limit path scope

2024-04-16 16:26:18 +02:00 · 2024-04-16 16:26:18 +02:00 · ef14646507
commit ef14646507
parent 2cc0bfbb09
4 changed files with 30 additions and 15 deletions
--- a/src/proxy.rs
+++ b/src/proxy.rs
@ -5,20 +5,28 @@ use std::{
    sync::Arc,
 };

+use crate::config::Config;
+
 pub struct Mirror {
    mirrors: Vec<Arc<String>>,
    data_dir: String,
-    ttl: usize,
    no_cache: regex::Regex,
+    only_allow: Option<regex::Regex>,
+    config: Config,
 }

 impl Mirror {
-    pub fn new(mirrors: Vec<String>, data_dir: &str, no_cache: &str, ttl: usize) -> Self {
+    pub fn new(config: &Config) -> Self {
+        let mirrors = config.mirrors.clone();
        Self {
            mirrors: mirrors.into_iter().map(Arc::new).collect(),
-            data_dir: data_dir.to_string(),
-            no_cache: regex::Regex::new(no_cache).unwrap(),
-            ttl,
+            data_dir: config.cache_dir.clone(),
+            no_cache: regex::Regex::new(&config.no_cache).unwrap(),
+            only_allow: config
+                .only_allow
+                .clone()
+                .map(|x| regex::Regex::new(&x).unwrap()),
+            config: config.clone(),
        }
    }

@ -57,13 +65,13 @@ impl Mirror {
            let current_time = std::time::SystemTime::now();
            let elapsed_time = current_time.duration_since(modified).ok()?;
            let threshold_duration =
-                std::time::Duration::from_secs((self.ttl * 60).try_into().unwrap());
+                std::time::Duration::from_secs((self.config.ttl * 60).try_into().unwrap());

            if elapsed_time > threshold_duration {
                log::info!(
                    "Cached file is {} minutes old. Older than TTL {}.",
                    (elapsed_time.as_secs() / 60),
-                    self.ttl
+                    self.config.ttl
                );
                Some(true)
            } else {
@ -93,6 +101,13 @@ impl Mirror {
        let p = std::path::Path::new(&path[1..]);
        let p = std::path::Path::new(&self.data_dir).join(p);

+        // check if path is in scope
+        if let Some(only_allow) = &self.only_allow {
+            if !only_allow.is_match(path) {
+                return Some(HttpResponse::NotFound().finish());
+            }
+        }
+
        // check if cache should be used
        if !self.no_cache.is_match(path) || !self.is_cache_invalid(&p) {
            Self::create_cache_dir(p.parent().unwrap());