fix(server): prevent `api` as a repository name

2022-09-11 22:24:29 +02:00 · 2022-09-11 22:24:29 +02:00 · 95d32e2d51
parent 575c04189d
commit 95d32e2d51
2 changed files with 8 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -35,6 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Refactor of web framework
 * API endpoints now return id of newly created entries
 * Repo POST requests now return information on published package
+* `api` can no longer be used as a repository name
+* CLI client now allows setting values to an empty value

 ### Removed

--- a/src/server/repo.v
+++ b/src/server/repo.v
@ -50,6 +50,12 @@ fn (mut app App) get_repo_file(repo string, arch string, filename string) web.Re
 // put_package handles publishing a package to a repository.
 ['/:repo/publish'; auth; post]
 fn (mut app App) put_package(repo string) web.Result {
+	// api is a reserved keyword for api routes & should never be allowed to be
+	// a repository.
+	if repo.to_lower() == 'api' {
+		return app.json(.bad_request, new_response("'api' is a reserved keyword & cannot be used as a repository name."))
+	}
+
 	mut pkg_path := ''

 	if length := app.req.header.get(.content_length) {