From 824769dee2e89ef75b0c59e91d5ede5f2c815213 Mon Sep 17 00:00:00 2001
From: DanyLE <xsang.le@gmail.com>
Date: Sun, 17 Mar 2024 19:02:14 +0100
Subject: [PATCH] feat: AssetController shall denies access to files in folder
 that has a .DENIED file

---
 configure.ac               |  2 +-
 silkmvc/BaseController.lua | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9ca8a16..7608ce5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 # initialise autoconf and set up some basic information about the program we’re packaging
-AC_INIT([silk], [0.1.1], [xsang.le@gmail.com])
+AC_INIT([silk], [0.2.0], [xsang.le@gmail.com])
 
 # We’re going to use automake for this project
 # [subdir-objects] if needed
diff --git a/silkmvc/BaseController.lua b/silkmvc/BaseController.lua
index 352a2f4..b703d67 100644
--- a/silkmvc/BaseController.lua
+++ b/silkmvc/BaseController.lua
@@ -93,8 +93,19 @@ function AssetController:index(...)
 end
 
 function AssetController:get(...)
-    local path = WWW_ROOT..DIR_SEP..implode({...}, DIR_SEP)
-
+    -- check for access in all parent DIR
+    local DENIEDF = ".DENIED"
+    local curr_dir = WWW_ROOT
+    local args = {...}
+    for i, v in ipairs(explode(args[1], "/")) do
+        LOG_DEBUG("Checking acess for %s", curr_dir)
+        if ulib.exists(curr_dir..DIR_SEP..DENIEDF) then
+            self:error("Access forbidden: "..curr_dir)
+            return false
+        end
+        curr_dir = curr_dir..DIR_SEP..v
+    end
+    local path = WWW_ROOT..DIR_SEP..implode(args, DIR_SEP)
     if self.registry.fileaccess and ulib.exists(path) then
         local mime = std.mimeOf(path)
         if POLICY.mimes[mime] then