filebrowser/filemanager.go

//go:generate go get github.com/jteeuwen/go-bindata
//go:generate go install github.com/jteeuwen/go-bindata/go-bindata
//go:generate go-bindata -pkg assets -ignore .jsbeautifyrc -prefix "assets/embed" -o assets/binary.go assets/embed/...

// Package filemanager provides middleware for managing files in a directory
// when directory path is requested instead of a specific file. Based on browse
// middleware.
package filemanager

import (
	e "errors"
	"net/http"
	"os/exec"
	"path/filepath"
	"strings"

	"github.com/hacdias/caddy-filemanager/assets"
	"github.com/hacdias/caddy-filemanager/config"
	"github.com/hacdias/caddy-filemanager/file"
	"github.com/hacdias/caddy-filemanager/page"
	"github.com/mholt/caddy/caddyhttp/httpserver"
)

// FileManager is an http.Handler that can show a file listing when
// directories in the given paths are specified.
type FileManager struct {
	Next    httpserver.Handler
	Configs []config.Config
}

// ServeHTTP determines if the request is for this plugin, and if all prerequisites are met.
func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
	var (
		c    *config.Config
		fi   *file.Info
		code int
		err  error
		user *config.User
	)

	for i := range f.Configs {
		if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
			c = &f.Configs[i]

			if r.Method == http.MethodGet && httpserver.Path(r.URL.Path).Matches(c.BaseURL+assets.BaseURL) {
				return assets.Serve(w, r, c)
			}

			username, _, _ := r.BasicAuth()

			if _, ok := c.Users[username]; ok {
				user = c.Users[username]
			} else {
				user = c.User
			}

			if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
				if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) {
					return http.StatusForbidden, nil
				}

				switch r.Method {
				case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":
					if !user.AllowEdit {
						return http.StatusForbidden, nil
					}
				case "MKCOL", "COPY":
					if !user.AllowNew {
						return http.StatusForbidden, nil
					}
				}

				if r.Method == http.MethodPut {
					_, err = processPUT(w, r, c, user, fi)
					if err != nil {
						return http.StatusInternalServerError, err
					}
				}

				c.Handler.ServeHTTP(w, r)
				return 0, nil
			}

			if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) {
				if r.Method == http.MethodGet {
					return page.PrintErrorHTML(
						w,
						http.StatusForbidden,
						e.New("You don't have permission to access this page."),
					)
				}

				return http.StatusForbidden, nil
			}

			if r.Method == http.MethodGet {
				// Gets the information of the directory/file
				fi, code, err = file.GetInfo(r.URL, c, user)
				if err != nil {
					if r.Method == http.MethodGet {
						return page.PrintErrorHTML(w, code, err)
					}
					return code, err
				}

				// If it's a dir and the path doesn't end with a trailing slash,
				// redirect the user.
				if fi.IsDir() && !strings.HasSuffix(r.URL.Path, "/") {
					http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect)
					return 0, nil
				}

				// Generate anti security token.
				c.GenerateToken()

				if !fi.IsDir() {
					query := r.URL.Query()
					if val, ok := query["raw"]; ok && val[0] == "true" {
						r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
						c.Handler.ServeHTTP(w, r)
						return 0, nil
					}

					if val, ok := query["download"]; ok && val[0] == "true" {
						w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name())
						r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
						c.Handler.ServeHTTP(w, r)
						return 0, nil
					}
				}

				code, err := fi.ServeHTTP(w, r, c, user)
				if err != nil {
					return page.PrintErrorHTML(w, code, err)
				}
				return code, err
			}

			if r.Method == http.MethodPost {
				// TODO: How to exclude web dav clients? :/
				// Security measures against CSRF attacks.
				if !c.CheckToken(r) {
					return http.StatusForbidden, nil
				}

				/* TODO: search commands. USE PROPFIND?
				// Search and git commands.
				if r.Header.Get("Search") == "true" {

				} */

				// VCS commands.
				if r.Header.Get("Command") != "" {
					if !user.AllowCommands {
						return http.StatusUnauthorized, nil
					}

					return command(w, r, c, user)
				}
			}

			return http.StatusNotImplemented, nil
		}
	}

	return f.Next.ServeHTTP(w, r)
}

// command handles the requests for VCS related commands: git, svn and mercurial
func command(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) {
	command := strings.Split(r.Header.Get("command"), " ")

