Skip to content

Commit

Permalink
feat: Make file copy/move/delete REST endpoints more robust
Browse files Browse the repository at this point in the history
  • Loading branch information
mountaindude committed Aug 6, 2022
1 parent 56bd636 commit ca91a2b
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 33 deletions.
12 changes: 6 additions & 6 deletions src/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

45 changes: 18 additions & 27 deletions src/routes/disk_utils.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
const httpErrors = require('http-errors');
const fs = require('fs-extra');
const path = require('path');
const upath = require('upath');
const mkdirp = require('mkdirp');

Expand Down Expand Up @@ -38,25 +37,25 @@ async function handlerFileCopy(request, reply) {
// 1. fromFile is in a valid source directory (or subdirectory thereof),
// 2. toFile is in a valid associated destination directory (or subdirectory thereof)

const fromFile = path.normalize(request.body.fromFile);
const toFile = path.normalize(request.body.toFile);
const fromFile = upath.normalize(request.body.fromFile);
const toFile = upath.normalize(request.body.toFile);

const fromDir = path.dirname(fromFile);
const toDir = path.dirname(toFile);
const fromDir = upath.dirname(fromFile);
const toDir = upath.dirname(toFile);

let copyIsOk = false; // Only allow copy if this flag is true

// Ensure fromFile exists
if (await fs.pathExists(fromFile)) {
globals.fileCopyDirectories.forEach((element) => {
if (isDirectoryChildOf(fromDir, element.fromDir) && isDirectoryChildOf(toDir, element.toDir)) {
// eslint-disable-next-line no-restricted-syntax
for (const approvedCopyDir of globals.fileCopyDirectories) {
if (isDirectoryChildOf(fromDir, approvedCopyDir.fromDir) && isDirectoryChildOf(toDir, approvedCopyDir.toDir)) {
// The fromFile passed as parameter matches an approved fromDir specified in the config file
// AND
// toFile passed as parameter matches the associated approved toDir specified in the config file

copyIsOk = true;
}
});
}

if (copyIsOk) {
globals.logger.debug(
Expand Down Expand Up @@ -121,25 +120,25 @@ async function handlerFileMove(request, reply) {
// 1. fromFile is in a valid source directory (or subdirectory thereof),
// 2. toFile is in a valid associated destination directory (or subdirectory thereof)

const fromFile = path.normalize(request.body.fromFile);
const toFile = path.normalize(request.body.toFile);
const fromFile = upath.normalize(request.body.fromFile);
const toFile = upath.normalize(request.body.toFile);

const fromDir = path.dirname(fromFile);
const toDir = path.dirname(toFile);
const fromDir = upath.dirname(fromFile);
const toDir = upath.dirname(toFile);

let moveIsOk = false; // Only allow move if this flag is true

// Ensure fromFile exists
if (await fs.pathExists(fromFile)) {
globals.fileMoveDirectories.forEach((element) => {
if (isDirectoryChildOf(fromDir, element.fromDir) && isDirectoryChildOf(toDir, element.toDir)) {
// eslint-disable-next-line no-restricted-syntax
for (const approvedMoveDir of globals.fileMoveDirectories) {
if (isDirectoryChildOf(fromDir, approvedMoveDir.fromDir) && isDirectoryChildOf(toDir, approvedMoveDir.toDir)) {
// The fromFile passed as parameter matches an approved fromDir specified in the config file
// AND
// toFile passed as parameter matches the associated approved toDir specified in the config file

moveIsOk = true;
}
});
}

if (moveIsOk) {
globals.logger.debug(`FILEMOVE: About to move file from ${fromFile} to ${toFile}, overwrite flag=${overwrite}`);
Expand Down Expand Up @@ -188,21 +187,13 @@ async function handlerFileDelete(request, reply) {

// Ensure the file to be deleted is in an approved directory hierarchy
// eslint-disable-next-line no-restricted-syntax
for (const approvedPath of globals.fileDeleteDirectories) {
if (isDirectoryChildOf(deleteDir, approvedPath)) {
for (const approvedDeleteDir of globals.fileDeleteDirectories) {
if (isDirectoryChildOf(deleteDir, approvedDeleteDir)) {
// The deleteFile passed as parameter matches an approved directory specified in the config file
deleteIsOk = true;
}
}

// globals.fileDeleteDirectories.forEach((element) => {
// if (isDirectoryChildOf(deleteDir, element)) {
// // The deleteFile passed as parameter matches an approved directory specified in the config file

// deleteIsOk = true;
// }
// });

if (deleteIsOk) {
// Finally, make sure that file really exists
if (await fs.pathExists(deleteFile)) {
Expand Down

0 comments on commit ca91a2b

Please sign in to comment.