Archived
2
0

filepath clean.

This commit is contained in:
Miroslav Šedivý 2022-11-19 18:29:21 +01:00
parent 76b44b949c
commit cdb9b185f2
4 changed files with 40 additions and 26 deletions

View File

@ -1,6 +1,8 @@
package config package config
import ( import (
"path/filepath"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
) )
@ -73,4 +75,5 @@ func (s *WebSocket) Set() {
s.FileTransfer = viper.GetBool("file_transfer") s.FileTransfer = viper.GetBool("file_transfer")
s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer") s.UnprivFileTransfer = viper.GetBool("unpriv_file_transfer")
s.FileTransferPath = viper.GetString("file_transfer_path") s.FileTransferPath = viper.GetString("file_transfer_path")
s.FileTransferPath = filepath.Clean(s.FileTransferPath)
} }

View File

@ -6,7 +6,7 @@ import (
"m1k1o/neko/internal/types" "m1k1o/neko/internal/types"
) )
func ListFiles(path string) (*[]types.FileListItem, error) { func ListFiles(path string) ([]types.FileListItem, error) {
items, err := os.ReadDir(path) items, err := os.ReadDir(path)
if err != nil { if err != nil {
return nil, err return nil, err
@ -32,5 +32,5 @@ func ListFiles(path string) (*[]types.FileListItem, error) {
} }
} }
return &out, nil return out, nil
} }

View File

@ -10,9 +10,12 @@ import (
func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error { func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *message.FileTransferStatus) error {
if !session.Admin() { if !session.Admin() {
return errors.New(session.Member().Name + " tried to toggle file transfer but they're not admin") h.logger.Debug().Msg("user not admin")
return nil
} }
h.state.SetFileTransferState(payload.Admin, payload.Unpriv) h.state.SetFileTransferState(payload.Admin, payload.Unpriv)
err := h.sessions.Broadcast(message.FileTransferStatus{ err := h.sessions.Broadcast(message.FileTransferStatus{
Event: event.FILETRANSFER_STATUS, Event: event.FILETRANSFER_STATUS,
Admin: payload.Admin, Admin: payload.Admin,
@ -26,11 +29,13 @@ func (h *MessageHandler) setFileTransferStatus(session types.Session, payload *m
if err != nil { if err != nil {
return err return err
} }
msg := message.FileList{ msg := message.FileList{
Event: event.FILETRANSFER_LIST, Event: event.FILETRANSFER_LIST,
Cwd: h.state.FileTransferPath(), Cwd: h.state.FileTransferPath(),
Files: *files, Files: files,
} }
if payload.Unpriv { if payload.Unpriv {
return h.sessions.Broadcast(msg, nil) return h.sessions.Broadcast(msg, nil)
} else { } else {
@ -47,10 +52,11 @@ func (h *MessageHandler) refresh(session types.Session) error {
if err != nil { if err != nil {
return err return err
} }
return session.Send( return session.Send(
message.FileList{ message.FileList{
Event: event.FILETRANSFER_LIST, Event: event.FILETRANSFER_LIST,
Cwd: h.state.FileTransferPath(), Cwd: h.state.FileTransferPath(),
Files: *files, Files: files,
}) })
} }

