From 13adfa15b749d37448332f12d077131879d1c0ae Mon Sep 17 00:00:00 2001 From: Yann Bizeul Date: Sat, 31 Aug 2024 12:30:37 +0200 Subject: [PATCH 1/5] setup development environment - Add a task to run npm server - Add a launch configuration for go debug - Add proxy configuration for npm to pass API calls to go server --- .gitignore | 1 + .vscode/launch.json | 15 +++++++++++++++ .vscode/tasks.json | 11 +++++++++++ web/embed.go | 2 +- web/package.json | 3 ++- 5 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 .vscode/launch.json create mode 100644 .vscode/tasks.json diff --git a/.gitignore b/.gitignore index e8c91ff..507ae28 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ node_modules/ .DS_Store cbFiles data +__debug* \ No newline at end of file diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000..82fdfb8 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,15 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "Launch cbFiles", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}/server", + } + ] +} \ No newline at end of file diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..f77d4dd --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,11 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "type": "npm", + "script": "start", + "path": "web", + "problemMatcher": [], + "label": "npm: dev - html", } + ] +} \ No newline at end of file diff --git a/web/embed.go b/web/embed.go index a9bd630..4443449 100644 --- a/web/embed.go +++ b/web/embed.go @@ -17,4 +17,4 @@ func GetUiFs() fs.FS { } return embedRoot // return http.FileServer(http.FS(embedRoot)) -} \ No newline at end of file +} diff --git a/web/package.json b/web/package.json index c3c1f32..b162711 100644 --- a/web/package.json +++ b/web/package.json @@ -45,5 +45,6 @@ }, "devDependencies": { "@babel/plugin-proposal-private-property-in-object": "^7.21.11" - } + }, + "proxy": "http://localhost:8080" } From 4f86d65d330f07b76c741a2b955b43b31afa938f Mon Sep 17 00:00:00 2001 From: Yann Bizeul Date: Sat, 31 Aug 2024 12:36:13 +0200 Subject: [PATCH 2/5] add mandatory "key" property to children --- web/src/components/CbFiles.js | 4 ++-- web/src/components/CbToastsContainer.js | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/web/src/components/CbFiles.js b/web/src/components/CbFiles.js index 4ca8e04..cb5a946 100644 --- a/web/src/components/CbFiles.js +++ b/web/src/components/CbFiles.js @@ -28,7 +28,7 @@ export function CbFiles({ fileInfo, viewMode, loadFiles, searchTerms }) { if (viewMode === "gallery") { const newComponents = filteredfileInfo.map((item) => ( - + )); setComponents( @@ -38,7 +38,7 @@ export function CbFiles({ fileInfo, viewMode, loadFiles, searchTerms }) { ); } else if (viewMode === "list") { const newComponents = filteredfileInfo.map((item) => ( - + )); setComponents(
diff --git a/web/src/components/CbToastsContainer.js b/web/src/components/CbToastsContainer.js index 4bfe8bf..92af2d8 100644 --- a/web/src/components/CbToastsContainer.js +++ b/web/src/components/CbToastsContainer.js @@ -20,7 +20,7 @@ function CbToastsContainer() { return ( {notifications.map((notification) => ( - { removeNotification(notification.id) }}> + { removeNotification(notification.id) }}> {notification.header} From bdad29affd1a5a2690f9cf4eb2a88fc34d48d317 Mon Sep 17 00:00:00 2001 From: Yann Bizeul Date: Sat, 31 Aug 2024 12:37:53 +0200 Subject: [PATCH 3/5] change class to correct property className --- web/src/components/CbFiles.js | 4 ++-- web/src/components/CbShareHistoryList.js | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/web/src/components/CbFiles.js b/web/src/components/CbFiles.js index cb5a946..a0840df 100644 --- a/web/src/components/CbFiles.js +++ b/web/src/components/CbFiles.js @@ -238,7 +238,7 @@ function ConfirmSVG() { width="16" height="16" fill="currentColor" - class="bi bi-check2" + className="bi bi-check2" viewBox="0 0 16 16" > @@ -253,7 +253,7 @@ function CancelSVG() { width="16" height="16" fill="currentColor" - class="bi bi-x" + className="bi bi-x" viewBox="0 0 16 16" > diff --git a/web/src/components/CbShareHistoryList.js b/web/src/components/CbShareHistoryList.js index e299dcb..15e56d2 100644 --- a/web/src/components/CbShareHistoryList.js +++ b/web/src/components/CbShareHistoryList.js @@ -65,7 +65,7 @@ function EnterSVG() { width="16" height="16" fill="currentColor" - class="bi bi-caret-right" + className="bi bi-caret-right" viewBox="0 0 16 16" > From 9e8d8a6aa0f442e59be0af7385b9a81fe4b3a4e7 Mon Sep 17 00:00:00 2001 From: Yann Bizeul Date: Sat, 31 Aug 2024 13:06:26 +0200 Subject: [PATCH 4/5] Fix progress bar not updating during download --- web/src/components/CbUpload.