mirror of
https://github.com/filebrowser/filebrowser.git
synced 2024-06-07 23:00:43 +00:00
214 lines
4.9 KiB
Go
214 lines
4.9 KiB
Go
package http
|
|
|
|
import (
|
|
"errors"
|
|
"log"
|
|
"net/http"
|
|
"net/url"
|
|
gopath "path"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/mholt/archiver/v3"
|
|
|
|
"github.com/filebrowser/filebrowser/v2/files"
|
|
"github.com/filebrowser/filebrowser/v2/fileutils"
|
|
"github.com/filebrowser/filebrowser/v2/users"
|
|
)
|
|
|
|
func slashClean(name string) string {
|
|
if name == "" || name[0] != '/' {
|
|
name = "/" + name
|
|
}
|
|
return gopath.Clean(name)
|
|
}
|
|
|
|
func parseQueryFiles(r *http.Request, f *files.FileInfo, _ *users.User) ([]string, error) {
|
|
var fileSlice []string
|
|
names := strings.Split(r.URL.Query().Get("files"), ",")
|
|
|
|
if len(names) == 0 {
|
|
fileSlice = append(fileSlice, f.Path)
|
|
} else {
|
|
for _, name := range names {
|
|
name, err := url.QueryUnescape(strings.Replace(name, "+", "%2B", -1)) //nolint:govet
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
name = slashClean(name)
|
|
fileSlice = append(fileSlice, filepath.Join(f.Path, name))
|
|
}
|
|
}
|
|
|
|
return fileSlice, nil
|
|
}
|
|
|
|
//nolint:goconst
|
|
func parseQueryAlgorithm(r *http.Request) (string, archiver.Writer, error) {
|
|
switch r.URL.Query().Get("algo") {
|
|
case "zip", "true", "":
|
|
return ".zip", archiver.NewZip(), nil
|
|
case "tar":
|
|
return ".tar", archiver.NewTar(), nil
|
|
case "targz":
|
|
return ".tar.gz", archiver.NewTarGz(), nil
|
|
case "tarbz2":
|
|
return ".tar.bz2", archiver.NewTarBz2(), nil
|
|
case "tarxz":
|
|
return ".tar.xz", archiver.NewTarXz(), nil
|
|
case "tarlz4":
|
|
return ".tar.lz4", archiver.NewTarLz4(), nil
|
|
case "tarsz":
|
|
return ".tar.sz", archiver.NewTarSz(), nil
|
|
default:
|
|
return "", nil, errors.New("format not implemented")
|
|
}
|
|
}
|
|
|
|
func setContentDisposition(w http.ResponseWriter, r *http.Request, file *files.FileInfo) {
|
|
if r.URL.Query().Get("inline") == "true" {
|
|
w.Header().Set("Content-Disposition", "inline")
|
|
} else {
|
|
// As per RFC6266 section 4.3
|
|
w.Header().Set("Content-Disposition", "attachment; filename*=utf-8''"+url.PathEscape(file.Name))
|
|
}
|
|
}
|
|
|
|
var rawHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
if !d.user.Perm.Download {
|
|
return http.StatusAccepted, nil
|
|
}
|
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
|
Fs: d.user.Fs,
|
|
Path: r.URL.Path,
|
|
Modify: d.user.Perm.Modify,
|
|
Expand: false,
|
|
ReadHeader: d.server.TypeDetectionByHeader,
|
|
Checker: d,
|
|
})
|
|
if err != nil {
|
|
return errToStatus(err), err
|
|
}
|
|
|
|
if files.IsNamedPipe(file.Mode) {
|
|
setContentDisposition(w, r, file)
|
|
return 0, nil
|
|
}
|
|
|
|
if !file.IsDir {
|
|
return rawFileHandler(w, r, file)
|
|
}
|
|
|
|
return rawDirHandler(w, r, d, file)
|
|
})
|
|
|
|
func addFile(ar archiver.Writer, d *data, path, commonPath string) error {
|
|
if !d.Check(path) {
|
|
return nil
|
|
}
|
|
|
|
info, err := d.user.Fs.Stat(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !info.IsDir() && !info.Mode().IsRegular() {
|
|
return nil
|
|
}
|
|
|
|
file, err := d.user.Fs.Open(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer file.Close()
|
|
|
|
if path != commonPath {
|
|
filename := strings.TrimPrefix(path, commonPath)
|
|
filename = strings.TrimPrefix(filename, string(filepath.Separator))
|
|
err = ar.Write(archiver.File{
|
|
FileInfo: archiver.FileInfo{
|
|
FileInfo: info,
|
|
CustomName: filename,
|
|
},
|
|
ReadCloser: file,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if info.IsDir() {
|
|
names, err := file.Readdirnames(0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, name := range names {
|
|
fPath := filepath.Join(path, name)
|
|
err = addFile(ar, d, fPath, commonPath)
|
|
if err != nil {
|
|
log.Printf("Failed to archive %s: %v", fPath, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func rawDirHandler(w http.ResponseWriter, r *http.Request, d *data, file *files.FileInfo) (int, error) {
|
|
filenames, err := parseQueryFiles(r, file, d.user)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
|
|
extension, ar, err := parseQueryAlgorithm(r)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
|
|
err = ar.Create(w)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
defer ar.Close()
|
|
|
|
commonDir := fileutils.CommonPrefix(filepath.Separator, filenames...)
|
|
|
|
name := filepath.Base(commonDir)
|
|
if name == "." || name == "" || name == string(filepath.Separator) {
|
|
name = file.Name
|
|
}
|
|
// Prefix used to distinguish a filelist generated
|
|
// archive from the full directory archive
|
|
if len(filenames) > 1 {
|
|
name = "_" + name
|
|
}
|
|
name += extension
|
|
w.Header().Set("Content-Disposition", "attachment; filename*=utf-8''"+url.PathEscape(name))
|
|
|
|
for _, fname := range filenames {
|
|
err = addFile(ar, d, fname, commonDir)
|
|
if err != nil {
|
|
log.Printf("Failed to archive %s: %v", fname, err)
|
|
}
|
|
}
|
|
|
|
return 0, nil
|
|
}
|
|
|
|
func rawFileHandler(w http.ResponseWriter, r *http.Request, file *files.FileInfo) (int, error) {
|
|
fd, err := file.Fs.Open(file.Path)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, err
|
|
}
|
|
defer fd.Close()
|
|
|
|
setContentDisposition(w, r, file)
|
|
w.Header().Add("Content-Security-Policy", `script-src 'none';`)
|
|
w.Header().Set("Cache-Control", "private")
|
|
http.ServeContent(w, r, file.Name, file.ModTime, fd)
|
|
return 0, nil
|
|
}
|