Read only and upload password settings have no effect

szabodanika / microbin

A secure, configurable file-sharing and URL shortening web app written in Rust.

https://microbin.eu

BSD 3-Clause "New" or "Revised" License

2.51k stars 151 forks source link

Read only and upload password settings have no effect #221

Open Virkkunen opened 9 months ago

Virkkunen commented 9 months ago

Describe the bug Read only and upload password settings have no effect. Users can still upload and delete pastas without a password (or with any password)

To Reproduce Steps to reproduce the behavior:

Set MICROBIN_READONLY=true and a MICROBIN_UPLOADER_PASSWORD
Restart the container with docker compose down and docker compose --env-file .env up --detach
Upload a pasta without typing the uploader password
Pasta is uploaded normally

Expected behavior Pastas are not allowed to be uploaded without providing the uploader password

secondubly commented 8 months ago

Can confirm this does not work in the docker environment - I've confirmed that it does work in the existing master branch, so maybe the docker image is out date?

secondubly commented 8 months ago

Can confirm this does not work in the docker environment - I've confirmed that it does work in the existing master branch, so maybe the docker image is out date?

so it looks like in the current docker setup, the MICROBIN_UPLOADER_PASSWORD isn't being read at all? If you run docker exec <container> env it prints out all the env variables except MICROBIN_UPLOADER_PASSWORD.

secondubly commented 8 months ago

I fixed the issue and created a PR 🙂 it was actually a pretty simple fix