fix: prevent creating new buckets with the name 'public'

Author: itslenny

src/storage/storage.ts

@@ -93,6 +93,10 @@ export class Storage {
 
     mustBeValidBucketName(data.name)
 
+    if (data.name.toLowerCase() === 'public') {
+      throw ERRORS.InvalidBucketName(data.name)
+    }
+
     const bucketData: Parameters<Database['createBucket']>[0] = data
 
     if (typeof data.fileSizeLimit === 'number' || typeof data.fileSizeLimit === 'string') {

src/test/bucket.test.ts

@@ -235,6 +235,24 @@ describe('testing POST bucket', () => {
     expect(response.statusCode).toBe(400)
   })
 
+  test('user is not able to create a bucket with the name "public"', async () => {
+    const response = await appInstance.inject({
+      method: 'POST',
+      url: `/bucket`,
+      headers: {
+        authorization: `Bearer ${process.env.AUTHENTICATED_KEY}`,
+      },
+      payload: {
+        name: 'pUbLiC',
+      },
+    })
+
+    expect(response.statusCode).toBe(400)
+    const { statusCode, error } = await response.json()
+    expect(statusCode).toBe('400')
+    expect(error).toBe('Invalid Input')
+  })
+
   test('user is not able to create a bucket with the leading and trailing spaces', async () => {
     const response = await appInstance.inject({
       method: 'POST',

src/test/s3-protocol.test.ts

@@ -111,6 +111,14 @@ describe('S3 Protocol', () => {
         expect(Location).toBeTruthy()
       })
 
+      it('cannot create a bucket named "public"', async () => {
+        const createBucketRequest = new CreateBucketCommand({
+          Bucket: 'public',
+        })
+
+        await expect(client.send(createBucketRequest)).rejects.toThrow('Bucket name invalid')
+      })
+
       it('can get bucket versioning', async () => {
         const bucket = await createBucket(client)
         const bucketVersioningCommand = new GetBucketVersioningCommand({