From 9ff28ecce4fb3cb6456e3a156a8b8663ffe1baa8 Mon Sep 17 00:00:00 2001
From: hexxa <hexxa@outlook.com>
Date: Sun, 20 Mar 2022 20:33:19 +0800
Subject: [PATCH] fix(files): sharing root folder is not allowed

---
 src/handlers/fileshdr/handlers.go      |  16 +++++++++++++++-
 src/server/server_files_test.go        |  15 +++++++++++++++
 src/server/testdata/test_quickshare.db | Bin 524288 -> 524288 bytes
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/handlers/fileshdr/handlers.go b/src/handlers/fileshdr/handlers.go
index ee664aa..006fe40 100644
--- a/src/handlers/fileshdr/handlers.go
+++ b/src/handlers/fileshdr/handlers.go
@@ -929,7 +929,21 @@ func (h *FileHandlers) AddSharing(c *gin.Context) {
 		return
 	}
 
-	err := h.deps.FileInfos().AddSharing(req.SharingPath)
+	if req.SharingPath == "" || req.SharingPath == "/" {
+		c.JSON(q.ErrResp(c, 403, errors.New("forbidden")))
+		return
+	}
+
+	info, err := h.deps.FS().Stat(req.SharingPath)
+	if err != nil {
+		c.JSON(q.ErrResp(c, 500, err))
+		return
+	} else if !info.IsDir() {
+		c.JSON(q.ErrResp(c, 400, errors.New("can not sharing a file")))
+		return
+	}
+
+	err = h.deps.FileInfos().AddSharing(req.SharingPath)
 	if err != nil {
 		c.JSON(q.ErrResp(c, 500, err))
 		return
diff --git a/src/server/server_files_test.go b/src/server/server_files_test.go
index 8a3656b..631e640 100644
--- a/src/server/server_files_test.go
+++ b/src/server/server_files_test.go
@@ -441,6 +441,21 @@ func TestFileHandlers(t *testing.T) {
 				} else if res.StatusCode != 200 {
 					t.Fatal(res.StatusCode)
 				}
+
+				res, _, errs = cl.AddSharing(filePath)
+				if res.StatusCode != 400 {
+					t.Fatal(res.StatusCode)
+				}
+
+				res, _, errs = cl.AddSharing(filepath.Join(filePath, "not_exist"))
+				if res.StatusCode != 500 {
+					t.Fatal(res.StatusCode)
+				}
+			}
+
+			res, _, errs := cl.AddSharing("/")
+			if res.StatusCode != 403 {
+				t.Fatal(res.StatusCode)
 			}
 
 			// check listSharings
diff --git a/src/server/testdata/test_quickshare.db b/src/server/testdata/test_quickshare.db
index daa1c8208c98a2d56e651e93706d2a19460d21f5..a7377bfe6919d433e93b6bc0f1a0800e2d5b4ec9 100644
GIT binary patch
delta 81
zcmZo@P-tjSnBXArje(H?1i0NT^#AH7UD<9Jz_@{bl7NH2cc{$g$itb@vur9LGEE9?
a3XE+EOl=CxZ3--H3ao7kY|9kb9{>Q!-4}KM

delta 81
zcmZo@P-tjSnBXArfq{_$1blCcx$^G|7us$Zz_@{bl7NH2N2rYHyM^_+8b;e7GEE9?
a3XE+EOl=CxZ3--H3ao7kY|9kb9{>QR2NtIQ