	// Check if the command is allowed
	mayContinue := false

	for _, cmd := range u.Commands {
		if cmd == command[0] {
			mayContinue = true
		}
	}

	if !mayContinue {
		return http.StatusForbidden, nil
	}

	// Check if the program is talled is installed on the computer
	if _, err := exec.LookPath(command[0]); err != nil {
		return http.StatusNotImplemented, nil
	}

	path := strings.Replace(r.URL.Path, c.BaseURL, c.Scope, 1)
	path = filepath.Clean(path)

	cmd := exec.Command(command[0], command[1:len(command)]...)
	cmd.Dir = path
	output, err := cmd.CombinedOutput()

	if err != nil {
		return http.StatusInternalServerError, err
	}

	p := &page.Page{Info: &page.Info{Data: string(output)}}
	return p.PrintAsJSON(w)
}
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`//go:generate go get github.com/jteeuwen/go-bindata`
			`//go:generate go install github.com/jteeuwen/go-bindata/go-bindata`
remove debug flag and update binary.go 2016-07-01 13:55:17 +00:00			`//go:generate go-bindata -pkg assets -ignore .jsbeautifyrc -prefix "assets/embed" -o assets/binary.go assets/embed/...`
add base code based on browse middleware 2016-06-10 17:27:27 +00:00
			`// Package filemanager provides middleware for managing files in a directory`
			`// when directory path is requested instead of a specific file. Based on browse`
			`// middleware.`
add base code 2016-06-10 13:36:43 +00:00			`package filemanager`

			`import (`
update 2016-10-18 16:56:35 +00:00			`e "errors"`
add base code 2016-06-10 13:36:43 +00:00			`"net/http"`
updates 2016-06-28 09:24:02 +00:00			`"os/exec"`
			`"path/filepath"`
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`"strings"`
add base code 2016-06-10 13:36:43 +00:00
updates 2016-06-28 09:24:02 +00:00			`"github.com/hacdias/caddy-filemanager/assets"`
			`"github.com/hacdias/caddy-filemanager/config"`
Improvements 2016-10-18 20:49:46 +00:00			`"github.com/hacdias/caddy-filemanager/file"`
organize better in sub packages 2016-10-18 20:30:10 +00:00			`"github.com/hacdias/caddy-filemanager/page"`
add base code 2016-06-10 13:36:43 +00:00			`"github.com/mholt/caddy/caddyhttp/httpserver"`
			`)`

add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`// FileManager is an http.Handler that can show a file listing when`
			`// directories in the given paths are specified.`
add base code 2016-06-10 13:36:43 +00:00			`type FileManager struct {`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00			`Next httpserver.Handler`
make updates 2016-06-25 20:57:10 +00:00			`Configs []config.Config`
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`}`

			`// ServeHTTP determines if the request is for this plugin, and if all prerequisites are met.`
			`func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00			`var (`
update 2016-10-18 16:56:35 +00:00			`c *config.Config`
Improvements 2016-10-18 20:49:46 +00:00			`fi *file.Info`
update 2016-10-18 16:56:35 +00:00			`code int`
			`err error`
			`user *config.User`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00			`)`
refactor some things 2016-06-10 21:44:33 +00:00
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`for i := range f.Configs {`
some updates 2016-06-10 19:54:19 +00:00			`if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {`
some updates 2016-06-11 09:08:33 +00:00			`c = &f.Configs[i]`
update 2016-10-18 16:56:35 +00:00
			`if r.Method == http.MethodGet && httpserver.Path(r.URL.Path).Matches(c.BaseURL+assets.BaseURL) {`
			`return assets.Serve(w, r, c)`
			`}`

add user to the front end 2016-08-21 18:44:09 +00:00			`username, _, _ := r.BasicAuth()`

