From eb6f5641e257dc989f6d6e58fd55e06ba5be1fa9 Mon Sep 17 00:00:00 2001
From: lukasabbe <67807954+lukasabbe@users.noreply.github.com>
Date: Mon, 16 Sep 2024 17:33:09 +0200
Subject: [PATCH] forgot to check path at both places

---
 src/public_api/user.ts | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/public_api/user.ts b/src/public_api/user.ts
index 360f292..3f94818 100644
--- a/src/public_api/user.ts
+++ b/src/public_api/user.ts
@@ -73,6 +73,9 @@ public_user_router.post("/frame", async (req: Request, res: Response) => {
       const id = (config.cacheQueue as unknown as Array<string>).shift();
       fs.rmSync(`${cache_path}/${id}.png`);
     }
+    if(!checkPath(cache_path, json_body.userid)){
+      return res.status(400).json({ error: "Invalid path" });
+    }
     await writeFile(`${cache_path}/${json_body.userid}.png`, photo);
     if (
       !(config.cacheQueue as unknown as Array<string>).includes(
@@ -82,14 +85,23 @@ public_user_router.post("/frame", async (req: Request, res: Response) => {
       (config.cacheQueue as unknown as Array<string>).push(json_body.userid);
     config.save();
   }else{
-    const check_file = fs.realpathSync(path.resolve(cache_path, json_body.userid + ".png"));
-    if(!check_file.startsWith(cache_path)) {
+    if(!checkPath(cache_path, json_body.userid)){
       return res.status(400).json({ error: "Invalid path" });
     }
   }
   res.sendFile(`${cache_path}/${json_body.userid}.png`);
 });
 
+function checkPath(cache_path:string, userid:string){
+  const check_file = fs.realpathSync(path.resolve(cache_path, userid + ".png"));
+  if(!check_file.startsWith(cache_path)) {
+    return false;
+  }
+  else{
+    return true;
+  }
+}
+
 function writeFile(path: string, data: Buffer) {
   return new Promise((resolve, reject) => {
     fs.writeFile(path, data, (err) => {