mirror of
https://github.com/filebrowser/filebrowser.git
synced 2024-06-07 23:00:43 +00:00
96 lines
2.3 KiB
Go
96 lines
2.3 KiB
Go
package http
|
|
|
|
import (
|
|
"net/http"
|
|
"path"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/spf13/afero"
|
|
|
|
"github.com/filebrowser/filebrowser/v2/files"
|
|
)
|
|
|
|
var withHashFile = func(fn handleFunc) handleFunc {
|
|
return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
id, path := ifPathWithName(r)
|
|
link, err := d.store.Share.GetByHash(id)
|
|
if err != nil {
|
|
return errToStatus(err), err
|
|
}
|
|
|
|
user, err := d.store.Users.Get(d.server.Root, link.UserID)
|
|
if err != nil {
|
|
return errToStatus(err), err
|
|
}
|
|
|
|
d.user = user
|
|
|
|
file, err := files.NewFileInfo(files.FileOptions{
|
|
Fs: d.user.Fs,
|
|
Path: link.Path,
|
|
Modify: d.user.Perm.Modify,
|
|
Expand: true,
|
|
Checker: d,
|
|
})
|
|
if err != nil {
|
|
return errToStatus(err), err
|
|
}
|
|
|
|
if file.IsDir {
|
|
// set fs root to the shared folder
|
|
d.user.Fs = afero.NewBasePathFs(d.user.Fs, filepath.Dir(link.Path))
|
|
|
|
file, err = files.NewFileInfo(files.FileOptions{
|
|
Fs: d.user.Fs,
|
|
Path: path,
|
|
Modify: d.user.Perm.Modify,
|
|
Expand: true,
|
|
Checker: d,
|
|
})
|
|
if err != nil {
|
|
return errToStatus(err), err
|
|
}
|
|
}
|
|
|
|
d.raw = file
|
|
return fn(w, r, d)
|
|
}
|
|
}
|
|
|
|
// ref to https://github.com/filebrowser/filebrowser/pull/727
|
|
// `/api/public/dl/MEEuZK-v/file-name.txt` for old browsers to save file with correct name
|
|
func ifPathWithName(r *http.Request) (id, filePath string) {
|
|
pathElements := strings.Split(r.URL.Path, "/")
|
|
// prevent maliciously constructed parameters like `/api/public/dl/XZzCDnK2_not_exists_hash_name`
|
|
// len(pathElements) will be 1, and golang will panic `runtime error: index out of range`
|
|
|
|
switch len(pathElements) {
|
|
case 1:
|
|
return r.URL.Path, "/"
|
|
default:
|
|
return pathElements[0], path.Join("/", path.Join(pathElements[1:]...))
|
|
}
|
|
}
|
|
|
|
var publicShareHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
file := d.raw.(*files.FileInfo)
|
|
|
|
if file.IsDir {
|
|
file.Listing.Sorting = files.Sorting{By: "name", Asc: false}
|
|
file.Listing.ApplySort()
|
|
return renderJSON(w, r, file)
|
|
}
|
|
|
|
return renderJSON(w, r, file)
|
|
})
|
|
|
|
var publicDlHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
file := d.raw.(*files.FileInfo)
|
|
if !file.IsDir {
|
|
return rawFileHandler(w, r, file)
|
|
}
|
|
|
|
return rawDirHandler(w, r, d, file)
|
|
})
|