implement fileupload

2025-01-15 09:13:00 +01:00 · 2025-01-15 09:13:00 +01:00 · 897bbeb198
commit 897bbeb198
parent d86ac5822c
8 changed files with 367 additions and 10 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -39,6 +39,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d6fd624c75e18b3b4c6b9caf42b1afe24437daaee904069137d8bab077be8b8"
 dependencies = [
 "axum-core",
 "axum-macros",
 "bytes",
 "form_urlencoded",
 "futures-util",
@ -51,6 +52,7 @@ dependencies = [
 "matchit",
 "memchr",
 "mime",
 "multer",
 "percent-encoding",
 "pin-project-lite",
 "rustversion",
@ -86,6 +88,17 @@ dependencies = [
 "tracing",
 ]
 [[package]]
 name = "axum-macros"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
 [[package]]
 name = "backtrace"
 version = "0.3.74"
@ -125,8 +138,12 @@ version = "0.1.0"
 dependencies = [
 "axum",
 "figment",
 "futures",
 "futures-util",
 "problem_details",
 "serde",
 "tokio",
 "tokio-stream",
 "tracing",
 "tracing-log",
 "tracing-subscriber",
@ -138,6 +155,15 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 [[package]]
 name = "encoding_rs"
 version = "0.8.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3"
 dependencies = [
 "cfg-if",
 ]
 [[package]]
 name = "equivalent"
 version = "1.0.1"
@ -173,6 +199,21 @@ dependencies = [
 "percent-encoding",
 ]
 [[package]]
 name = "futures"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
 dependencies = [
 "futures-channel",
 "futures-core",
 "futures-executor",
 "futures-io",
 "futures-sink",
 "futures-task",
 "futures-util",
 ]
 [[package]]
 name = "futures-channel"
 version = "0.3.31"
@ -180,6 +221,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
 dependencies = [
 "futures-core",
 "futures-sink",
 ]
 [[package]]
@ -188,6 +230,40 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
 [[package]]
 name = "futures-executor"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
 dependencies = [
 "futures-core",
 "futures-task",
 "futures-util",
 ]
 [[package]]
 name = "futures-io"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
 [[package]]
 name = "futures-macro"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn",
 ]
 [[package]]
 name = "futures-sink"
 version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
 [[package]]
 name = "futures-task"
 version = "0.3.31"
@ -200,10 +276,16 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
 "futures-channel",
 "futures-core",
 "futures-io",
 "futures-macro",
 "futures-sink",
 "futures-task",
 "memchr",
 "pin-project-lite",
 "pin-utils",
 "slab",
 ]
 [[package]]
@ -252,6 +334,16 @@ dependencies = [
 "pin-project-lite",
 ]
 [[package]]
 name = "http-serde"
 version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0f056c8559e3757392c8d091e796416e4649d8e49e88b8d76df6c002f05027fd"
 dependencies = [
 "http",
 "serde",
 ]
 [[package]]
 name = "httparse"
 version = "1.9.5"
@ -387,6 +479,23 @@ dependencies = [
 "windows-sys",
 ]
 [[package]]
 name = "multer"
 version = "3.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b"
 dependencies = [
 "bytes",
 "encoding_rs",
 "futures-util",
 "http",
 "httparse",
 "memchr",
 "mime",
 "spin",
 "version_check",
 ]
 [[package]]
 name = "nu-ansi-term"
 version = "0.46.0"
@ -482,6 +591,19 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 [[package]]
 name = "problem_details"
 version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ee2055bf7d8f34bd11bf85388b878bf244256015f1ed290b6b717c0e97bb478"
 dependencies = [
 "axum",
 "http",
 "http-serde",
 "serde",
 "serde_json",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.92"
@ -627,6 +749,15 @@ dependencies = [
 "libc",
 ]
 [[package]]
 name = "slab"
 version = "0.4.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
 dependencies = [
 "autocfg",
 ]
 [[package]]
 name = "smallvec"
 version = "1.13.2"
@ -643,6 +774,12 @@ dependencies = [
 "windows-sys",
 ]
 [[package]]
 name = "spin"
 version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
 [[package]]
 name = "syn"
 version = "2.0.95"
@ -699,6 +836,17 @@ dependencies = [
 "syn",
 ]
 [[package]]
 name = "tokio-stream"
 version = "0.1.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047"
 dependencies = [
 "futures-core",
 "pin-project-lite",
 "tokio",
 ]
 [[package]]
 name = "toml"
 version = "0.8.19"
--- a/casket-backend/Cargo.toml
+++ b/casket-backend/Cargo.toml
@ -2,12 +2,18 @@
 name = "casket-backend"
 version = "0.1.0"
 edition = "2021"
 description = "Backend for the casket file cloud."
