2019-01-05 22:44:33 +00:00
|
|
|
package http
|
|
|
|
|
|
|
|
|
|
import (
|
2021-03-02 11:00:18 +00:00
|
|
|
"errors"
|
2019-01-05 22:44:33 +00:00
|
|
|
"net/http"
|
2022-02-21 19:47:28 +00:00
|
|
|
"net/url"
|
2020-12-28 16:35:29 +00:00
|
|
|
"path"
|
|
|
|
|
"path/filepath"
|
2019-05-13 14:30:18 +00:00
|
|
|
"strings"
|
2019-01-05 22:44:33 +00:00
|
|
|
|
2020-12-28 16:35:29 +00:00
|
|
|
"github.com/spf13/afero"
|
2021-03-02 11:00:18 +00:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2020-12-28 16:35:29 +00:00
|
|
|
|
2023-06-15 01:08:09 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/files"
|
2024-02-10 00:13:02 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/settings"
|
2023-06-15 01:08:09 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/share"
|
2023-12-01 23:47:00 +00:00
|
|
|
"github.com/gtsteffaniak/filebrowser/users"
|
2019-01-05 22:44:33 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var withHashFile = func(fn handleFunc) handleFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2024-02-10 00:13:02 +00:00
|
|
|
id, path := ifPathWithName(r)
|
2020-12-28 16:35:29 +00:00
|
|
|
link, err := d.store.Share.GetByHash(id)
|
2019-01-05 22:44:33 +00:00
|
|
|
if err != nil {
|
2020-12-28 16:35:29 +00:00
|
|
|
return errToStatus(err), err
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
2024-02-10 00:13:02 +00:00
|
|
|
if link.Hash != "" {
|
|
|
|
|
status, err := authenticateShareRequest(r, link)
|
|
|
|
|
if status != 0 || err != nil {
|
|
|
|
|
return status, err
|
|
|
|
|
}
|
2021-03-02 11:00:18 +00:00
|
|
|
}
|
2024-02-10 00:13:02 +00:00
|
|
|
d.user = &users.PublicUser
|
|
|
|
|
if path == "/" {
|
|
|
|
|
path = link.Path
|
|
|
|
|
} else if strings.HasPrefix("/"+path, link.Path) {
|
|
|
|
|
path = "/" + path
|
|
|
|
|
} else {
|
|
|
|
|
path = link.Path + "/" + path
|
2019-01-05 22:44:33 +00:00
|
|
|
}
|
2024-02-10 00:13:02 +00:00
|
|
|
sharePath := settings.Config.Server.Root + path
|
|
|
|
|
lastComponent := filepath.Base(sharePath)
|
|
|
|
|
basePath := filepath.Dir(sharePath)
|
|
|
|
|
fsPath := afero.NewBasePathFs(afero.NewOsFs(), basePath)
|
2023-12-01 23:47:00 +00:00
|
|
|
file, err := files.FileInfoFaster(files.FileOptions{
|
2024-02-10 00:13:02 +00:00
|
|
|
Fs: fsPath,
|
|
|
|
|
Path: lastComponent,
|
2021-01-07 10:30:17 +00:00
|
|
|
Modify: d.user.Perm.Modify,
|
2024-08-03 15:34:12 +00:00
|
|
|
Expand: true,
|
2021-01-07 10:30:17 +00:00
|
|
|
ReadHeader: d.server.TypeDetectionByHeader,
|
|
|
|
|
Checker: d,
|
2021-03-02 11:00:18 +00:00
|
|
|
Token: link.Token,
|
2019-01-05 22:44:33 +00:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errToStatus(err), err
|
|
|
|
|
}
|
|
|
|
|
d.raw = file
|
|
|
|
|
return fn(w, r, d)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-28 16:35:29 +00:00
|
|
|
func ifPathWithName(r *http.Request) (id, filePath string) {
|
2019-05-13 14:30:18 +00:00
|
|
|
pathElements := strings.Split(r.URL.Path, "/")
|
2024-02-10 00:13:02 +00:00
|
|
|
id = pathElements[0]
|
|
|
|
|
allButFirst := path.Join(pathElements[1:]...)
|
|
|
|
|
if len(pathElements) == 1 {
|
|
|
|
|
allButFirst = "/"
|
2019-07-05 11:15:57 +00:00
|
|
|
}
|
2024-02-10 00:13:02 +00:00
|
|
|
return id, allButFirst
|
2019-05-13 14:30:18 +00:00
|
|
|
}
|
|
|
|
|
|
2019-01-05 22:44:33 +00:00
|
|
|
var publicShareHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2020-11-03 19:17:22 +00:00
|
|
|
file := d.raw.(*files.FileInfo)
|
2024-02-10 00:13:02 +00:00
|
|
|
file.Path = strings.TrimPrefix(file.Path, settings.Config.Server.Root)
|
2020-11-03 19:17:22 +00:00
|
|
|
if file.IsDir {
|
|
|
|
|
return renderJSON(w, r, file)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return renderJSON(w, r, file)
|
2019-01-05 22:44:33 +00:00
|
|
|
})
|
|
|
|
|
|
2024-02-10 00:13:02 +00:00
|
|
|
var publicUserGetHandler = func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
// Call the actual handler logic here (e.g., renderJSON, etc.)
|
|
|
|
|
// You may need to replace `fn` with the actual handler logic.
|
|
|
|
|
return renderJSON(w, r, users.PublicUser)
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-05 22:44:33 +00:00
|
|
|
var publicDlHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
|
|
|
|
file := d.raw.(*files.FileInfo)
|
|
|
|
|
if !file.IsDir {
|
|
|
|
|
return rawFileHandler(w, r, file)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rawDirHandler(w, r, d, file)
|
|
|
|
|
})
|
2021-03-02 11:00:18 +00:00
|
|
|
|
|
|
|
|
func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) {
|
|
|
|
|
if l.PasswordHash == "" {
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.URL.Query().Get("token") == l.Token {
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
password := r.Header.Get("X-SHARE-PASSWORD")
|
2022-02-21 19:47:28 +00:00
|
|
|
password, err := url.QueryUnescape(password)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
2021-03-02 11:00:18 +00:00
|
|
|
if password == "" {
|
|
|
|
|
return http.StatusUnauthorized, nil
|
|
|
|
|
}
|
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(l.PasswordHash), []byte(password)); err != nil {
|
|
|
|
|
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
|
|
|
|
|
return http.StatusUnauthorized, nil
|
|
|
|
|
}
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
2021-03-21 11:30:48 +00:00
|
|
|
|
|
|
|
|
func healthHandler(w http.ResponseWriter, _ *http.Request) {
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
_, _ = w.Write([]byte(`{"status":"OK"}`))
|
|
|
|
|
}
|
