fix: FTP vulnerability

2025-03-30 15:08:30 +00:00 · 2023-11-04 15:09:41 -07:00 · 2023-11-04 15:09:41 -07:00 · 7b8737e94a
commit 7b8737e94a
parent cc040e1862
2 changed files with 11 additions and 10 deletions
--- a/src/mothership-app/pb_hooks/src/index.pb.js
+++ b/src/mothership-app/pb_hooks/src/index.pb.js
@ -1,10 +1,10 @@
 onAfterBootstrap((e) => {
  $app.dao().db().newQuery(`update instances set status='idle'`).execute()
-  $app
-    .dao()
-    .db()
-    .newQuery(`update invocations set endedAt=datetime('now') where endedAt=''`)
-    .execute()
+  // $app
+  //   .dao()
+  //   .db()
+  //   .newQuery(`update invocations set endedAt=datetime('now') where endedAt=''`)
+  //   .execute()
 })

 routerAdd(
--- a/src/services/FtpService/PhFs.ts
+++ b/src/services/FtpService/PhFs.ts
@ -1,5 +1,4 @@
 import { DATA_ROOT } from '$constants'
-import { clientService } from '$services'
 import { InstanceFields, Logger } from '$shared'
 import { assert } from '$util'
 import { compact, map } from '@s-libs/micro-dash'
@ -47,11 +46,13 @@ export class PhFs implements FileSystem {
  connection: FtpConnection
  cwd: string
  private _root: string
+  client: pocketbaseEs

  constructor(connection: FtpConnection, client: pocketbaseEs, logger: Logger) {
    const cwd = `/`
    const root = DATA_ROOT()
    this.connection = connection
+    this.client = client
    this.log = logger.create(`PhFs`)
    this.cwd = normalize((cwd || '/').replace(WIN_SEP_REGEX, '/'))
    this._root = resolve(root || process.cwd())
@ -94,9 +95,10 @@ export class PhFs implements FileSystem {

    // Check if the instance is valid
    const instance = await (async () => {
-      const { client } = await clientService()
      if (subdomain) {
-        const [instance] = await client.getInstanceBySubdomain(subdomain)
+        const instance = await this.client
+          .collection(`instances`)
+          .getFirstListItem<InstanceFields>(`subdomain='${subdomain}'`)
        if (!instance) {
          throw new Error(`${subdomain} not found.`)
        }
@ -189,8 +191,7 @@ export class PhFs implements FileSystem {
    If a subdomain is not specified, we are in the user's root. List all subdomains.
    */
    if (subdomain === '') {
-      const { client } = await clientService()
-      const instances = await client.getInstances()
+      const instances = await this.client.collection(`instances`).getFullList()
      return instances.map((i) => {
        return {
          isDirectory: () => true,