2022-06-08 17:08:06 +00:00
|
|
|
.route("/delete", delete(delete::handle))
|
2022-05-07 13:19:36 +00:00
|
|
|
.route("/download", get(download::handle))
|
2022-05-27 13:58:16 +00:00
|
|
|
.route("/createdir", post(create_dir::handle))
|
2022-04-24 19:31:50 +00:00
|
|
|
}
|
2022-05-01 18:34:28 +00:00
|
|
|
|
2022-05-01 20:44:28 +00:00
|
|
|
pub fn validate_path(path: &str) -> Result<(), homedisk_types::errors::ServerError> {
|
|
|
|
use homedisk_types::errors::{FsError, ServerError};
|
|
|
|
|
2022-06-07 20:36:26 +00:00
|
|
|
// `path` can't contain `..`
|
2022-05-01 18:34:28 +00:00
|
|
|
// to prevent attack attempts because by using a `..` you can access the previous folder
|
|
|
|
if path.contains("..") {
|
2022-06-11 08:19:47 +00:00
|
|
|
return Err(ServerError::FsError(FsError::ReadDirectory(
|
2022-05-01 18:34:28 +00:00
|
|
|
"the `path` must not contain `..`".to_string(),
|
|
|
|
)));
|
|
|
|
}
|
|
|
|
|
2022-06-07 20:36:26 +00:00
|
|
|
// `path` can't contain `~`
|
|
|
|
// to prevent attack attempts because `~` can get up a directory on `$HOME`
|
|
|
|
if path.contains('~') {
|
2022-06-11 08:19:47 +00:00
|
|
|
return Err(ServerError::FsError(FsError::ReadDirectory(
|
2022-06-07 20:36:26 +00:00
|
|
|
"the `path` must not contain `~`".to_string(),
|
|
|
|
)));
|
|
|
|
}
|
|
|
|
|
2022-05-01 18:34:28 +00:00
|
|
|
Ok(())
|
|
|
|
}
|