Added a flag to disable ClamAV scans #350
This commit is contained in:
parent
1cdb8bdf97
commit
b59849df22
|
@ -53,6 +53,7 @@ ENV TZ=Asia/Tel_Aviv \
|
|||
_APP_OPTIONS_ABUSE=enabled \
|
||||
_APP_OPENSSL_KEY_V1=your-secret-key \
|
||||
_APP_STORAGE_LIMIT=104857600 \
|
||||
_APP_STORAGE_ANTIVIRUS=enabled \
|
||||
_APP_REDIS_HOST=redis \
|
||||
_APP_REDIS_PORT=6379 \
|
||||
_APP_DB_HOST=mariadb \
|
||||
|
|
|
@ -218,7 +218,11 @@ $utopia->get('/v1/health/anti-virus')
|
|||
->label('sdk.method', 'getAntiVirus')
|
||||
->label('sdk.description', '/docs/references/health/get-storage-anti-virus.md')
|
||||
->action(
|
||||
function () use ($response) {
|
||||
function () use ($request, $response) {
|
||||
if($request->getServer('_APP_STORAGE_ANTIVIRUS') === 'disabled') { // Check if scans are enabled
|
||||
throw new Exception('Anitvirus is disabled');
|
||||
}
|
||||
|
||||
$antiVirus = new Network('clamav', 3310);
|
||||
|
||||
$response->json([
|
||||
|
|
|
@ -179,8 +179,6 @@ $utopia->post('/v1/storage/files')
|
|||
throw new Exception('File size not allowed', 400);
|
||||
}
|
||||
|
||||
$antiVirus = new Network('clamav', 3310);
|
||||
|
||||
/*
|
||||
* Models
|
||||
*/
|
||||
|
@ -200,10 +198,14 @@ $utopia->post('/v1/storage/files')
|
|||
|
||||
$mimeType = $device->getFileMimeType($path); // Get mime-type before compression and encryption
|
||||
|
||||
// Check if file size is exceeding allowed limit
|
||||
if (!$antiVirus->fileScan($path)) {
|
||||
$device->delete($path);
|
||||
throw new Exception('Invalid file', 403);
|
||||
if($request->getServer('_APP_STORAGE_ANTIVIRUS') === 'enabled') { // Check if scans are enabled
|
||||
$antiVirus = new Network('clamav', 3310);
|
||||
|
||||
// Check if file size is exceeding allowed limit
|
||||
if (!$antiVirus->fileScan($path)) {
|
||||
$device->delete($path);
|
||||
throw new Exception('Invalid file', 403);
|
||||
}
|
||||
}
|
||||
|
||||
// Compression
|
||||
|
@ -654,53 +656,53 @@ $utopia->delete('/v1/storage/files/:fileId')
|
|||
}
|
||||
);
|
||||
|
||||
$utopia->get('/v1/storage/files/:fileId/scan')
|
||||
->desc('Scan Storage')
|
||||
->label('scope', 'god')
|
||||
->label('sdk.platform', [APP_PLATFORM_CLIENT, APP_PLATFORM_SERVER])
|
||||
->label('sdk.namespace', 'storage')
|
||||
->label('sdk.method', 'getFileScan')
|
||||
->label('sdk.hide', true)
|
||||
->param('fileId', '', function () { return new UID(); }, 'File unique ID.')
|
||||
->param('storage', 'local', function () { return new WhiteList(['local']);})
|
||||
->action(
|
||||
function ($fileId, $storage) use ($response, $request, $projectDB) {
|
||||
$file = $projectDB->getDocument($fileId);
|
||||
// $utopia->get('/v1/storage/files/:fileId/scan')
|
||||
// ->desc('Scan Storage')
|
||||
// ->label('scope', 'god')
|
||||
// ->label('sdk.platform', [APP_PLATFORM_CLIENT, APP_PLATFORM_SERVER])
|
||||
// ->label('sdk.namespace', 'storage')
|
||||
// ->label('sdk.method', 'getFileScan')
|
||||
// ->label('sdk.hide', true)
|
||||
// ->param('fileId', '', function () { return new UID(); }, 'File unique ID.')
