Fix gallery creation validation and validators returning incorrect er… (#263)

* Fix gallery creation validation and validators returning incorrect errors

* Remove docker image

* Add URL validation for pack files

* Remove unneeded dependencies
This commit is contained in:
Geometrically
2021-11-30 20:07:23 -07:00
committed by GitHub
parent 6740124364
commit a54b2db81b
11 changed files with 444 additions and 667 deletions

View File

@@ -67,7 +67,7 @@ pub async fn validate_file(
game_versions: Vec<GameVersion>,
all_game_versions: Vec<crate::database::models::categories::GameVersion>,
) -> Result<ValidationResult, ValidationError> {
Ok(actix_web::web::block(move || {
let res = actix_web::web::block(move || {
let reader = std::io::Cursor::new(data);
let mut zip = zip::ZipArchive::new(reader)?;
@@ -103,8 +103,15 @@ pub async fn validate_file(
Ok(ValidationResult::Pass)
}
})
.await
.map_err(|_| ValidationError::BlockingError)?)
.await;
match res {
Ok(x) => Ok(x),
Err(err) => match err {
actix_web::error::BlockingError::Canceled => Err(ValidationError::BlockingError),
actix_web::error::BlockingError::Error(err) => Err(err),
},
}
}
fn game_version_supported(

View File

@@ -1,4 +1,5 @@
use crate::models::projects::SideType;
use crate::util::env::parse_strings_from_var;
use crate::util::validate::validation_errors_to_string;
use crate::validate::{SupportedGameVersions, ValidationError, ValidationResult};
use serde::{Deserialize, Serialize};
@@ -33,8 +34,18 @@ pub struct PackFile<'a> {
fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::ValidationError> {
for value in values {
if !validator::validate_url(*value) {
return Err(validator::ValidationError::new("invalid URL"));
let domains = parse_strings_from_var("WHITELISTED_MODPACK_DOMAINS").unwrap_or_default();
if !domains.contains(
&url::Url::parse(value)
.ok()
.ok_or_else(|| validator::ValidationError::new("invalid URL"))?
.domain()
.ok_or_else(|| validator::ValidationError::new("invalid URL"))?
.to_string(),
) {
return Err(validator::ValidationError::new(
"File download source is not from allowed sources",
));
}
}
@@ -42,10 +53,21 @@ fn validate_download_url(values: &Vec<&str>) -> Result<(), validator::Validation
}
#[derive(Serialize, Deserialize, Eq, PartialEq, Hash)]
#[serde(rename_all = "camelCase")]
#[serde(rename_all = "camelCase", from = "String")]
pub enum FileHash {
Sha1,
Sha512,
Unknown(String),
}
impl From<String> for FileHash {
fn from(s: String) -> Self {
return match s.as_str() {
"sha1" => FileHash::Sha1,
"sha512" => FileHash::Sha512,
_ => FileHash::Unknown(s),
};
}
}
#[derive(Serialize, Deserialize, Eq, PartialEq, Hash)]
@@ -122,6 +144,14 @@ impl super::Validator for PackValidator {
));
}
for file in pack.files {
if file.hashes.get(&FileHash::Sha1).is_none() {
return Err(ValidationError::InvalidInputError(
"All pack files must provide a SHA1 hash!".into(),
));
}
}
Ok(ValidationResult::Pass)
}
}