melon/tokidoki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
31 Commits 1 Branch 0 Tags 123 KiB
5728f1ee27
Commit Graph

16 Commits

Author SHA1 Message Date
Conrad Hoffmann
5728f1ee27 Make sure clients cannot overwrite address book 
Tighten the regex for valid resources and change the name of the default
address book file so that it is not covered by that regex. This will
prohibit clients from accidentally or maliciously PUTing to that file.
 2022-03-16 15:15:01 +01:00
Conrad Hoffmann
f4a3598191 Use simpler os.Create for writing files 2022-03-16 15:11:06 +01:00
Conrad Hoffmann
29bf819ab1 Avoid empty array allocations 2022-03-16 15:08:42 +01:00
Conrad Hoffmann
e5db18e289 Remove stat call from happy path 
Just try to read the file, use it if it works. Only if the file does
not exist, create default address book and try again.
 2022-03-16 15:02:18 +01:00
Conrad Hoffmann
86359a5e11 Avoid using pointers for card.Card 
It's just a map, Go will do the right thing.
 2022-03-16 14:51:26 +01:00
Conrad Hoffmann
e069bc0e9b Use SHA1 streaming hash for Etag 2022-03-16 14:47:47 +01:00
Conrad Hoffmann
b3277148d7 Compile regex globally 2022-03-16 14:47:11 +01:00
Conrad Hoffmann
78bd2a9b84 Keep context keys private 
Instead, offer type safe accessors, as documented here:

https://pkg.go.dev/context#Context
 2022-03-16 14:33:47 +01:00
Conrad Hoffmann
07c19a6f6c Use base64 encoded user name as their base dir 
This is safe in all circumstance and leaves it up to the auth backend to
use whatever name they like for authentication.
 2022-03-10 17:56:58 +01:00
Conrad Hoffmann
04be038c05 Implement UID conflict check in PutAddressObject 2022-03-10 17:56:58 +01:00
Conrad Hoffmann
1d50d6dad8 Harden mapping from request path to FS path 
Put strict checks in place to avoid authenticated users accessing files
outside of their actual storage directory. These checks will need
updating if multiple address books are to be supported.
 2022-03-10 16:46:56 +01:00
Conrad Hoffmann
18a9f9bf77 Implement query and property filters 
The property filters are also used for other operations.
 2022-03-01 11:51:34 +01:00
Conrad Hoffmann
8c8d96c2bc Fix conflation of URL and storage path 
The path returned must of course be the external URL path, not the
internal storage path.
 2022-02-28 19:48:49 +01:00
Conrad Hoffmann
8b46585109 storage/filesystem: implement more operations 
Everything except QueryAddressObjects is now functional, though not
feature-complete. Simple operations work, e.g. via Evolution.
 2022-02-24 12:54:30 +01:00
Conrad Hoffmann
d917938a29 Start simple filesystem storage backend 2022-02-23 21:09:20 +01:00
Conrad Hoffmann
2b6220c1ea Add stub for filesystem storage backend 
References: https://todo.sr.ht/~sircmpwn/tokidoki/2
 2022-02-22 12:18:07 +01:00