diff options
| author | murilo ijanc | 2026-03-25 15:26:44 -0300 |
|---|---|---|
| committer | murilo ijanc | 2026-03-25 15:30:45 -0300 |
| commit | 62b68cc461b5e298add3ab190fe9a38f3efefe7a (patch) | |
| tree | 8a5d62e2ab6736ae19d55b86f193537d58f6b45b /src/store.rs | |
| parent | b6e3f14ebd0601b1604dcb29fba07b6446a140b7 (diff) | |
| download | tesseras-paste-62b68cc461b5e298add3ab190fe9a38f3efefe7a.tar.gz | |
Harden identity key permissions, atomic writes, and HTTP method
- Write identity.key with mode 0600 to prevent other users from
reading the Ed25519 private seed
- Use destination filename in atomic_write temp path to avoid
collisions between concurrent writes to different files
- Reject HTTP methods other than GET/HEAD with 405
- Return "Hello Tesseras World" on GET /
Diffstat (limited to 'src/store.rs')
| -rw-r--r-- | src/store.rs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/store.rs b/src/store.rs index 98c5481..04d7414 100644 --- a/src/store.rs +++ b/src/store.rs @@ -182,7 +182,8 @@ impl PasteStore { /// corruption if the process is killed mid-write. fn atomic_write(path: &Path, chunks: &[&[u8]]) -> std::io::Result<()> { let parent = path.parent().unwrap_or(Path::new(".")); - let tmp = parent.join(format!(".tmp.{}", std::process::id())); + let name = path.file_name().and_then(|n| n.to_str()).unwrap_or("tmp"); + let tmp = parent.join(format!(".tmp.{}.{}", std::process::id(), name)); let mut f = fs::File::create(&tmp)?; for chunk in chunks { f.write_all(chunk)?; |