✨ Add safer mechanism for tempfile naming

Using a uuidv8 that has strong guarranties about councurrent ids generation that a simple random long
2025-01-22 14:39:45 -05:00 · 2024-10-25 14:23:27 +02:00 · 2024-10-25 14:23:27 +02:00 · 591788403a
commit 591788403a
parent f1b82e289d
1 changed files with 7 additions and 6 deletions
--- a/backend/src/app/storage/tmp.clj
+++ b/backend/src/app/storage/tmp.clj
@ -11,13 +11,16 @@
  permanently delete these files (look at systemd-tempfiles)."
  (:require
   [app.common.logging :as l]
+   [app.common.uuid :as uuid]
   [app.util.time :as dt]
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [datoteka.fs :as fs]
   [integrant.core :as ig]
   [promesa.exec :as px]
-   [promesa.exec.csp :as sp]))
+   [promesa.exec.csp :as sp])
+  (:import
+   java.nio.file.Files))

 (def default-tmp-dir "/tmp/penpot")

@ -76,11 +79,9 @@
  [& {:keys [suffix prefix min-age]
      :or {prefix "penpot."
           suffix ".tmp"}}]
-  (let [path (fs/create-tempfile
-              :perms "rw-r--r--"
-              :dir default-tmp-dir
-              :suffix suffix
-              :prefix prefix)]
+  (let [attrs (fs/make-permissions "rw-r--r--")
+        path  (fs/join default-tmp-dir (str prefix (uuid/next) suffix))
+        path  (Files/createFile path attrs)]
    (fs/delete-on-exit! path)
    (sp/offer! queue [path (some-> min-age dt/duration)])
    path))