			`if _, ok := c.Users[username]; ok {`
			`user = c.Users[username]`
add comments and update config; close #23 2016-08-22 11:09:18 +00:00			`} else {`
			`user = c.User`
add user to the front end 2016-08-21 18:44:09 +00:00			`}`

update 2016-10-18 16:56:35 +00:00			`if strings.HasPrefix(r.URL.Path, c.WebDavURL) {`
			`if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) {`
Always using webdav 2016-10-18 15:42:48 +00:00			`return http.StatusForbidden, nil`
			`}`
upload is now webdav 2016-10-18 16:24:54 +00:00
Always using webdav 2016-10-18 15:42:48 +00:00			`switch r.Method {`
			`case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":`
			`if !user.AllowEdit {`
			`return http.StatusForbidden, nil`
			`}`
			`case "MKCOL", "COPY":`
			`if !user.AllowNew {`
			`return http.StatusForbidden, nil`
			`}`
			`}`

save file using webdav 2016-10-18 15:17:01 +00:00			`if r.Method == http.MethodPut {`
Improvements 2016-10-18 20:49:46 +00:00			`_, err = processPUT(w, r, c, user, fi)`
save file using webdav 2016-10-18 15:17:01 +00:00			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`
			`}`

update 2016-10-18 20:06:31 +00:00			`c.Handler.ServeHTTP(w, r)`
Start implementing webdav 2016-10-17 20:05:52 +00:00			`return 0, nil`
			`}`

update 2016-10-18 16:56:35 +00:00			`if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) {`
			`if r.Method == http.MethodGet {`
Improvements 2016-10-18 20:49:46 +00:00			`return page.PrintErrorHTML(`
update 2016-10-18 16:56:35 +00:00			`w,`
			`http.StatusForbidden,`
			`e.New("You don't have permission to access this page."),`
			`)`
			`}`

			`return http.StatusForbidden, nil`
Updates to #21 2016-08-22 10:37:56 +00:00			`}`

simplify router 2016-10-18 16:00:12 +00:00			`if r.Method == http.MethodGet {`
add comments and update config; close #23 2016-08-22 11:09:18 +00:00			`// Gets the information of the directory/file`
Improvements 2016-10-18 20:49:46 +00:00			`fi, code, err = file.GetInfo(r.URL, c, user)`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00			`if err != nil {`
New errors page 2016-07-06 11:00:28 +00:00			`if r.Method == http.MethodGet {`
Improvements 2016-10-18 20:49:46 +00:00			`return page.PrintErrorHTML(w, code, err)`
New errors page 2016-07-06 11:00:28 +00:00			`}`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00			`return code, err`
some updates 2016-06-10 19:54:19 +00:00			`}`
some updates 2016-06-11 09:08:33 +00:00
add comments and update config; close #23 2016-08-22 11:09:18 +00:00			`// If it's a dir and the path doesn't end with a trailing slash,`
			`// redirect the user.`
update 2016-10-18 20:06:31 +00:00			`if fi.IsDir() && !strings.HasSuffix(r.URL.Path, "/") {`
one more thing 2016-07-01 14:51:02 +00:00			`http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect)`
some updates 2016-06-11 09:08:33 +00:00			`return 0, nil`
some updates 2016-06-10 19:54:19 +00:00			`}`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00
add comments and update config; close #23 2016-08-22 11:09:18 +00:00			`// Generate anti security token.`
Anti CSRF layer 2016-07-05 16:46:45 +00:00			`c.GenerateToken()`

update 2016-10-18 20:06:31 +00:00			`if !fi.IsDir() {`
updates 2016-06-11 22:01:24 +00:00			`query := r.URL.Query()`
			`if val, ok := query["raw"]; ok && val[0] == "true" {`
simplify router 2016-10-18 16:00:12 +00:00			`r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)`
update 2016-10-18 20:06:31 +00:00			`c.Handler.ServeHTTP(w, r)`
simplify router 2016-10-18 16:00:12 +00:00			`return 0, nil`
updates 2016-06-11 22:01:24 +00:00			`}`

			`if val, ok := query["download"]; ok && val[0] == "true" {`
update 2016-10-18 20:06:31 +00:00			`w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name())`
simplify router 2016-10-18 16:00:12 +00:00			`r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)`
update 2016-10-18 20:06:31 +00:00			`c.Handler.ServeHTTP(w, r)`
simplify router 2016-10-18 16:00:12 +00:00			`return 0, nil`
updates 2016-06-11 22:01:24 +00:00			`}`
raw and download urls working :D 2016-06-11 21:07:55 +00:00			`}`

update 2016-10-18 20:06:31 +00:00			`code, err := fi.ServeHTTP(w, r, c, user)`
New errors page 2016-07-06 11:00:28 +00:00			`if err != nil {`
Improvements 2016-10-18 20:49:46 +00:00			`return page.PrintErrorHTML(w, code, err)`
New errors page 2016-07-06 11:00:28 +00:00			`}`
			`return code, err`
Always using webdav 2016-10-18 15:42:48 +00:00			`}`

