Fossil SCM
Add the /secureraw page that requires the complete HASH before it will deliver an artifact.
Commit
7abfca67529a44db3fd5ec8cf0de278295d8829072e797592ff0403e485fa013
Parent
aaa726e191a0b39…
1 file changed
+38
-3
+38
-3
| --- src/info.c | ||
| +++ src/info.c | ||
| @@ -1756,12 +1756,10 @@ | ||
| 1756 | 1756 | ** to view artifacts that are images. |
| 1757 | 1757 | */ |
| 1758 | 1758 | void rawartifact_page(void){ |
| 1759 | 1759 | int rid = 0; |
| 1760 | 1760 | char *zUuid; |
| 1761 | - const char *zMime; | |
| 1762 | - Blob content; | |
| 1763 | 1761 | |
| 1764 | 1762 | if( P("ci") && P("filename") ){ |
| 1765 | 1763 | rid = artifact_from_ci_and_filename(0, 0); |
| 1766 | 1764 | } |
| 1767 | 1765 | if( rid==0 ){ |
| @@ -1773,11 +1771,48 @@ | ||
| 1773 | 1771 | zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); |
| 1774 | 1772 | if( fossil_strcmp(P("name"), zUuid)==0 && login_is_nobody() ){ |
| 1775 | 1773 | g.isConst = 1; |
| 1776 | 1774 | } |
| 1777 | 1775 | free(zUuid); |
| 1778 | - zMime = P("m"); | |
| 1776 | + deliver_artifact(rid, P("m")); | |
| 1777 | +} | |
| 1778 | + | |
| 1779 | + | |
| 1780 | +/* | |
| 1781 | +** WEBPAGE: secureraw | |
| 1782 | +** URL: /secureraw/HASH?m=TYPE | |
| 1783 | +** | |
| 1784 | +** Return the uninterpreted content of an artifact. This is similar | |
| 1785 | +** to /raw except in this case the only way to specify the artifact | |
| 1786 | +** is by the full-length SHA1 or SHA3 hash. Abbreviations are not | |
| 1787 | +** accepted. | |
| 1788 | +*/ | |
| 1789 | +void secure_rawartifact_page(void){ | |
| 1790 | + int rid = 0; | |
| 1791 | + const char *zUuid = PD("name", ""); | |
| 1792 | + | |
| 1793 | + login_check_credentials(); | |
| 1794 | + if( !g.perm.Read ){ login_needed(g.anon.Read); return; } | |
| 1795 | + rid = db_int(0, "SELECT rid FROM blob WHERE uuid=%Q", zUuid); | |
| 1796 | + if( rid==0 ){ | |
| 1797 | + cgi_set_status(404, "Not Found"); | |
| 1798 | + @ Unknown artifact: "%h(zUuid)" | |
| 1799 | + return; | |
| 1800 | + } | |
| 1801 | + g.isConst = 1; | |
| 1802 | + deliver_artifact(rid, P("m")); | |
| 1803 | +} | |
| 1804 | + | |
| 1805 | + | |
| 1806 | +/* | |
| 1807 | +** Generate a verbatim artifact as the result of an HTTP request. | |
| 1808 | +** If zMime is not NULL, use it as the MIME-type. If zMime is | |
| 1809 | +** NULL, guess at the MIME-type based on the filename | |
| 1810 | +** associated with the artifact. | |
| 1811 | +*/ | |
| 1812 | +void deliver_artifact(int rid, const char *zMime){ | |
| 1813 | + Blob content; | |
| 1779 | 1814 | if( zMime==0 ){ |
| 1780 | 1815 | char *zFName = db_text(0, "SELECT filename.name FROM mlink, filename" |
| 1781 | 1816 | " WHERE mlink.fid=%d" |
| 1782 | 1817 | " AND filename.fnid=mlink.fnid", rid); |
| 1783 | 1818 | if( !zFName ){ |
| 1784 | 1819 |
| --- src/info.c | |
| +++ src/info.c | |
| @@ -1756,12 +1756,10 @@ | |
| 1756 | ** to view artifacts that are images. |
| 1757 | */ |
