lew/guestbook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lew:ae3bd23e4b2e8dd4d3cb939ff13ac300660863e0
Branches Tags
lew:main
...
compare: lew:1d993fb6cc7663841846dcfa2ee83f9bc15546e5
Branches Tags
lew:main

2 commits
ae3bd23e4b ... 1d993fb6cc

Author SHA1 Message Date
lew
1d993fb6cc cargo: patch bump 2026-04-27 20:11:06 +01:00
lew
2fc2a2c06d feat: atomic writes for entries, and better collision security 2026-04-27 20:10:13 +01:00
4 changed files with 77 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Cargo.lock generated
View file

@ -470,7 +470,7 @@ dependencies = [
[[package]]
name = "guestbook"
version = "0.2.7"
version = "0.2.8"
dependencies = [
"axum",
"base64 0.22.1",

2
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
name = "guestbook"
version = "0.2.7"
version = "0.2.8"
edition = "2021"
description = "A configurable, self-hosted guestbook for the web, allowing visitors to leave behind messages, drawings, and voice notes, with spam-prevention and moderation via Telegram bot."
license = "MIT"

31
src/entries.rs
View file

@ -1,6 +1,32 @@
use rand::Rng;
use serde::{Deserialize, Serialize};
use std::io::Write;
use std::path::Path;
pub fn write_atomic(path: &Path, contents: &[u8]) -> std::io::Result<()> {
let parent = path.parent().ok_or_else(|| {
std::io::Error::new(std::io::ErrorKind::InvalidInput, "path has no parent")
})?;
let filename = path
.file_name()
.and_then(|n| n.to_str())
.ok_or_else(|| std::io::Error::new(std::io::ErrorKind::InvalidInput, "bad filename"))?;
let suffix: u32 = rand::rng().random();
let tmp = parent.join(format!(".{filename}.{suffix:08x}.tmp"));
let mut f = std::fs::File::create(&tmp)?;
f.write_all(contents)?;
f.sync_all()?;
drop(f);
if let Err(e) = std::fs::rename(&tmp, path) {
let _ = std::fs::remove_file(&tmp);
return Err(e);
}
if let Ok(dir) = std::fs::File::open(parent) {
let _ = dir.sync_all();
}
Ok(())
}
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum Status {
@ -149,17 +175,16 @@ pub fn append_reply(dir: &Path, id: &str, reply: &str) -> Result<String, String>
entry.body.push_str("\n\n");
entry.body.push_str(&quoted);
let path = dir.join(format!("{}.txt", entry.id));
std::fs::write(&path, entry.to_file_contents()).map_err(|e| e.to_string())?;
write_atomic(&path, entry.to_file_contents().as_bytes()).map_err(|e| e.to_string())?;
Ok(entry.meta.name.clone())
}
#[cfg(any(feature = "telegram", test))]
/// Find an entry file by ID and update its status.
pub fn set_status(dir: &Path, short_id: &str, status: Status) -> Result<String, String> {
let mut entry = find_entry(dir, short_id)?;
entry.meta.status = status;
let path = dir.join(format!("{}.txt", entry.id));
std::fs::write(&path, entry.to_file_contents()).map_err(|e| e.to_string())?;
write_atomic(&path, entry.to_file_contents().as_bytes()).map_err(|e| e.to_string())?;
Ok(entry.meta.name.clone())
}

