From f1e90686dc9551b025c438b09d5bfcc517bf379d Mon Sep 17 00:00:00 2001 From: sigoden Date: Fri, 14 Jun 2024 22:16:50 +0800 Subject: [PATCH] refactor: return 400 for propfind request when depth is neither 0 nor 1 (#403) --- src/server.rs | 9 +++++---- tests/webdav.rs | 11 +++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/server.rs b/src/server.rs index 3cb7996..942da7d 100644 --- a/src/server.rs +++ b/src/server.rs @@ -963,9 +963,10 @@ impl Server { ) -> Result<()> { let depth: u32 = match headers.get("depth") { Some(v) => match v.to_str().ok().and_then(|v| v.parse().ok()) { - Some(v) => v, - None => { - status_bad_request(res, ""); + Some(0) => 0, + Some(1) => 1, + _ => { + status_bad_request(res, "Invalid depth: only 0 and 1 are allowed."); return Ok(()); } }, @@ -975,7 +976,7 @@ impl Server { Some(v) => vec![v], None => vec![], }; - if depth != 0 { + if depth == 1 { match self .list_dir(path, &self.args.serve_path, access_paths) .await diff --git a/tests/webdav.rs b/tests/webdav.rs index 1230419..9f74916 100644 --- a/tests/webdav.rs +++ b/tests/webdav.rs @@ -40,6 +40,17 @@ fn propfind_dir_depth0(server: TestServer) -> Result<(), Error> { Ok(()) } +#[rstest] +fn propfind_dir_depth2(server: TestServer) -> Result<(), Error> { + let resp = fetch!(b"PROPFIND", format!("{}dir1", server.url())) + .header("depth", "2") + .send()?; + assert_eq!(resp.status(), 400); + let body = resp.text()?; + assert_eq!(body, "Invalid depth: only 0 and 1 are allowed."); + Ok(()) +} + #[rstest] fn propfind_404(server: TestServer) -> Result<(), Error> { let resp = fetch!(b"PROPFIND", format!("{}404", server.url())).send()?;