Mirror/filebrowser
1
0
Fork 0
mirror of https://github.com/filebrowser/filebrowser.git synced 2024-06-07 23:00:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

simplify router

Browse Source
This commit is contained in:
Henrique Dias 2016-10-18 17:00:12 +01:00
parent 3683c4c06a
commit ccc539c592
2 changed files with 27 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
directory/file.go
View File

@ -122,7 +122,8 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config
} }
if i.Type == "blob" { if i.Type == "blob" {
return i.ServeRawFile(w, r, c) http.Redirect(w, r, c.AddrPath+r.URL.Path+"?download=true", http.StatusTemporaryRedirect)
return 0, nil
} }
page := &p.Page{ page := &p.Page{
@ -274,22 +275,6 @@ func directoryListing(files []os.FileInfo, urlPath string, basePath string, u *c
} }
} }
// ServeRawFile serves raw files
func (i *Info) ServeRawFile(w http.ResponseWriter, r *http.Request, c *config.Config) (int, error) {
err := i.GetExtendedInfo()
if err != nil {
return errors.ToHTTPCode(err), err
}
if i.Type != "text" {
i.Read()
}
w.Header().Set("Content-Type", i.Mimetype)
w.Write([]byte(i.Content))
return 200, nil
}
// SimplifyMimeType returns the base type of a file // SimplifyMimeType returns the base type of a file
func SimplifyMimeType(name string) string { func SimplifyMimeType(name string) string {
if strings.HasPrefix(name, "video") { if strings.HasPrefix(name, "video") {

59
filemanager.go
View File

@ -56,13 +56,24 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
user = c.User user = c.User
} }
if strings.HasPrefix(r.URL.Path, c.WebDavURL) { // TODO: make allow and block rules relative to baseurl and webdav
url := strings.TrimPrefix(r.URL.Path, c.WebDavURL) // Checks if the user has permission to access the current directory.
if !user.Allowed(r.URL.Path) {
if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
}
if !user.Allowed(url) {
return http.StatusForbidden, nil return http.StatusForbidden, nil
} }
// Security measures against CSRF attacks.
if r.Method != http.MethodGet {
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
}
if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
switch r.Method { switch r.Method {
case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE": case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":
if !user.AllowEdit { if !user.AllowEdit {
@ -85,18 +96,11 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
return 0, nil return 0, nil
} }
// Checks if the user has permission to access the current directory. if r.Method == http.MethodGet && serveAssets {
if !user.Allowed(r.URL.Path) { return assets.Serve(w, r, c)
}
if r.Method == http.MethodGet { if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
}
return http.StatusForbidden, nil
}
// If this request is neither to server assets, nor to upload/create
// a new file or directory.
if r.Method != http.MethodPost && !serveAssets {
// Gets the information of the directory/file // Gets the information of the directory/file
fi, code, err = directory.GetInfo(r.URL, c, user) fi, code, err = directory.GetInfo(r.URL, c, user)
if err != nil { if err != nil {
@ -112,20 +116,6 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect) http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect)
return 0, nil return 0, nil
} }
}
// Security measures against CSRF attacks.
if r.Method != http.MethodGet {
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
}
if r.Method == http.MethodGet {
// Read and show directory or file.
if serveAssets {
return assets.Serve(w, r, c)
}
// Generate anti security token. // Generate anti security token.
c.GenerateToken() c.GenerateToken()
@ -133,18 +123,17 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
if !fi.IsDir { if !fi.IsDir {
query := r.URL.Query() query := r.URL.Query()
if val, ok := query["raw"]; ok && val[0] == "true" { if val, ok := query["raw"]; ok && val[0] == "true" {
// TODO: change URL to webdav and continue as webdav r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
return fi.ServeRawFile(w, r, c) c.WebDavHandler.ServeHTTP(w, r)
return 0, nil
} }
if val, ok := query["download"]; ok && val[0] == "true" { if val, ok := query["download"]; ok && val[0] == "true" {
w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name) w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name)
// TODO: change URL to webdav and continue as webdav r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
return fi.ServeRawFile(w, r, c) c.WebDavHandler.ServeHTTP(w, r)
return 0, nil
} }
// c.WebDavHandler.ServeHTTP(w, r)
} }
code, err := fi.ServeAsHTML(w, r, c, user) code, err := fi.ServeAsHTML(w, r, c, user)