github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix new profile icon API

Browse Source
This commit is contained in:
Patrick Pacher
2023-11-20 12:15:00 +01:00
parent 7751f57874
commit 58443631c4
2 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
profile/api.go
View File

@@ -4,6 +4,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"path/filepath"
"strings" "strings"
"github.com/safing/portbase/api" "github.com/safing/portbase/api"
@@ -26,7 +27,7 @@ func registerAPIEndpoints() error {
if err := api.RegisterEndpoint(api.Endpoint{ if err := api.RegisterEndpoint(api.Endpoint{
Name: "Get Profile Icon", Name: "Get Profile Icon",
Description: "Returns the requested profile icon.", Description: "Returns the requested profile icon.",
Path: "profile/icon/{id:[0-9a-f]{40-80}}.{ext:[a-z]{3-4}}", Path: "profile/icon/{id:[a-f0-9]*\\.[a-z]{3,4}}",
Read: api.PermitUser, Read: api.PermitUser,
BelongsTo: module, BelongsTo: module,
DataFunc: handleGetProfileIcon, DataFunc: handleGetProfileIcon,
@@ -37,7 +38,7 @@ func registerAPIEndpoints() error {
if err := api.RegisterEndpoint(api.Endpoint{ if err := api.RegisterEndpoint(api.Endpoint{
Name: "Update Profile Icon", Name: "Update Profile Icon",
Description: "Updates a profile icon.", Description: "Updates a profile icon.",
Path: "profile/icon/update", Path: "profile/icon",
Write: api.PermitUser, Write: api.PermitUser,
BelongsTo: module, BelongsTo: module,
StructFunc: handleUpdateProfileIcon, StructFunc: handleUpdateProfileIcon,
@@ -92,14 +93,18 @@ func handleMergeProfiles(ar *api.Request) (i interface{}, err error) {
} }
func handleGetProfileIcon(ar *api.Request) (data []byte, err error) { func handleGetProfileIcon(ar *api.Request) (data []byte, err error) {
name := ar.URLVars["id"]
ext := filepath.Ext(name)
// Get profile icon. // Get profile icon.
data, err = GetProfileIcon(ar.URLVars["id"], ar.URLVars["ext"]) data, err = GetProfileIcon(name)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// Set content type for icon. // Set content type for icon.
contentType, ok := utils.MimeTypeByExtension(ar.URLVars["ext"]) contentType, ok := utils.MimeTypeByExtension(ext)
if ok { if ok {
ar.ResponseHeader.Set("Content-Type", contentType) ar.ResponseHeader.Set("Content-Type", contentType)
} }

10
profile/icons.go
View File

@@ -16,16 +16,20 @@ import (
var profileIconStoragePath = "" var profileIconStoragePath = ""
// GetProfileIcon returns the profile icon with the given ID and extension. // GetProfileIcon returns the profile icon with the given ID and extension.
func GetProfileIcon(id, ext string) (data []byte, err error) { func GetProfileIcon(name string) (data []byte, err error) {
// Build storage path. // Build storage path.
iconPath := filepath.Join(profileIconStoragePath, id+"."+ext) iconPath := filepath.Clean(
filepath.Join(profileIconStoragePath, name),
)
iconPath, err = filepath.Abs(iconPath) iconPath, err = filepath.Abs(iconPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to check icon path: %w", err) return nil, fmt.Errorf("failed to check icon path: %w", err)
} }
// Do a quick check if we are still within the right directory. // Do a quick check if we are still within the right directory.
// This check is not entirely correct, but is sufficient for this use case. // This check is not entirely correct, but is sufficient for this use case.
if !strings.HasPrefix(iconPath, profileIconStoragePath) { if filepath.Dir(iconPath) != profileIconStoragePath {
return nil, api.ErrorWithStatus(errors.New("invalid icon"), http.StatusBadRequest) return nil, api.ErrorWithStatus(errors.New("invalid icon"), http.StatusBadRequest)
} }