Skip to content

Commit

Permalink
Fixed sanitizeing on user inputs that handle files
Browse files Browse the repository at this point in the history
  • Loading branch information
lukasabbe committed Sep 23, 2024
1 parent 5a15afc commit e462aa3
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 72 deletions.
122 changes: 61 additions & 61 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
"dotenv": "^16.4.5",
"express": "^4.19.2",
"express-rate-limit": "^7.4.0",
"mongoose": "^8.4.0"
"mongoose": "^8.4.0",
"sanitize-filename": "^1.6.3"
}
}
21 changes: 11 additions & 10 deletions src/public_api/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import fs from "fs";
import { generateFrame } from "../functions/generateFrame";
import { fetch_config } from "../models/config_schema";
import path from "path";
import sanitize from "sanitize-filename";
import { buffer } from "stream/consumers";

const public_user_router = Router();
public_user_router.use(json());
Expand Down Expand Up @@ -54,8 +56,10 @@ public_user_router.post("/frame", async (req: Request, res: Response) => {
fs.mkdirSync(cache_path);
}

const user_id = sanitize(json_body.userid);

if (
!(config.cacheQueue as unknown as Array<string>).includes(json_body.userid) ||
!(config.cacheQueue as unknown as Array<string>).includes(user_id) ||
json_body?.force == true
) {
const photo = await generateFrame(
Expand All @@ -73,27 +77,24 @@ public_user_router.post("/frame", async (req: Request, res: Response) => {
const id = (config.cacheQueue as unknown as Array<string>).shift();
fs.rmSync(`${cache_path}/${id}.png`);
}
const check_file = fs.realpathSync(path.resolve(cache_path, json_body.userid + ".png"));
if(!check_file.startsWith(cache_path)) {
return res.status(400).json({ error: "Invalid path" });
}

fs.writeFileSync(`${cache_path}/${json_body.userid}.png`, photo);

fs.writeFileSync(`${cache_path}/${user_id}.png`, photo);

if (
!(config.cacheQueue as unknown as Array<string>).includes(
json_body.userid,
user_id,
)
)
(config.cacheQueue as unknown as Array<string>).push(json_body.userid);
(config.cacheQueue as unknown as Array<string>).push(user_id);
config.save();
}else{
const check_file = fs.realpathSync(path.resolve(cache_path, json_body.userid + ".png"));
const check_file = fs.realpathSync(path.resolve(cache_path, user_id + ".png"));
if(!check_file.startsWith(cache_path)) {
return res.status(400).json({ error: "Invalid path" });
}
}
res.sendFile(`${cache_path}/${json_body.userid}.png`);
});


export { public_user_router };

0 comments on commit e462aa3

Please sign in to comment.