|
||||
// ->param('storage', 'local', function () { return new WhiteList(['local']);})
|
||||
// ->action(
|
||||
// function ($fileId, $storage) use ($response, $request, $projectDB) {
|
||||
// $file = $projectDB->getDocument($fileId);
|
||||
|
||||
if (empty($file->getId()) || Database::SYSTEM_COLLECTION_FILES != $file->getCollection()) {
|
||||
throw new Exception('File not found', 404);
|
||||
}
|
||||
// if (empty($file->getId()) || Database::SYSTEM_COLLECTION_FILES != $file->getCollection()) {
|
||||
// throw new Exception('File not found', 404);
|
||||
// }
|
||||
|
||||
$path = $file->getAttribute('path', '');
|
||||
// $path = $file->getAttribute('path', '');
|
||||
|
||||
if (!file_exists($path)) {
|
||||
throw new Exception('File not found in '.$path, 404);
|
||||
}
|
||||
// if (!file_exists($path)) {
|
||||
// throw new Exception('File not found in '.$path, 404);
|
||||
// }
|
||||
|
||||
$compressor = new GZIP();
|
||||
$device = Storage::getDevice($storage);
|
||||
// $compressor = new GZIP();
|
||||
// $device = Storage::getDevice($storage);
|
||||
|
||||
$source = $device->read($path);
|
||||
// $source = $device->read($path);
|
||||
|
||||
if (!empty($file->getAttribute('fileOpenSSLCipher'))) { // Decrypt
|
||||
$source = OpenSSL::decrypt(
|
||||
$source,
|
||||
$file->getAttribute('fileOpenSSLCipher'),
|
||||
$request->getServer('_APP_OPENSSL_KEY_V'.$file->getAttribute('fileOpenSSLVersion')),
|
||||
0,
|
||||
hex2bin($file->getAttribute('fileOpenSSLIV')),
|
||||
hex2bin($file->getAttribute('fileOpenSSLTag'))
|
||||
);
|
||||
}
|
||||
// if (!empty($file->getAttribute('fileOpenSSLCipher'))) { // Decrypt
|
||||
// $source = OpenSSL::decrypt(
|
||||
// $source,
|
||||
// $file->getAttribute('fileOpenSSLCipher'),
|
||||
// $request->getServer('_APP_OPENSSL_KEY_V'.$file->getAttribute('fileOpenSSLVersion')),
|
||||
// 0,
|
||||
// hex2bin($file->getAttribute('fileOpenSSLIV')),
|
||||
// hex2bin($file->getAttribute('fileOpenSSLTag'))
|
||||
// );
|
||||
// }
|
||||
|
||||
$source = $compressor->decompress($source);
|
||||
// $source = $compressor->decompress($source);
|
||||
|
||||
$antiVirus = new Network('clamav', 3310);
|
||||
// $antiVirus = new Network('clamav', 3310);
|
||||
|
||||
//var_dump($antiVirus->ping());
|
||||
//var_dump($antiVirus->version());
|
||||
//var_dump($antiVirus->fileScan('/storage/uploads/app-1/5/9/f/e/59fecaed49645.pdf'));
|
||||
// //var_dump($antiVirus->ping());
|
||||
// //var_dump($antiVirus->version());
|
||||
// //var_dump($antiVirus->fileScan('/storage/uploads/app-1/5/9/f/e/59fecaed49645.pdf'));
|
||||
|
||||
//$response->json($antiVirus->continueScan($device->getRoot()));
|
||||
}
|
||||
);
|
||||
// //$response->json($antiVirus->continueScan($device->getRoot()));
|
||||
// }
|
||||
// );
|
||||
|
|
|
@ -20,6 +20,10 @@ This is your server private secret key that is used to encrypt all sensitive dat
|
|||
|
||||
Maximun file size allowed for file upload. The deafult value is 100MB limitation. You should pass your size limit value in bytes.
|
||||
|
||||
### _APP_STORAGE_ANTIVIRUS
|
||||
|
||||
This variable allows you to disable internal anti-virus scans. By default, this value is set to 'enabled' to cancel the scans, set the value to 'disabled'. When disabled, it's recommended to turn off the ClamAV container for better resource usage.
|
||||
|
||||
### _APP_CONSOLE_WHITELIST_EMAILS
|
||||
|
||||
This option allows you to limit creation of users to Appwrite console. This option is very useful for small teams or sole developers. To enable it, pass a list of allowed email addresses separated by a comma.
|
||||
|
|
Loading…
Reference in a new issue