MiaoStars/cloudreve
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(storage policy): set deny/allow list for file extension and custom regexp (#2695)

Browse Source
This commit is contained in:
Aaron Liu
2025-07-25 11:32:04 +08:00
parent 60bf0e02b3
commit c8c2a60adb
4 changed files with 84 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/filemanager/fs/dbfs/manage.go
View File

@@ -120,6 +120,20 @@ func (f *DBFS) Create(ctx context.Context, path *fs.URI, fileType types.FileType
ancestor = newFile(ancestor, newFolder)
} else {
// valide file name
policy, err := f.getPreferredPolicy(ctx, ancestor, 0)
if err != nil {
return nil, err
}
if err := validateExtension(desired[i], policy); err != nil {
return nil, fs.ErrIllegalObjectName.WithError(err)
}
if err := validateFileNameRegexp(desired[i], policy); err != nil {
return nil, fs.ErrIllegalObjectName.WithError(err)
}
file, err := f.createFile(ctx, ancestor, desired[i], fileType, o)
if err != nil {
return nil, err
@@ -170,6 +184,10 @@ func (f *DBFS) Rename(ctx context.Context, path *fs.URI, newName string) (fs.Fil
if err := validateExtension(newName, policy); err != nil {
return nil, fs.ErrIllegalObjectName.WithError(err)
}
if err := validateFileNameRegexp(newName, policy); err != nil {
return nil, fs.ErrIllegalObjectName.WithError(err)
}
}
// Lock target

33
pkg/filemanager/fs/dbfs/validator.go
View File

@@ -3,10 +3,12 @@ package dbfs
import (
"context"
"fmt"
"regexp"
"strings"
"github.com/cloudreve/Cloudreve/v4/ent"
"github.com/cloudreve/Cloudreve/v4/pkg/filemanager/fs"
"github.com/cloudreve/Cloudreve/v4/pkg/util"
"strings"
)
const MaxFileNameLength = 256
@@ -30,18 +32,35 @@ func validateFileName(name string) error {
// validateExtension validates the file extension.
func validateExtension(name string, policy *ent.StoragePolicy) error {
// 不需要验证
if len(policy.Settings.FileType) == 0 {
return nil
}
if !util.IsInExtensionList(policy.Settings.FileType, name) {
inList := util.IsInExtensionList(policy.Settings.FileType, name)
if (policy.Settings.IsFileTypeDenyList && inList) || (!policy.Settings.IsFileTypeDenyList && !inList) {
return fmt.Errorf("file extension is not allowed")
}
return nil
}
func validateFileNameRegexp(name string, policy *ent.StoragePolicy) error {
if policy.Settings.NameRegexp == "" {
return nil
}
match, err := regexp.MatchString(policy.Settings.NameRegexp, name)
if err != nil {
return fmt.Errorf("invalid file name regexp: %s", err)
}
if (policy.Settings.IsNameRegexpDenyList && match) || (!policy.Settings.IsNameRegexpDenyList && !match) {
return fmt.Errorf("file name is not allowed by regexp")
}
return nil
}
// validateFileSize validates the file size.
func validateFileSize(size int64, policy *ent.StoragePolicy) error {
if policy.MaxSize == 0 {
@@ -56,11 +75,15 @@ func validateFileSize(size int64, policy *ent.StoragePolicy) error {
// validateNewFile validates the upload request.
func validateNewFile(fileName string, size int64, policy *ent.StoragePolicy) error {
if err := validateFileName(fileName); err != nil {
return err
return fs.ErrIllegalObjectName.WithError(err)
}
if err := validateExtension(fileName, policy); err != nil {
return err
return fs.ErrIllegalObjectName.WithError(err)
}
if err := validateFileNameRegexp(fileName, policy); err != nil {
return fs.ErrIllegalObjectName.WithError(err)
}
if err := validateFileSize(size, policy); err != nil {