From 273eac4b43caa243d010dd00fa91476e8e3c71b9 Mon Sep 17 00:00:00 2001 From: Mark Date: Thu, 26 Oct 2023 16:35:58 +0200 Subject: [PATCH] server/lib: can now have custom-files which clients can access if they know the path. --- musicdb-lib/src/data/database.rs | 9 +++++++++ musicdb-lib/src/server/get.rs | 30 ++++++++++++++++++++---------- musicdb-server/src/main.rs | 7 ++++++- 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/musicdb-lib/src/data/database.rs b/musicdb-lib/src/data/database.rs index f2323e0..3a99a31 100755 --- a/musicdb-lib/src/data/database.rs +++ b/musicdb-lib/src/data/database.rs @@ -26,6 +26,12 @@ pub struct Database { albums: HashMap, songs: HashMap, covers: HashMap, + /// clients can access files in this directory if they know the relative path. + /// can be used to embed custom images in tags of songs/albums/artists. + /// None -> no access + /// Some(None) -> access to lib_directory + /// Some(Some(path)) -> access to path + pub custom_files: Option>, // These will be used for autosave once that gets implemented db_data_file_change_first: Option, db_data_file_change_last: Option, @@ -374,6 +380,7 @@ impl Database { albums: HashMap::new(), songs: HashMap::new(), covers: HashMap::new(), + custom_files: None, db_data_file_change_first: None, db_data_file_change_last: None, queue: QueueContent::Folder(0, vec![], String::new()).into(), @@ -392,6 +399,7 @@ impl Database { albums: HashMap::new(), songs: HashMap::new(), covers: HashMap::new(), + custom_files: None, db_data_file_change_first: None, db_data_file_change_last: None, queue: QueueContent::Folder(0, vec![], String::new()).into(), @@ -412,6 +420,7 @@ impl Database { albums: ToFromBytes::from_bytes(&mut file)?, songs: ToFromBytes::from_bytes(&mut file)?, covers: ToFromBytes::from_bytes(&mut file)?, + custom_files: None, db_data_file_change_first: None, db_data_file_change_last: None, queue: QueueContent::Folder(0, vec![], String::new()).into(), diff --git a/musicdb-lib/src/server/get.rs b/musicdb-lib/src/server/get.rs index 8e53fef..1ae01cc 100755 --- a/musicdb-lib/src/server/get.rs +++ b/musicdb-lib/src/server/get.rs @@ -1,6 +1,8 @@ use std::{ + fs, io::BufRead, io::{BufReader, Read, Write}, + path::Path, sync::{Arc, Mutex}, }; @@ -118,16 +120,24 @@ pub fn handle_one_connection_as_get( writeln!(connection.get_mut(), "no data")?; } } - "song-file-blocking" => { - if let Some(bytes) = - request - .next() - .and_then(|id| id.parse().ok()) - .and_then(|id| { - let db = db.lock().unwrap(); - db.get_song(&id).and_then(|song| song.cached_data_now(&db)) - }) - { + "custom-file" => { + if let Some(bytes) = request.next().and_then(|path| { + let db = db.lock().unwrap(); + let mut parent = match &db.custom_files { + None => None, + Some(None) => Some(db.lib_directory.clone()), + Some(Some(p)) => Some(p.clone()), + }; + // check for malicious paths + if Path::new(path).is_absolute() { + parent = None; + } + if let Some(parent) = parent { + fs::read(parent.join(path)).ok() + } else { + None + } + }) { writeln!(connection.get_mut(), "len: {}", bytes.len())?; connection.get_mut().write_all(&bytes)?; } else { diff --git a/musicdb-server/src/main.rs b/musicdb-server/src/main.rs index 82e36b3..33530cb 100755 --- a/musicdb-server/src/main.rs +++ b/musicdb-server/src/main.rs @@ -31,13 +31,17 @@ struct Args { /// requires the `assets/` folder to be present! #[arg(long)] web: Option, + + /// allow clients to access files in this directory, or the lib_dir if not specified. + #[arg(long)] + custom_files: Option>, } #[tokio::main] async fn main() { // parse args let args = Args::parse(); - let database = if args.init { + let mut database = if args.init { Database::new_empty(args.dbfile, args.lib_dir) } else { match Database::load_database(args.dbfile.clone(), args.lib_dir.clone()) { @@ -51,6 +55,7 @@ async fn main() { } } }; + database.custom_files = args.custom_files; // database can be shared by multiple threads using Arc> let database = Arc::new(Mutex::new(database)); if args.tcp.is_some() || args.web.is_some() {