From 2662c59fcffe1b62e019b08d1e22c1cd5c741066 Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Tue, 2 Aug 2022 15:02:09 +0200 Subject: Added option restrict-upload-dir --- src/config.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 5bcbd62..380cf5a 100644 --- a/src/config.rs +++ b/src/config.rs @@ -87,6 +87,9 @@ pub struct MiniserveConfig { /// Enable file upload pub file_upload: bool, + /// Restrict file upload dirs + pub restrict_upload_dir: Vec, + /// HTML accept attribute value pub uploadable_media_type: Option, @@ -248,6 +251,7 @@ impl MiniserveConfig { show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, file_upload: args.file_upload, + restrict_upload_dir: args.restrict_upload_dir, uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, -- cgit v1.2.3 From 455abe23d0fd2114f7836694502892990180577d Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Wed, 3 Aug 2022 13:02:21 +0200 Subject: Switched to use of PathBuf, fixed for subdirs --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 380cf5a..3b5c1d7 100644 --- a/src/config.rs +++ b/src/config.rs @@ -88,7 +88,7 @@ pub struct MiniserveConfig { pub file_upload: bool, /// Restrict file upload dirs - pub restrict_upload_dir: Vec, + pub restrict_upload_dir: Vec, /// HTML accept attribute value pub uploadable_media_type: Option, -- cgit v1.2.3 From 550ae0151c1dadc6c1f00df300d88528c29fbf49 Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Thu, 4 Aug 2022 11:20:37 +0200 Subject: Renamed option for more clarity --- src/config.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 3b5c1d7..bf67595 100644 --- a/src/config.rs +++ b/src/config.rs @@ -88,7 +88,7 @@ pub struct MiniserveConfig { pub file_upload: bool, /// Restrict file upload dirs - pub restrict_upload_dir: Vec, + pub allowed_upload_dir: Vec, /// HTML accept attribute value pub uploadable_media_type: Option, @@ -251,7 +251,7 @@ impl MiniserveConfig { show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, file_upload: args.file_upload, - restrict_upload_dir: args.restrict_upload_dir, + allowed_upload_dir: args.allowed_upload_dir, uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, -- cgit v1.2.3 From 751bf58dd7c08e8b4212680503016362fbcd1dfc Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Sun, 14 Aug 2022 21:11:22 +0200 Subject: Clarity of comment Co-authored-by: Sven-Hendrik Haase --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index bf67595..2b10440 100644 --- a/src/config.rs +++ b/src/config.rs @@ -87,7 +87,7 @@ pub struct MiniserveConfig { /// Enable file upload pub file_upload: bool, - /// Restrict file upload dirs + /// List of allowed upload directories pub allowed_upload_dir: Vec, /// HTML accept attribute value -- cgit v1.2.3 From e2ae526727e0154a1bc618971011788ee24e8748 Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Mon, 15 Aug 2022 22:15:57 +0200 Subject: Use argument -u instead of --allowed-upload-dir --- src/config.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 2b10440..4f794d1 100644 --- a/src/config.rs +++ b/src/config.rs @@ -250,8 +250,8 @@ impl MiniserveConfig { overwrite_files: args.overwrite_files, show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, - file_upload: args.file_upload, - allowed_upload_dir: args.allowed_upload_dir, + file_upload: !args.allowed_upload_dir.is_none(), + allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]), uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, -- cgit v1.2.3 From 5404e4fcb513bd8bf355e730aa37546b16164cad Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Wed, 17 Aug 2022 10:28:11 +0200 Subject: sanitize allowed upload paths for cases like ./dir --- src/config.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 4f794d1..1331e7d 100644 --- a/src/config.rs +++ b/src/config.rs @@ -16,6 +16,7 @@ use rustls_pemfile as pemfile; use crate::{ args::{CliArgs, MediaType}, auth::RequiredAuth, + file_upload::sanitize_path }; /// Possible characters for random routes @@ -251,7 +252,7 @@ impl MiniserveConfig { show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, file_upload: !args.allowed_upload_dir.is_none(), - allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]), + allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]).iter().map(|x| sanitize_path(x, false).unwrap()).collect(), uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, -- cgit v1.2.3 From d905b68ca93c42769c3ebddf472a2916dc75b012 Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Wed, 17 Aug 2022 10:28:46 +0200 Subject: cargo fmt --- src/config.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 1331e7d..073a80a 100644 --- a/src/config.rs +++ b/src/config.rs @@ -16,7 +16,7 @@ use rustls_pemfile as pemfile; use crate::{ args::{CliArgs, MediaType}, auth::RequiredAuth, - file_upload::sanitize_path + file_upload::sanitize_path, }; /// Possible characters for random routes @@ -252,7 +252,12 @@ impl MiniserveConfig { show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, file_upload: !args.allowed_upload_dir.is_none(), - allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]).iter().map(|x| sanitize_path(x, false).unwrap()).collect(), + allowed_upload_dir: args + .allowed_upload_dir + .unwrap_or(vec![]) + .iter() + .map(|x| sanitize_path(x, false).unwrap()) + .collect(), uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, -- cgit v1.2.3 From 234422cc6908557e6a3139444759151a9dae82eb Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Mon, 22 Aug 2022 13:40:50 +0200 Subject: fix lint errors --- src/config.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 073a80a..69ef0c4 100644 --- a/src/config.rs +++ b/src/config.rs @@ -251,10 +251,10 @@ impl MiniserveConfig { overwrite_files: args.overwrite_files, show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, - file_upload: !args.allowed_upload_dir.is_none(), + file_upload: args.allowed_upload_dir.is_some(), allowed_upload_dir: args .allowed_upload_dir - .unwrap_or(vec![]) + .unwrap_or_default() .iter() .map(|x| sanitize_path(x, false).unwrap()) .collect(), -- cgit v1.2.3 From 6577af2b8d802ad213968e4b7c9f2823c1ab52dc Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Mon, 19 Sep 2022 13:06:17 +0200 Subject: Changed handling of allowed path to fix Windows --- src/config.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index 69ef0c4..cef7cda 100644 --- a/src/config.rs +++ b/src/config.rs @@ -89,7 +89,7 @@ pub struct MiniserveConfig { pub file_upload: bool, /// List of allowed upload directories - pub allowed_upload_dir: Vec, + pub allowed_upload_dir: Vec, /// HTML accept attribute value pub uploadable_media_type: Option, @@ -256,7 +256,13 @@ impl MiniserveConfig { .allowed_upload_dir .unwrap_or_default() .iter() - .map(|x| sanitize_path(x, false).unwrap()) + .map(|x| { + sanitize_path(x, false) + .unwrap() + .to_str() + .unwrap() + .replace(r"\", "/") + }) .collect(), uploadable_media_type, tar_enabled: args.enable_tar, -- cgit v1.2.3 From 5d11d6abd1e14822826fdf04fbb175355e0aee4d Mon Sep 17 00:00:00 2001 From: Jonas Diemer Date: Mon, 19 Sep 2022 13:26:24 +0200 Subject: Fixed clippy issue (single-char string to char) --- src/config.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/config.rs') diff --git a/src/config.rs b/src/config.rs index cef7cda..7ca0693 100644 --- a/src/config.rs +++ b/src/config.rs @@ -261,7 +261,7 @@ impl MiniserveConfig { .unwrap() .to_str() .unwrap() - .replace(r"\", "/") + .replace('\\', "/") }) .collect(), uploadable_media_type, -- cgit v1.2.3