2022-10-07 13:51:38 +00:00
|
|
|
use crate::{config, mime_relations};
|
2020-07-09 17:27:24 +00:00
|
|
|
use actix_multipart::{Field, Multipart};
|
2021-09-11 00:08:47 +00:00
|
|
|
use actix_web::{error, http::header::DispositionParam, Error};
|
2022-02-26 23:34:57 +00:00
|
|
|
use futures_util::{StreamExt, TryStreamExt};
|
2022-09-30 13:42:08 +00:00
|
|
|
use mime::{Mime, APPLICATION_OCTET_STREAM, TEXT_PLAIN};
|
2023-01-31 13:17:30 +00:00
|
|
|
use std::{cmp::min, io::ErrorKind, path::Path};
|
2022-07-02 20:28:48 +00:00
|
|
|
use time::{Duration, OffsetDateTime};
|
2022-11-22 20:11:35 +00:00
|
|
|
use tokio::{
|
|
|
|
fs::{self, File},
|
|
|
|
io::AsyncWriteExt,
|
|
|
|
};
|
2020-07-08 19:26:46 +00:00
|
|
|
|
2022-09-30 12:38:33 +00:00
|
|
|
const MAX_UPLOAD_DURATION: Duration = Duration::days(31);
|
|
|
|
const DEFAULT_UPLOAD_DURATION: Duration = Duration::minutes(30);
|
2021-08-18 21:22:50 +00:00
|
|
|
|
2021-04-04 01:38:29 +00:00
|
|
|
pub(crate) struct UploadConfig {
|
2022-08-18 21:20:56 +00:00
|
|
|
pub original_name: Option<String>,
|
|
|
|
pub content_type: Mime,
|
2022-02-27 00:50:29 +00:00
|
|
|
pub valid_till: OffsetDateTime,
|
2021-04-04 01:38:29 +00:00
|
|
|
pub delete_on_download: bool,
|
|
|
|
}
|
|
|
|
|
2020-07-09 17:27:24 +00:00
|
|
|
pub(crate) async fn parse_multipart(
|
2022-11-22 20:11:35 +00:00
|
|
|
payload: Multipart,
|
|
|
|
file_path: &Path,
|
|
|
|
config: &config::Config,
|
|
|
|
) -> Result<UploadConfig, error::Error> {
|
|
|
|
match parse_multipart_inner(payload, file_path, config).await {
|
|
|
|
Ok(data) => Ok(data),
|
|
|
|
Err(err) => {
|
|
|
|
match fs::remove_file(file_path).await {
|
|
|
|
Err(err) if err.kind() != ErrorKind::NotFound => {
|
|
|
|
log::error!("could not remove file {:?}", err);
|
|
|
|
}
|
|
|
|
_ => {}
|
|
|
|
}
|
|
|
|
Err(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub(crate) async fn parse_multipart_inner(
|
2020-07-09 17:27:24 +00:00
|
|
|
mut payload: Multipart,
|
2022-08-18 21:20:56 +00:00
|
|
|
file_path: &Path,
|
2021-04-07 22:03:02 +00:00
|
|
|
config: &config::Config,
|
2021-04-04 01:38:29 +00:00
|
|
|
) -> Result<UploadConfig, error::Error> {
|
2020-07-09 17:27:24 +00:00
|
|
|
let mut original_name: Option<String> = None;
|
2022-08-18 21:20:56 +00:00
|
|
|
let mut content_type: Option<Mime> = None;
|
2022-09-30 12:38:33 +00:00
|
|
|
let mut keep_for_seconds: Option<String> = None;
|
2021-04-04 01:38:29 +00:00
|
|
|
let mut delete_on_download = false;
|
2021-04-07 22:03:02 +00:00
|
|
|
let mut password = None;
|
|
|
|
let mut size = 0;
|
2020-07-09 17:27:24 +00:00
|
|
|
|
2022-11-04 10:37:10 +00:00
|
|
|
while let Ok(Some(mut field)) = payload.try_next().await {
|
|
|
|
let name = get_field_name(&field)?.to_owned();
|
|
|
|
match name.as_str() {
|
2021-02-13 15:47:04 +00:00
|
|
|
"keep_for" => {
|
2022-11-04 10:37:10 +00:00
|
|
|
keep_for_seconds = Some(parse_string(&name, &mut field).await?);
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
2021-02-13 15:47:04 +00:00
|
|
|
"file" => {
|
2022-08-18 21:20:56 +00:00
|
|
|
let (mime, uploaded_name) = get_file_metadata(&field);
|
2022-11-04 10:37:10 +00:00
|
|
|
if uploaded_name.is_none() || uploaded_name.as_deref() == Some("") {
|
2020-07-09 17:27:24 +00:00
|
|
|
continue;
|
|
|
|
}
|
2022-09-30 13:42:08 +00:00
|
|
|
original_name = uploaded_name;
|
2022-10-25 18:55:29 +00:00
|
|
|
let first_bytes;
|
|
|
|
(size, first_bytes) = create_file(file_path, field, config.max_file_size).await?;
|
2023-01-27 19:56:44 +00:00
|
|
|
content_type = Some(
|
|
|
|
mime.filter(|mime| *mime != APPLICATION_OCTET_STREAM)
|
|
|
|
.map(mime_relations::get_alias)
|
2023-01-31 13:17:30 +00:00
|
|
|
.or_else(|| get_content_type(&first_bytes))
|
|
|
|
.unwrap_or(APPLICATION_OCTET_STREAM),
|
2023-01-27 19:56:44 +00:00
|
|
|
);
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
2021-02-13 15:47:04 +00:00
|
|
|
"text" => {
|
2020-07-09 17:27:24 +00:00
|
|
|
if original_name.is_some() {
|
|
|
|
continue;
|
|
|
|
}
|
2022-10-25 18:55:29 +00:00
|
|
|
let first_bytes;
|
|
|
|
(size, first_bytes) = create_file(file_path, field, config.max_file_size).await?;
|
2023-01-31 13:17:30 +00:00
|
|
|
content_type = Some(get_content_type(&first_bytes).unwrap_or(TEXT_PLAIN));
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
2021-04-04 01:38:29 +00:00
|
|
|
"delete_on_download" => {
|
2022-11-04 10:37:10 +00:00
|
|
|
delete_on_download = parse_string(&name, &mut field).await? != "false";
|
2021-04-04 01:38:29 +00:00
|
|
|
}
|
2021-04-07 22:03:02 +00:00
|
|
|
"password" => {
|
2022-11-04 10:37:10 +00:00
|
|
|
password = Some(parse_string(&name, &mut field).await?);
|
2021-04-07 22:03:02 +00:00
|
|
|
}
|
2020-07-09 17:27:24 +00:00
|
|
|
_ => {}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-08-18 21:20:56 +00:00
|
|
|
let content_type =
|
|
|
|
content_type.ok_or_else(|| error::ErrorBadRequest("no content type found"))?;
|
2022-09-30 12:38:33 +00:00
|
|
|
let keep_for = keep_for_seconds
|
2022-02-27 00:50:29 +00:00
|
|
|
.map(|k| k.parse())
|
|
|
|
.transpose()
|
2022-10-07 13:52:12 +00:00
|
|
|
.map_err(|e| error::ErrorBadRequest(format!("field keep_for is not a number: {e}")))?
