Return generic message when Send not available

This should help avoid leaking information about (non)existence of Send and be more in line with what official server returns.
4 years ago · 4b6a574ee0
parent f9ebb780f9
commit 4b6a574ee0
1 changed files with 10 additions and 10 deletions
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@ -228,27 +228,27 @@ pub struct SendAccessData {
 fn post_access(access_id: String, data: JsonUpcase<SendAccessData>, conn: DbConn) -> JsonResult {
    let mut send = match Send::find_by_access_id(&access_id, &conn) {
        Some(s) => s,
-        None => err_code!("Send not found", 404),
+        None => err_code!("Send does not exist or is no longer available", 404),
    };

    if let Some(max_access_count) = send.max_access_count {
        if send.access_count >= max_access_count {
-            err_code!("Max access count reached", 404);
+            err_code!("Send does not exist or is no longer available", 404);
        }
    }

    if let Some(expiration) = send.expiration_date {
        if Utc::now().naive_utc() >= expiration {
-            err_code!("Send has expired", 404)
+            err_code!("Send does not exist or is no longer available", 404)
        }
    }

    if Utc::now().naive_utc() >= send.deletion_date {
-        err_code!("Send has been deleted", 404)
+        err_code!("Send does not exist or is no longer available", 404)
    }

    if send.disabled {
-        err_code!("Send has been disabled", 404)
+        err_code!("Send does not exist or is no longer available", 404)
    }

    if send.password_hash.is_some() {
@ -279,27 +279,27 @@ fn post_access_file(
 ) -> JsonResult {
    let mut send = match Send::find_by_uuid(&send_id, &conn) {
        Some(s) => s,
-        None => err_code!("Send not found", 404),
+        None => err_code!("Send does not exist or is no longer available", 404),
    };

    if let Some(max_access_count) = send.max_access_count {
        if send.access_count >= max_access_count {
-            err_code!("Max access count reached", 404);
+            err_code!("Send does not exist or is no longer available", 404)
        }
    }

    if let Some(expiration) = send.expiration_date {
        if Utc::now().naive_utc() >= expiration {
-            err_code!("Send has expired", 404)
+            err_code!("Send does not exist or is no longer available", 404)
        }
    }

    if Utc::now().naive_utc() >= send.deletion_date {
-        err_code!("Send has been deleted", 404)
+        err_code!("Send does not exist or is no longer available", 404)
    }

    if send.disabled {
-        err_code!("Send has been disabled", 404)
+        err_code!("Send does not exist or is no longer available", 404)
    }

    if send.password_hash.is_some() {