From 95d32e2d515edf27a919e847fef5f5459f3f7234 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Sun, 11 Sep 2022 22:24:29 +0200 Subject: [PATCH] fix(server): prevent `api` as a repository name --- CHANGELOG.md | 2 ++ src/server/repo.v | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60b70b60..79ceed49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Refactor of web framework * API endpoints now return id of newly created entries * Repo POST requests now return information on published package +* `api` can no longer be used as a repository name +* CLI client now allows setting values to an empty value ### Removed diff --git a/src/server/repo.v b/src/server/repo.v index 526d4e76..06ab72e6 100644 --- a/src/server/repo.v +++ b/src/server/repo.v @@ -50,6 +50,12 @@ fn (mut app App) get_repo_file(repo string, arch string, filename string) web.Re // put_package handles publishing a package to a repository. ['/:repo/publish'; auth; post] fn (mut app App) put_package(repo string) web.Result { + // api is a reserved keyword for api routes & should never be allowed to be + // a repository. + if repo.to_lower() == 'api' { + return app.json(.bad_request, new_response("'api' is a reserved keyword & cannot be used as a repository name.")) + } + mut pkg_path := '' if length := app.req.header.get(.content_length) {