CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-05-20 12:42:39 +12:00
Code Issues Projects Releases Wiki Activity

Added a flag to disable ClamAV scans #350

Browse source
This commit is contained in:
Eldad Fux 2020-05-25 16:12:59 +03:00
parent 1cdb8bdf97
commit b59849df22
4 changed files with 58 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Dockerfile
View file

@ -53,6 +53,7 @@ ENV TZ=Asia/Tel_Aviv \
_APP_OPTIONS_ABUSE=enabled \
_APP_OPENSSL_KEY_V1=your-secret-key \
_APP_STORAGE_LIMIT=104857600 \
_APP_STORAGE_ANTIVIRUS=enabled \
_APP_REDIS_HOST=redis \
_APP_REDIS_PORT=6379 \
_APP_DB_HOST=mariadb \

6
app/controllers/api/health.php
View file

@ -218,7 +218,11 @@ $utopia->get('/v1/health/anti-virus')
->label('sdk.method', 'getAntiVirus')
->label('sdk.description', '/docs/references/health/get-storage-anti-virus.md')
->action(
function () use ($response) {
function () use ($request, $response) {
if($request->getServer('_APP_STORAGE_ANTIVIRUS') === 'disabled') { // Check if scans are enabled
throw new Exception('Anitvirus is disabled');
}
$antiVirus = new Network('clamav', 3310);
$response->json([

94
app/controllers/api/storage.php
View file

@ -179,8 +179,6 @@ $utopia->post('/v1/storage/files')
throw new Exception('File size not allowed', 400);
}
$antiVirus = new Network('clamav', 3310);
/*
* Models
*/
@ -200,10 +198,14 @@ $utopia->post('/v1/storage/files')
$mimeType = $device->getFileMimeType($path); // Get mime-type before compression and encryption
// Check if file size is exceeding allowed limit
if (!$antiVirus->fileScan($path)) {
$device->delete($path);
throw new Exception('Invalid file', 403);
if($request->getServer('_APP_STORAGE_ANTIVIRUS') === 'enabled') { // Check if scans are enabled
$antiVirus = new Network('clamav', 3310);
// Check if file size is exceeding allowed limit
if (!$antiVirus->fileScan($path)) {
$device->delete($path);
throw new Exception('Invalid file', 403);
}
}
// Compression
@ -654,53 +656,53 @@ $utopia->delete('/v1/storage/files/:fileId')
}
);
$utopia->get('/v1/storage/files/:fileId/scan')
->desc('Scan Storage')
->label('scope', 'god')
->label('sdk.platform', [APP_PLATFORM_CLIENT, APP_PLATFORM_SERVER])
->label('sdk.namespace', 'storage')
->label('sdk.method', 'getFileScan')
->label('sdk.hide', true)
->param('fileId', '', function () { return new UID(); }, 'File unique ID.')
->param('storage', 'local', function () { return new WhiteList(['local']);})
->action(
function ($fileId, $storage) use ($response, $request, $projectDB) {
$file = $projectDB->getDocument($fileId);
// $utopia->get('/v1/storage/files/:fileId/scan')
// ->desc('Scan Storage')
// ->label('scope', 'god')
// ->label('sdk.platform', [APP_PLATFORM_CLIENT, APP_PLATFORM_SERVER])
// ->label('sdk.namespace', 'storage')
// ->label('sdk.method', 'getFileScan')
// ->label('sdk.hide', true)
// ->param('fileId', '', function () { return new UID(); }, 'File unique ID.')
// ->param('storage', 'local', function () { return new WhiteList(['local']);})
// ->action(
// function ($fileId, $storage) use ($response, $request, $projectDB) {
// $file = $projectDB->getDocument($fileId);
if (empty($file->getId()) || Database::SYSTEM_COLLECTION_FILES != $file->getCollection()) {
throw new Exception('File not found', 404);
}
// if (empty($file->getId()) || Database::SYSTEM_COLLECTION_FILES != $file->getCollection()) {
// throw new Exception('File not found', 404);
// }
$path = $file->getAttribute('path', '');
// $path = $file->getAttribute('path', '');
if (!file_exists($path)) {
throw new Exception('File not found in '.$path, 404);
}
// if (!file_exists($path)) {
// throw new Exception('File not found in '.$path, 404);
// }
$compressor = new GZIP();
$device = Storage::getDevice($storage);
// $compressor = new GZIP();
// $device = Storage::getDevice($storage);
$source = $device->read($path);
// $source = $device->read($path);
if (!empty($file->getAttribute('fileOpenSSLCipher'))) { // Decrypt
$source = OpenSSL::decrypt(
$source,
$file->getAttribute('fileOpenSSLCipher'),
$request->getServer('_APP_OPENSSL_KEY_V'.$file->getAttribute('fileOpenSSLVersion')),
0,
hex2bin($file->getAttribute('fileOpenSSLIV')),
hex2bin($file->getAttribute('fileOpenSSLTag'))
);
}
// if (!empty($file->getAttribute('fileOpenSSLCipher'))) { // Decrypt
// $source = OpenSSL::decrypt(
// $source,
// $file->getAttribute('fileOpenSSLCipher'),
// $request->getServer('_APP_OPENSSL_KEY_V'.$file->getAttribute('fileOpenSSLVersion')),
// 0,
// hex2bin($file->getAttribute('fileOpenSSLIV')),
// hex2bin($file->getAttribute('fileOpenSSLTag'))
// );
// }
$source = $compressor->decompress($source);
// $source = $compressor->decompress($source);
$antiVirus = new Network('clamav', 3310);
// $antiVirus = new Network('clamav', 3310);
//var_dump($antiVirus->ping());
//var_dump($antiVirus->version());
//var_dump($antiVirus->fileScan('/storage/uploads/app-1/5/9/f/e/59fecaed49645.pdf'));
// //var_dump($antiVirus->ping());
// //var_dump($antiVirus->version());
// //var_dump($antiVirus->fileScan('/storage/uploads/app-1/5/9/f/e/59fecaed49645.pdf'));
//$response->json($antiVirus->continueScan($device->getRoot()));
}
);
// //$response->json($antiVirus->continueScan($device->getRoot()));
// }
// );

4
docs/tutorials/environment-variables.md
View file

@ -20,6 +20,10 @@ This is your server private secret key that is used to encrypt all sensitive dat
Maximun file size allowed for file upload. The deafult value is 100MB limitation. You should pass your size limit value in bytes.
### _APP_STORAGE_ANTIVIRUS
This variable allows you to disable internal anti-virus scans. By default, this value is set to 'enabled' to cancel the scans, set the value to 'disabled'. When disabled, it's recommended to turn off the ClamAV container for better resource usage.
### _APP_CONSOLE_WHITELIST_EMAILS
This option allows you to limit creation of users to Appwrite console. This option is very useful for small teams or sole developers. To enable it, pass a list of allowed email addresses separated by a comma.