eightequal/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

Fix pack URL validation, Version file update route, and spaces in file download URLs (#275)

Browse Source
This commit is contained in:
Geometrically
2022-01-09 15:35:01 -07:00
committed by GitHub
parent 016e743653
commit 384e14b32d
5 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.lock generated
View File

@@ -1973,6 +1973,7 @@ dependencies = [
"sqlx", "sqlx",
"thiserror", "thiserror",
"url", "url",
"urlencoding",
"validator", "validator",
"xml-rs", "xml-rs",
"yaserde", "yaserde",
@@ -3941,6 +3942,12 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "urlencoding"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68b90931029ab9b034b300b797048cf23723400aa757e8a2bfb9d748102f9821"
[[package]] [[package]]
name = "uuid" name = "uuid"
version = "0.8.2" version = "0.8.2"

1
Cargo.toml
View File

@@ -40,6 +40,7 @@ zip = "0.5.12"
validator = { version = "0.13", features = ["derive"] } validator = { version = "0.13", features = ["derive"] }
regex = "1.5.4" regex = "1.5.4"
url = "2.2.2" url = "2.2.2"
urlencoding = "2.1.0"
gumdrop = "0.8.0" gumdrop = "0.8.0"
dotenv = "0.15" dotenv = "0.15"

4
src/routes/version_creation.rs
View File

@@ -633,7 +633,9 @@ pub async fn upload_file(
content_type, content_type,
&format!( &format!(
"data/{}/versions/{}/{}", "data/{}/versions/{}/{}",
project_id, version_number, file_name project_id,
version_number,
urlencoding::encode(&file_name)
), ),
data.freeze(), data.freeze(),
) )

1
src/routes/version_file.rs
View File

@@ -306,7 +306,6 @@ pub async fn delete_file(
#[derive(Deserialize)] #[derive(Deserialize)]
pub struct UpdateData { pub struct UpdateData {
pub hash: (String, String),
pub loaders: Vec<Loader>, pub loaders: Vec<Loader>,
pub game_versions: Vec<GameVersion>, pub game_versions: Vec<GameVersion>,
} }

13
src/validate/pack.rs
View File

@@ -34,12 +34,17 @@ pub struct PackFile<'a> {
fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::ValidationError> { fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::ValidationError> {
for value in values { for value in values {
let url = url::Url::parse(value)
.ok()
.ok_or_else(|| validator::ValidationError::new("invalid URL"))?;
if &url.as_str() != value {
return Err(validator::ValidationError::new("invalid URL"));
}
let domains = parse_strings_from_var("WHITELISTED_MODPACK_DOMAINS").unwrap_or_default(); let domains = parse_strings_from_var("WHITELISTED_MODPACK_DOMAINS").unwrap_or_default();
if !domains.contains( if !domains.contains(
&url::Url::parse(value) &url.domain()
.ok()
.ok_or_else(|| validator::ValidationError::new("invalid URL"))?
.domain()
.ok_or_else(|| validator::ValidationError::new("invalid URL"))? .ok_or_else(|| validator::ValidationError::new("invalid URL"))?
.to_string(), .to_string(),
) { ) {