From 58b63cb9a4f1e302ab676150b00153b82968f479 Mon Sep 17 00:00:00 2001 From: MCgamin1738 <5355146-MCgamin1738@users.noreply.gitlab.com> Date: Sat, 12 Dec 2020 19:35:41 +0000 Subject: [PATCH] Add Permissions Check To Import From Zip --- app/classes/shared/controller.py | 10 ++++++---- app/classes/shared/helpers.py | 8 ++++++++ app/classes/web/panel_handler.py | 2 +- app/classes/web/server_handler.py | 3 +++ 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/app/classes/shared/controller.py b/app/classes/shared/controller.py index 880ef1e4..20a01337 100644 --- a/app/classes/shared/controller.py +++ b/app/classes/shared/controller.py @@ -256,10 +256,12 @@ class Controller: def import_zip_server(self, server_name: str, zip_path: str, server_jar: str, min_mem: int, max_mem: int, port: int): server_id = helper.create_uuid() new_server_dir = os.path.join(helper.servers_dir, server_id) - - helper.ensure_dir_exists(new_server_dir) - with zipfile.ZipFile(zip_path, 'r') as zip_ref: - zip_ref.extractall(new_server_dir) + if helper.check_file_perms(zip_path): + helper.ensure_dir_exists(new_server_dir) + with zipfile.ZipFile(zip_path, 'r') as zip_ref: + zip_ref.extractall(new_server_dir) + else: + return "false" full_jar_path = os.path.join(new_server_dir, server_jar) server_command = 'java -Xms{}G -Xmx{}G -jar {} nogui'.format(min_mem, max_mem, full_jar_path) diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py index b7c91982..4afe599c 100644 --- a/app/classes/shared/helpers.py +++ b/app/classes/shared/helpers.py @@ -45,6 +45,14 @@ class Helpers: self.passhasher = PasswordHasher() self.exiting = False + def check_file_perms(self, path): + try: + fp = open(path, "r").close() + logger.info("{} is readable".format(path)) + return True + except PermissionError: + return False + def is_file_older_than_x_days(self, file, days=1): if self.check_file_exists(file): file_time = os.path.getmtime(file) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index fa602545..63843ded 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -42,7 +42,7 @@ class PanelHandler(BaseHandler): } # if no servers defined, let's go to the build server area - if page_data['server_stats']['total'] == 0: + if page_data['server_stats']['total'] == 0 and page != "error": self.set_status(301) self.redirect("/server/step1") return False diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py index bffdff6e..66cdc059 100644 --- a/app/classes/web/server_handler.py +++ b/app/classes/web/server_handler.py @@ -104,6 +104,9 @@ class ServerHandler(BaseHandler): return False new_server_id = controller.import_zip_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port) + if new_server_id == "false": + self.redirect("/panel/error?error=ZIP file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path)) + return False else: # todo: add server type check here and call the correct server add functions if not a jar new_server_id = controller.create_jar_server(server_parts[0], server_parts[1], server_name, min_mem, max_mem, port)