From 403d0a5c5ab04f7929b8b037b9c1f192bdac341d Mon Sep 17 00:00:00 2001
From: Max Asnaashari <max.asnaashari@canonical.com>
Date: Wed, 4 Sep 2024 19:22:41 +0000
Subject: [PATCH] api: Semi explicit

Signed-off-by: Max Asnaashari <max.asnaashari@canonical.com>
---
 api/services_tokens.go | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/api/services_tokens.go b/api/services_tokens.go
index 32c8abd1a..2337c39f2 100644
--- a/api/services_tokens.go
+++ b/api/services_tokens.go
@@ -2,7 +2,6 @@ package api
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -31,18 +30,13 @@ var ServiceTokensCmd = func(sh *service.Handler) rest.Endpoint {
 }
 
 func IsSafeVarPath(path string) error {
-	absPath, err := filepath.Abs(path)
-	if err != nil {
-		return err
-	}
-
-	varDir := os.Getenv("LXD_DIR")
-	if varDir == "" {
-		varDir = "/var/lib/lxd"
+	if strings.Contains(path, "/") || strings.Contains(path, "\\") || strings.Contains(path, "..") {
+		return fmt.Errorf("test err")
 	}
 
-	if !strings.HasPrefix(absPath, varDir) {
-		return errors.New("Absolute path is outside the default LXD path")
+	_, err := filepath.Abs(path)
+	if err != nil {
+		return err
 	}
 
 	return nil
@@ -70,15 +64,6 @@ func serviceTokensPost(s *state.State, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	if strings.Contains(req.JoinerName, "/") || strings.Contains(req.JoinerName, "\\") || strings.Contains(req.JoinerName, "..") {
-		return response.SmartError(err)
-	}
-
-	_, err = filepath.Abs(req.JoinerName)
-	if err != nil {
-		return response.SmartError(err)
-	}
-
 	_ = os.MkdirAll(req.JoinerName, 0700)
 
 	sh, err := service.NewHandler(s.Name(), req.ClusterAddress, s.OS.StateDir, false, false, types.ServiceType(serviceType))