 repository = "https://git.nifni.eu/nif/casket"
 [dependencies]
-axum = { version = "0.8.1" }
+axum = { version = "0.8.1", features = ["multipart", "macros"] }
 tokio = { version = "1.42.0", features = ["full"] }
 tokio-stream = "0.1.17"
 futures = "0.3"
 futures-util = "0.3"
 figment = { version = "0.10.19", features = ["toml", "env"] }
-serde = {version = "1.0.217", features = ["derive"]}
+serde = { version = "1.0.217", features = ["derive"] }
 tracing = "0.1.41"
 tracing-log = "0.2.0"
-tracing-subscriber = "0.3.19"
+tracing-subscriber = "0.3.19"
 problem_details = { version = "0.7.0", features = ["axum"] }
--- a/casket-backend/casket.toml
+++ b/casket-backend/casket.toml
@ -1,3 +1,6 @@
 [server]
 port = 3000
-bind_address = "127.0.0.1"
+bind_address = "127.0.0.1"
 [files]
 directory = "/tmp/casket"
--- a/casket-backend/src/config.rs
+++ b/casket-backend/src/config.rs
@ -1,12 +1,14 @@
 use figment::providers::{Env, Format};
 use figment::{providers::Toml, Figment};
 use serde::Deserialize;
 use std::path::PathBuf;
 pub const CONFIG_LOCATIONS: [&str; 2] = ["casket-backend/casket.toml", "/config/casket.toml"];
 #[derive(Deserialize, Clone, Debug)]
 pub struct Config {
    pub server: Server,
    pub files: Files,
 }
 #[derive(Deserialize, Clone, Debug)]
@ -14,6 +16,10 @@ pub struct Server {
    pub port: u16,
    pub bind_address: String,
 }
 #[derive(Deserialize, Clone, Debug)]
 pub struct Files {
    pub directory: PathBuf,
 }
 pub fn get_config() -> figment::Result<Config> {
    CONFIG_LOCATIONS
--- a/casket-backend/src/errors.rs
+++ b/casket-backend/src/errors.rs
@ -0,0 +1,4 @@
 pub const ERROR_DETAILS_PATH_TRAVERSAL: &str = "You must not traverse!";
 pub const ERROR_DETAILS_INTERNAL_ERROR: &str =
    "Internal Error! Check the logs of the backend service for details.";
 pub const ERROR_DETAILS_ABSOLUTE_PATH_NOT_ALLOWED: &str = "Absolute paths are not allowed.";
--- a/casket-backend/src/files/mod.rs
+++ b/casket-backend/src/files/mod.rs
@ -0,0 +1,181 @@
 use crate::{errors, AppState};
 use axum::body::Bytes;
 use axum::debug_handler;
 use axum::extract::multipart::{Field, MultipartError};
 use axum::extract::{Multipart, State};
 use axum::http::StatusCode;
 use futures_util::stream::MapErr;
 use futures_util::{StreamExt, TryStreamExt};
 use problem_details::ProblemDetails;
 use std::fmt::Debug;
 use std::io;
 use std::io::Error;
 use std::path::{Component, Path, PathBuf};
 use tokio::fs::{create_dir_all, File};
 use tokio::io::AsyncWriteExt;
 use tokio_stream::Stream;
 use tracing::error;
 #[debug_handler]
 pub async fn handle_file_uploads(
    State(state): State<AppState>,
    axum::extract::Path(user_id): axum::extract::Path<String>,
    mut multipart: Multipart,
 ) -> Result<(), ProblemDetails> {
    while let Some(field) = multipart.next_field().await.unwrap() {
        handle_single_file_upload(&state, &user_id, field).await?;
    }
    Ok(())
 }
 // clippy behaves weird. When removing the lifetime the compilation fails since the Field type has
 // a generic lifetime around the multipart.
 #[allow(clippy::needless_lifetimes)]
 async fn handle_single_file_upload<'field_lifetime>(
    state: &AppState,
    user_id: &str,
    field: Field<'field_lifetime>,
 ) -> Result<(), ProblemDetails> {
    let path = field.name().unwrap().to_string();
    let filesystem_path = build_system_path(&state.config.files.directory, user_id, &path)?;
    save_file(filesystem_path, map_error_to_io_error(field))
        .await
        .map_err(to_internal_error)
 }
 pub async fn save_file(
    path: PathBuf,
    mut content: impl Stream<Item = Result<Bytes, Error>> + Unpin,
 ) -> Result<(), Error> {
    create_dir_all(path.parent().unwrap()).await?;
    let mut file = File::create(path).await?;
    while let Some(bytes) = content.next().await {
        file.write_all(&bytes?).await?;
    }
    Ok(())
 }
 fn to_internal_error(error: impl Debug) -> ProblemDetails {
    error!("{:?}", error);
    ProblemDetails::from_status_code(StatusCode::INTERNAL_SERVER_ERROR)
        .with_detail(errors::ERROR_DETAILS_INTERNAL_ERROR)
 }
 fn map_error_to_io_error(field: Field) -> MapErr<Field, fn(MultipartError) -> Error> {
    field.map_err(|err| Error::new(io::ErrorKind::Other, err))
 }
 fn build_system_path(
    base_directory: &Path,
    user_id: &str,
    path: &str,
 ) -> Result<PathBuf, ProblemDetails> {
    let user_path = PathBuf::from(path);
    if user_path.is_absolute() {
        Err(
            ProblemDetails::from_status_code(StatusCode::BAD_REQUEST).with_detail(
                errors::ERROR_DETAILS_ABSOLUTE_PATH_NOT_ALLOWED.to_owned()
                    + format!(" Provided Path: {path}").as_str(),
            ),
        )
    } else {
