Compare commits
No commits in common. "a6d69c319ebbe67d5923060c9aabf45a0e1aafbe" and "8a41d4bef2da4c9da27c0db6f569d2063eb3f22d" have entirely different histories.
a6d69c319e
...
8a41d4bef2
|
@ -21,11 +21,6 @@ allow_pass_protection=true
|
|||
# This is shown only if allow_uploads = false
|
||||
# upload_disable_reason="File uploads were disabled because of an ongoing attack."
|
||||
|
||||
# If you want to restrict the uploads
|
||||
# To only the people who have a password,
|
||||
# uncomment this field
|
||||
# upload_pass=super_secret_pass
|
||||
|
||||
# Timeout for deleting a user uploaded file
|
||||
file_del_timeout=1800
|
||||
|
||||
|
|
|
@ -111,10 +111,6 @@ paths:
|
|||
type: string
|
||||
example: binary file data
|
||||
description: binary file data
|
||||
instance_pass:
|
||||
type: string
|
||||
example: super_secret_pass
|
||||
description: Instance-specific password needed to upload files
|
||||
metadata:
|
||||
type: object
|
||||
description: file info
|
||||
|
|
|
@ -22,10 +22,6 @@ pub struct FilesPolicy {
|
|||
#[serde(default)]
|
||||
pub upload_disable_reason: Option<String>,
|
||||
|
||||
/// Upload password
|
||||
#[serde(default)]
|
||||
pub upload_pass: Option<String>,
|
||||
|
||||
/// Default time for file to be deleted
|
||||
#[serde(default)]
|
||||
pub file_del_timeout: usize,
|
||||
|
@ -46,7 +42,6 @@ impl Default for FilesPolicy {
|
|||
allow_custom_names: true,
|
||||
allow_pass_protection: true,
|
||||
upload_disable_reason: None,
|
||||
upload_pass: None,
|
||||
file_del_timeout: 1800,
|
||||
type_whitelist: None,
|
||||
type_blacklist: None,
|
||||
|
|
|
@ -61,7 +61,6 @@ impl FormElement {
|
|||
struct UploadFormData {
|
||||
filename: Option<String>,
|
||||
password: Option<String>,
|
||||
instancepass: Option<String>,
|
||||
lookup_kind: LookupKind,
|
||||
delmode: DeleteMode,
|
||||
file: Vec<u8>,
|
||||
|
@ -74,7 +73,6 @@ impl Default for UploadFormData {
|
|||
UploadFormData {
|
||||
filename: None,
|
||||
password: None,
|
||||
instancepass: None,
|
||||
lookup_kind: LookupKind::ByHash,
|
||||
delmode: DeleteMode::Time,
|
||||
file: vec![],
|
||||
|
@ -129,16 +127,6 @@ impl UploadFormData {
|
|||
}
|
||||
}
|
||||
|
||||
match data.get("instancepass") {
|
||||
Some(val) => {
|
||||
let val = val.data.clone();
|
||||
if let Ok(pass) = String::from_utf8(val) {
|
||||
out.instancepass = Some(pass);
|
||||
}
|
||||
},
|
||||
None => ()
|
||||
};
|
||||
|
||||
let file = data.get("file")?;
|
||||
out.file = file.data.clone();
|
||||
out.mime = file.mime.clone();
|
||||
|
@ -213,47 +201,6 @@ pub async fn upload(form: FormData, ip: Option<IpAddr>, state: SharedState) -> R
|
|||
)
|
||||
}
|
||||
|
||||
if let Some(upload_pass) = state.config.files.upload_pass.clone() {
|
||||
|
||||
if let Some(pass) = formdata.instancepass {
|
||||
if upload_pass != pass {
|
||||
let error = ErrorPage {
|
||||
env: state.env.clone(),
|
||||
conf: state.config.clone(),
|
||||
error_text: "Password is invalid".into(),
|
||||
link: Some("/".into()),
|
||||
link_text: Some("Go back".into())
|
||||
};
|
||||
|
||||
return Ok(
|
||||
Box::new(
|
||||
html(
|
||||
error.render()
|
||||
.map_err(|x| HttpReject::AskamaError(x))?
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
} else {
|
||||
let error = ErrorPage {
|
||||
env: state.env.clone(),
|
||||
conf: state.config.clone(),
|
||||
error_text: "Password is not available".into(),
|
||||
link: Some("/".into()),
|
||||
link_text: Some("Go back".into())
|
||||
};
|
||||
|
||||
return Ok(
|
||||
Box::new(
|
||||
html(
|
||||
error.render()
|
||||
.map_err(|x| HttpReject::AskamaError(x))?
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
let file = File::create(
|
||||
formdata.file,
|
||||
formdata.mime,
|
||||
|
|
|
@ -20,8 +20,4 @@
|
|||
|
||||
.alert.danger .alert-title {
|
||||
background: #602020;
|
||||
}
|
||||
|
||||
.alert.blue .alert-title {
|
||||
background: #203050;
|
||||
}
|
|
@ -9,31 +9,6 @@
|
|||
|
||||
{% endblock %}
|
||||
|
||||
{% block scripts %}
|
||||
|
||||
{%- if conf.files.upload_pass.is_some() -%}
|
||||
|
||||
{#- Script to disable button when password is not entered -#}
|
||||
{#- -#}<script>
|
||||
{#- -#} (
|
||||
{#- -#} ()=>{
|
||||
{#- -#} const pass_inp=document.getElementById("instancepass");
|
||||
{#- -#} const submit=document.getElementById("bfile-upload-submit");
|
||||
{#- -#} submit.setAttribute('disabled',true);
|
||||
{#- -#}
|
||||
{#- -#} pass_inp.onchange=()=>{
|
||||
{#- -#} if(pass_inp.value.length==0)
|
||||
{#- -#} submit.setAttribute('disabled',true);
|
||||
{#- -#} else submit.removeAttribute('disabled')
|
||||
{#- -#} }
|
||||
{#- -#} }
|
||||
{#- -#} )()
|
||||
{#- -#}</script>
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{% endblock %}
|
||||
|
||||
{% block body %}
|
||||
|
||||
<div style="max-width:95vw;width:fit-content;margin:0 auto">
|
||||
|
@ -139,24 +114,6 @@
|
|||
</p>
|
||||
</div>
|
||||
{%- else -%}
|
||||
|
||||
{%- if let Some(pass) = conf.files.upload_pass -%}
|
||||
<div class="alert blue">
|
||||
<h1 class="alert-title">
|
||||
Upload password
|
||||
</h1>
|
||||
<div class="alert-text">
|
||||
<p>This instance requires a password to upload a file.</p>
|
||||
<p>
|
||||
<label>
|
||||
Password:
|
||||
<input type="password" name="instancepass" id="instancepass">
|
||||
</label>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
{%- endif -%}
|
||||
|
||||
<p>
|
||||
<input type="file" name="file" id="bfile-formupload-file" style="display: none" />
|
||||
<label for="bfile-formupload-file">
|
||||
|
@ -185,7 +142,7 @@
|
|||
</label>
|
||||
</p>
|
||||
<p>
|
||||
<button class='btn btn-fill' id="bfile-upload-submit">
|
||||
<button class='btn btn-fill'>
|
||||
Upload!
|
||||
</button>
|
||||
</p>
|
||||
|
|
Loading…
Reference in New Issue