Decode names received from the filesystem.

Check directory permissions for adding new files.
2023-11-16 10:27:38 -08:00 · 2023-11-16 10:16:03 -08:00
3 changed files with 41 additions and 24 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,7 @@ Dexter is a Mojolicious webapp that handles the generation of index pages under
 ## Setup
 Dexter depends on these Perl modules:
 * Cwd
+* Encode
 * Readonly
 * File::Path
 * File::Spec
@ -35,6 +36,7 @@ Dexter needs to know about two directories you want it to use:

 ### Other
 * `$MAX_REQUEST_SIZE`: The maximum size of POST requests that Dexter will process.
+* `$FS_ENCODING`: The character encoding that the underlying filesystem uses to store filenames. The default value of `UTF-8` is most likely correct.

 ## License
 Dexter is released under Version 3 of the GNU Affero General Public License (see `LICENSE`). The default font- JetBrainsMono from NerdFonts- is released under Version 1.1 of the SIL Open Font License (see `app/public/.assets/FONT-LICENSE`).
--- a/app/dexter.pl
+++ b/app/dexter.pl
@ -4,6 +4,9 @@ use Module::Installed::Tiny qw(module_installed);

 use Mojolicious::Lite -signatures;

+use Encode::Locale;
+use Encode;
+
 use Readonly;

 use Cwd;
@ -34,6 +37,7 @@ Readonly::Hash my %MEANING_OF_HTTP_CODE => (
 Readonly my $ROOT_DIRECTORY   => 'public';
 Readonly my $SOCKET_DIRECTORY => '/var/www/run';
 Readonly my $TEMP_DIRECTORY   => '/tmp/dexter';
+Readonly my $FS_ENCODING      => 'UTF-8';
 Readonly my $MAX_REQUEST_SIZE => $GIGABYTE;

 mkdir $TEMP_DIRECTORY;
@ -339,7 +343,7 @@ sub make_size_human_readable ($size) {

 sub user_save_file_to_path ($user, $file, $path) {
    my ( $code, $message ) = check_user_can_create_file($user, $path);
-       ( $code, $message ) = check_dexter_can_edit_file($path);
+       ( $code, $message ) = check_dexter_can_create_file($path);
    return $code, $message if $code != 200;

    my $path_string = $ROOT_DIRECTORY . $path->to_route;
@ -351,7 +355,7 @@ sub user_save_file_to_path ($user, $file, $path) {

 sub user_mkdir_at_path ($user, $path) {
    my ( $code, $message ) = check_user_can_create_file($user, $path);
-       ( $code, $message ) = check_dexter_can_edit_file($path);
+       ( $code, $message ) = check_dexter_can_create_file($path);
    return $code, $message if $code != 200;

    my $path_string = $ROOT_DIRECTORY . $path->to_route;
@ -388,7 +392,7 @@ sub user_move_path_to_path ($user, $path, $new_path) {
    return $code, $message if $code != 200;

    ( $code, $message ) = check_user_can_create_file($user, $new_path);
-    ( $code, $message ) = check_dexter_can_edit_file($new_path);
+    ( $code, $message ) = check_dexter_can_create_file($new_path);
    return $code, $message if $code != 200;

    my $path_string     = $ROOT_DIRECTORY . $path->to_route;
@ -469,21 +473,22 @@ sub get_file_with_name ($name) {
    }

    my %file = (
-        name    => $name,
-        device  => $device,
-        inode   => $inode,
-        mode    => $mode,
-        nlink   => $nlink,
-        uid     => $uid,
-        gid     => $gid,
-        rdev    => $rdev,
-        size    => $size,
-        atime   => $atime,
-        mtime   => $mtime,
-        ctime   => $ctime,
-        blksize => $blksize,
-        blocks  => $blocks,
-        type    => $type,
+        name     => $name,
+        name_dec => Encode::decode($FS_ENCODING, $name),
+        device   => $device,
+        inode    => $inode,
+        mode     => $mode,
+        nlink    => $nlink,
+        uid      => $uid,
+        gid      => $gid,
+        rdev     => $rdev,
+        size     => $size,
+        atime    => $atime,
+        mtime    => $mtime,
+        ctime    => $ctime,
+        blksize  => $blksize,
+        blocks   => $blocks,
+        type     => $type,
    );

    return \%file;
@ -620,6 +625,16 @@ sub check_dexter_can_edit_file ($path) {
    return 200, '';
 }

+sub check_dexter_can_create_file ($path) {
+    my $path_string = $path->clone->trailing_slash(0)->to_dir->to_route;
+
+    if ( not -w $ROOT_DIRECTORY . $path_string ) {
+        return 500, "Dexter cannot create the file at '$path_string'!";
+    }
+
+    return 200, '';
+}
+


 if ( module_installed('OpenBSD::Unveil') ) {
--- a/app/templates/index.html.ep
+++ b/app/templates/index.html.ep
@ -2,14 +2,14 @@

 <html lang="en_US">
    <head>
-        <title>Index of <%= $c->req->url->path->to_string %></title>
+        <title>Index of <%= $c->req->url->path->to_route %></title>
        <meta charset="utf-8" />
        <link rel="stylesheet" href="/.assets/style.css" />
        <script src="/.assets/main.js"></script>
    </head>
    <body>
        <header>
-            <h1>Index of <%= $c->req->url->path->to_string %></h1>
+            <h1>Index of <%= $c->req->url->path->to_route %></h1>
        </header>
        <article>
            <table>
@ -64,8 +64,8 @@
                    % foreach my $file (@$FILES) {
                        <tr>
                            <td class="left">
-                                <a href="<%= $file->{name} %>">
-                                    <%= $file->{name} %>
+                                <a href="<%= $file->{name_dec} %>">
+                                    <%= $file->{name_dec} %>
                                </a>
                                <span class="buttons">
                                    % if ( permission_available_at_path('MOVE', $file->{name}) ) {
@ -73,7 +73,7 @@
                                            <a class="button" onclick="file_move(this)">&nbsp;✎&nbsp;</a>
                                            <form action="./" method="post">
                                                <input type="hidden" name="intent" value="move" />
-                                                <input type="hidden" name="target_path" value="<%= $file->{name} %>" />
+                                                <input type="hidden" name="target_path" value="<%= $file->{name_dec} %>" />
                                                <input type="hidden" name="dest_path" value="" />
                                            </form>
                                        </span>
@ -83,7 +83,7 @@
                                            <a class="button" onclick="file_delete(this)">&nbsp;✖&nbsp;</a>
                                            <form action="./" method="post">
                                                <input type="hidden" name="intent" value="delete" />
-                                                <input type="hidden" name="target_path" value="<%= $file->{name} %>" />
+                                                <input type="hidden" name="target_path" value="<%= $file->{name_dec} %>" />
                                            </form>
                                        </span>
                                    % }
Author	SHA1	Message	Date
Sam Greytalon	b8b7fc68bd	Decode names received from the filesystem.	2023-11-16 10:27:38 -08:00
Sam Greytalon	251c7640a3	Check directory permissions for adding new files.	2023-11-16 10:16:03 -08:00