View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"os" "os"
"path/filepath"
"sync" "sync"
"sync/atomic" "sync/atomic"
"time" "time"
@ -35,12 +36,9 @@ func New(sessions types.SessionManager, desktop types.DesktopManager, capture ty
logger.Info().Msgf("control locked on behalf of control protection") logger.Info().Msgf("control locked on behalf of control protection")
} }
if conf.FileTransferPath[len(conf.FileTransferPath)-1] != '/' { if _, err := os.Stat(conf.FileTransferPath); os.IsNotExist(err) {
conf.FileTransferPath += "/" err = os.Mkdir(conf.FileTransferPath, os.ModePerm)
} logger.Err(err).Msg("creating file transfer directory")
err := os.Mkdir(conf.FileTransferPath, 0755)
if err != nil && !os.IsExist(err) {
logger.Panic().Err(err).Msg("unable to create file transfer directory")
} }
// apply default locks // apply default locks
@ -135,8 +133,7 @@ func (ws *WebSocketHandler) Start() {
} }
// send file list if necessary // send file list if necessary
if session.Admin() && ws.state.FileTransferEnabled() || if ws.state.FileTransferEnabled() && (session.Admin() || ws.state.UnprivFileTransferEnabled()) {
ws.state.FileTransferEnabled() && ws.state.UnprivFileTransferEnabled() {
err := session.Send( err := session.Send(
message.FileTransferStatus{ message.FileTransferStatus{
Event: event.FILETRANSFER_STATUS, Event: event.FILETRANSFER_STATUS,
@ -154,7 +151,7 @@ func (ws *WebSocketHandler) Start() {
message.FileList{ message.FileList{
Event: event.FILETRANSFER_LIST, Event: event.FILETRANSFER_LIST,
Cwd: ws.conf.FileTransferPath, Cwd: ws.conf.FileTransferPath,
Files: *files, Files: files,
}); err != nil { }); err != nil {
ws.logger.Warn().Err(err).Msg("file list event has failed") ws.logger.Warn().Err(err).Msg("file list event has failed")
} }
@ -235,8 +232,14 @@ func (ws *WebSocketHandler) Start() {
go func() { go func() {
for { for {
select { select {
case <-watcher.Events: case e, ok := <-watcher.Events:
if !ok {
ws.logger.Info().Msg("file transfer dir watcher closed")
return
}
if e.Has(fsnotify.Create) || e.Has(fsnotify.Remove) || e.Has(fsnotify.Rename) {
ws.sendFileTransferUpdate() ws.sendFileTransferUpdate()
}
case err := <-watcher.Errors: case err := <-watcher.Errors:
ws.logger.Err(err).Msg("error in file transfer dir watcher") ws.logger.Err(err).Msg("error in file transfer dir watcher")
} }
@ -378,15 +381,17 @@ func (ws *WebSocketHandler) CanTransferFiles(password string) (bool, error) {
return false, nil return false, nil
} }
if !ws.state.UnprivFileTransferEnabled() { isAdmin, err := ws.IsAdmin(password)
return ws.IsAdmin(password) if err != nil {
return false, err
} }
return password == ws.conf.Password, nil return isAdmin || ws.state.UnprivFileTransferEnabled(), nil
} }
func (ws *WebSocketHandler) MakeFilePath(filename string) string { func (ws *WebSocketHandler) MakeFilePath(filename string) string {
return fmt.Sprintf("%s%s", ws.conf.FileTransferPath, filename) cleanPath := filepath.Clean(filename)
return filepath.Join(ws.conf.FileTransferPath, cleanPath)
} }
func (ws *WebSocketHandler) sendFileTransferUpdate() { func (ws *WebSocketHandler) sendFileTransferUpdate() {
@ -403,17 +408,17 @@ func (ws *WebSocketHandler) sendFileTransferUpdate() {
message := message.FileList{ message := message.FileList{
Event: event.FILETRANSFER_LIST, Event: event.FILETRANSFER_LIST,
Cwd: ws.conf.FileTransferPath, Cwd: ws.conf.FileTransferPath,
Files: *files, Files: files,
} }
var broadcastErr error
if ws.state.UnprivFileTransferEnabled() { if ws.state.UnprivFileTransferEnabled() {
broadcastErr = ws.sessions.Broadcast(message, nil) err = ws.sessions.Broadcast(message, nil)
} else { } else {
broadcastErr = ws.sessions.AdminBroadcast(message, nil) err = ws.sessions.AdminBroadcast(message, nil)
} }
if broadcastErr != nil {
ws.logger.Err(broadcastErr).Msg("unable to broadcast file list") if err != nil {
ws.logger.Err(err).Msg("unable to broadcast file list")
} }
} }