2019-01-05 22:44:33 +00:00
|
|
|
package http
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
2019-06-21 10:43:21 +00:00
|
|
|
"log"
|
2019-01-05 22:44:33 +00:00
|
|
|
"net/http"
|
|
|
|
|
"os"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
2022-05-03 20:48:45 +00:00
|
|
|
"github.com/golang-jwt/jwt/v4"
|
|
|
|
|
"github.com/golang-jwt/jwt/v4/request"
|
2020-05-31 23:12:36 +00:00
|
|
|
|
2023-06-15 01:08:09 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/errors"
|
2023-10-09 22:24:48 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/settings"
|
2023-06-15 01:08:09 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/users"
|
2019-01-05 22:44:33 +00:00
|
|
|
)
|
|
|
|
|
|
2020-05-31 23:12:36 +00:00
|
|
|
const (
|
|
|
|
|
TokenExpirationTime = time.Hour * 2
|
|
|
|
|
)
|
|
|
|
|
|
2019-01-05 22:44:33 +00:00
|
|
|
type authToken struct {
|
2023-10-09 22:24:48 +00:00
|
|
|
User users.User `json:"user"`
|
2022-06-13 14:13:10 +00:00
|
|
|
jwt.RegisteredClaims
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type extractor []string
|
|
|
|
|
|
|
|
|
|
func (e extractor) ExtractToken(r *http.Request) (string, error) {
|
2019-01-29 09:06:30 +00:00
|
|
|
token, _ := request.HeaderExtractor{"X-Auth"}.ExtractToken(r)
|
2019-01-05 22:44:33 +00:00
|
|
|
|
|
|
|
|
// Checks if the token isn't empty and if it contains two dots.
|
|
|
|
|
// The former prevents incompatibility with URLs that previously
|
|
|
|
|
// used basic auth.
|
|
|
|
|
if token != "" && strings.Count(token, ".") == 2 {
|
|
|
|
|
return token, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auth := r.URL.Query().Get("auth")
|
2021-04-19 12:49:40 +00:00
|
|
|
if auth != "" && strings.Count(auth, ".") == 2 {
|
|
|
|
|
return auth, nil
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
|
|
|
|
|
2022-07-18 22:39:02 +00:00
|
|
|
if r.Method == http.MethodGet {
|
|
|
|
|
cookie, _ := r.Cookie("auth")
|
|
|
|
|
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
|
|
|
|
|
return cookie.Value, nil
|
|
|
|
|
}
|
2021-04-19 12:49:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "", request.ErrNoTokenInRequest
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func withUser(fn handleFunc) handleFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
keyFunc := func(token *jwt.Token) (interface{}, error) {
|
|
|
|
|
return d.settings.Key, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var tk authToken
|
2019-06-06 11:22:04 +00:00
|
|
|
token, err := request.ParseFromRequest(r, &extractor{}, keyFunc, request.WithClaims(&tk))
|
2019-01-05 22:44:33 +00:00
|
|
|
|
|
|
|
|
if err != nil || !token.Valid {
|
2022-05-04 12:58:19 +00:00
|
|
|
return http.StatusUnauthorized, nil
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
|
|
|
|
|
2022-06-13 14:13:10 +00:00
|
|
|
expired := !tk.VerifyExpiresAt(time.Now().Add(time.Hour), true)
|
|
|
|
|
updated := tk.IssuedAt != nil && tk.IssuedAt.Unix() < d.store.Users.LastUpdate(tk.User.ID)
|
2019-01-05 22:44:33 +00:00
|
|
|
|
|
|
|
|
if expired || updated {
|
|
|
|
|
w.Header().Add("X-Renew-Token", "true")
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-08 10:29:09 +00:00
|
|
|
d.user, err = d.store.Users.Get(d.server.Root, tk.User.ID)
|
2019-01-05 22:44:33 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
|
|
|
|
return fn(w, r, d)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func withAdmin(fn handleFunc) handleFunc {
|
|
|
|
|
return withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
if !d.user.Perm.Admin {
|
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fn(w, r, d)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var loginHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2023-09-01 14:00:02 +00:00
|
|
|
auther, err := d.store.Auth.Get(d.settings.Auth.Method)
|
2019-01-05 22:44:33 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-03 17:28:00 +00:00
|
|
|
user, err := auther.Auth(r, d.store.Users)
|
2019-01-05 22:44:33 +00:00
|
|
|
if err == os.ErrPermission {
|
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
} else {
|
|
|
|
|
return printToken(w, r, d, user)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type signupBody struct {
|
|
|
|
|
Username string `json:"username"`
|
|
|
|
|
Password string `json:"password"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var signupHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
if !d.settings.Signup {
|
|
|
|
|
return http.StatusMethodNotAllowed, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.Body == nil {
|
|
|
|
|
return http.StatusBadRequest, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
info := &signupBody{}
|
|
|
|
|
err := json.NewDecoder(r.Body).Decode(info)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return http.StatusBadRequest, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if info.Password == "" || info.Username == "" {
|
|
|
|
|
return http.StatusBadRequest, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user := &users.User{
|
|
|
|
|
Username: info.Username,
|
2023-10-09 22:24:48 +00:00
|
|
|
Password: info.Password,
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
2023-10-09 22:24:48 +00:00
|
|
|
settings.GlobalConfiguration.UserDefaults.Apply(user)
|
2019-06-21 10:43:21 +00:00
|
|
|
userHome, err := d.settings.MakeUserDir(user.Username, user.Scope, d.server.Root)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("create user: failed to mkdir user home dir: [%s]", userHome)
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
|
|
|
|
user.Scope = userHome
|
|
|
|
|
log.Printf("new user: %s, home dir: [%s].", user.Username, userHome)
|
|
|
|
|
|
2019-01-05 22:44:33 +00:00
|
|
|
err = d.store.Users.Save(user)
|
|
|
|
|
if err == errors.ErrExist {
|
|
|
|
|
return http.StatusConflict, err
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return http.StatusOK, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var renewHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
return printToken(w, r, d, d.user)
|
|
|
|
|
})
|
|
|
|
|
|
2020-05-31 23:12:36 +00:00
|
|
|
func printToken(w http.ResponseWriter, _ *http.Request, d *data, user *users.User) (int, error) {
|
2019-01-05 22:44:33 +00:00
|
|
|
claims := &authToken{
|
2023-10-09 22:24:48 +00:00
|
|
|
User: *user,
|
2022-06-13 14:13:10 +00:00
|
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
|
|
|
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
|
|
|
|
ExpiresAt: jwt.NewNumericDate(time.Now().Add(TokenExpirationTime)),
|
2019-01-05 22:44:33 +00:00
|
|
|
Issuer: "File Browser",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
|
|
|
signed, err := token.SignedString(d.settings.Key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-05 08:48:03 +00:00
|
|
|
w.Header().Set("Content-Type", "text/plain")
|
2020-05-31 23:12:36 +00:00
|
|
|
if _, err := w.Write([]byte(signed)); err != nil {
|
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
|
}
|
2019-01-05 22:44:33 +00:00
|
|
|
return 0, nil
|
|
|
|
|
}
|
