NotAShelf/pinakes
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

pinakes-server: cap batch_enrich size; reject path traversal in library roots

Browse source 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I42212cdd385921295484d5c1f5fbfeab6a6a6964
This commit is contained in:
raf 2026-03-12 20:46:20 +03:00
commit 18fda530f2
Signed by: NotAShelf
GPG key ID: 29D95B64378DB4BF
3 changed files with 49 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
crates/pinakes-server/src/routes/users.rs
View file

@ -161,12 +161,28 @@ pub async fn get_user_libraries(
))
}
fn validate_root_path(path: &str) -> Result<(), ApiError> {
if path.is_empty() || path.len() > 4096 {
return Err(ApiError::bad_request("root_path must be 1-4096 bytes"));
}
if !path.starts_with('/') {
return Err(ApiError::bad_request("root_path must be an absolute path"));
}
if path.split('/').any(|segment| segment == "..") {
return Err(ApiError::bad_request(
"root_path must not contain '..' traversal components",
));
}
Ok(())
}
/// Grant library access to a user (admin only)
pub async fn grant_library_access(
State(state): State<AppState>,
Path(id): Path<String>,
Json(req): Json<GrantLibraryAccessRequest>,
) -> Result<Json<serde_json::Value>, ApiError> {
validate_root_path(&req.root_path)?;
let user_id: UserId =
id.parse::<uuid::Uuid>().map(UserId::from).map_err(|_| {
ApiError(pinakes_core::error::PinakesError::InvalidOperation(
@ -191,6 +207,7 @@ pub async fn revoke_library_access(
Path(id): Path<String>,
Json(req): Json<RevokeLibraryAccessRequest>,
) -> Result<Json<serde_json::Value>, ApiError> {
validate_root_path(&req.root_path)?;
let user_id: UserId =
id.parse::<uuid::Uuid>().map(UserId::from).map_err(|_| {
ApiError(pinakes_core::error::PinakesError::InvalidOperation(