simplify router

This commit is contained in:
Henrique Dias 2016-10-18 17:00:12 +01:00
parent 3683c4c06a
commit ccc539c592
2 changed files with 27 additions and 53 deletions

View File

@ -122,7 +122,8 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config
}
if i.Type == "blob" {
return i.ServeRawFile(w, r, c)
http.Redirect(w, r, c.AddrPath+r.URL.Path+"?download=true", http.StatusTemporaryRedirect)
return 0, nil
}
page := &p.Page{
@ -274,22 +275,6 @@ func directoryListing(files []os.FileInfo, urlPath string, basePath string, u *c
}
}
// ServeRawFile serves raw files
func (i *Info) ServeRawFile(w http.ResponseWriter, r *http.Request, c *config.Config) (int, error) {
err := i.GetExtendedInfo()
if err != nil {
return errors.ToHTTPCode(err), err
}
if i.Type != "text" {
i.Read()
}
w.Header().Set("Content-Type", i.Mimetype)
w.Write([]byte(i.Content))
return 200, nil
}
// SimplifyMimeType returns the base type of a file
func SimplifyMimeType(name string) string {
if strings.HasPrefix(name, "video") {

View File

@ -56,13 +56,24 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
user = c.User
}
if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
url := strings.TrimPrefix(r.URL.Path, c.WebDavURL)
// TODO: make allow and block rules relative to baseurl and webdav
// Checks if the user has permission to access the current directory.
if !user.Allowed(r.URL.Path) {
if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
}
if !user.Allowed(url) {
return http.StatusForbidden, nil
}
// Security measures against CSRF attacks.
if r.Method != http.MethodGet {
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
}
if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
switch r.Method {
case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":
if !user.AllowEdit {
@ -85,18 +96,11 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
return 0, nil
}
// Checks if the user has permission to access the current directory.
if !user.Allowed(r.URL.Path) {
if r.Method == http.MethodGet && serveAssets {
return assets.Serve(w, r, c)
}
if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
}
return http.StatusForbidden, nil
}
// If this request is neither to server assets, nor to upload/create
// a new file or directory.
if r.Method != http.MethodPost && !serveAssets {
// Gets the information of the directory/file
fi, code, err = directory.GetInfo(r.URL, c, user)
if err != nil {
@ -112,20 +116,6 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
http.Redirect(w, r, c.AddrPath+r.URL.Path+"/", http.StatusTemporaryRedirect)
return 0, nil
}
}
// Security measures against CSRF attacks.
if r.Method != http.MethodGet {
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
}
if r.Method == http.MethodGet {
// Read and show directory or file.
if serveAssets {
return assets.Serve(w, r, c)
}
// Generate anti security token.
c.GenerateToken()
@ -133,18 +123,17 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
if !fi.IsDir {
query := r.URL.Query()
if val, ok := query["raw"]; ok && val[0] == "true" {
// TODO: change URL to webdav and continue as webdav
return fi.ServeRawFile(w, r, c)
r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
c.WebDavHandler.ServeHTTP(w, r)
return 0, nil
}
if val, ok := query["download"]; ok && val[0] == "true" {
w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name)
// TODO: change URL to webdav and continue as webdav
return fi.ServeRawFile(w, r, c)
r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
c.WebDavHandler.ServeHTTP(w, r)
return 0, nil
}
// c.WebDavHandler.ServeHTTP(w, r)
}
code, err := fi.ServeAsHTML(w, r, c, user)