jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

appstore: validate the id and the version

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-06-15 17:08:42 +02:00
parent 825fe21bd9
commit ba0ab68f50
2 changed files with 13 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/appstore.js
+6 -3
View File
@@ -40,6 +40,7 @@ const apps = require('./apps.js'),
dashboard = require('./dashboard.js'),
debug = require('debug')('box:appstore'),
eventlog = require('./eventlog.js'),
manifestFormat = require('cloudron-manifestformat'),
network = require('./network.js'),
path = require('path'),
paths = require('./paths.js'),
@@ -415,9 +416,11 @@ async function downloadManifest(appStoreId, manifest) {
if (!appStoreId) return { appStoreId: '', manifest };
const parts = appStoreId.split('@');
const [id, version] = appStoreId.split('@');
if (!manifestFormat.isId(id)) throw new BoxError(BoxError.BAD_FIELD, 'appStoreId is not valid');
if (version && !semver.valid(version)) throw new BoxError(BoxError.BAD_FIELD, 'package version is not valid semver');
const url = await getApiServerOrigin() + '/api/v1/apps/' + parts[0] + (parts[1] ? '/versions/' + parts[1] : '');
const url = await getApiServerOrigin() + '/api/v1/apps/' + id + (version ? '/versions/' + version : '');
debug(`downloading manifest from ${url}`);
@@ -429,7 +432,7 @@ async function downloadManifest(appStoreId, manifest) {
if (!response.body.manifest || typeof response.body.manifest !== 'object') throw new BoxError(BoxError.NOT_FOUND, `Missing manifest. Failed to get app info from store. status: ${response.status} text: ${response.text}`);
return { appStoreId: parts[0], manifest: response.body.manifest };
return { appStoreId: id, manifest: response.body.manifest };
}
async function getApps() {