Make router prettier
This commit is contained in:
Henrique Dias
parent
fe7579966d
commit
9f9a6254e5
|
|
@ -39,22 +39,34 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
)
|
)
|
||||||
|
|
||||||
for i := range f.Configs {
|
for i := range f.Configs {
|
||||||
if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
|
// Checks if this Path should be handled by File Manager.
|
||||||
|
if !httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
|
||||||
|
return f.Next.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
|
||||||
c = &f.Configs[i]
|
c = &f.Configs[i]
|
||||||
|
|
||||||
if r.Method == http.MethodGet && httpserver.Path(r.URL.Path).Matches(c.BaseURL+assets.BaseURL) {
|
// Checks if the URL matches the Assets URL. Returns the asset if the
|
||||||
|
// method is GET and Status Forbidden otherwise.
|
||||||
|
if httpserver.Path(r.URL.Path).Matches(c.BaseURL + assets.BaseURL) {
|
||||||
|
if r.Method == http.MethodGet {
|
||||||
return assets.Serve(w, r, c)
|
return assets.Serve(w, r, c)
|
||||||
}
|
}
|
||||||
|
|
||||||
username, _, _ := r.BasicAuth()
|
return http.StatusForbidden, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Obtains the user
|
||||||
|
username, _, _ := r.BasicAuth()
|
||||||
if _, ok := c.Users[username]; ok {
|
if _, ok := c.Users[username]; ok {
|
||||||
user = c.Users[username]
|
user = c.Users[username]
|
||||||
} else {
|
} else {
|
||||||
user = c.User
|
user = c.User
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Checks if the request URL is for the WebDav server
|
||||||
if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
|
if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
|
||||||
|
// Checks for user permissions relatively to this PATH
|
||||||
if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) {
|
if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) {
|
||||||
return http.StatusForbidden, nil
|
return http.StatusForbidden, nil
|
||||||
}
|
}
|
||||||
|
|
@ -70,6 +82,7 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Preprocess the PUT request if it's the case
|
||||||
if r.Method == http.MethodPut {
|
if r.Method == http.MethodPut {
|
||||||
_, err = processPUT(w, r, c, user, fi)
|
_, err = processPUT(w, r, c, user, fi)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -81,11 +94,11 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
return 0, nil
|
return 0, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Checks if the User is allowed to access this file
|
||||||
if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) {
|
if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) {
|
||||||
if r.Method == http.MethodGet {
|
if r.Method == http.MethodGet {
|
||||||
return page.PrintErrorHTML(
|
return page.PrintErrorHTML(
|
||||||
w,
|
w, http.StatusForbidden,
|
||||||
http.StatusForbidden,
|
|
||||||
e.New("You don't have permission to access this page."),
|
e.New("You don't have permission to access this page."),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
@ -115,14 +128,18 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
|
|
||||||
if !fi.IsDir() {
|
if !fi.IsDir() {
|
||||||
query := r.URL.Query()
|
query := r.URL.Query()
|
||||||
|
webdav := false
|
||||||
|
|
||||||
if val, ok := query["raw"]; ok && val[0] == "true" {
|
if val, ok := query["raw"]; ok && val[0] == "true" {
|
||||||
r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
|
webdav = true
|
||||||
c.Handler.ServeHTTP(w, r)
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if val, ok := query["download"]; ok && val[0] == "true" {
|
if val, ok := query["download"]; ok && val[0] == "true" {
|
||||||
w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name())
|
w.Header().Set("Content-Disposition", "attachment; filename="+fi.Name())
|
||||||
|
webdav = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if webdav {
|
||||||
r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
|
r.URL.Path = strings.Replace(r.URL.Path, c.BaseURL, c.WebDavURL, 1)
|
||||||
c.Handler.ServeHTTP(w, r)
|
c.Handler.ServeHTTP(w, r)
|
||||||
return 0, nil
|
return 0, nil
|
||||||
|
|
@ -137,18 +154,12 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.Method == http.MethodPost {
|
if r.Method == http.MethodPost {
|
||||||
// TODO: How to exclude web dav clients? :/
|
// TODO: This anti CSCF measure is not being applied to requests
|
||||||
// Security measures against CSRF attacks.
|
// to the WebDav URL namespace. Anyone has ideas?
|
||||||
if !c.CheckToken(r) {
|
if !c.CheckToken(r) {
|
||||||
return http.StatusForbidden, nil
|
return http.StatusForbidden, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO: search commands. USE PROPFIND?
|
|
||||||
// Search and git commands.
|
|
||||||
if r.Header.Get("Search") == "true" {
|
|
||||||
|
|
||||||
} */
|
|
||||||
|
|
||||||
// VCS commands.
|
// VCS commands.
|
||||||
if r.Header.Get("Command") != "" {
|
if r.Header.Get("Command") != "" {
|
||||||
if !user.AllowCommands {
|
if !user.AllowCommands {
|
||||||
|
|
@ -160,7 +171,7 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return http.StatusNotImplemented, nil
|
return http.StatusNotImplemented, nil
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return f.Next.ServeHTTP(w, r)
|
return f.Next.ServeHTTP(w, r)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue