feat: allow blocking content types in config

revoltchat · Aug 14, 2024 · e62b517 · e62b517
1 parent d4f4f72
commit e62b517
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 3 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "autumn"
-version = "1.1.10"
+version = "1.1.11"
 authors = ["Paul Makles <[email protected]>"]
 edition = "2018"
 

diff --git a/src/config.rs b/src/config.rs
@@ -39,11 +39,19 @@ pub enum ServeConfig {
     PNG,
 }
 
+#[derive(Serialize, Deserialize, Debug, Default)]
+pub struct FilterConfig {
+    #[serde(skip_serializing_if = "Vec::is_empty", default)]
+    pub content_types: Vec<String>,
+}
+
 #[derive(Serialize, Deserialize, Debug)]
 pub struct Config {
     pub tags: HashMap<String, Tag>,
     pub serve: ServeConfig,
     pub jpeg_quality: u8,
+    #[serde(default)]
+    pub filter: FilterConfig,
 }
 
 static INSTANCE: OnceCell<Config> = OnceCell::new();

diff --git a/src/routes/download.rs b/src/routes/download.rs
@@ -1,4 +1,4 @@
-use crate::config::get_tag;
+use crate::config::{get_tag, Config};
 use crate::db::find_file;
 use crate::util::result::Error;
 
@@ -16,6 +16,11 @@ pub async fn get(req: HttpRequest) -> Result<HttpResponse, Error> {
         return Err(Error::NotFound);
     }
 
+    let config = Config::global();
+    if config.filter.content_types.contains(&file.content_type) {
+        return Err(Error::ContentTypeNotAllowed);
+    }
+
     let (contents, _) = fetch_file(id, &tag.0, file.metadata, None).await?;
 
     Ok(HttpResponse::Ok()

diff --git a/src/routes/serve.rs b/src/routes/serve.rs
@@ -151,6 +151,11 @@ pub async fn get(req: HttpRequest, resize: Query<Resize>) -> Result<HttpResponse
         return Err(Error::NotFound);
     }
 
+    let config = Config::global();
+    if config.filter.content_types.contains(&file.content_type) {
+        return Err(Error::ContentTypeNotAllowed);
+    }
+
     let (contents, content_type) = fetch_file(id, &tag.0, file.metadata, Some(resize.0)).await?;
     let content_type = content_type.unwrap_or(file.content_type);
 

diff --git a/src/routes/upload.rs b/src/routes/upload.rs
@@ -77,6 +77,11 @@ pub async fn post(req: HttpRequest, mut payload: Multipart) -> Result<HttpRespon
             }
         }
 
+        // Check if content type is blocked
+        if config.filter.content_types.contains(&content_type) {
+            return Err(Error::ContentTypeNotAllowed);
+        }
+
         let s = &content_type[..];
 
         let metadata = match s {

diff --git a/src/util/result.rs b/src/util/result.rs
@@ -8,6 +8,7 @@ use std::fmt::Display;
 #[serde(tag = "type")]
 pub enum Error {
     FileTooLarge { max_size: usize },
+    ContentTypeNotAllowed,
     FileTypeNotAllowed,
     FailedToReceive,
     BlockingError,
@@ -32,6 +33,7 @@ impl ResponseError for Error {
     fn status_code(&self) -> StatusCode {
         match &self {
             Error::FileTooLarge { .. } => StatusCode::PAYLOAD_TOO_LARGE,
+            Error::ContentTypeNotAllowed => StatusCode::BAD_REQUEST,
             Error::FileTypeNotAllowed => StatusCode::BAD_REQUEST,
             Error::FailedToReceive => StatusCode::BAD_REQUEST,
             Error::DatabaseError => StatusCode::INTERNAL_SERVER_ERROR,