Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-02-02 04:19:08 -05:00
Code Issues Activity

Add safer mechanism for tempfile naming

Browse source 
Using a uuidv8 that has strong guarranties about councurrent
ids generation that a simple random long
This commit is contained in:
Andrey Antukh 2024-10-25 14:23:27 +02:00
parent f1b82e289d
commit 591788403a
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
backend/src/app/storage/tmp.clj
View file

@ -11,13 +11,16 @@
permanently delete these files (look at systemd-tempfiles)." permanently delete these files (look at systemd-tempfiles)."
(:require (:require
[app.common.logging :as l] [app.common.logging :as l]
[app.common.uuid :as uuid]
[app.util.time :as dt] [app.util.time :as dt]
[app.worker :as wrk] [app.worker :as wrk]
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[datoteka.fs :as fs] [datoteka.fs :as fs]
[integrant.core :as ig] [integrant.core :as ig]
[promesa.exec :as px] [promesa.exec :as px]
[promesa.exec.csp :as sp])) [promesa.exec.csp :as sp])
(:import
java.nio.file.Files))
(def default-tmp-dir "/tmp/penpot") (def default-tmp-dir "/tmp/penpot")
@ -76,11 +79,9 @@
[& {:keys [suffix prefix min-age] [& {:keys [suffix prefix min-age]
:or {prefix "penpot." :or {prefix "penpot."
suffix ".tmp"}}] suffix ".tmp"}}]
(let [path (fs/create-tempfile (let [attrs (fs/make-permissions "rw-r--r--")
:perms "rw-r--r--" path (fs/join default-tmp-dir (str prefix (uuid/next) suffix))
:dir default-tmp-dir path (Files/createFile path attrs)]
:suffix suffix
:prefix prefix)]
(fs/delete-on-exit! path) (fs/delete-on-exit! path)
(sp/offer! queue [path (some-> min-age dt/duration)]) (sp/offer! queue [path (some-> min-age dt/duration)])
path)) path))