gleam_time = ">= 1.8.0 and < 2.0.0"
simplifile = ">= 2.4.0 and < 3.0.0"
mist = ">= 6.0.3 and < 7.0.0"
+envoy = ">= 1.2.0 and < 2.0.0"
[dev_dependencies]
gleeunit = ">= 1.0.0 and < 2.0.0"
[requirements]
argv = { version = ">= 1.1.0 and < 2.0.0" }
+envoy = { version = ">= 1.2.0 and < 2.0.0" }
gleam_erlang = { version = ">= 1.3.0 and < 2.0.0" }
gleam_http = { version = ">= 4.3.0 and < 5.0.0" }
gleam_json = { version = ">= 3.1.0 and < 4.0.0" }
import argv
+import envoy
import gleam/erlang/process
import gleam/io
+import gleam/result
import mist
import router
import wisp
fn web(file_path: String, password: String) -> Nil {
wisp.configure_logger()
- let secret_key_base = wisp.random_string(64)
+ let secret_key_base =
+ result.unwrap(envoy.get("SECRET_KEY_BASE"), wisp.random_string(64))
let assert Ok(_) =
router.handle_request(_, file_path, password)
import gleam/bool
import gleam/list
import gleam/result
+import gleam/string
import simplifile
import wisp
return: wisp.response(401),
)
- wisp.log_debug(result.unwrap(list.key_find(form.values, "password"), ""))
-
case form.files {
[#("file", wisp.UploadedFile(file_name:, path: temp_path)), ..] -> {
- let destination =
- "./files/"
- <> result.unwrap(list.key_find(form.values, "filename"), file_name)
+ let user_path_name =
+ result.unwrap(list.key_find(form.values, "filename"), file_name)
+
+ let destination = "./files/" <> user_path_name
+
+ use <- bool.guard(
+ string.contains(does: user_path_name, contain: "/")
+ || string.contains(does: user_path_name, contain: ".."),
+ wisp.bad_request("bad filename, no slashes allowed"),
+ )
let result = {
use _ <- result.try(simplifile.create_directory_all("./files"))