chiu
/
filebrowser
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

update

This commit is contained in:
Henrique Dias 2016-10-18 17:56:35 +01:00
parent 0a755ec954
commit 22e0ad0831
5 changed files with 81 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
assets/embed/public/js/application.js
View File

@ -1,5 +1,7 @@
'use strict'; 'use strict';
// TODO: way to get the webdav url
var tempID = "_fm_internal_temporary_id" var tempID = "_fm_internal_temporary_id"
var selectedItems = []; var selectedItems = [];
var token = ""; var token = "";
@ -316,8 +318,6 @@ var handleFiles = function(files) {
} }
} }
return false; return false;
} }

25
directory/editor.go
View File

@ -42,23 +42,26 @@ func (i *Info) GetEditor() (*Editor, error) {
// Handle the content depending on the file extension // Handle the content depending on the file extension
switch editor.Mode { switch editor.Mode {
case "markdown", "asciidoc", "rst": case "markdown", "asciidoc", "rst":
if HasFrontMatterRune(i.Raw) { if !HasFrontMatterRune(i.Raw) {
editor.Class = "content-only"
editor.Content = i.Content
break
}
// Starts a new buffer and parses the file using Hugo's functions // Starts a new buffer and parses the file using Hugo's functions
buffer := bytes.NewBuffer(i.Raw) buffer := bytes.NewBuffer(i.Raw)
page, err = parser.ReadFrom(buffer) page, err = parser.ReadFrom(buffer)
editor.Class = "complete"
if err != nil { if err != nil {
return editor, err editor.Class = "content-only"
editor.Content = i.Content
break
} }
// Parses the page content and the frontmatter // Parses the page content and the frontmatter
editor.Content = strings.TrimSpace(string(page.Content())) editor.Content = strings.TrimSpace(string(page.Content()))
editor.FrontMatter, _, err = frontmatter.Pretty(page.FrontMatter()) editor.FrontMatter, _, err = frontmatter.Pretty(page.FrontMatter())
editor.Class = "complete"
} else {
// The editor will handle only content
editor.Class = "content-only"
editor.Content = i.Content
}
case "json", "toml", "yaml": case "json", "toml", "yaml":
// Defines the class and declares an error // Defines the class and declares an error
editor.Class = "frontmatter-only" editor.Class = "frontmatter-only"
@ -72,13 +75,15 @@ func (i *Info) GetEditor() (*Editor, error) {
// Check if there were any errors // Check if there were any errors
if err != nil { if err != nil {
return editor, err editor.Class = "content-only"
editor.Content = i.Content
break
} }
default: default:
// The editor will handle only content
editor.Class = "content-only" editor.Class = "content-only"
editor.Content = i.Content editor.Content = i.Content
} }
return editor, nil return editor, nil
} }

2
directory/file.go
View File

@ -145,8 +145,6 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config
} }
page.Info.Data = editor page.Info.Data = editor
// TODO: if serve Single File finds an error while parsing, show the raw content to edit instead of giving 500
return page.PrintAsHTML(w, "frontmatter", "editor") return page.PrintAsHTML(w, "frontmatter", "editor")
} }

37
directory/update.go
View File

@ -16,25 +16,25 @@ import (
// Update is used to update a file that was edited // Update is used to update a file that was edited
func (i *Info) Update(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) { func (i *Info) Update(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) {
// TODO: review this var (
data map[string]interface{}
file []byte
code int
err error
kind string
rawBuffer = new(bytes.Buffer)
)
var data map[string]interface{} kind = r.Header.Get("kind")
kind := r.Header.Get("kind")
var file []byte
var code int
rawBuffer := new(bytes.Buffer)
rawBuffer.ReadFrom(r.Body) rawBuffer.ReadFrom(r.Body)
if kind == "" { if kind != "" {
file = rawBuffer.Bytes() err = json.Unmarshal(rawBuffer.Bytes(), &data)
} else {
err := json.Unmarshal(rawBuffer.Bytes(), &data)
if err != nil { if err != nil {
return http.StatusInternalServerError, err return http.StatusInternalServerError, err
} }
}
switch kind { switch kind {
case "frontmatter-only": case "frontmatter-only":
@ -50,20 +50,11 @@ func (i *Info) Update(w http.ResponseWriter, r *http.Request, c *config.Config,
return http.StatusInternalServerError, err return http.StatusInternalServerError, err
} }
default: default:
return http.StatusBadRequest, nil file = rawBuffer.Bytes()
}
} }
// Overwrite the Body // Overwrite the request Body
r.Body = ioutil.NopCloser(bytes.NewReader(file)) r.Body = ioutil.NopCloser(bytes.NewReader(file))
// Write the file
// err = ioutil.WriteFile(i.Path, file, 0666)
//if err != nil {
//return http.StatusInternalServerError, err
// }
return code, nil return code, nil
} }

49
filemanager.go
View File

@ -8,7 +8,7 @@
package filemanager package filemanager
import ( import (
"fmt" e "errors"
"net/http" "net/http"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
@ -36,14 +36,17 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
fi *directory.Info fi *directory.Info
code int code int
err error err error
serveAssets bool
user *config.User user *config.User
) )
for i := range f.Configs { for i := range f.Configs {
if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) { if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
c = &f.Configs[i] c = &f.Configs[i]
serveAssets = httpserver.Path(r.URL.Path).Matches(c.BaseURL + assets.BaseURL)
if r.Method == http.MethodGet && httpserver.Path(r.URL.Path).Matches(c.BaseURL+assets.BaseURL) {
return assets.Serve(w, r, c)
}
username, _, _ := r.BasicAuth() username, _, _ := r.BasicAuth()
if _, ok := c.Users[username]; ok { if _, ok := c.Users[username]; ok {
@ -52,26 +55,10 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
user = c.User user = c.User
} }
// TODO: make allow and block rules relative to baseurl and webdav
// Checks if the user has permission to access the current directory.
/*if !user.Allowed(r.URL.Path) {
if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
}
return http.StatusForbidden, nil
}
// TODO: How to exclude web dav clients? :/
// Security measures against CSRF attacks.
if r.Method != http.MethodGet {
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
} */
if strings.HasPrefix(r.URL.Path, c.WebDavURL) { if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
fmt.Println("e") if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) {
return http.StatusForbidden, nil
}
switch r.Method { switch r.Method {
case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE": case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":
@ -95,8 +82,16 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
return 0, nil return 0, nil
} }
if r.Method == http.MethodGet && serveAssets { if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) {
return assets.Serve(w, r, c) if r.Method == http.MethodGet {
return errors.PrintHTML(
w,
http.StatusForbidden,
e.New("You don't have permission to access this page."),
)
}
return http.StatusForbidden, nil
} }
if r.Method == http.MethodGet { if r.Method == http.MethodGet {
@ -143,6 +138,12 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
} }
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
// TODO: How to exclude web dav clients? :/
// Security measures against CSRF attacks.
if !c.CheckToken(r) {
return http.StatusForbidden, nil
}
/* TODO: search commands. USE PROPFIND? /* TODO: search commands. USE PROPFIND?
// Search and git commands. // Search and git commands.
if r.Header.Get("Search") == "true" { if r.Header.Get("Search") == "true" {