From 403ded509a3d409215336d3d01b323e09e1cdc8a Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Tue, 15 Oct 2024 22:23:09 +0200
Subject: [PATCH] Fix main

---
 backend/cmd/server/main.go                | 49 +++++++++++------------
 backend/internal/filesystem/filesystem.go |  2 +-
 2 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go
index fbdfb43..3cdf6d3 100644
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
@@ -36,17 +37,7 @@ func main() {
 		workdir = "./data"
 	}
 
-	settings, err := database.GetSettings(1) // Assuming user ID 1 for now
-	if err != nil {
-		log.Print("Settings not found, using default settings")
-	}
-	fs := filesystem.New(workdir, &settings)
-
-	if settings.Settings.GitEnabled {
-		if err := fs.InitializeGitRepo(); err != nil {
-			log.Fatal(err)
-		}
-	}
+	fs := filesystem.New(workdir)
 
 	// Set up router
 	r := chi.NewRouter()
@@ -64,21 +55,27 @@ func main() {
 		staticPath = "../frontend/dist"
 	}
 	fileServer := http.FileServer(http.Dir(staticPath))
-	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
-		requestedPath := r.URL.Path
-		validatedPath, err := filesystem.ValidatePath(staticPath, requestedPath)
-		if err != nil {
-			http.Error(w, "Invalid path", http.StatusBadRequest)
-			return
-		}
+	r.Get(
+		"/*",
+		func(w http.ResponseWriter, r *http.Request) {
+			requestedPath := r.URL.Path
 
-		_, err = os.Stat(validatedPath)
-		if os.IsNotExist(err) {
-			http.ServeFile(w, r, filepath.Join(staticPath, "index.html"))
-			return
-		}
-		http.StripPrefix("/", fileServer).ServeHTTP(w, r)
-	})
+			fullPath := filepath.Join(staticPath, requestedPath)
+			cleanPath := filepath.Clean(fullPath)
+
+			if !strings.HasPrefix(cleanPath, staticPath) {
+				http.Error(w, "Invalid path", http.StatusBadRequest)
+				return
+			}
+
+			_, err = os.Stat(cleanPath)
+			if os.IsNotExist(err) {
+				http.ServeFile(w, r, filepath.Join(staticPath, "index.html"))
+				return
+			}
+			http.StripPrefix("/", fileServer).ServeHTTP(w, r)
+		},
+	)
 
 	// Start server
 	port := os.Getenv("NOVAMD_PORT")
@@ -87,4 +84,4 @@ func main() {
 	}
 	log.Printf("Server starting on port %s", port)
 	log.Fatal(http.ListenAndServe(":"+port, r))
-}
\ No newline at end of file
+}
diff --git a/backend/internal/filesystem/filesystem.go b/backend/internal/filesystem/filesystem.go
index 3007f9d..5de8c27 100644
--- a/backend/internal/filesystem/filesystem.go
+++ b/backend/internal/filesystem/filesystem.go
@@ -194,4 +194,4 @@ func (fs *FileSystem) getGitRepo(userID, workspaceID int) (*gitutils.GitRepo, bo
 	}
 	repo, ok := userRepos[workspaceID]
 	return repo, ok
-}
\ No newline at end of file
+}