diff --git a/src/main.rs b/src/main.rs index 5c4e017..8af1434 100644 --- a/src/main.rs +++ b/src/main.rs @@ -26,8 +26,6 @@ use multipart::server::{Multipart, SaveResult}; use path_dedot::ParseDot; use percent_encoding::percent_decode; use pretty_bytes::converter::convert; -use rand::distributions::Alphanumeric; -use rand::{thread_rng, Rng}; use termcolor::{Color, ColorSpec}; use color::{build_spec, Printer}; @@ -70,7 +68,7 @@ fn main() { .arg(clap::Arg::with_name("upload") .short("u") .long("upload") - .help("Enable upload files. (multiple select) (CSRF token required)")) + .help("Enable upload files. (multiple select)")) .arg(clap::Arg::with_name("redirect").long("redirect") .takes_value(true) .validator(|url_string| iron::Url::parse(url_string.as_str()).map(|_| ())) @@ -222,7 +220,7 @@ fn main() { .map(|s| PathBuf::from(s).canonicalize().unwrap()) .unwrap_or_else(|| env::current_dir().unwrap()); let index = matches.is_present("index"); - let upload_arg = matches.is_present("upload"); + let upload = matches.is_present("upload"); let redirect_to = matches .value_of("redirect") .map(iron::Url::parse) @@ -281,22 +279,10 @@ fn main() { let silent = matches.is_present("silent"); let base_url: &str = matches.value_of("base-url").unwrap(); - let upload: Option = if upload_arg { - let token: String = thread_rng() - .sample_iter(&Alphanumeric) - .take(10) - .map(char::from) - .collect(); - Some(Upload { csrf_token: token }) - } else { - None - }; - if !silent { printer .println_out( - r#" Index: {}, Cache: {}, Cors: {}, Coop: {}, Coep: {}, Range: {}, Sort: {}, Threads: {} - Upload: {}, CSRF Token: {} + r#" Index: {}, Upload: {}, Cache: {}, Cors: {}, Coop: {}, Coep: {}, Range: {}, Sort: {}, Threads: {} Auth: {}, Compression: {} https: {}, Cert: {}, Cert-Password: {} Root: {}, @@ -305,6 +291,7 @@ fn main() { ======== [{}] ========"#, &vec![ enable_string(index), + enable_string(upload), enable_string(cache), enable_string(cors), enable_string(coop), @@ -312,13 +299,6 @@ fn main() { enable_string(range), enable_string(sort), threads.to_string(), - enable_string(upload_arg), - (if upload.is_some() { - upload.as_ref().unwrap().csrf_token.as_str() - } else { - "" - }) - .to_string(), auth.unwrap_or("disabled").to_string(), compression_string, (if cert.is_some() { @@ -425,14 +405,11 @@ fn main() { std::process::exit(1); }; } -struct Upload { - csrf_token: String, -} struct MainHandler { root: PathBuf, index: bool, - upload: Option, + upload: bool, cache: bool, range: bool, coop: bool, @@ -483,7 +460,7 @@ impl Handler for MainHandler { )); } - if self.upload.is_some() && req.method == method::Post { + if self.upload && req.method == method::Post { if let Err((s, msg)) = self.save_files(req, &fs_path) { return Ok(error_resp(s, &msg, &self.base_url)); } else if self.base_url == "/" { @@ -541,38 +518,6 @@ impl MainHandler { // in a new temporary directory under the OS temporary directory. match multipart.save().size_limit(self.upload_size_limit).temp() { SaveResult::Full(entries) => { - // Pull out csrf field to check if token matches one generated - let csrf_field = match entries - .fields - .get("csrf") - .map(|fields| fields.first()) - .unwrap_or(None) - { - Some(field) => field, - None => { - return Err(( - status::BadRequest, - String::from("csrf parameter not provided"), - )) - } - }; - - // Read token value from field - let mut token = String::new(); - csrf_field - .data - .readable() - .unwrap() - .read_to_string(&mut token) - .unwrap(); - - // Check if they match - if self.upload.as_ref().unwrap().csrf_token != token { - return Err(( - status::BadRequest, - String::from("csrf token does not match"), - )); - } // Grab all the fields named files let files_fields = match entries.fields.get("files") { @@ -828,17 +773,15 @@ impl MainHandler { } // Optional upload form - let upload_form = if self.upload.is_some() { + let upload_form = if self.upload { format!( r#"
-
"#, path = encode_link_path(path_prefix), - csrf = self.upload.as_ref().unwrap().csrf_token, base_url = base_url, ) } else {