2
0
Fork 0
mirror of https://git.asonix.dog/asonix/pict-rs synced 2024-12-22 19:31:35 +00:00

Magick on tmp files, allow tmp files in policy

This commit is contained in:
Aode (lion) 2021-08-29 11:51:56 -05:00
parent 4703cc0098
commit 98ec2c5a90
5 changed files with 10 additions and 25 deletions

2
Cargo.lock generated
View file

@ -995,7 +995,7 @@ dependencies = [
[[package]] [[package]]
name = "pict-rs" name = "pict-rs"
version = "0.3.0-alpha.15" version = "0.3.0-alpha.16"
dependencies = [ dependencies = [
"actix-form-data", "actix-form-data",
"actix-fs", "actix-fs",

View file

@ -1,7 +1,7 @@
[package] [package]
name = "pict-rs" name = "pict-rs"
description = "A simple image hosting service" description = "A simple image hosting service"
version = "0.3.0-alpha.15" version = "0.3.0-alpha.16"
authors = ["asonix <asonix@asonix.dog>"] authors = ["asonix <asonix@asonix.dog>"]
license = "AGPL-3.0" license = "AGPL-3.0"
readme = "README.md" readme = "README.md"

View file

@ -1,20 +0,0 @@
<policymap>
<policy domain="resource" name="memory" value="256MiB" />
<policy domain="resource" name="list-length" value="32" />
<policy domain="resource" name="width" value="10KP" />
<policy domain="resource" name="height" value="10KP" />
<policy domain="resource" name="map" value="512MiB" />
<policy domain="resource" name="area" value="16KP" />
<policy domain="resource" name="disk" value="1GiB" />
<policy domain="resource" name="file" value="768" />
<policy domain="resource" name="thread" value="2" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="path" rights="none" pattern="@*" />
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="module" rights="none" pattern="*" />
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<!-- indirect reads not permitted -->
<policy domain="system" name="precision" value="6" />
</policymap>

View file

@ -9,12 +9,12 @@
<policy domain="resource" name="file" value="768" /> <policy domain="resource" name="file" value="768" />
<policy domain="resource" name="thread" value="2" /> <policy domain="resource" name="thread" value="2" />
<policy domain="coder" rights="none" pattern="*" /> <policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" /> <policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP,MP4,TMP}" />
<policy domain="filter" rights="none" pattern="*" /> <policy domain="filter" rights="none" pattern="*" />
<policy domain="path" rights="none" pattern="@*" /> <policy domain="path" rights="none" pattern="@*" />
<policy domain="delegate" rights="none" pattern="*" /> <policy domain="delegate" rights="none" pattern="*" />
<policy domain="module" rights="none" pattern="*" /> <policy domain="module" rights="none" pattern="*" />
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" /> <policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP,MP4,TMP}" />
<!-- indirect reads not permitted --> <!-- indirect reads not permitted -->
<policy domain="system" name="precision" value="6" /> <policy domain="system" name="precision" value="6" />
</policymap> </policymap>

View file

@ -400,7 +400,12 @@ async fn process(
safe_create_parent(&thumbnail_path).await?; safe_create_parent(&thumbnail_path).await?;
// apply chain to the provided image // apply chain to the provided image
magick::process_image(&original_path, &thumbnail_path, thumbnail_args, format).await?; let dest_file = tmp_file();
let orig_file = tmp_file();
actix_fs::copy(original_path, orig_file.clone()).await?;
magick::process_image(&orig_file, &dest_file, thumbnail_args, format).await?;
actix_fs::remove_file(orig_file).await?;
actix_fs::rename(dest_file, thumbnail_path.clone()).await?;
let details = if let Some(details) = details { let details = if let Some(details) = details {
details details