Right now the example file stream handler allocates memory to compose a path. This might be avoidable by getting an fd for the root directory (using ) (which could be passed into the handler? or cross-request state?) and then do file lookups with relative paths from the dir fd. Care would need to be taken to make sure that file lookups cant escape the root directory by using .. (& others?) in the relative path.
[x] create Directory struct around a directory file descriptor?
[x] method to check if a path is a safe relative path that won't resolve to a location outside of it's base. It looks like just avoiding .. (and .) path segments might be enough, but important here is that linux paths don't have an encoding, so we might have to do this check byte-wise. See slide 44 of this presentation how doing this in utf-8 could be unsafe.
[x] implement RelativePath that borrows a Directory and a str for the subpath, calls openat(dirfd, subpath) in Path::open.
implement AbsolutePath that borrows a str for the subpath, calls open(subpath) in Path::open. Not needed for now.
[x] use Path trait in file::Reader
[x] implement http handler that serves a document root using this.
Would be used like so:
trait Path {
fn open(&self, flags: libc::c_int) -> OwnedFd
}
// created at server startup, no need to mutate once created, can be put
// in stated shared across handlers
// Directory could also support reading the entries for example
// Internally it has an OwnedFd for it's file descriptor
let base = Directory::new("/var/www/")?;
//returns error if the given path would resolve outside of base
//returns struct RelativePath that implements Path which defines open
let path = base.sub_path("some/file.txt")?;
//does path.open(flags)? internally to return an OwnedFd
let reader = file::Reader::open(path);
Right now the example file stream handler allocates memory to compose a path. This might be avoidable by getting an fd for the root directory (using ) (which could be passed into the handler? or cross-request state?) and then do file lookups with relative paths from the dir fd. Care would need to be taken to make sure that file lookups cant escape the root directory by using
..
(& others?) in the relative path...
(and.
) path segments might be enough, but important here is that linux paths don't have an encoding, so we might have to do this check byte-wise. See slide 44 of this presentation how doing this in utf-8 could be unsafe.RelativePath
that borrows aDirectory
and astr
for the subpath, callsopenat(dirfd, subpath)
inPath::open
.implement. Not needed for now.AbsolutePath
that borrows astr
for the subpath, callsopen(subpath)
inPath::open
Path
trait infile::Reader
Would be used like so: