filebrowser/http.go

package filemanager

import (
	"encoding/json"
	"html/template"
	"net/http"
	"os"
	"strings"
	"time"

	"github.com/asdine/storm"
)

// RequestContext contains the needed information to make handlers work.
type RequestContext struct {
	*FileManager
	User *User
	File *file
	// On API handlers, Router is the APi handler we want.
	Router string
}

// serveHTTP is the main entry point of this HTML application.
func serveHTTP(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	// Checks if the URL contains the baseURL and strips it. Otherwise, it just
	// returns a 404 error because we're not supposed to be here!
	p := strings.TrimPrefix(r.URL.Path, c.BaseURL)

	if len(p) >= len(r.URL.Path) && c.BaseURL != "" {
		return http.StatusNotFound, nil
	}

	r.URL.Path = p

	// Check if this request is made to the service worker. If so,
	// pass it through a template to add the needed variables.
	if r.URL.Path == "/sw.js" {
		return renderFile(
			c, w,
			c.assets.MustString("sw.js"),
			"application/javascript",
		)
	}

	// Checks if this request is made to the static assets folder. If so, and
	// if it is a GET request, returns with the asset. Otherwise, returns
	// a status not implemented.
	if matchURL(r.URL.Path, "/static") {
		if r.Method != http.MethodGet {
			return http.StatusNotImplemented, nil
		}

		return staticHandler(c, w, r)
	}

	// Checks if this request is made to the API and directs to the
	// API handler if so.
	if matchURL(r.URL.Path, "/api") {
		r.URL.Path = strings.TrimPrefix(r.URL.Path, "/api")
		return apiHandler(c, w, r)
	}

	// If it is a request to the preview and a static website generator is
	// active, build the preview.
	if strings.HasPrefix(r.URL.Path, "/preview") && c.StaticGen != nil {
		r.URL.Path = strings.TrimPrefix(r.URL.Path, "/preview")
		return c.StaticGen.Preview(c, w, r)
	}

	if strings.HasPrefix(r.URL.Path, "/share/") {
		r.URL.Path = strings.TrimPrefix(r.URL.Path, "/share/")
		return sharePage(c, w, r)
	}

	// Any other request should show the index.html file.
	w.Header().Set("x-frame-options", "SAMEORIGIN")
	w.Header().Set("x-content-type", "nosniff")
	w.Header().Set("x-xss-protection", "1; mode=block")

	return renderFile(
		c, w,
		c.assets.MustString("index.html"),
		"text/html",
	)
}

// staticHandler handles the static assets path.
func staticHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	if r.URL.Path != "/static/manifest.json" {
		http.FileServer(c.assets.HTTPBox()).ServeHTTP(w, r)
		return 0, nil
	}

	return renderFile(
		c, w,
		c.assets.MustString("static/manifest.json"),
		"application/json",
	)
}

// apiHandler is the main entry point for the /api endpoint.
func apiHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	if r.URL.Path == "/auth/get" {
		return authHandler(c, w, r)
	}

	if r.URL.Path == "/auth/renew" {
		return renewAuthHandler(c, w, r)
	}

	valid, _ := validateAuth(c, r)
	if !valid {
		return http.StatusForbidden, nil
	}

	c.Router, r.URL.Path = splitURL(r.URL.Path)

	if !c.User.Allowed(r.URL.Path) {
		return http.StatusForbidden, nil
	}

	if c.StaticGen != nil {
		// If we are using the 'magic url' for the settings,
		// we should redirect the request for the acutual path.
		if r.URL.Path == "/settings" {
			r.URL.Path = c.StaticGen.SettingsPath()
		}

		// Executes the Static website generator hook.
		code, err := c.StaticGen.Hook(c, w, r)
		if code != 0 || err != nil {
			return code, err
		}
	}

	if c.Router == "checksum" || c.Router == "download" {
		var err error
		c.File, err = getInfo(r.URL, c.FileManager, c.User)
		if err != nil {
			return errorToHTTP(err, false), err
		}
	}

	var code int
	var err error

	switch c.Router {
	case "download":
		code, err = downloadHandler(c, w, r)
	case "checksum":
		code, err = checksumHandler(c, w, r)
	case "command":
		code, err = command(c, w, r)
	case "search":
		code, err = search(c, w, r)
	case "resource":
		code, err = resourceHandler(c, w, r)
	case "users":
		code, err = usersHandler(c, w, r)
	case "settings":
		code, err = settingsHandler(c, w, r)
	case "share":
		code, err = shareHandler(c, w, r)
	default:
		code = http.StatusNotFound
	}

	return code, err
}

// serveChecksum calculates the hash of a file. Supports MD5, SHA1, SHA256 and SHA512.
func checksumHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	query := r.URL.Query().Get("algo")

	val, err := c.File.Checksum(query)
	if err == errInvalidOption {
		return http.StatusBadRequest, err
	} else if err != nil {
		return http.StatusInternalServerError, err
	}

	w.Write([]byte(val))
	return 0, nil
}

// splitURL splits the path and returns everything that stands
// before the first slash and everything that goes after.
func splitURL(path string) (string, string) {
	if path == "" {
		return "", ""
	}

	path = strings.TrimPrefix(path, "/")

	i := strings.Index(path, "/")
	if i == -1 {
		return "", path
	}

	return path[0:i], path[i:]
}

// renderFile renders a file using a template with some needed variables.
func renderFile(c *RequestContext, w http.ResponseWriter, file string, contentType string) (int, error) {
	tpl := template.Must(template.New("file").Parse(file))
	w.Header().Set("Content-Type", contentType+"; charset=utf-8")

	err := tpl.Execute(w, map[string]interface{}{
		"BaseURL":   c.RootURL(),
		"StaticGen": c.staticgen,
	})
	if err != nil {
		return http.StatusInternalServerError, err
	}

	return 0, nil
}

func sharePage(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	var s shareLink
	err := c.db.One("Hash", r.URL.Path, &s)
	if err == storm.ErrNotFound {
		return renderFile(
			c, w,
			c.assets.MustString("static/share/404.html"),
			"text/html",
		)
	}

	if err != nil {
		return http.StatusInternalServerError, err
	}

	if s.Expires && s.ExpireDate.Before(time.Now()) {
		c.db.DeleteStruct(&s)
		return renderFile(
			c, w,
			c.assets.MustString("static/share/404.html"),
			"text/html",
		)
	}

	r.URL.Path = s.Path

	info, err := os.Stat(s.Path)
	if err != nil {
		return errorToHTTP(err, false), err
	}

	c.File = &file{
		Path:    s.Path,
		Name:    info.Name(),
		ModTime: info.ModTime(),
		Mode:    info.Mode(),
		IsDir:   info.IsDir(),
		Size:    info.Size(),
	}

	dl := r.URL.Query().Get("dl")

	if dl == "" || dl == "0" {
		tpl := template.Must(template.New("file").Parse(c.assets.MustString("static/share/index.html")))
		w.Header().Set("Content-Type", "text/html; charset=utf-8")

		err := tpl.Execute(w, map[string]interface{}{
			"BaseURL": c.RootURL(),
			"File":    c.File,
		})

		if err != nil {
			return http.StatusInternalServerError, err
		}
		return 0, nil
	}

	return downloadHandler(c, w, r)
}

// renderJSON prints the JSON version of data to the browser.
func renderJSON(w http.ResponseWriter, data interface{}) (int, error) {
	marsh, err := json.Marshal(data)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	w.Header().Set("Content-Type", "application/json; charset=utf-8")
	if _, err := w.Write(marsh); err != nil {
		return http.StatusInternalServerError, err
	}

	return 0, nil
}

// matchURL checks if the first URL matches the second.
func matchURL(first, second string) bool {
	first = strings.ToLower(first)
	second = strings.ToLower(second)

	return strings.HasPrefix(first, second)
}

// errorToHTTP converts errors to HTTP Status Code.
func errorToHTTP(err error, gone bool) int {
	switch {
	case err == nil:
		return http.StatusOK
	case os.IsPermission(err):
		return http.StatusForbidden
	case os.IsNotExist(err):
		if !gone {
			return http.StatusNotFound
		}

		return http.StatusGone
	case os.IsExist(err):
		return http.StatusConflict
	default:
		return http.StatusInternalServerError
	}
}