f

2026-01-12 20:10:18 -08:00
parent 2870abf4de
commit 749ffb7e34
3 changed files with 88 additions and 6 deletions
--- a/SYS/config.py
+++ b/SYS/config.py
@@ -693,6 +693,58 @@ def clear_config_cache() -> None:
    _CONFIG_CACHE.clear()


+def _validate_config_safety(config: Dict[str, Any]) -> None:
+    """Check for dangerous configurations, like folder stores in non-empty dirs."""
+    store = config.get("store")
+    if not isinstance(store, dict):
+        return
+
+    folder_stores = store.get("folder")
+    if not isinstance(folder_stores, dict):
+        return
+
+    for name, cfg in folder_stores.items():
+        if not isinstance(cfg, dict):
+            continue
+
+        path_str = cfg.get("path") or cfg.get("PATH")
+        if not path_str:
+            continue
+
+        try:
+            p = expand_path(path_str).resolve()
+            # If the path doesn't exist yet, it's fine (will be created empty)
+            if not p.exists():
+                continue
+
+            if not p.is_dir():
+                continue
+
+            # DB name from API/folder.py
+            db_file = p / "medios-macina.db"
+            if db_file.exists():
+                # Existing portable library, allowed to re-attach
+                continue
+
+            # Check if directory has any files (other than the DB we just checked)
+            items = list(p.iterdir())
+            if items:
+                item_names = [i.name for i in items[:3]]
+                if len(items) > 3:
+                    item_names.append("...")
+                raise RuntimeError(
+                    f"Configuration Error: Local library '{name}' target directory is not empty.\n"
+                    f"Path: {p}\n"
+                    f"Found {len(items)} items: {', '.join(item_names)}\n"
+                    f"To prevent accidental mass-hashing, new libraries must be set to unique, empty folders."
+                )
+        except RuntimeError:
+            raise
+        except Exception:
+            # We don't want to crash on invalid paths during validation if they aren't 'unsafe'
+            pass
+
+
 def save_config(
    config: Dict[str, Any],
    config_dir: Optional[Path] = None,
@@ -706,6 +758,9 @@ def save_config(
            f"Unsupported config format: {config_path.name} (only .conf is supported)"
        )

+    # Safety Check: Validate folder stores are in empty dirs or existing libraries
+    _validate_config_safety(config)
+
    try:
        config_path.write_text(_serialize_conf(config), encoding="utf-8")
    except OSError as exc: