1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-17 01:06:46 +01:00

fix(server): read file permission checks (#3046)

This commit is contained in:
Jason Rasmussen 2023-06-30 12:25:08 -04:00 committed by GitHub
parent ad343b7b32
commit 455a36b0fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 12 deletions

View file

@ -82,7 +82,7 @@ describe(MetadataService.name, () => {
assetMock.save.mockResolvedValue(assetEntityStub.image);
storageMock.checkFileExists.mockResolvedValue(true);
await sut.handleSidecarDiscovery({ id: assetEntityStub.image.id });
expect(storageMock.checkFileExists).toHaveBeenCalledWith('/original/path.ext.xmp', constants.W_OK);
expect(storageMock.checkFileExists).toHaveBeenCalledWith('/original/path.ext.xmp', constants.R_OK);
expect(assetMock.save).toHaveBeenCalledWith({
id: assetEntityStub.image.id,
sidecarPath: '/original/path.ext.xmp',
@ -94,7 +94,7 @@ describe(MetadataService.name, () => {
assetMock.save.mockResolvedValue(assetEntityStub.video);
storageMock.checkFileExists.mockResolvedValue(true);
await sut.handleSidecarDiscovery({ id: assetEntityStub.video.id });
expect(storageMock.checkFileExists).toHaveBeenCalledWith('/original/path.ext.xmp', constants.W_OK);
expect(storageMock.checkFileExists).toHaveBeenCalledWith('/original/path.ext.xmp', constants.R_OK);
expect(assetMock.save).toHaveBeenCalledWith({
id: assetEntityStub.image.id,
sidecarPath: '/original/path.ext.xmp',

View file

@ -42,7 +42,7 @@ export class MetadataService {
}
const sidecarPath = `${asset.originalPath}.xmp`;
const exists = await this.storageRepository.checkFileExists(sidecarPath, constants.W_OK);
const exists = await this.storageRepository.checkFileExists(sidecarPath, constants.R_OK);
if (!exists) {
return false;
}

View file

@ -112,7 +112,7 @@ export class UserCore {
if (!user.profileImagePath) {
throw new NotFoundException('User does not have a profile image');
}
await fs.access(user.profileImagePath, constants.R_OK | constants.W_OK);
await fs.access(user.profileImagePath, constants.R_OK);
return createReadStream(user.profileImagePath);
}

View file

@ -24,9 +24,8 @@ import {
StreamableFile,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { R_OK, W_OK } from 'constants';
import { Response as Res } from 'express';
import { createReadStream, stat } from 'fs';
import { constants, createReadStream, stat } from 'fs';
import fs from 'fs/promises';
import mime from 'mime-types';
import path from 'path';
@ -156,7 +155,7 @@ export class AssetService {
continue;
}
const exists = await this.storageRepository.checkFileExists(filepath, R_OK);
const exists = await this.storageRepository.checkFileExists(filepath, constants.R_OK);
if (!exists) {
throw new BadRequestException('File does not exist');
}
@ -307,7 +306,7 @@ export class AssetService {
let videoPath = asset.originalPath;
let mimeType = asset.mimeType;
await fs.access(videoPath, R_OK | W_OK);
await fs.access(videoPath, constants.R_OK);
if (asset.encodedVideoPath) {
videoPath = asset.encodedVideoPath == '' ? String(asset.originalPath) : String(asset.encodedVideoPath);
@ -355,8 +354,8 @@ export class AssetService {
}
return this.streamFile(videoPath, res, headers, mimeType);
} catch (e) {
this.logger.error(`Error serving VIDEO asset=${asset.id}`);
} catch (e: Error | any) {
this.logger.error(`Error serving VIDEO asset=${asset.id}`, e?.stack);
throw new InternalServerErrorException(`Failed to serve video asset ${e}`, 'ServeFile');
}
}
@ -632,7 +631,7 @@ export class AssetService {
return;
}
await fs.access(filepath, R_OK);
await fs.access(filepath, constants.R_OK);
return new StreamableFile(createReadStream(filepath));
}

View file

@ -23,7 +23,7 @@ export class FilesystemProvider implements IStorageRepository {
async createReadStream(filepath: string, mimeType?: string | null): Promise<ImmichReadStream> {
const { size } = await fs.stat(filepath);
await fs.access(filepath, constants.R_OK | constants.W_OK);
await fs.access(filepath, constants.R_OK);
return {
stream: createReadStream(filepath),
length: size,