diff --git a/abyss.go b/abyss.go index 9480508..c8d28a6 100644 --- a/abyss.go +++ b/abyss.go @@ -87,16 +87,16 @@ func setupHandlers(mux *http.ServeMux, app *Application) { "/tree/", http.StripPrefix( "/tree", - app.basicAuth(app.fileListingHandler), + BasicAuth(app.fileListingHandler, app), ), ) mux.HandleFunc("/last", app.lastUploadedHandler) - mux.HandleFunc("/test", app.displayFile) + mux.HandleFunc("/files/", app.fileHandler) if app.authText == "yes" { - mux.HandleFunc("/upload", app.basicAuth(app.uploadHandler)) + mux.HandleFunc("/upload", BasicAuth(app.uploadHandler, app)) slog.Warn("text uploading through the browser will be restricted") } else { mux.HandleFunc("/upload", app.uploadHandler) diff --git a/file_display.go b/file_display.go index f3f5316..39fe6ad 100644 --- a/file_display.go +++ b/file_display.go @@ -9,21 +9,34 @@ import ( ) var extensions = map[string]string{ - ".sh": "text", - ".mp4": "video", - ".pdf": "pdf", - ".txt": "text", - ".png": "image", - ".jpg": "image", - ".json": "text", + ".mp4": "video", ".mkv": "video", ".webm": "video", + + ".pdf": "pdf", + + ".png": "image", ".jpg": "image", ".jpeg": "image", ".webp": "image", + + ".sh": "text", ".bash": "text", ".zsh": "text", + ".bat": "text", ".cmd": "text", ".ps1": "text", + ".ini": "text", ".cfg": "text", ".conf": "text", + ".toml": "text", ".yml": "text", ".yaml": "text", + ".c": "text", ".cpp": "text", ".h": "text", + ".go": "text", ".py": "text", ".js": "text", + ".ts": "text", ".html": "text", ".htm": "text", + ".xml": "text", ".css": "text", ".java": "text", + ".rs": "text", ".rb": "text", ".php": "text", + ".pl": "text", ".sql": "text", ".md": "text", + ".log": "text", ".txt": "text", ".csv": "text", + ".json": "text", ".env": "text", ".sum": "text", + ".gitignore": "text", ".dockerfile": "text", ".Makefile": "text", + ".rst": "text", } -func displayFile(app *Application, file string, w http.ResponseWriter) { +func DisplayFile(app *Application, file string, w http.ResponseWriter) { tmpl := template.Must(template.ParseFiles("templates/files.html")) fileInfo := FileInfo{ Name: file, - Path: app.url, + Path: filepath.Join(app.url, file), Type: getType(file), } diff --git a/handlers.go b/handlers.go index 59f8331..ca80979 100644 --- a/handlers.go +++ b/handlers.go @@ -1,8 +1,6 @@ package main import ( - "crypto/sha256" - "crypto/subtle" "fmt" "html/template" "io" @@ -26,19 +24,6 @@ type Application struct { lastUploadedFile string } -type FileInfo struct { - Name string - Path string - Size int64 - FormattedSize string - Type string -} - -type TemplateData struct { - Files []FileInfo - URL string -} - func (app *Application) fileListingHandler(w http.ResponseWriter, r *http.Request) { dir := app.filesDir + r.URL.Path @@ -75,6 +60,20 @@ func (app *Application) fileListingHandler(w http.ResponseWriter, r *http.Reques } } +func (app *Application) fileHandler(w http.ResponseWriter, r *http.Request) { + path := fmt.Sprintf(".%s", filepath.Clean(r.URL.Path)) + + if !filepath.IsLocal(path) { + http.Error(w, "Wrong url", http.StatusBadRequest) + return + } + + if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() { + http.ServeFile(w, r, path) + return + } +} + func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodPost { app.uploadHandler(w, r) @@ -90,38 +89,7 @@ func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) { } if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() { - ext := filepath.Ext(path) - - textExtensions := map[string]bool{ - ".sh": true, ".bash": true, ".zsh": true, - ".bat": true, ".cmd": true, ".ps1": true, - ".ini": true, ".cfg": true, ".conf": true, - ".toml": true, ".yml": true, ".yaml": true, - ".c": true, ".cpp": true, ".h": true, - ".go": true, ".py": true, ".js": true, - ".ts": true, ".html": true, ".htm": true, - ".xml": true, ".css": true, ".java": true, - ".rs": true, ".rb": true, ".php": true, - ".pl": true, ".sql": true, ".md": true, - ".log": true, ".txt": true, ".csv": true, - ".json": true, ".env": true, ".sum": true, - ".gitignore": true, ".dockerfile": true, ".Makefile": true, - ".rst": true, - } - - videoExtensions := map[string]bool{ - ".mkv": true, - } - - if textExtensions[ext] { - w.Header().Set("Content-Type", "text/plain; charset=utf-8") - } - - if videoExtensions[ext] { - w.Header().Set("Content-Type", "video/mp4") - } - - http.ServeFile(w, r, path) + DisplayFile(app, "/"+path, w) return } @@ -151,33 +119,6 @@ func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) { } } -func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - username, password, ok := r.BasicAuth() - if ok { - // hash password received - usernameHash := sha256.Sum256([]byte(username)) - passwordHash := sha256.Sum256([]byte(password)) - - // hash our password - expectedUsernameHash := sha256.Sum256([]byte(app.auth.username)) - expectedPasswordHash := sha256.Sum256([]byte(app.auth.password)) - - // compare hashes - usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1) - passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1) - - if usernameMatch && passwordMatch { - next.ServeHTTP(w, r) - return - } - } - - w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8`) - http.Error(w, "Unauthorized", http.StatusUnauthorized) - }) -} - func (app *Application) formHandler(w http.ResponseWriter, r *http.Request) { content := r.FormValue("content") diff --git a/helpers.go b/helpers.go index 0cccdb2..6b60152 100644 --- a/helpers.go +++ b/helpers.go @@ -2,6 +2,8 @@ package main import ( "crypto/md5" + "crypto/sha256" + "crypto/subtle" "encoding/hex" "fmt" "io" @@ -9,6 +11,20 @@ import ( "os" ) +type FileInfo struct { + Name string + Path string + Size int64 + FormattedSize string + Type string + Content string +} + +type TemplateData struct { + Files []FileInfo + URL string +} + func CheckAuth(r *http.Request, key string) bool { return r.Header.Get("X-Auth") == key } @@ -49,3 +65,30 @@ func SaveFile(name string, file io.Reader) error { } return nil } + +func BasicAuth(next http.HandlerFunc, app *Application) http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + username, password, ok := r.BasicAuth() + if ok { + // hash password received + usernameHash := sha256.Sum256([]byte(username)) + passwordHash := sha256.Sum256([]byte(password)) + + // hash our password + expectedUsernameHash := sha256.Sum256([]byte(app.auth.username)) + expectedPasswordHash := sha256.Sum256([]byte(app.auth.password)) + + // compare hashes + usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1) + passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1) + + if usernameMatch && passwordMatch { + next.ServeHTTP(w, r) + return + } + } + + w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8`) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + }) +} diff --git a/templates/files.html b/templates/files.html index e96349b..8a408b1 100644 --- a/templates/files.html +++ b/templates/files.html @@ -83,15 +83,15 @@
-