From 78fd6d8d581c98ae0a000a1fc2e68f61129932b6 Mon Sep 17 00:00:00 2001
From: Chewing_Bever <roosensjef@gmail.com>
Date: Sun, 11 Sep 2022 22:24:29 +0200
Subject: [PATCH] fix(server): prevent `api` as a repository name

---
 CHANGELOG.md      | 2 ++
 src/server/repo.v | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5aa0e43..bb0c517 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   repository will be cloned with the default branch
 * Build containers now explicitely set the PATH variable
 * Refactor of web framework
+* `api` can no longer be used as a repository name
+* CLI client now allows setting values to an empty value
 
 ### Removed
 
diff --git a/src/server/repo.v b/src/server/repo.v
index 5ed5d15..abfc631 100644
--- a/src/server/repo.v
+++ b/src/server/repo.v
@@ -51,6 +51,12 @@ fn (mut app App) get_repo_file(repo string, arch string, filename string) web.Re
 // put_package handles publishing a package to a repository.
 ['/:repo/publish'; auth; post]
 fn (mut app App) put_package(repo string) web.Result {
+	// api is a reserved keyword for api routes & should never be allowed to be
+	// a repository.
+	if repo.to_lower() == 'api' {
+		return app.json(.bad_request, new_response("'api' is a reserved keyword & cannot be used as a repository name."))
+	}
+
 	mut pkg_path := ''
 
 	if length := app.req.header.get(.content_length) {