Merge pull request #1994 from NiclasHaderer/fix-backup-server-crash

Fix: server crash when uploading invalid backup file
This commit is contained in:
advplyr 2023-08-07 17:17:57 -05:00 committed by GitHub
commit fbb5fd41fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 4 deletions

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ test/
sw.* sw.*
.DS_STORE .DS_STORE
.idea/*

View File

@ -8,6 +8,7 @@ const cron = require('../libs/nodeCron')
const fs = require('../libs/fsExtra') const fs = require('../libs/fsExtra')
const archiver = require('../libs/archiver') const archiver = require('../libs/archiver')
const StreamZip = require('../libs/nodeStreamZip') const StreamZip = require('../libs/nodeStreamZip')
const fileUtils = require('../utils/fileUtils')
// Utils // Utils
const { getFileSize } = require('../utils/fileUtils') const { getFileSize } = require('../utils/fileUtils')
@ -82,7 +83,7 @@ class BackupManager {
return res.status(500).send('Invalid backup file') return res.status(500).send('Invalid backup file')
} }
const tempPath = Path.join(this.BackupPath, backupFile.name) const tempPath = Path.join(this.BackupPath, fileUtils.sanitizeFilename(backupFile.name))
const success = await backupFile.mv(tempPath).then(() => true).catch((error) => { const success = await backupFile.mv(tempPath).then(() => true).catch((error) => {
Logger.error('[BackupManager] Failed to move backup file', path, error) Logger.error('[BackupManager] Failed to move backup file', path, error)
return false return false
@ -92,8 +93,14 @@ class BackupManager {
} }
const zip = new StreamZip.async({ file: tempPath }) const zip = new StreamZip.async({ file: tempPath })
let entries
const entries = await zip.entries() try {
entries = await zip.entries()
} catch(error){
// Not a valid zip file
Logger.error('[BackupManager] Failed to read backup file - backup might not be a valid .zip file', tempPath, error)
return res.status(400).send('Failed to read backup file - backup might not be a valid .zip file')
}
if (!Object.keys(entries).includes('absdatabase.sqlite')) { if (!Object.keys(entries).includes('absdatabase.sqlite')) {
Logger.error(`[BackupManager] Invalid backup with no absdatabase.sqlite file - might be a backup created on an old Audiobookshelf server.`) Logger.error(`[BackupManager] Invalid backup with no absdatabase.sqlite file - might be a backup created on an old Audiobookshelf server.`)
return res.status(500).send('Invalid backup with no absdatabase.sqlite file - might be a backup created on an old Audiobookshelf server.') return res.status(500).send('Invalid backup with no absdatabase.sqlite file - might be a backup created on an old Audiobookshelf server.')
@ -267,7 +274,7 @@ class BackupManager {
/** /**
* @see https://github.com/TryGhost/node-sqlite3/pull/1116 * @see https://github.com/TryGhost/node-sqlite3/pull/1116
* @param {Backup} backup * @param {Backup} backup
* @promise * @promise
*/ */
backupSqliteDb(backup) { backupSqliteDb(backup) {