From 07c19a6f6c948eb0ae92a06a4b68499a4440507f Mon Sep 17 00:00:00 2001
From: Conrad Hoffmann <ch@bitfehler.net>
Date: Thu, 10 Mar 2022 17:41:30 +0100
Subject: [PATCH] Use base64 encoded user name as their base dir

This is safe in all circumstance and leaves it up to the auth backend to
use whatever name they like for authentication.
---
 storage/filesystem.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/storage/filesystem.go b/storage/filesystem.go
index f9bf934..e37a210 100644
--- a/storage/filesystem.go
+++ b/storage/filesystem.go
@@ -45,8 +45,8 @@ func (b *filesystemBackend) pathForContext(ctx context.Context) (string, error)
 	if !ok {
 		panic("Invalid data in auth context!")
 	}
-	//TODO sanitize user name or at least check if valid dir name?
-	path := filepath.Join(b.path, authCtx.UserName)
+	userDir := base64.RawStdEncoding.EncodeToString([]byte(authCtx.UserName))
+	path := filepath.Join(b.path, userDir)
 
 	_, err := os.Stat(path)
 	if os.IsNotExist(err) {