sec: ADD exclusive-create to prevent colliisions #23
This commit is contained in:
parent
5727556344
commit
566c432601
GPG key ID:
CA295D643074C68C
1 changed files with 10 additions and 9 deletions
17
main.py
17
main.py
|
|
@ -282,19 +282,20 @@ async def upload_text(request: Request, authorized: bool = Depends(validate_uplo
|
|||
reason="empty_content")
|
||||
raise HTTPException(status_code=400, detail="Empty content")
|
||||
|
||||
random_path = generate_random_path()
|
||||
while (UPLOAD_DIR / random_path).exists():
|
||||
random_path = generate_random_path()
|
||||
|
||||
file_path = UPLOAD_DIR / random_path
|
||||
|
||||
try:
|
||||
# Generate deletion token
|
||||
deletion_token = generate_deletion_token()
|
||||
|
||||
# Save paste content
|
||||
with open(file_path, 'w', encoding='utf-8') as f:
|
||||
# Use O_CREAT|O_EXCL (mode 'x') so the kernel rejects collisions atomically
|
||||
while True:
|
||||
random_path = generate_random_path()
|
||||
file_path = UPLOAD_DIR / random_path
|
||||
try:
|
||||
with open(file_path, 'x', encoding='utf-8') as f:
|
||||
f.write(content)
|
||||
break
|
||||
except FileExistsError:
|
||||
continue
|
||||
|
||||
# Save metadata with deletion token
|
||||
save_metadata(random_path, deletion_token, client_ip)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue