Mirroristas/pockethost
2
0
Fork 0
mirror of https://github.com/pockethost/pockethost.git synced 2025-07-06 04:42:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: FTP vulnerability

Browse Source
This commit is contained in:
Ben Allfree 2023-11-04 15:09:41 -07:00
parent cc040e1862
commit 7b8737e94a
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/mothership-app/pb_hooks/src/index.pb.js
View File

@ -1,10 +1,10 @@
onAfterBootstrap((e) => { onAfterBootstrap((e) => {
$app.dao().db().newQuery(`update instances set status='idle'`).execute() $app.dao().db().newQuery(`update instances set status='idle'`).execute()
$app // $app
.dao() // .dao()
.db() // .db()
.newQuery(`update invocations set endedAt=datetime('now') where endedAt=''`) // .newQuery(`update invocations set endedAt=datetime('now') where endedAt=''`)
.execute() // .execute()
}) })
routerAdd( routerAdd(

11
src/services/FtpService/PhFs.ts
View File

@ -1,5 +1,4 @@
import { DATA_ROOT } from '$constants' import { DATA_ROOT } from '$constants'
import { clientService } from '$services'
import { InstanceFields, Logger } from '$shared' import { InstanceFields, Logger } from '$shared'
import { assert } from '$util' import { assert } from '$util'
import { compact, map } from '@s-libs/micro-dash' import { compact, map } from '@s-libs/micro-dash'
@ -47,11 +46,13 @@ export class PhFs implements FileSystem {
connection: FtpConnection connection: FtpConnection
cwd: string cwd: string
private _root: string private _root: string
client: pocketbaseEs
constructor(connection: FtpConnection, client: pocketbaseEs, logger: Logger) { constructor(connection: FtpConnection, client: pocketbaseEs, logger: Logger) {
const cwd = `/` const cwd = `/`
const root = DATA_ROOT() const root = DATA_ROOT()
this.connection = connection this.connection = connection
this.client = client
this.log = logger.create(`PhFs`) this.log = logger.create(`PhFs`)
this.cwd = normalize((cwd || '/').replace(WIN_SEP_REGEX, '/')) this.cwd = normalize((cwd || '/').replace(WIN_SEP_REGEX, '/'))
this._root = resolve(root || process.cwd()) this._root = resolve(root || process.cwd())
@ -94,9 +95,10 @@ export class PhFs implements FileSystem {
// Check if the instance is valid // Check if the instance is valid
const instance = await (async () => { const instance = await (async () => {
const { client } = await clientService()
if (subdomain) { if (subdomain) {
const [instance] = await client.getInstanceBySubdomain(subdomain) const instance = await this.client
.collection(`instances`)
.getFirstListItem<InstanceFields>(`subdomain='${subdomain}'`)
if (!instance) { if (!instance) {
throw new Error(`${subdomain} not found.`) throw new Error(`${subdomain} not found.`)
} }
@ -189,8 +191,7 @@ export class PhFs implements FileSystem {
If a subdomain is not specified, we are in the user's root. List all subdomains. If a subdomain is not specified, we are in the user's root. List all subdomains.
*/ */
if (subdomain === '') { if (subdomain === '') {
const { client } = await clientService() const instances = await this.client.collection(`instances`).getFullList()
const instances = await client.getInstances()
return instances.map((i) => { return instances.map((i) => {
return { return {
isDirectory: () => true, isDirectory: () => true,