        sanitize_path(&base_directory.join(user_id).join(path))
    }
 }
 pub fn sanitize_path(path: &Path) -> Result<PathBuf, ProblemDetails> {
    let mut ret = PathBuf::new();
    for component in path.components().peekable() {
        match component {
            Component::Prefix(..) => unreachable!(),
            Component::RootDir => {
                ret.push(Component::RootDir);
            }
            Component::CurDir => {}
            Component::ParentDir => {
                return Err(ProblemDetails::from_status_code(StatusCode::BAD_REQUEST)
                    .with_detail(errors::ERROR_DETAILS_PATH_TRAVERSAL));
            }
            Component::Normal(c) => {
                ret.push(c);
            }
        }
    }
    Ok(ret)
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_sanitize_path_success() {
        let cases = &[
            ("", ""),
            (".", ""),
            (".////./.", ""),
            ("/", "/"),
            ("/foo/bar", "/foo/bar"),
            ("/foo/bar/", "/foo/bar"),
            ("/foo/bar/./././///", "/foo/bar"),
            ("foo/bar", "foo/bar"),
            ("foo/bar/", "foo/bar"),
            ("foo/bar/./././///", "foo/bar"),
        ];
        for (input, expected) in cases {
            let actual = sanitize_path(&PathBuf::from(input));
            assert_eq!(actual, Ok(PathBuf::from(expected)), "input: {input}");
        }
    }
    #[test]
    fn test_sanitize_path_error() {
        let cases = &[
            "..",
            "/../",
            "../../foo/bar",
            "../../foo/bar/",
            "../../foo/bar/./././///",
            "../../foo/bar/..",
            "../../foo/bar/../..",
            "../../foo/bar/../../..",
            "/foo/bar/../../..",
            "/foo/bar/../..",
            "/foo/bar/..",
        ];
        for input in cases {
            let actual = sanitize_path(&PathBuf::from(input));
            assert_eq!(
                actual,
                Err(ProblemDetails::from_status_code(StatusCode::BAD_REQUEST)
                    .with_detail(errors::ERROR_DETAILS_PATH_TRAVERSAL)),
                "input: {input}"
            );
        }
    }
    #[test]
    fn test_build_system_path_success() {
        let input_path = "tmp/blub";
        let user_id = "bla";
        assert_eq!(
            build_system_path(&PathBuf::from("/tmp/bla"), user_id, input_path).unwrap(),
            PathBuf::from("/tmp/bla/bla/tmp/blub")
        );
    }
    #[test]
    fn test_build_system_path_error_with_absolute_user_path_returns_error() {
        let input_path = "tmp/blub";
        let user_id = "bla";
        assert_eq!(
            build_system_path(&PathBuf::from("/tmp/bla"), user_id, input_path),
            Err(
                ProblemDetails::from_status_code(StatusCode::BAD_REQUEST).with_detail(
                    errors::ERROR_DETAILS_ABSOLUTE_PATH_NOT_ALLOWED.to_owned()
                        + format!(" Provided Path: {input_path}").as_str()
                )
            )
        );
    }
 }
--- a/casket-backend/src/main.rs
+++ b/casket-backend/src/main.rs
@ -1,4 +1,8 @@
 #![warn(clippy::pedantic)]
 mod config;
 mod errors;
 mod files;
 mod routes;
 use axum::Router;
@ -8,7 +12,9 @@ use std::str::FromStr;
 use tracing::{debug, error, info};
 #[derive(Clone)]
-pub struct AppState {}
+pub struct AppState {
    config: config::Config,
 }
 #[tokio::main]
 async fn main() {
@ -22,7 +28,7 @@ async fn main() {
            let bind = format!("{}:{}", &config.server.bind_address, &config.server.port);
            let app = Router::new()
                .merge(routes::routes())
-                .with_state(AppState {});
+                .with_state(AppState { config });
            let listener = tokio::net::TcpListener::bind(bind).await.unwrap();
            info!("listening on {}", listener.local_addr().unwrap());
@ -43,7 +49,7 @@ fn get_log_level() -> tracing::Level {
    let env = env::var("CASKET_LOG_LEVEL");
    match env {
        Ok(value) => tracing::Level::from_str(&value)
-            .unwrap_or_else(|_| panic!("Failed to parse log level env {}", value)),
+            .unwrap_or_else(|_| panic!("Failed to parse log level env {value}")),
        Err(_) => tracing::Level::INFO,
    }
 }
--- a/casket-backend/src/routes/mod.rs
+++ b/casket-backend/src/routes/mod.rs
@ -1,9 +1,12 @@
 use crate::files;
 use crate::AppState;
 use axum::routing::post;
 use axum::{response::Html, routing::get, Router};
 use crate::AppState;
 pub fn routes() -> Router<AppState> {
-    Router::new().route("/", get(handler))
+    Router::new()
        .route("/", get(handler))
        .route("/api/v1/user/{:user_id}/files", post(files::handle_file_uploads))
 }
 async fn handler() -> Html<&'static str> {