| 1758 | void rawartifact_page(void){ |
| 1759 | int rid = 0; |
| 1760 | char *zUuid; |
| 1761 | const char *zMime; |
| 1762 | Blob content; |
| 1763 | |
| 1764 | if( P("ci") && P("filename") ){ |
| 1765 | rid = artifact_from_ci_and_filename(0, 0); |
| 1766 | } |
| 1767 | if( rid==0 ){ |
| @@ -1773,11 +1771,48 @@ | |
| 1773 | zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); |
| 1774 | if( fossil_strcmp(P("name"), zUuid)==0 && login_is_nobody() ){ |
| 1775 | g.isConst = 1; |
| 1776 | } |
| 1777 | free(zUuid); |
| 1778 | zMime = P("m"); |
| 1779 | if( zMime==0 ){ |
| 1780 | char *zFName = db_text(0, "SELECT filename.name FROM mlink, filename" |
| 1781 | " WHERE mlink.fid=%d" |
| 1782 | " AND filename.fnid=mlink.fnid", rid); |
| 1783 | if( !zFName ){ |
| 1784 |
| --- src/info.c | |
| +++ src/info.c | |
| @@ -1756,12 +1756,10 @@ | |
| 1756 | ** to view artifacts that are images. |
| 1757 | */ |
| 1758 | void rawartifact_page(void){ |
| 1759 | int rid = 0; |
| 1760 | char *zUuid; |
| 1761 | |
| 1762 | if( P("ci") && P("filename") ){ |
| 1763 | rid = artifact_from_ci_and_filename(0, 0); |
| 1764 | } |
| 1765 | if( rid==0 ){ |
| @@ -1773,11 +1771,48 @@ | |
| 1771 | zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); |
| 1772 | if( fossil_strcmp(P("name"), zUuid)==0 && login_is_nobody() ){ |
| 1773 | g.isConst = 1; |
| 1774 | } |
| 1775 | free(zUuid); |
| 1776 | deliver_artifact(rid, P("m")); |
| 1777 | } |
| 1778 | |
| 1779 | |
| 1780 | /* |
| 1781 | ** WEBPAGE: secureraw |
| 1782 | ** URL: /secureraw/HASH?m=TYPE |
| 1783 | ** |
| 1784 | ** Return the uninterpreted content of an artifact. This is similar |
| 1785 | ** to /raw except in this case the only way to specify the artifact |
| 1786 | ** is by the full-length SHA1 or SHA3 hash. Abbreviations are not |
| 1787 | ** accepted. |
| 1788 | */ |
| 1789 | void secure_rawartifact_page(void){ |
| 1790 | int rid = 0; |
| 1791 | const char *zUuid = PD("name", ""); |
| 1792 | |
| 1793 | login_check_credentials(); |
| 1794 | if( !g.perm.Read ){ login_needed(g.anon.Read); return; } |
| 1795 | rid = db_int(0, "SELECT rid FROM blob WHERE uuid=%Q", zUuid); |
| 1796 | if( rid==0 ){ |
| 1797 | cgi_set_status(404, "Not Found"); |
| 1798 | @ Unknown artifact: "%h(zUuid)" |
| 1799 | return; |
| 1800 | } |
| 1801 | g.isConst = 1; |
| 1802 | deliver_artifact(rid, P("m")); |
| 1803 | } |
| 1804 | |
| 1805 | |
| 1806 | /* |
| 1807 | ** Generate a verbatim artifact as the result of an HTTP request. |
| 1808 | ** If zMime is not NULL, use it as the MIME-type. If zMime is |
| 1809 | ** NULL, guess at the MIME-type based on the filename |
| 1810 | ** associated with the artifact. |
| 1811 | */ |
| 1812 | void deliver_artifact(int rid, const char *zMime){ |
| 1813 | Blob content; |
| 1814 | if( zMime==0 ){ |
| 1815 | char *zFName = db_text(0, "SELECT filename.name FROM mlink, filename" |
| 1816 | " WHERE mlink.fid=%d" |
| 1817 | " AND filename.fnid=mlink.fnid", rid); |
| 1818 | if( !zFName ){ |
| 1819 |