melon/tokidoki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use base64 encoded user name as their base dir

Browse Source 
This is safe in all circumstance and leaves it up to the auth backend to
use whatever name they like for authentication.
This commit is contained in:
Conrad Hoffmann 2022-03-10 17:41:30 +01:00
parent 04be038c05
commit 07c19a6f6c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
storage/filesystem.go
View File

@ -45,8 +45,8 @@ func (b *filesystemBackend) pathForContext(ctx context.Context) (string, error)
if !ok { if !ok {
panic("Invalid data in auth context!") panic("Invalid data in auth context!")
} }
//TODO sanitize user name or at least check if valid dir name? userDir := base64.RawStdEncoding.EncodeToString([]byte(authCtx.UserName))
path := filepath.Join(b.path, authCtx.UserName) path := filepath.Join(b.path, userDir)
_, err := os.Stat(path) _, err := os.Stat(path)
if os.IsNotExist(err) { if os.IsNotExist(err) {