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/src/components/CbUpload.js b/web/src/components/CbUpload.js index fdb8c8a..eb966cd 100644 --- a/web/src/components/CbUpload.js +++ b/web/src/components/CbUpload.js @@ -82,7 +82,6 @@ export function CbUpload({ loadFiles }) { body: data, }).then(response => { if (response.ok) { - addNotification(uploadId, 1, start / file.size * 100, ""); start = end; end = Math.min(end + chunkSize, file.size); if (start !== end && !lastChunkSent) { @@ -92,6 +91,8 @@ export function CbUpload({ loadFiles }) { callback(); } lastChunkSent = true + + addNotification(uploadId, 1, start / file.size * 100, ""); } else { console.log(`Error during upload of file ` + file.name + `. Please check your connection to the sever. err : ${response.status}`); } From b852908a3871495ed1ae3ee4fade4aa930bdc00a Mon Sep 17 00:00:00 2001 From: Yann Bizeul Date: Sat, 31 Aug 2024 13:20:59 +0200 Subject: [PATCH 5/5] protect against path traversal --- server/handlers/handlers.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/server/handlers/handlers.go b/server/handlers/handlers.go index 2e5e425..50e26ed 100644 --- a/server/handlers/handlers.go +++ b/server/handlers/handlers.go @@ -17,7 +17,7 @@ func HandleUpload(w http.ResponseWriter, r *http.Request) { shareId := r.URL.Query().Get("shareId") // Check if share exists - sharePath := path.Join("data", "share", shareId) + sharePath := path.Join("data", "share", path.Join("/", shareId)) if _, err := os.Stat(sharePath); os.IsNotExist(err) { fmt.Println(" The share does not exist, creation is done from Home page. Canceling upload") return @@ -40,7 +40,7 @@ func HandleUpload(w http.ResponseWriter, r *http.Request) { } defer fileChunk.Close() - tempFilePath := path.Join(sharePath, fileName) + tempFilePath := path.Join(sharePath, path.Join("/", fileName)) tempFile, err := os.OpenFile(tempFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) if err != nil { fmt.Println(" Error opening or creating temp file :") @@ -73,7 +73,7 @@ func HandleSearch(w http.ResponseWriter, r *http.Request) { // Obtain shareId and Path from URL shareId := r.URL.Query().Get("shareId") - sharePath := path.Join("data", "share", shareId) + sharePath := path.Join("data", "share", path.Join("/", shareId)) fmt.Println(" Searching for share", shareId) @@ -143,11 +143,11 @@ func HandleDelete(w http.ResponseWriter, r *http.Request) { // Obtain shareId and Path from URL shareId := r.URL.Query().Get("shareId") - sharePath := path.Join("data", "share", shareId) + sharePath := path.Join("data", "share", path.Join("/", shareId)) // Obtain fileName and filePath from URL fileName := r.URL.Query().Get("fileName") - filePath := path.Join(sharePath, fileName) + filePath := path.Join(sharePath, path.Join("/", fileName)) fmt.Println(" Deleting file", fileName, "from share", shareId, "...") @@ -170,11 +170,11 @@ func HandleDownload(w http.ResponseWriter, r *http.Request) { // Obtain shareId and Path from URL shareId := r.URL.Query().Get("shareId") - sharePath := path.Join("data", "share", shareId) + sharePath := path.Join("data", "share", path.Join("/", shareId)) // Obtain fileName and filePath from URL fileName := r.URL.Query().Get("fileName") - filePath := path.Join(sharePath, fileName) + filePath := path.Join(sharePath, path.Join("/", fileName)) fmt.Println(" Downloading file", fileName, "from share", shareId, "...") @@ -264,7 +264,7 @@ func HandleCreate(w http.ResponseWriter, r *http.Request) { // ...and send it w.Header().Set("Content-Type", "application/json") - w.Write(responseJSON) + _, _ = w.Write(responseJSON) fmt.Println("Share created!") }