serv/dufs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: base64 index-data to avoid misencoding (#421)

Browse source
This commit is contained in:
sigoden 2024-07-22 08:02:32 +08:00 committed by GitHub
parent ec2b064a9a
commit ca5c3d7c54
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
assets/index.js
View file

@ -108,7 +108,7 @@ window.addEventListener("DOMContentLoaded", async () => {
return; return;
} }
DATA = JSON.parse($indexData.innerHTML); DATA = JSON.parse(atob($indexData.innerHTML));
DIR_EMPTY_NOTE = PARAMS.q ? 'No results' : DATA.dir_exists ? 'Empty folder' : 'Folder will be created when a file is uploaded'; DIR_EMPTY_NOTE = PARAMS.q ? 'No results' : DATA.dir_exists ? 'Empty folder' : 'Folder will be created when a file is uploaded';
await ready(); await ready();

6
src/auth.rs
View file

@ -1,7 +1,7 @@
use crate::{args::Args, server::Response, utils::unix_now}; use crate::{args::Args, server::Response, utils::unix_now};
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Result};
use base64::{engine::general_purpose, Engine as _}; use base64::{engine::general_purpose::STANDARD, Engine as _};
use headers::HeaderValue; use headers::HeaderValue;
use hyper::{header::WWW_AUTHENTICATE, Method}; use hyper::{header::WWW_AUTHENTICATE, Method};
use indexmap::IndexMap; use indexmap::IndexMap;
@ -287,7 +287,7 @@ pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> {
pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> { pub fn get_auth_user(authorization: &HeaderValue) -> Option<String> {
if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") { if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?; let value: Vec<u8> = STANDARD.decode(value).ok()?;
let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect(); let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
Some(parts[0].to_string()) Some(parts[0].to_string())
} else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") { } else if let Some(value) = strip_prefix(authorization.as_bytes(), b"Digest ") {
@ -306,7 +306,7 @@ pub fn check_auth(
auth_pass: &str, auth_pass: &str,
) -> Option<()> { ) -> Option<()> {
if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") { if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
let value: Vec<u8> = general_purpose::STANDARD.decode(value).ok()?; let value: Vec<u8> = STANDARD.decode(value).ok()?;
let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect(); let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect();
if parts[0] != auth_user { if parts[0] != auth_user {

8
src/server.rs
View file

@ -10,6 +10,7 @@ use crate::Args;
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};
use async_zip::{tokio::write::ZipFileWriter, Compression, ZipDateTime, ZipEntryBuilder}; use async_zip::{tokio::write::ZipFileWriter, Compression, ZipDateTime, ZipEntryBuilder};
use base64::{engine::general_purpose::STANDARD, Engine as _};
use bytes::Bytes; use bytes::Bytes;
use chrono::{LocalResult, TimeZone, Utc}; use chrono::{LocalResult, TimeZone, Utc};
use futures_util::{pin_mut, TryStreamExt}; use futures_util::{pin_mut, TryStreamExt};
@ -931,13 +932,14 @@ impl Server {
}; };
res.headers_mut() res.headers_mut()
.typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8)); .typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8));
let index_data = STANDARD.encode(serde_json::to_string(&data)?);
let output = self let output = self
.html .html
.replace( .replace(
"__ASSETS_PREFIX__", "__ASSETS_PREFIX__",
&format!("{}{}", self.args.uri_prefix, self.assets_prefix), &format!("{}{}", self.args.uri_prefix, self.assets_prefix),
) )
.replace("__INDEX_DATA__", &serde_json::to_string(&data)?); .replace("__INDEX_DATA__", &index_data);
res.headers_mut() res.headers_mut()
.typed_insert(ContentLength(output.as_bytes().len() as u64)); .typed_insert(ContentLength(output.as_bytes().len() as u64));
if head_only { if head_only {
@ -1179,12 +1181,14 @@ impl Server {
} else { } else {
res.headers_mut() res.headers_mut()
.typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8)); .typed_insert(ContentType::from(mime_guess::mime::TEXT_HTML_UTF_8));
let index_data = STANDARD.encode(serde_json::to_string(&data)?);
self.html self.html
.replace( .replace(
"__ASSETS_PREFIX__", "__ASSETS_PREFIX__",
&format!("{}{}", self.args.uri_prefix, self.assets_prefix), &format!("{}{}", self.args.uri_prefix, self.assets_prefix),
) )
.replace("__INDEX_DATA__", &serde_json::to_string(&data)?) .replace("__INDEX_DATA__", &index_data)
}; };
res.headers_mut() res.headers_mut()
.typed_insert(ContentLength(output.as_bytes().len() as u64)); .typed_insert(ContentLength(output.as_bytes().len() as u64));

7
tests/utils.rs
View file

@ -1,3 +1,4 @@
use base64::{engine::general_purpose::STANDARD, Engine as _};
use indexmap::IndexSet; use indexmap::IndexSet;
use serde_json::Value; use serde_json::Value;
@ -48,7 +49,7 @@ pub fn retrieve_index_paths(content: &str) -> IndexSet<String> {
#[allow(dead_code)] #[allow(dead_code)]
pub fn retrieve_edit_file(content: &str) -> Option<bool> { pub fn retrieve_edit_file(content: &str) -> Option<bool> {
let value = retrieve_json(content)?; let value = retrieve_json(content).unwrap();
let value = value.get("editable").unwrap(); let value = value.get("editable").unwrap();
Some(value.as_bool().unwrap()) Some(value.as_bool().unwrap())
} }
@ -73,7 +74,9 @@ pub fn retrieve_json(content: &str) -> Option<Value> {
let end_index = line[start_content_index..].find(end_tag)?; let end_index = line[start_content_index..].find(end_tag)?;
let end_content_index = start_content_index + end_index; let end_content_index = start_content_index + end_index;
let value = line[start_content_index..end_content_index].parse().ok()?; let value = &line[start_content_index..end_content_index];
let value = STANDARD.decode(value).ok()?;
let value = serde_json::from_slice(&value).ok()?;
Some(value) Some(value)
} }