fix: add IP change detection during chunked uploads to enhance security

PlusOne · Jan 31, 2025 · f229c64 · f229c64
1 parent c63bef6
commit f229c64
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -2092,6 +2092,7 @@ func handleChunkedUpload(tempFilename string, r *http.Request, chunkSize int) er
 	buffer := make([]byte, chunkSize)
 
 	totalBytes := int64(0)
+	originalIP := r.RemoteAddr
 	for {
 		n, err := r.Body.Read(buffer)
 		if err != nil && err != io.EOF {
@@ -2101,6 +2102,12 @@ func handleChunkedUpload(tempFilename string, r *http.Request, chunkSize int) er
 			break
 		}
 
+		currentIP := r.RemoteAddr
+		if currentIP != originalIP {
+			log.Warnf("IP changed from %s to %s, terminating transfer", originalIP, currentIP)
+			return fmt.Errorf("client IP changed during transfer")
+		}
+
 		_, err = writer.Write(buffer[:n])
 		if err != nil {
 			return fmt.Errorf("failed to write to file: %v", err)