check for password server side

This commit is contained in:
blek 2023-10-27 01:02:09 +10:00 committed by blek! Git
parent bdc9a89331
commit c8e7a66398
2 changed files with 54 additions and 1 deletions

View File

@ -61,6 +61,7 @@ impl FormElement {
struct UploadFormData {
filename: Option<String>,
password: Option<String>,
instancepass: Option<String>,
lookup_kind: LookupKind,
delmode: DeleteMode,
file: Vec<u8>,
@ -73,6 +74,7 @@ impl Default for UploadFormData {
UploadFormData {
filename: None,
password: None,
instancepass: None,
lookup_kind: LookupKind::ByHash,
delmode: DeleteMode::Time,
file: vec![],
@ -127,6 +129,16 @@ impl UploadFormData {
}
}
match data.get("instancepass") {
Some(val) => {
let val = val.data.clone();
if let Ok(pass) = String::from_utf8(val) {
out.instancepass = Some(pass);
}
},
None => ()
};
let file = data.get("file")?;
out.file = file.data.clone();
out.mime = file.mime.clone();
@ -201,6 +213,47 @@ pub async fn upload(form: FormData, ip: Option<IpAddr>, state: SharedState) -> R
)
}
if let Some(upload_pass) = state.config.files.upload_pass.clone() {
if let Some(pass) = formdata.instancepass {
if upload_pass != pass {
let error = ErrorPage {
env: state.env.clone(),
conf: state.config.clone(),
error_text: "Password is invalid".into(),
link: Some("/".into()),
link_text: Some("Go back".into())
};
return Ok(
Box::new(
html(
error.render()
.map_err(|x| HttpReject::AskamaError(x))?
)
)
)
}
} else {
let error = ErrorPage {
env: state.env.clone(),
conf: state.config.clone(),
error_text: "Password is not available".into(),
link: Some("/".into()),
link_text: Some("Go back".into())
};
return Ok(
Box::new(
html(
error.render()
.map_err(|x| HttpReject::AskamaError(x))?
)
)
)
}
}
let file = File::create(
formdata.file,
formdata.mime,

View File

@ -125,7 +125,7 @@
<p>
<label>
Password:
<input type="password" name="instance-pass">
<input type="password" name="instancepass">
</label>
</p>
</div>