2
0
Fork 0
mirror of https://git.asonix.dog/asonix/pict-rs synced 2024-12-22 19:31:35 +00:00

Magick on tmp files, allow tmp files in policy

This commit is contained in:
Aode (lion) 2021-08-29 11:51:56 -05:00
parent 4703cc0098
commit 98ec2c5a90
5 changed files with 10 additions and 25 deletions

2
Cargo.lock generated
View file

@ -995,7 +995,7 @@ dependencies = [
[[package]]
name = "pict-rs"
version = "0.3.0-alpha.15"
version = "0.3.0-alpha.16"
dependencies = [
"actix-form-data",
"actix-fs",

View file

@ -1,7 +1,7 @@
[package]
name = "pict-rs"
description = "A simple image hosting service"
version = "0.3.0-alpha.15"
version = "0.3.0-alpha.16"
authors = ["asonix <asonix@asonix.dog>"]
license = "AGPL-3.0"
readme = "README.md"

View file

@ -1,20 +0,0 @@
<policymap>
<policy domain="resource" name="memory" value="256MiB" />
<policy domain="resource" name="list-length" value="32" />
<policy domain="resource" name="width" value="10KP" />
<policy domain="resource" name="height" value="10KP" />
<policy domain="resource" name="map" value="512MiB" />
<policy domain="resource" name="area" value="16KP" />
<policy domain="resource" name="disk" value="1GiB" />
<policy domain="resource" name="file" value="768" />
<policy domain="resource" name="thread" value="2" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="path" rights="none" pattern="@*" />
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="module" rights="none" pattern="*" />
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<!-- indirect reads not permitted -->
<policy domain="system" name="precision" value="6" />
</policymap>

View file

@ -9,12 +9,12 @@
<policy domain="resource" name="file" value="768" />
<policy domain="resource" name="thread" value="2" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP,MP4,TMP}" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="path" rights="none" pattern="@*" />
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="module" rights="none" pattern="*" />
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP,MP4,TMP}" />
<!-- indirect reads not permitted -->
<policy domain="system" name="precision" value="6" />
</policymap>

View file

@ -400,7 +400,12 @@ async fn process(
safe_create_parent(&thumbnail_path).await?;
// apply chain to the provided image
magick::process_image(&original_path, &thumbnail_path, thumbnail_args, format).await?;
let dest_file = tmp_file();
let orig_file = tmp_file();
actix_fs::copy(original_path, orig_file.clone()).await?;
magick::process_image(&orig_file, &dest_file, thumbnail_args, format).await?;
actix_fs::remove_file(orig_file).await?;
actix_fs::rename(dest_file, thumbnail_path.clone()).await?;
let details = if let Some(details) = details {
details