|
2022-11-04 10:37:10 +00:00
|
|
|
.map_or(DEFAULT_UPLOAD_DURATION, Duration::seconds);
|
2022-09-30 12:38:33 +00:00
|
|
|
let valid_till = OffsetDateTime::now_utc() + keep_for;
|
2021-04-04 01:38:29 +00:00
|
|
|
|
2021-12-20 10:12:09 +00:00
|
|
|
let upload_config = UploadConfig {
|
2021-04-04 01:38:29 +00:00
|
|
|
original_name,
|
2022-08-18 21:20:56 +00:00
|
|
|
content_type,
|
2021-04-04 01:38:29 +00:00
|
|
|
valid_till,
|
|
|
|
delete_on_download,
|
2021-12-20 10:12:09 +00:00
|
|
|
};
|
|
|
|
|
2022-11-04 10:37:10 +00:00
|
|
|
check_requirements(&upload_config, size, &password, &keep_for, config)?;
|
2021-12-20 10:12:09 +00:00
|
|
|
|
|
|
|
Ok(upload_config)
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
|
|
|
|
2021-12-20 10:12:09 +00:00
|
|
|
fn check_requirements(
|
|
|
|
upload_config: &UploadConfig,
|
2021-04-07 22:03:02 +00:00
|
|
|
size: u64,
|
2022-11-04 10:37:10 +00:00
|
|
|
password: &Option<String>,
|
2022-09-30 12:38:33 +00:00
|
|
|
keep_for: &Duration,
|
2021-04-07 22:03:02 +00:00
|
|
|
config: &config::Config,
|
|
|
|
) -> Result<(), error::Error> {
|
2022-08-18 21:20:56 +00:00
|
|
|
if let Some(original_name) = upload_config.original_name.as_ref() {
|
|
|
|
if original_name.len() > 255 {
|
|
|
|
return Err(error::ErrorBadRequest("filename is too long"));
|
|
|
|
}
|
2021-12-20 10:12:09 +00:00
|
|
|
}
|
|
|
|
|
2022-09-30 12:38:33 +00:00
|
|
|
if *keep_for > MAX_UPLOAD_DURATION {
|
2021-12-20 10:12:09 +00:00
|
|
|
return Err(error::ErrorBadRequest(format!(
|
2022-10-07 13:52:12 +00:00
|
|
|
"maximum allowed validity is {MAX_UPLOAD_DURATION}, but you specified {keep_for}"
|
2021-12-20 10:12:09 +00:00
|
|
|
)));
|
|
|
|
}
|
|
|
|
|
2021-04-07 22:03:02 +00:00
|
|
|
if let Some(no_auth_limits) = &config.no_auth_limits {
|
2022-09-30 12:38:33 +00:00
|
|
|
let requires_auth = *keep_for > no_auth_limits.max_time
|
|
|
|
|| *keep_for > no_auth_limits.large_file_max_time
|
2021-04-07 22:03:02 +00:00
|
|
|
&& size > no_auth_limits.large_file_size;
|
2021-12-20 10:12:09 +00:00
|
|
|
// hIGh sECUriTy paSsWoRD CHEck
|
2021-04-07 22:03:02 +00:00
|
|
|
if requires_auth && password.as_ref() != Some(&no_auth_limits.auth_password) {
|
|
|
|
return Err(error::ErrorBadRequest(
|
|
|
|
"upload requires authentication, but authentication was incorrect",
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
2021-12-20 10:12:09 +00:00
|
|
|
|
2021-04-07 22:03:02 +00:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2022-11-04 10:37:10 +00:00
|
|
|
fn get_field_name(field: &Field) -> Result<&str, error::Error> {
|
2020-07-09 17:27:24 +00:00
|
|
|
Ok(field
|
2020-07-08 19:26:46 +00:00
|
|
|
.content_disposition()
|
|
|
|
.get_name()
|
2020-12-03 22:30:37 +00:00
|
|
|
.ok_or(error::ParseError::Incomplete)?)
|
2020-07-08 19:26:46 +00:00
|
|
|
}
|
|
|
|
|
2022-11-04 10:37:10 +00:00
|
|
|
async fn parse_string(
|
|
|
|
name: &str,
|
|
|
|
field: &mut actix_multipart::Field,
|
|
|
|
) -> Result<String, error::Error> {
|
2020-07-09 17:27:24 +00:00
|
|
|
let data = read_content(field).await?;
|
|
|
|
String::from_utf8(data)
|
2022-10-07 13:52:12 +00:00
|
|
|
.map_err(|_| error::ErrorBadRequest(format!("could not parse field {name} as utf-8")))
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
|
|
|
|
2022-11-04 10:37:10 +00:00
|
|
|
async fn read_content(field: &mut actix_multipart::Field) -> Result<Vec<u8>, error::Error> {
|
2020-07-08 19:26:46 +00:00
|
|
|
let mut data = Vec::new();
|
2022-02-26 23:34:57 +00:00
|
|
|
while let Some(chunk) = field.try_next().await.map_err(error::ErrorBadRequest)? {
|
|
|
|
data.extend(chunk);
|
2020-07-08 19:26:46 +00:00
|
|
|
}
|
2020-07-09 17:27:24 +00:00
|
|
|
Ok(data)
|
|
|
|
}
|
|
|
|
|
2021-09-11 00:08:47 +00:00
|
|
|
async fn create_file(
|
|
|
|
filename: &Path,
|
|
|
|
field: Field,
|
|
|
|
max_file_size: Option<u64>,
|
2022-10-25 18:55:29 +00:00
|
|
|
) -> Result<(u64, Vec<u8>), Error> {
|
2021-09-11 00:08:47 +00:00
|
|
|
let mut file = File::create(&filename).await.map_err(|file_err| {
|
|
|
|
log::error!("could not create file {:?}", file_err);
|
|
|
|
error::ErrorInternalServerError("could not create file")
|
|
|
|
})?;
|
2022-10-25 18:55:29 +00:00
|
|
|
write_to_file(&mut file, field, max_file_size).await
|
2021-09-11 00:08:47 +00:00
|
|
|
}
|
|
|
|
|
2020-07-09 17:27:24 +00:00
|
|
|
async fn write_to_file(
|
|
|
|
file: &mut File,
|
2021-09-11 00:08:47 +00:00
|
|
|
mut field: Field,
|
2021-03-09 22:36:24 +00:00
|
|
|
max_size: Option<u64>,
|
2022-10-25 18:55:29 +00:00
|
|
|
) -> Result<(u64, Vec<u8>), error::Error> {
|
|
|
|
let mut first_bytes = Vec::with_capacity(2048);
|
2021-03-09 22:36:24 +00:00
|
|
|
let mut written_bytes: u64 = 0;
|
2020-07-09 17:27:24 +00:00
|
|
|
while let Some(chunk) = field.next().await {
|
2021-03-09 22:36:24 +00:00
|
|
|
let chunk = chunk.map_err(error::ErrorBadRequest)?;
|
2021-04-07 22:03:02 +00:00
|
|
|
written_bytes += chunk.len() as u64;
|
2023-01-31 13:17:30 +00:00
|
|
|
validate_max_size(written_bytes, max_size)?;
|
|
|
|
|
|
|
|
let remaining_first_bytes = min(2048 - first_bytes.len(), chunk.len());
|
|
|
|
first_bytes.extend_from_slice(&chunk[..remaining_first_bytes]);
|
|
|
|
|
2022-05-09 21:07:24 +00:00
|
|
|
file.write_all(&chunk).await.map_err(|write_err| {
|
|
|
|
log::error!("could not write file {:?}", write_err);
|
|
|
|
error::ErrorInternalServerError("could not write file")
|
|
|
|
})?;
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
2022-10-25 18:55:29 +00:00
|
|
|
Ok((written_bytes, first_bytes))
|
2020-07-09 17:27:24 +00:00
|
|
|
}
|
|
|
|
|
2023-01-31 13:17:30 +00:00
|
|
|
fn validate_max_size(written_bytes: u64, max_size: Option<u64>) -> Result<(), Error> {
|
|
|
|
if let Some(max_size) = max_size {
|
|
|
|
if written_bytes > max_size {
|
|
|
|
return Err(error::ErrorPayloadTooLarge(format!(
|
|
|
|
"exceeded maximum file size of {max_size} bytes"
|
|
|
|
)));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2023-01-27 19:56:44 +00:00
|
|
|
fn get_file_metadata(field: &actix_multipart::Field) -> (Option<Mime>, Option<String>) {
|
|
|
|
let mime = field.content_type().cloned();
|
2022-08-18 21:20:56 +00:00
|
|
|
let filename = field
|
2022-02-26 23:34:57 +00:00
|
|
|
.content_disposition()
|
2021-12-20 10:12:09 +00:00
|
|
|
.parameters
|
2022-02-26 23:34:57 +00:00
|
|
|
.iter()
|
2021-12-20 10:12:09 +00:00
|
|
|
.find_map(|param| match param {
|
2022-09-30 13:42:08 +00:00
|
|
|
DispositionParam::Filename(filename) => Some(filename.clone()),
|
2021-12-20 10:12:09 +00:00
|
|
|
_ => None,
|
2022-08-18 21:20:56 +00:00
|
|
|
});
|
|
|
|
(mime, filename)
|
|
|
|
}
|
|
|
|
|
2023-01-31 13:17:30 +00:00
|
|
|
fn get_content_type(bytes: &[u8]) -> Option<Mime> {
|
|
|
|
tree_magic_mini::from_u8(bytes).parse().ok()
|
2020-07-08 19:26:46 +00:00
|
|
|
}
|