From 20a055dd82b009e94b1aa681cc4329f17e552f44 Mon Sep 17 00:00:00 2001
From: Jonas Diemer <jonasdiemer@gmail.com>
Date: Mon, 19 Sep 2022 16:43:50 +0200
Subject: Return 403 instead of 500 for upload errs

---
 src/errors.rs      | 6 ++++++
 src/file_upload.rs | 4 +---
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/errors.rs b/src/errors.rs
index b2ed459..06569d3 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -22,6 +22,10 @@ pub enum ContextualError {
     #[error("File already exists, and the overwrite_files option has not been set")]
     DuplicateFileError,
 
+    /// Upload not allowed
+    #[error("Upload not allowed to this directory")]
+    UploadForbiddenError,
+
     /// Any error related to an invalid path (failed to retrieve entry name, unexpected entry type, etc)
     #[error("Invalid path\ncaused by: {0}")]
     InvalidPathError(String),
@@ -88,6 +92,8 @@ impl ResponseError for ContextualError {
             Self::InsufficientPermissionsError(_) => StatusCode::FORBIDDEN,
             Self::InvalidHttpCredentials => StatusCode::UNAUTHORIZED,
             Self::InvalidHttpRequestError(_) => StatusCode::BAD_REQUEST,
+            Self::DuplicateFileError => StatusCode::FORBIDDEN,
+            Self::UploadForbiddenError => StatusCode::FORBIDDEN,
             _ => StatusCode::INTERNAL_SERVER_ERROR,
         }
     }
diff --git a/src/file_upload.rs b/src/file_upload.rs
index 0232c7e..cf214b8 100644
--- a/src/file_upload.rs
+++ b/src/file_upload.rs
@@ -179,9 +179,7 @@ pub async fn upload_file(
             .any(|s| upload_path.starts_with(s));
 
     if !upload_allowed {
-        return Err(ContextualError::InvalidPathError(
-            "Not allowed to upload to this path".to_string(),
-        ));
+        return Err(ContextualError::UploadForbiddenError);
     }
 
     // Disallow the target path to go outside of the served directory
-- 
cgit v1.2.3