From ccc539c592d77e086a3859f0829521b87f5b916f Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Tue, 18 Oct 2016 17:00:12 +0100 Subject: [PATCH] simplify router --- directory/file.go | 19 ++------------- filemanager.go | 61 +++++++++++++++++++---------------------------- 2 files changed, 27 insertions(+), 53 deletions(-) diff --git a/directory/file.go b/directory/file.go index 240c809a..e18b83d6 100644 --- a/directory/file.go +++ b/directory/file.go @@ -122,7 +122,8 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config } if i.Type == "blob" { - return i.ServeRawFile(w, r, c) + http.Redirect(w, r, c.AddrPath+r.URL.Path+"?download=true", http.StatusTemporaryRedirect) + return 0, nil } page := &p.Page{ @@ -274,22 +275,6 @@ func directoryListing(files []os.FileInfo, urlPath string, basePath string, u *c } } -// ServeRawFile serves raw files -func (i *Info) ServeRawFile(w http.ResponseWriter, r *http.Request, c *config.Config) (int, error) { - err := i.GetExtendedInfo() - if err != nil { - return errors.ToHTTPCode(err), err - } - - if i.Type != "text" { - i.Read() - } - - w.Header().Set("Content-Type", i.Mimetype) - w.Write([]byte(i.Content)) - return 200, nil -} - // SimplifyMimeType returns the base type of a file func SimplifyMimeType(name string) string { if strings.HasPrefix(name, "video") { diff --git a/filemanager.go b/filemanager.go index 2c0c5009..c4f8364a 100644 --- a/filemanager.go +++ b/filemanager.go @@ -56,13 +56,24 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err user = c.User } - if strings.HasPrefix(r.URL.Path, c.WebDavURL) { - url := strings.TrimPrefix(r.URL.Path, c.WebDavURL) - - if !user.Allowed(url) { - return http.StatusForbidden, nil + // TODO: make allow and block rules relative to baseurl and webdav + // Checks if the user has permission to access the current directory. + if !user.Allowed(r.URL.Path) { + if r.Method == http.MethodGet { + return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page.")) } + return http.StatusForbidden, nil + } + + // Security measures against CSRF attacks. + if r.Method != http.MethodGet { + if !c.CheckToken(r) { + return http.StatusForbidden, nil + } + } + + if strings.HasPrefix(r.URL.Path, c.WebDavURL) { switch r.Method { case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE": if !user.AllowEdit { @@ -85,18 +96,11 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err return 0, nil } - // Checks if the user has permission to access the current directory. - if !user.Allowed(r.URL.Path) { - if r.Method == http.MethodGet { - return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page.")) - } - - return http.StatusForbidden, nil + if r.Method == http.MethodGet && serveAssets { + return assets.Serve(w, r, c) } - // If this request is neither to server assets, nor to upload/create - // a new file or directory. - if r.Method != http.MethodPost && !serveAssets { + if r.Method == http.MethodGet { // Gets the information of the directory/file fi, code, err = directory.GetInfo(r.URL, c, user) if err != nil { @@ -112,20 +116,6 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect) return 0, nil } - } - - // Security measures against CSRF attacks. - if r.Method != http.MethodGet { - if !c.CheckToken(r) { - return http.StatusForbidden, nil - } - } - - if r.Method == http.MethodGet { - // Read and show directory or file. - if serveAssets { - return assets.Serve(w, r, c) - } // Generate anti security token. c.GenerateToken() @@ -133,18 +123,17 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err if !fi.IsDir { query := r.URL.Query() if val, ok := query["raw"]; ok && val[0] == "true" { - // TODO: change URL to webdav and continue as webdav - return fi.ServeRawFile(w, r, c) + r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1) + c.WebDavHandler.ServeHTTP(w, r) + return 0, nil } if val, ok := query["download"]; ok && val[0] == "true" { w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name) - // TODO: change URL to webdav and continue as webdav - return fi.ServeRawFile(w, r, c) - + r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1) + c.WebDavHandler.ServeHTTP(w, r) + return 0, nil } - - // c.WebDavHandler.ServeHTTP(w, r) } code, err := fi.ServeAsHTML(w, r, c, user)