			`if r.Method == http.MethodPost {`
update 2016-10-18 16:56:35 +00:00			`// TODO: How to exclude web dav clients? :/`
			`// Security measures against CSRF attacks.`
			`if !c.CheckToken(r) {`
			`return http.StatusForbidden, nil`
			`}`

upload is now webdav 2016-10-18 16:24:54 +00:00			`/* TODO: search commands. USE PROPFIND?`
add comments and update config; close #23 2016-08-22 11:09:18 +00:00			`// Search and git commands.`
fix previous link; add more stuff 2016-06-26 15:52:15 +00:00			`if r.Header.Get("Search") == "true" {`
upload is now webdav 2016-10-18 16:24:54 +00:00
			`} */`
add comments and update config; close #23 2016-08-22 11:09:18 +00:00
			`// VCS commands.`
add vcs command 2016-06-26 17:30:08 +00:00			`if r.Header.Get("Command") != "" {`
add back-end flags to #19 2016-08-21 18:21:09 +00:00			`if !user.AllowCommands {`
			`return http.StatusUnauthorized, nil`
			`}`

server-side user-based command checking #24 2016-08-21 19:20:13 +00:00			`return command(w, r, c, user)`
fix previous link; add more stuff 2016-06-26 15:52:15 +00:00			`}`
some updates 2016-06-10 19:54:19 +00:00			`}`
Always using webdav 2016-10-18 15:42:48 +00:00
			`return http.StatusNotImplemented, nil`
some updates 2016-06-10 19:54:19 +00:00			`}`
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`}`
Start refactoring to make code cleaner 2016-06-11 20:20:47 +00:00
some updates 2016-06-10 19:54:19 +00:00			`return f.Next.ServeHTTP(w, r)`
add base code based on browse middleware 2016-06-10 17:27:27 +00:00			`}`
updates 2016-06-28 09:24:02 +00:00
server-side user-based command checking #24 2016-08-21 19:20:13 +00:00			`// command handles the requests for VCS related commands: git, svn and mercurial`
Updates to #21 2016-08-22 10:37:56 +00:00			`func command(w http.ResponseWriter, r http.Request, c config.Config, u *config.User) (int, error) {`
updates 2016-06-28 09:24:02 +00:00			`command := strings.Split(r.Header.Get("command"), " ")`

server-side user-based command checking #24 2016-08-21 19:20:13 +00:00			`// Check if the command is allowed`
			`mayContinue := false`

			`for _, cmd := range u.Commands {`
			`if cmd == command[0] {`
			`mayContinue = true`
			`}`
			`}`

			`if !mayContinue {`
updates 2016-06-28 09:24:02 +00:00			`return http.StatusForbidden, nil`
			`}`

			`// Check if the program is talled is installed on the computer`
			`if _, err := exec.LookPath(command[0]); err != nil {`
			`return http.StatusNotImplemented, nil`
			`}`

update 2016-10-18 20:06:31 +00:00			`path := strings.Replace(r.URL.Path, c.BaseURL, c.Scope, 1)`
add commands 2016-06-30 21:24:38 +00:00			`path = filepath.Clean(path)`

updates 2016-06-28 09:24:02 +00:00			`cmd := exec.Command(command[0], command[1:len(command)]...)`
add commands 2016-06-30 21:24:38 +00:00			`cmd.Dir = path`
updates 2016-06-28 09:24:02 +00:00			`output, err := cmd.CombinedOutput()`

			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

organize better in sub packages 2016-10-18 20:30:10 +00:00			`p := &page.Page{Info: &page.Info{Data: string(output)}}`
update 2016-10-18 20:06:31 +00:00			`return p.PrintAsJSON(w)`
updates 2016-06-28 09:24:02 +00:00			`}`