2019-01-05 22:44:33 +00:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/filebrowser/filebrowser/v2/errors"
|
2020-06-06 15:45:51 +00:00
|
|
|
"github.com/filebrowser/filebrowser/v2/files"
|
2019-01-05 22:44:33 +00:00
|
|
|
"github.com/filebrowser/filebrowser/v2/fileutils"
|
|
|
|
)
|
|
|
|
|
|
|
|
var resourceGetHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
file, err := files.NewFileInfo(files.FileOptions{
|
2019-01-05 23:01:16 +00:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: r.URL.Path,
|
|
|
|
Modify: d.user.Perm.Modify,
|
|
|
|
Expand: true,
|
2019-01-05 22:44:33 +00:00
|
|
|
Checker: d,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
if file.IsDir {
|
|
|
|
file.Listing.Sorting = d.user.Sorting
|
|
|
|
file.Listing.ApplySort()
|
|
|
|
return renderJSON(w, r, file)
|
|
|
|
}
|
|
|
|
|
|
|
|
if checksum := r.URL.Query().Get("checksum"); checksum != "" {
|
|
|
|
err := file.Checksum(checksum)
|
|
|
|
if err == errors.ErrInvalidOption {
|
|
|
|
return http.StatusBadRequest, nil
|
|
|
|
} else if err != nil {
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// do not waste bandwidth if we just want the checksum
|
|
|
|
file.Content = ""
|
|
|
|
}
|
|
|
|
|
|
|
|
return renderJSON(w, r, file)
|
|
|
|
})
|
|
|
|
|
|
|
|
var resourceDeleteHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
if r.URL.Path == "/" || !d.user.Perm.Delete {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
err := d.RunHook(func() error {
|
|
|
|
return d.user.Fs.RemoveAll(r.URL.Path)
|
|
|
|
}, "delete", r.URL.Path, "", d.user)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
return http.StatusOK, nil
|
|
|
|
})
|
|
|
|
|
|
|
|
var resourcePostPutHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
if !d.user.Perm.Create && r.Method == http.MethodPost {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if !d.user.Perm.Modify && r.Method == http.MethodPut {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
defer func() {
|
2020-05-31 23:12:36 +00:00
|
|
|
_, _ = io.Copy(ioutil.Discard, r.Body)
|
2019-01-05 22:44:33 +00:00
|
|
|
}()
|
|
|
|
|
|
|
|
// For directories, only allow POST for creation.
|
|
|
|
if strings.HasSuffix(r.URL.Path, "/") {
|
|
|
|
if r.Method == http.MethodPut {
|
|
|
|
return http.StatusMethodNotAllowed, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
err := d.user.Fs.MkdirAll(r.URL.Path, 0775)
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.Method == http.MethodPost && r.URL.Query().Get("override") != "true" {
|
|
|
|
if _, err := d.user.Fs.Stat(r.URL.Path); err == nil {
|
|
|
|
return http.StatusConflict, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err := d.RunHook(func() error {
|
|
|
|
file, err := d.user.Fs.OpenFile(r.URL.Path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0775)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
_, err = io.Copy(file, r.Body)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Gets the info about the file.
|
|
|
|
info, err := file.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
etag := fmt.Sprintf(`"%x%x"`, info.ModTime().UnixNano(), info.Size())
|
|
|
|
w.Header().Set("ETag", etag)
|
|
|
|
return nil
|
|
|
|
}, "upload", r.URL.Path, "", d.user)
|
|
|
|
|
|
|
|
return errToStatus(err), err
|
|
|
|
})
|
|
|
|
|
|
|
|
var resourcePatchHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
src := r.URL.Path
|
|
|
|
dst := r.URL.Query().Get("destination")
|
|
|
|
action := r.URL.Query().Get("action")
|
|
|
|
dst, err := url.QueryUnescape(dst)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
if dst == "/" || src == "/" {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
err = d.RunHook(func() error {
|
2020-06-06 15:45:51 +00:00
|
|
|
switch action {
|
|
|
|
// TODO: use enum
|
|
|
|
case "copy":
|
|
|
|
if !d.user.Perm.Create {
|
|
|
|
return errors.ErrPermissionDenied
|
|
|
|
}
|
2019-01-05 22:44:33 +00:00
|
|
|
return fileutils.Copy(d.user.Fs, src, dst)
|
2020-06-06 15:45:51 +00:00
|
|
|
case "rename":
|
|
|
|
if !d.user.Perm.Rename {
|
|
|
|
return errors.ErrPermissionDenied
|
|
|
|
}
|
|
|
|
return d.user.Fs.Rename(src, dst)
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("unsupported action %s: %w", action, errors.ErrInvalidRequestParams)
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
|
|
|
}, action, src, dst, d.user)
|
|
|
|
|
|
|
|
return errToStatus(err), err
|
|
|
|
})
|