65
src/web.rs
View file

@ -49,13 +49,20 @@ pub fn router(state: Arc<AppState>) -> Router {
.with_state(state)
}
fn generate_id(entries_dir: &std::path::Path) -> String {
fn generate_id(entries_dir: &std::path::Path) -> std::io::Result<String> {
const CHARS: &[u8] = b"0123456789abcdefghijklmnopqrstuvwxyz";
let mut rng = rand::rng();
loop {
let id: String = (0..4).map(|_| CHARS[rng.random_range(0..36)] as char).collect();
if !entries_dir.join(format!("{id}.txt")).exists() {
return id;
let path = entries_dir.join(format!("{id}.txt"));
match std::fs::OpenOptions::new()
.write(true)
.create_new(true)
.open(&path)
{
Ok(_) => return Ok(id),
Err(e) if e.kind() == std::io::ErrorKind::AlreadyExists => continue,
Err(e) => return Err(e),
}
}
}
@ -272,19 +279,33 @@ async fn submit(
let now = chrono::Utc::now();
let date = now.format("%Y-%m-%dT%H:%M:%S").to_string();
let id = generate_id(&state.config.data_dir.join("entries"));
let filename = format!("{id}.txt");
// Save drawing with the same ID as the entry
let entries_dir = state.config.data_dir.join("entries");
if let Err(e) = std::fs::create_dir_all(&entries_dir) {
tracing::error!("failed to create entries directory: {e}");
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
let id = match generate_id(&entries_dir) {
Ok(id) => id,
Err(e) => {
tracing::error!("failed to reserve entry id: {e}");
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
};
let filename = format!("{id}.txt");
let path = entries_dir.join(&filename);
let drawing_filename = if let Some(ref bytes) = drawing_bytes {
let drawing_name = format!("{id}.png");
let drawings_dir = state.config.data_dir.join("drawings");
if let Err(e) = std::fs::create_dir_all(&drawings_dir) {
tracing::error!("failed to create drawings directory: {e}");
let _ = std::fs::remove_file(&path);
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
if let Err(e) = std::fs::write(drawings_dir.join(&drawing_name), bytes) {
if let Err(e) = entries::write_atomic(&drawings_dir.join(&drawing_name), bytes) {
tracing::error!("failed to write drawing: {e}");
let _ = std::fs::remove_file(&path);
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
drawing_name
@ -297,10 +318,18 @@ async fn submit(
let vn_dir = state.config.data_dir.join("voice_notes");
if let Err(e) = std::fs::create_dir_all(&vn_dir) {
tracing::error!("failed to create voice notes directory: {e}");
let _ = std::fs::remove_file(&path);
if !drawing_filename.is_empty() {
let _ = std::fs::remove_file(state.config.data_dir.join("drawings").join(&drawing_filename));
}
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
if let Err(e) = std::fs::write(vn_dir.join(&vn_name), bytes) {
if let Err(e) = entries::write_atomic(&vn_dir.join(&vn_name), bytes) {
tracing::error!("failed to write voice note: {e}");
let _ = std::fs::remove_file(&path);
if !drawing_filename.is_empty() {
let _ = std::fs::remove_file(state.config.data_dir.join("drawings").join(&drawing_filename));
}
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
vn_name
@ -314,22 +343,22 @@ async fn submit(
name,
date,
website,
drawing: drawing_filename,
voice_note: voice_note_filename,
drawing: drawing_filename.clone(),
voice_note: voice_note_filename.clone(),
status: Status::Pending,
},
body: message,
};
// Write to disk
let entries_dir = state.config.data_dir.join("entries");
if let Err(e) = std::fs::create_dir_all(&entries_dir) {
tracing::error!("failed to create entries directory: {e}");
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}
let path = entries_dir.join(&filename);
if let Err(e) = std::fs::write(&path, entry.to_file_contents()) {
if let Err(e) = entries::write_atomic(&path, entry.to_file_contents().as_bytes()) {
tracing::error!("failed to write entry: {e}");
let _ = std::fs::remove_file(&path);
if !drawing_filename.is_empty() {
let _ = std::fs::remove_file(state.config.data_dir.join("drawings").join(&drawing_filename));
}
if !voice_note_filename.is_empty() {
let _ = std::fs::remove_file(state.config.data_dir.join("voice_notes").join(&voice_note_filename));
}
return Html(render_error_page(&state.config, "Something went wrong. Please try again."));
}