From d83638ae95475e0516f8f238bd80f5c38b969239 Mon Sep 17 00:00:00 2001 From: MickaelK Date: Wed, 19 Nov 2025 02:32:17 +1100 Subject: [PATCH] chore (plg_backend_tmp): align with plg_authenticate_local --- server/plugin/plg_backend_tmp/index.go | 52 +++++++++++++++----------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/server/plugin/plg_backend_tmp/index.go b/server/plugin/plg_backend_tmp/index.go index 37af7c8b..d4144feb 100644 --- a/server/plugin/plg_backend_tmp/index.go +++ b/server/plugin/plg_backend_tmp/index.go @@ -2,7 +2,6 @@ package plg_backend_tmp import ( "encoding/base64" - "fmt" . "github.com/mickael-kerjean/filestash/server/common" "io" "os" @@ -30,7 +29,9 @@ func init() { os.RemoveAll(FILESTASH_DIRECTORY) } -type TmpStorage struct{} +type TmpStorage struct { + userID string +} func (this TmpStorage) Init(params map[string]string, app *App) (IBackend, error) { if len(params["userID"]) == 0 { @@ -38,19 +39,16 @@ func (this TmpStorage) Init(params map[string]string, app *App) (IBackend, error } else if regexp.MustCompile(`^[a-zA-Z0-9]*$`).MatchString(params["userID"]) == false { return nil, ErrAuthenticationFailed } - p := filepath.Join(FILESTASH_DIRECTORY, params["userID"]) - if strings.HasSuffix(p, "/") == false { - p = fmt.Sprintf("%s/", p) - } - if err := this.VerifyPath(p); err != nil { + this.userID = params["userID"] + root, err := this.fullpath("/") + if err != nil { return nil, ErrAuthenticationFailed } if c := ChrootCache.Get(params); c == nil { - ChrootCache.Set(params, p) + ChrootCache.Set(params, root) } - os.MkdirAll(p, 0755) - params["path"] = p - return &TmpStorage{}, nil + os.MkdirAll(root, 0755) + return &this, nil } func (this TmpStorage) LoginForm() Form { @@ -71,7 +69,8 @@ func (this TmpStorage) LoginForm() Form { } func (this TmpStorage) Ls(path string) ([]os.FileInfo, error) { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return nil, err } f, err := SafeOsOpenFile(path, os.O_RDONLY, os.ModePerm) @@ -82,7 +81,8 @@ func (this TmpStorage) Ls(path string) ([]os.FileInfo, error) { } func (this TmpStorage) Cat(path string) (io.ReadCloser, error) { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return nil, err } reader, err := SafeOsOpenFile(path, os.O_RDONLY, os.ModePerm) @@ -104,30 +104,36 @@ func (this TmpStorage) Cat(path string) (io.ReadCloser, error) { } func (this TmpStorage) Mkdir(path string) error { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return err } return SafeOsMkdir(path, 0755) } func (this TmpStorage) Rm(path string) error { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return err } return SafeOsRemoveAll(path) } func (this TmpStorage) Mv(from, to string) error { - if err := this.VerifyPath(from); err != nil { + from, err := this.fullpath(from) + if err != nil { return err - } else if err = this.VerifyPath(to); err != nil { + } + to, err = this.fullpath(to) + if err != nil { return err } return SafeOsRename(from, to) } func (this TmpStorage) Save(path string, content io.Reader) error { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return err } f, err := SafeOsOpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.ModePerm) @@ -139,7 +145,8 @@ func (this TmpStorage) Save(path string, content io.Reader) error { } func (this TmpStorage) Touch(path string) error { - if err := this.VerifyPath(path); err != nil { + path, err := this.fullpath(path) + if err != nil { return err } f, err := SafeOsOpenFile(path, os.O_WRONLY|os.O_CREATE, os.ModePerm) @@ -153,10 +160,11 @@ func (this TmpStorage) Touch(path string) error { return f.Close() } -func (this TmpStorage) VerifyPath(path string) error { +func (this TmpStorage) fullpath(path string) (string, error) { + path = filepath.Join(FILESTASH_DIRECTORY, this.userID, path) if strings.HasPrefix(path, FILESTASH_DIRECTORY) == false { Log.Warning("plg_backend_tmp::chroot attempt to circumvent chroot via path[%s]", path) - return ErrPermissionDenied + return "", ErrPermissionDenied } - return nil + return path, nil }