From c8e7a6639826914bcbd26e9f0c85ce17905ff438 Mon Sep 17 00:00:00 2001 From: blek Date: Fri, 27 Oct 2023 01:02:09 +1000 Subject: [PATCH] check for password server side --- filed/src/web/forms.rs | 53 ++++++++++++++++++++++++++++++++++++++ filed/templates/index.html | 2 +- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/filed/src/web/forms.rs b/filed/src/web/forms.rs index 3ce4793..2d43aae 100644 --- a/filed/src/web/forms.rs +++ b/filed/src/web/forms.rs @@ -61,6 +61,7 @@ impl FormElement { struct UploadFormData { filename: Option, password: Option, + instancepass: Option, lookup_kind: LookupKind, delmode: DeleteMode, file: Vec, @@ -73,6 +74,7 @@ impl Default for UploadFormData { UploadFormData { filename: None, password: None, + instancepass: None, lookup_kind: LookupKind::ByHash, delmode: DeleteMode::Time, file: vec![], @@ -127,6 +129,16 @@ impl UploadFormData { } } + match data.get("instancepass") { + Some(val) => { + let val = val.data.clone(); + if let Ok(pass) = String::from_utf8(val) { + out.instancepass = Some(pass); + } + }, + None => () + }; + let file = data.get("file")?; out.file = file.data.clone(); out.mime = file.mime.clone(); @@ -201,6 +213,47 @@ pub async fn upload(form: FormData, ip: Option, state: SharedState) -> R ) } + if let Some(upload_pass) = state.config.files.upload_pass.clone() { + + if let Some(pass) = formdata.instancepass { + if upload_pass != pass { + let error = ErrorPage { + env: state.env.clone(), + conf: state.config.clone(), + error_text: "Password is invalid".into(), + link: Some("/".into()), + link_text: Some("Go back".into()) + }; + + return Ok( + Box::new( + html( + error.render() + .map_err(|x| HttpReject::AskamaError(x))? + ) + ) + ) + } + } else { + let error = ErrorPage { + env: state.env.clone(), + conf: state.config.clone(), + error_text: "Password is not available".into(), + link: Some("/".into()), + link_text: Some("Go back".into()) + }; + + return Ok( + Box::new( + html( + error.render() + .map_err(|x| HttpReject::AskamaError(x))? + ) + ) + ) + } + } + let file = File::create( formdata.file, formdata.mime, diff --git a/filed/templates/index.html b/filed/templates/index.html index bba9521..f9e56dd 100644 --- a/filed/templates/index.html +++ b/filed/templates/index.html @@ -125,7 +125,7 @@