add check if accessed storage file_id is a uuid and when not send them to a 404 error page
Build and Push Docker Container / build-and-push (push) Successful in 1m31s
Build and Push Docker Container / build-and-push (push) Successful in 1m31s
This commit is contained in:
+19
-6
@@ -1,15 +1,14 @@
|
|||||||
from quart import has_request_context, request, has_websocket_context, websocket
|
from quart import has_request_context, request, has_websocket_context, websocket
|
||||||
from flask_limiter import Limiter
|
from flask_limiter import Limiter
|
||||||
|
from uuid import UUID
|
||||||
import subprocess, aiohttp
|
import subprocess, aiohttp
|
||||||
|
|
||||||
# Get IPs
|
# Get IPs
|
||||||
def get_ip():
|
def get_ip():
|
||||||
if has_request_context():
|
context = get_request_context()
|
||||||
xff = request.headers.get("X-Forwarded-For", "")
|
if context:
|
||||||
return xff.split(",")[0].strip() if xff else request.remote_addr
|
xff = context.headers.get("X-Forwarded-For", "")
|
||||||
elif has_websocket_context():
|
return xff.split(",")[0].strip() if xff else context.remote_addr
|
||||||
xff = websocket.headers.get("X-Forwarded-For", "")
|
|
||||||
return xff.split(",")[0].strip() if xff else websocket.remote_addr
|
|
||||||
return None # No active request or websocket context
|
return None # No active request or websocket context
|
||||||
|
|
||||||
async def get_my_ip_address():
|
async def get_my_ip_address():
|
||||||
@@ -61,3 +60,17 @@ def replace_last_ip_segment(ip:str, new_value:str="1") -> str:
|
|||||||
parts[-1] = str(new_value)
|
parts[-1] = str(new_value)
|
||||||
return '.'.join(parts)
|
return '.'.join(parts)
|
||||||
raise ValueError("Invalid IP address format")
|
raise ValueError("Invalid IP address format")
|
||||||
|
|
||||||
|
def get_request_context():
|
||||||
|
if has_request_context():
|
||||||
|
return request
|
||||||
|
elif has_websocket_context():
|
||||||
|
return websocket
|
||||||
|
return None
|
||||||
|
|
||||||
|
def is_valid_uuid(value: str) -> bool:
|
||||||
|
try:
|
||||||
|
UUID(value)
|
||||||
|
return True
|
||||||
|
except ValueError:
|
||||||
|
return False
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
from my_modules.app.setup import LIMITER
|
from my_modules.app.setup import LIMITER
|
||||||
|
from my_modules.functions import is_valid_uuid
|
||||||
|
|
||||||
from quart import Blueprint, send_from_directory, render_template, current_app, Response, redirect
|
from quart import Blueprint, send_from_directory, current_app, Response, redirect, abort
|
||||||
|
|
||||||
basic_bp = Blueprint('basic', __name__)
|
basic_bp = Blueprint('basic', __name__)
|
||||||
|
|
||||||
@@ -18,6 +19,9 @@ async def robots():
|
|||||||
|
|
||||||
@basic_bp.route("/storage/<path:file_id>")
|
@basic_bp.route("/storage/<path:file_id>")
|
||||||
async def convex_storage_proxy(file_id:str):
|
async def convex_storage_proxy(file_id:str):
|
||||||
|
if not is_valid_uuid(file_id):
|
||||||
|
return abort(404, "Not a valid uuid")
|
||||||
|
|
||||||
return Response(
|
return Response(
|
||||||
current_app.convex.stream_from_storage(file_id, add_api_path=True),
|
current_app.convex.stream_from_storage(file_id, add_api_path=True),
|
||||||
mimetype="application/octet-stream"
|
mimetype="application/octet-stream"
|
||||||
|
|||||||
Reference in New Issue
Block a user