Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Refuse writing the config in append-only mode

Browse source
This commit is contained in:
Alexander Neumann 2018-04-02 13:02:16 +02:00
parent 8dad5a5f41
commit 0f72176ddd
1 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

22
handlers.go
View file

@ -206,22 +206,31 @@ func SaveConfig(w http.ResponseWriter, r *http.Request) {
return return
} }
bytes, err := ioutil.ReadAll(r.Body) f, err := os.OpenFile(cfg, os.O_CREATE|os.O_WRONLY|os.O_EXCL, 0600)
if err != nil { if err != nil && os.IsExist(err) {
if Config.Debug { if Config.Debug {
log.Print(err) log.Print(err)
} }
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return return
} }
if err := ioutil.WriteFile(cfg, bytes, 0600); err != nil { _, err = io.Copy(f, r.Body)
if err != nil {
if Config.Debug { if Config.Debug {
log.Print(err) log.Print(err)
} }
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
} }
err = f.Close()
if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
_ = r.Body.Close()
} }
// DeleteConfig removes a config. // DeleteConfig removes a config.
@ -473,6 +482,11 @@ func SaveBlob(w http.ResponseWriter, r *http.Request) {
} }
} }
if os.IsExist(err) {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
if err != nil { if err != nil {
if Config.Debug { if Config.Debug {
log.Print(err) log.Print(err)