Fix gallery creation validation and validators returning incorrect er… (#263)

* Fix gallery creation validation and validators returning incorrect errors * Remove docker image * Add URL validation for pack files * Remove unneeded dependencies
2021-11-30 20:07:23 -07:00
parent 6740124364
commit a54b2db81b
11 changed files with 444 additions and 667 deletions
--- a/src/validate/mod.rs
+++ b/src/validate/mod.rs
@@ -67,7 +67,7 @@ pub async fn validate_file(
    game_versions: Vec<GameVersion>,
    all_game_versions: Vec<crate::database::models::categories::GameVersion>,
 ) -> Result<ValidationResult, ValidationError> {
-    Ok(actix_web::web::block(move || {
+    let res = actix_web::web::block(move || {
        let reader = std::io::Cursor::new(data);
        let mut zip = zip::ZipArchive::new(reader)?;

@@ -103,8 +103,15 @@ pub async fn validate_file(
            Ok(ValidationResult::Pass)
        }
    })
-    .await
-    .map_err(|_| ValidationError::BlockingError)?)
+    .await;
+
+    match res {
+        Ok(x) => Ok(x),
+        Err(err) => match err {
+            actix_web::error::BlockingError::Canceled => Err(ValidationError::BlockingError),
+            actix_web::error::BlockingError::Error(err) => Err(err),
+        },
+    }
 }

 fn game_version_supported(
--- a/src/validate/pack.rs
+++ b/src/validate/pack.rs
@@ -1,4 +1,5 @@
 use crate::models::projects::SideType;
+use crate::util::env::parse_strings_from_var;
 use crate::util::validate::validation_errors_to_string;
 use crate::validate::{SupportedGameVersions, ValidationError, ValidationResult};
 use serde::{Deserialize, Serialize};
@@ -33,8 +34,18 @@ pub struct PackFile<'a> {

 fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::ValidationError> {
    for value in values {
-        if !validator::validate_url(*value) {
-            return Err(validator::ValidationError::new("invalid URL"));
+        let domains = parse_strings_from_var("WHITELISTED_MODPACK_DOMAINS").unwrap_or_default();
+        if !domains.contains(
+            &url::Url::parse(value)
+                .ok()
+                .ok_or_else(|| validator::ValidationError::new("invalid URL"))?
+                .domain()
+                .ok_or_else(|| validator::ValidationError::new("invalid URL"))?
+                .to_string(),
+        ) {
+            return Err(validator::ValidationError::new(
+                "File download source is not from allowed sources",
+            ));
        }
    }

@@ -42,10 +53,21 @@ fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::Validation
 }

 #[derive(Serialize, Deserialize, Eq, PartialEq, Hash)]
-#[serde(rename_all = "camelCase")]
+#[serde(rename_all = "camelCase", from = "String")]
 pub enum FileHash {
    Sha1,
    Sha512,
+    Unknown(String),
+}
+
+impl From<String> for FileHash {
+    fn from(s: String) -> Self {
+        return match s.as_str() {
+            "sha1" => FileHash::Sha1,
+            "sha512" => FileHash::Sha512,
+            _ => FileHash::Unknown(s),
+        };
+    }
 }

 #[derive(Serialize, Deserialize, Eq, PartialEq, Hash)]
@@ -122,6 +144,14 @@ impl super::Validator for PackValidator {
            ));
        }

+        for file in pack.files {
+            if file.hashes.get(&FileHash::Sha1).is_none() {
+                return Err(ValidationError::InvalidInputError(
+                    "All pack files must provide a SHA1 hash!".into(),
+                ));
+            }
+        }
+
        Ok(ValidationResult::Pass)
    }
 }