multiple files with the same name

[tessus]

One can upload multiple files with the same name, e.g.:

(when random_url is off)
curl -F "file=@x.txt;filename=my_name.txt" <server>

or soon also with

(when random_url is on/off)
curl -F "file=@x.txt" -H "filename:my_name.txt" <server>

This case was never taken into consideration. I thought about it, but there's no easy solution:

1. First I thought about checking for a file with the same name and removing it first. Bad idea, because one can thus replace/delete a file, even without a delete token.

2. Throw an error message when a file with the same name already exists on the server.

3. Adding more metadata to the filename on the server. e.g. append the token. Only a request with the same token may replace a file as described in 1. What to do, when auth tokens are not set? Should everyone be allowed to replace a file? Or just throw a message as in 2. Also, this is a rather big code change.

4. Use a database instead of messing with the filenames on the server. This would be the most clean, but IMO out of the scope of rustypaste. This would already develop towards role based access control and the rewrite would be extensive.

The only viable solution I could come up with was to add another config option, e.g. reject_same_filename. If set to true, an error message is returned, when a file with the same name exists on the server already. If not set, or set to false, the current behavior is observed.

[orhun]

Hey, thanks for looking into this. It is indeed a case that we haven't considered before. I think the most straightforward solution would be:

2. Throw an error message when a file with the same name already exists on the server.

It is just a exists() check and we don't need to talk about anything else. What do you think?

[tessus]

Btw, it is a bit more complicated than just checking for a filename. We have to check whether there is a file there that has not expired yet.
I'll think about the most effective way to test for that.

[orhun]

I see, I was thinking we can write a helper function to get the list of files and their metadata (expiration etc.) then check in that list.

[tessus]

I think there are 2 parts in the code that already do something like that (1. retrieving the list of files on the server (only not expired ones are shown), 2. the part I fixed in #218).

I have to look into it in more detail. This was only off the top of my head. I have to verify if that's actually the case. ;-)

[tessus]

fix is ready. with cargo test and a new fixture. waiting for #246 ...

[orhun]

awesome