mirror of
https://github.com/1f349/site-hosting.git
synced 2025-01-21 22:56:27 +00:00
Use userSafeErrorf to protect system paths
This commit is contained in:
parent
cbf6878c13
commit
d655cc7bb4
@ -9,6 +9,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"github.com/1f349/bluebell/database"
|
"github.com/1f349/bluebell/database"
|
||||||
"github.com/1f349/bluebell/hook"
|
"github.com/1f349/bluebell/hook"
|
||||||
|
"github.com/1f349/bluebell/logger"
|
||||||
"github.com/1f349/bluebell/validation"
|
"github.com/1f349/bluebell/validation"
|
||||||
"github.com/1f349/syncmap"
|
"github.com/1f349/syncmap"
|
||||||
"github.com/dustin/go-humanize"
|
"github.com/dustin/go-humanize"
|
||||||
@ -97,7 +98,7 @@ func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) er
|
|||||||
|
|
||||||
_, err := h.db.GetSiteByDomain(context.Background(), site)
|
_, err := h.db.GetSiteByDomain(context.Background(), site)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("invalid site: %w", err)
|
return userSafeErrorf("invalid site: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
key := site + "@" + branch
|
key := site + "@" + branch
|
||||||
@ -120,23 +121,23 @@ func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) er
|
|||||||
// try the new "old@[...]" and old "@[...].old" paths
|
// try the new "old@[...]" and old "@[...].old" paths
|
||||||
err = h.storageFs.RemoveAll(siteBranchPath + ".old")
|
err = h.storageFs.RemoveAll(siteBranchPath + ".old")
|
||||||
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
||||||
return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)
|
return userSafeErrorf("failed to remove old site branch %s: %w", siteBranchPath, err)
|
||||||
}
|
}
|
||||||
err = h.storageFs.RemoveAll(siteBranchOldPath)
|
err = h.storageFs.RemoveAll(siteBranchOldPath)
|
||||||
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
||||||
return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)
|
return userSafeErrorf("failed to remove old site branch %s: %w", siteBranchPath, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = h.storageFs.MkdirAll(siteBranchWorkPath, fs.ModePerm)
|
err = h.storageFs.MkdirAll(siteBranchWorkPath, fs.ModePerm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to make site directory: %w", err)
|
return userSafeErrorf("failed to make site directory: %w", err)
|
||||||
}
|
}
|
||||||
branchFs := afero.NewBasePathFs(h.storageFs, siteBranchWorkPath)
|
branchFs := afero.NewBasePathFs(h.storageFs, siteBranchWorkPath)
|
||||||
|
|
||||||
// decompress gzip wrapper
|
// decompress gzip wrapper
|
||||||
gzipReader, err := gzip.NewReader(fileData)
|
gzipReader, err := gzip.NewReader(fileData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("invalid gzip file: %w", err)
|
return userSafeErrorf("invalid gzip file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// parse tar encoding
|
// parse tar encoding
|
||||||
@ -148,22 +149,26 @@ func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) er
|
|||||||
break
|
break
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("invalid tar archive: %w", err)
|
return userSafeErrorf("invalid tar archive: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = branchFs.MkdirAll(filepath.Dir(next.Name), fs.ModePerm)
|
err = branchFs.MkdirAll(filepath.Dir(next.Name), fs.ModePerm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to make directory tree: %w", err)
|
return userSafeErrorf("failed to make directory tree: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if next.FileInfo().IsDir() {
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
create, err := branchFs.Create(next.Name)
|
create, err := branchFs.Create(next.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to create output file: '%s': %w", next.Name, err)
|
return userSafeErrorf("failed to create output file: '%s': %w", next.Name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = io.Copy(create, tarReader)
|
_, err = io.Copy(create, tarReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to copy from archive to output file: '%s': %w", next.Name, err)
|
return userSafeErrorf("failed to copy from archive to output file: '%s': %w", next.Name, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -177,12 +182,12 @@ func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) er
|
|||||||
|
|
||||||
err = h.storageFs.Rename(siteBranchPath, siteBranchOldPath)
|
err = h.storageFs.Rename(siteBranchPath, siteBranchOldPath)
|
||||||
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
||||||
return fmt.Errorf("failed to save an old copy of the site: %w", err)
|
return userSafeErrorf("failed to save an old copy of the site: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = h.storageFs.Rename(siteBranchWorkPath, siteBranchPath)
|
err = h.storageFs.Rename(siteBranchWorkPath, siteBranchPath)
|
||||||
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
||||||
return fmt.Errorf("failed to save an old copy of the site: %w", err)
|
return userSafeErrorf("failed to save an old copy of the site: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
n := time.Now().UTC()
|
n := time.Now().UTC()
|
||||||
@ -202,3 +207,16 @@ func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) er
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func userSafeErrorf(format string, args ...any) error {
|
||||||
|
logger.Logger.Helper()
|
||||||
|
logger.Logger.Error(fmt.Errorf(format, args))
|
||||||
|
|
||||||
|
for i := range args {
|
||||||
|
if _, ok := args[i].(error); ok {
|
||||||
|
args[i] = "[Internal Server Error]"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Errorf(format, args)
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user