From 0e8144b82c0417d8b121b1f074a9df3f655b35f6 Mon Sep 17 00:00:00 2001 From: James Eversole Date: Sat, 17 Feb 2024 08:41:39 -0600 Subject: [PATCH] Don't allow configuration of dbFile path or name; use the DATADIR and a hardcoded path --- examples/.env.example | 1 - src/Core/Configuration.hs | 4 ++-- src/Core/HTTP.hs | 2 +- src/Core/SQLite.hs | 3 +-- src/Feature/Sharing/HTTP.hs | 2 +- src/Feature/Sharing/SQLite.hs | 23 ++++++++++------------- 6 files changed, 15 insertions(+), 20 deletions(-) diff --git a/examples/.env.example b/examples/.env.example index 08da2d5..9eee3b6 100644 --- a/examples/.env.example +++ b/examples/.env.example @@ -2,6 +2,5 @@ ENVIRONMENT="production" APPLICATIONHOST="localhost" APPLICATIONPORT="3000" DATADIR="./" -DBFILE="data/Purr.sqlite" LINKLENGTH="24" ADMINEMAIL="admin@purr.example.com" diff --git a/src/Core/Configuration.hs b/src/Core/Configuration.hs index 8061ecf..49dedf1 100644 --- a/src/Core/Configuration.hs +++ b/src/Core/Configuration.hs @@ -33,8 +33,8 @@ appPort = getEnv "APPLICATIONPORT" dataPath :: IO String dataPath = getEnv "DATADIR" -dbPath :: IO String -dbPath = getEnv "DBFILE" +dbPath :: String +dbPath = "data/Purr.sqlite" confLinkLength :: IO String confLinkLength = getEnv "LINKLENGTH" diff --git a/src/Core/HTTP.hs b/src/Core/HTTP.hs index 69c98f9..f22ec3d 100644 --- a/src/Core/HTTP.hs +++ b/src/Core/HTTP.hs @@ -1,6 +1,6 @@ module Core.HTTP ( app ) where -import Core.Configuration (dbPath, adminEmail, confLinkLength) +import Core.Configuration (adminEmail, confLinkLength) import Core.Types import Core.Templates (renderIndex, renderStyle) diff --git a/src/Core/SQLite.hs b/src/Core/SQLite.hs index ee275b2..bcb7649 100644 --- a/src/Core/SQLite.hs +++ b/src/Core/SQLite.hs @@ -11,8 +11,7 @@ import qualified Data.Text as T main :: IO () main = do - db <- dbPath - conn <- open db + conn <- open dbPath execute_ conn "CREATE TABLE IF NOT EXISTS pws\ \ (link TEXT PRIMARY KEY,\ diff --git a/src/Feature/Sharing/HTTP.hs b/src/Feature/Sharing/HTTP.hs index b2d67f3..e859347 100644 --- a/src/Feature/Sharing/HTTP.hs +++ b/src/Feature/Sharing/HTTP.hs @@ -1,6 +1,6 @@ module Feature.Sharing.HTTP ( routes ) where -import Core.Configuration (dbPath, adminEmail, confLinkLength) +import Core.Configuration (adminEmail, confLinkLength) import Core.Templates (renderIndex) import Core.Types diff --git a/src/Feature/Sharing/SQLite.hs b/src/Feature/Sharing/SQLite.hs index f9d705d..acf4aa1 100644 --- a/src/Feature/Sharing/SQLite.hs +++ b/src/Feature/Sharing/SQLite.hs @@ -22,19 +22,17 @@ import qualified Data.Text.Lazy as LT findByLink :: String -> PurrAction (Maybe T.Text) findByLink link = do - db <- liftIO dbPath key <- liftIO encKey - conn <- liftIO $ open db + conn <- liftIO $ open dbPath res <- liftIO $ query conn "SELECT * from pws WHERE link = ?" (Only (last $ splitOn "/" link)) liftIO $ close conn readEncryptedSecret key res readEncryptedSecret :: B.ByteString -> [SecretEntry] -> PurrAction (Maybe T.Text) readEncryptedSecret key secret = do - db <- liftIO dbPath let secNonce = nonce $ safeHead failedSecret secret - liftIO $ incViews secret db - delete <- liftIO $ deleteExpiredSecret secret db + liftIO $ incViews secret dbPath + delete <- liftIO $ deleteExpiredSecret secret dbPath case secret of [] -> return Nothing (x:_) -> if (delete) @@ -43,8 +41,8 @@ readEncryptedSecret key secret = do where incViews :: [SecretEntry] -> String -> IO () incViews [] _ = return () - incViews (secret : _) db = do - conn <- open db + incViews (secret : _) dbPath = do + conn <- open dbPath execute conn "UPDATE pws SET views = views + 1 WHERE link = ?" (Only (link secret)) close conn @@ -53,15 +51,15 @@ readEncryptedSecret key secret = do -- provide the successfully retrieved secret to the requestor. deleteExpiredSecret :: [SecretEntry] -> String -> IO Bool deleteExpiredSecret [] _ = return False -deleteExpiredSecret (sec : _) db = do +deleteExpiredSecret (sec : _) dbPath = do time <- epochTime if ((date sec) + ((life sec) * 86400) < time) || (views sec >= maxViews sec) - then deleteSec sec db + then deleteSec sec dbPath else return False where deleteSec :: SecretEntry -> String -> IO Bool - deleteSec sec db = do - conn <- open db + deleteSec sec dbPath = do + conn <- open dbPath execute conn "DELETE FROM pws WHERE link = ?" (Only (link sec)) close conn @@ -69,11 +67,10 @@ deleteExpiredSecret (sec : _) db = do insertNewSecret :: T.Text -> Integer -> T.Text -> Integer -> PurrAction () insertNewSecret sec life link maxViews = do - db <- liftIO dbPath key <- liftIO encKey nonce <- liftIO Box.newNonce let encSec = encryptSecret key sec nonce - conn <- liftIO $ open db + conn <- liftIO $ open dbPath time <- liftIO epochTime liftIO $ execute conn "INSERT INTO pws (link, secret, nonce, date, life, views, maxViews) VALUES (?, ?, ?, ?, ?, ?, ?)"