diff options
| author | Vojtěch Pejša <vojtechpejsa7@gmail.com> | 2019-03-28 17:49:17 +0000 |
|---|---|---|
| committer | Vojtěch Pejša <vojtechpejsa7@gmail.com> | 2019-04-04 08:51:00 +0000 |
| commit | a13b26c1c90707056e5d4e36d67563fc91467871 (patch) | |
| tree | a765387b8aebbc43cdfec5be41c29faf7490605b /src/file_upload.rs | |
| parent | Improve how file upload handler is added to server. (diff) | |
| download | miniserve-a13b26c1c90707056e5d4e36d67563fc91467871.tar.gz miniserve-a13b26c1c90707056e5d4e36d67563fc91467871.zip | |
Check if we have permissions to create files.
Diffstat (limited to '')
| -rw-r--r-- | src/file_upload.rs | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/file_upload.rs b/src/file_upload.rs index 02478c6..bc4efb1 100644 --- a/src/file_upload.rs +++ b/src/file_upload.rs @@ -7,6 +7,7 @@ use actix_web::{ use futures::{future, Future, Stream}; use serde::Deserialize; use std::{ + fs, io::Write, path::{Component, PathBuf}, }; @@ -67,12 +68,23 @@ fn handle_multipart( .ok_or(FileUploadErrorKind::ParseError) .map(|cd| String::from(cd)) }); + let err = |e: FileUploadErrorKind| Box::new(future::err(e).into_stream()); match filename { Ok(f) => { + match fs::metadata(&file_path) { + Ok(metadata) => { + if !metadata.is_dir() || metadata.permissions().readonly() { + return err(FileUploadErrorKind::InsufficientPermissions); + } + } + Err(_) => { + return err(FileUploadErrorKind::InsufficientPermissions); + } + } file_path = file_path.join(f); Box::new(save_file(field, file_path, override_files).into_stream()) } - Err(e) => Box::new(future::err(e).into_stream()), + Err(e) => err(e), } } multipart::MultipartItem::Nested(mp) => Box::new( |