From cdb9b185f2ae773a06465955f9c6f1231d376a2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= Date: Sat, 19 Nov 2022 18:29:21 +0100 Subject: [PATCH] filepath clean. --- server/internal/config/websocket.go | 3 ++ server/internal/utils/files.go | 4 +- server/internal/websocket/handler/files.go | 12 ++++-- server/internal/websocket/websocket.go | 47 ++++++++++++---------- 4 files changed, 40 insertions(+), 26 deletions(-) diff --git a/server/internal/config/websocket.go b/server/internal/config/websocket.go index 653411e..377e141 100644 --- a/server/internal/config/websocket.go +++ b/server/internal/config/websocket.go @@ -1,6 +1,8 @@ package config import ( + "path/filepath" + "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -73,4 +75,5 @@ func (s *WebSocket) Set() { s.FileTransfer = viper.GetBool("file_transfer") s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer") s.FileTransferPath = viper.GetString("file_transfer_path") + s.FileTransferPath = filepath.Clean(s.FileTransferPath) } diff --git a/server/internal/utils/files.go b/server/internal/utils/files.go index 56c714d..d9f24db 100644 --- a/server/internal/utils/files.go +++ b/server/internal/utils/files.go @@ -6,7 +6,7 @@ import ( "m1k1o/neko/internal/types" ) -func ListFiles(path string) (*[]types.FileListItem, error) { +func ListFiles(path string) ([]types.FileListItem, error) { items, err := os.ReadDir(path) if err != nil { return nil, err @@ -32,5 +32,5 @@ func ListFiles(path string) (*[]types.FileListItem, error) { } } - return &out, nil + return out, nil } diff --git a/server/internal/websocket/handler/files.go b/server/internal/websocket/handler/files.go index fb1d190..4ac85f5 100644 --- a/server/internal/websocket/handler/files.go +++ b/server/internal/websocket/handler/files.go @@ -10,9 +10,12 @@ import ( func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error { if !session.Admin() { - return errors.New(session.Member().Name + " tried to toggle file transfer but they're not admin") + h.logger.Debug().Msg("user not admin") + return nil } + h.state.SetFileTransferState(payload.Admin, payload.Unpriv) + err := h.sessions.Broadcast(message.FileTransferStatus{ Event: event.FILETRANSFER_STATUS, Admin: payload.Admin, @@ -26,11 +29,13 @@ func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *m if err != nil { return err } + msg := message.FileList{ Event: event.FILETRANSFER_LIST, Cwd: h.state.FileTransferPath(), - Files: *files, + Files: files, } + if payload.Unpriv { return h.sessions.Broadcast(msg, nil) } else { @@ -47,10 +52,11 @@ func (h *MessageHandler) refresh(session types.Session) error { if err != nil { return err } + return session.Send( message.FileList{ Event: event.FILETRANSFER_LIST, Cwd: h.state.FileTransferPath(), - Files: *files, + Files: files, }) } diff --git a/server/internal/websocket/websocket.go b/server/internal/websocket/websocket.go index 022067a..96d6cd6 100644 --- a/server/internal/websocket/websocket.go +++ b/server/internal/websocket/websocket.go @@ -4,6 +4,7 @@ import ( "fmt" "net/http" "os" + "path/filepath" "sync" "sync/atomic" "time" @@ -35,12 +36,9 @@ func New(sessions types.SessionManager, desktop types.DesktopManager, capture ty logger.Info().Msgf("control locked on behalf of control protection") } - if conf.FileTransferPath[len(conf.FileTransferPath)-1] != '/' { - conf.FileTransferPath += "/" - } - err := os.Mkdir(conf.FileTransferPath, 0755) - if err != nil && !os.IsExist(err) { - logger.Panic().Err(err).Msg("unable to create file transfer directory") + if _, err := os.Stat(conf.FileTransferPath); os.IsNotExist(err) { + err = os.Mkdir(conf.FileTransferPath, os.ModePerm) + logger.Err(err).Msg("creating file transfer directory") } // apply default locks @@ -135,8 +133,7 @@ func (ws *WebSocketHandler) Start() { } // send file list if necessary - if session.Admin() && ws.state.FileTransferEnabled() || - ws.state.FileTransferEnabled() && ws.state.UnprivFileTransferEnabled() { + if ws.state.FileTransferEnabled() && (session.Admin() || ws.state.UnprivFileTransferEnabled()) { err := session.Send( message.FileTransferStatus{ Event: event.FILETRANSFER_STATUS, @@ -154,7 +151,7 @@ func (ws *WebSocketHandler) Start() { message.FileList{ Event: event.FILETRANSFER_LIST, Cwd: ws.conf.FileTransferPath, - Files: *files, + Files: files, }); err != nil { ws.logger.Warn().Err(err).Msg("file list event has failed") } @@ -235,8 +232,14 @@ func (ws *WebSocketHandler) Start() { go func() { for { select { - case <-watcher.Events: - ws.sendFileTransferUpdate() + case e, ok := <-watcher.Events: + if !ok { + ws.logger.Info().Msg("file transfer dir watcher closed") + return + } + if e.Has(fsnotify.Create) || e.Has(fsnotify.Remove) || e.Has(fsnotify.Rename) { + ws.sendFileTransferUpdate() + } case err := <-watcher.Errors: ws.logger.Err(err).Msg("error in file transfer dir watcher") } @@ -378,15 +381,17 @@ func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) { return false, nil } - if !ws.state.UnprivFileTransferEnabled() { - return ws.IsAdmin(password) + isAdmin, err := ws.IsAdmin(password) + if err != nil { + return false, err } - return password == ws.conf.Password, nil + return isAdmin || ws.state.UnprivFileTransferEnabled(), nil } func (ws *WebSocketHandler) MakeFilePath(filename string) string { - return fmt.Sprintf("%s%s", ws.conf.FileTransferPath, filename) + cleanPath := filepath.Clean(filename) + return filepath.Join(ws.conf.FileTransferPath, cleanPath) } func (ws *WebSocketHandler) sendFileTransferUpdate() { @@ -403,17 +408,17 @@ func (ws *WebSocketHandler) sendFileTransferUpdate() { message := message.FileList{ Event: event.FILETRANSFER_LIST, Cwd: ws.conf.FileTransferPath, - Files: *files, + Files: files, } - var broadcastErr error if ws.state.UnprivFileTransferEnabled() { - broadcastErr = ws.sessions.Broadcast(message, nil) + err = ws.sessions.Broadcast(message, nil) } else { - broadcastErr = ws.sessions.AdminBroadcast(message, nil) + err = ws.sessions.AdminBroadcast(message, nil) } - if broadcastErr != nil { - ws.logger.Err(broadcastErr).Msg("unable to broadcast file list") + + if err != nil { + ws.logger.Err(err).Msg("unable to broadcast file list") } }