From 2fa86f850cb789bc5b154f989623adc5ee9d718b Mon Sep 17 00:00:00 2001 From: Tyler Date: Sun, 11 Jun 2017 03:52:32 -0400 Subject: [PATCH] Add semver parsing to stop overwriting of newer packages --- src/meow.tf/deb-simple/http.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/meow.tf/deb-simple/http.go b/src/meow.tf/deb-simple/http.go index 9db6e7d..d86f75f 100644 --- a/src/meow.tf/deb-simple/http.go +++ b/src/meow.tf/deb-simple/http.go @@ -8,6 +8,7 @@ import ( "log" "encoding/json" "fmt" + "github.com/blang/semver" ) func uploadHandler(config Conf) http.Handler { @@ -35,6 +36,14 @@ func uploadHandler(config Conf) http.Handler { return } + force := false + + forceStr := r.URL.Query().Get("force") + + if forceStr != "" && forceStr == "true" { + force = true + } + reader, err := r.MultipartReader() if err != nil { @@ -109,9 +118,22 @@ func uploadHandler(config Conf) http.Handler { } if p, exists := packages[f.Info.Package]; exists { + v1, err1 := semver.Parse(p.Info.Version) + v2, err2 := semver.Parse(f.Info.Version) + + if err1 == nil && err2 == nil && v1.Compare(v2) > 0 && !force { + // Don't replace newer package + httpErrorf(w, "version in old package is greater than new: %s, %s - override with \"force\"", p.Info.Version, f.Info.Version) + return + } + // Archive old file log.Println("Replacing", p.Name, "with", f.Name) - os.Remove(p.Path) + + if err := os.Remove(p.Path); err != nil { + httpErrorf(w, "Unable to remove old package: %s", err) + return + } } packages[f.Info.Package] = f