check for password server side
This commit is contained in:
parent
bdc9a89331
commit
c8e7a66398
|
@ -61,6 +61,7 @@ impl FormElement {
|
|||
struct UploadFormData {
|
||||
filename: Option<String>,
|
||||
password: Option<String>,
|
||||
instancepass: Option<String>,
|
||||
lookup_kind: LookupKind,
|
||||
delmode: DeleteMode,
|
||||
file: Vec<u8>,
|
||||
|
@ -73,6 +74,7 @@ impl Default for UploadFormData {
|
|||
UploadFormData {
|
||||
filename: None,
|
||||
password: None,
|
||||
instancepass: None,
|
||||
lookup_kind: LookupKind::ByHash,
|
||||
delmode: DeleteMode::Time,
|
||||
file: vec![],
|
||||
|
@ -127,6 +129,16 @@ impl UploadFormData {
|
|||
}
|
||||
}
|
||||
|
||||
match data.get("instancepass") {
|
||||
Some(val) => {
|
||||
let val = val.data.clone();
|
||||
if let Ok(pass) = String::from_utf8(val) {
|
||||
out.instancepass = Some(pass);
|
||||
}
|
||||
},
|
||||
None => ()
|
||||
};
|
||||
|
||||
let file = data.get("file")?;
|
||||
out.file = file.data.clone();
|
||||
out.mime = file.mime.clone();
|
||||
|
@ -201,6 +213,47 @@ pub async fn upload(form: FormData, ip: Option<IpAddr>, state: SharedState) -> R
|
|||
)
|
||||
}
|
||||
|
||||
if let Some(upload_pass) = state.config.files.upload_pass.clone() {
|
||||
|
||||
if let Some(pass) = formdata.instancepass {
|
||||
if upload_pass != pass {
|
||||
let error = ErrorPage {
|
||||
env: state.env.clone(),
|
||||
conf: state.config.clone(),
|
||||
error_text: "Password is invalid".into(),
|
||||
link: Some("/".into()),
|
||||
link_text: Some("Go back".into())
|
||||
};
|
||||
|
||||
return Ok(
|
||||
Box::new(
|
||||
html(
|
||||
error.render()
|
||||
.map_err(|x| HttpReject::AskamaError(x))?
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
} else {
|
||||
let error = ErrorPage {
|
||||
env: state.env.clone(),
|
||||
conf: state.config.clone(),
|
||||
error_text: "Password is not available".into(),
|
||||
link: Some("/".into()),
|
||||
link_text: Some("Go back".into())
|
||||
};
|
||||
|
||||
return Ok(
|
||||
Box::new(
|
||||
html(
|
||||
error.render()
|
||||
.map_err(|x| HttpReject::AskamaError(x))?
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
let file = File::create(
|
||||
formdata.file,
|
||||
formdata.mime,
|
||||
|
|
|
@ -125,7 +125,7 @@
|
|||
<p>
|
||||
<label>
|
||||
Password:
|
||||
<input type="password" name="instance-pass">
|
||||
<input type="password" name="instancepass">
|
||||
</label>
|
||||
</p>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue