diff options
| author | tjpcc <tjp@ctrl-c.club> | 2023-05-03 13:21:34 -0600 |
|---|---|---|
| committer | tjpcc <tjp@ctrl-c.club> | 2023-05-03 13:27:56 -0600 |
| commit | e42716c43e0241e9d6d2ca7f7efe8d33a27127c2 (patch) | |
| tree | ce798c025bb7e9d9badecc23e96da0f876e212de /contrib/fs | |
| parent | bc8015c8803678d991de1d58cb407de100516d78 (diff) | |
hide private files from the FS
- ResolveFile acts like ErrNotFound
- ResolveDirectory acts like ErrNotFound
- RenderDirectoryListing strips out dot-prefixed entries
Diffstat (limited to 'contrib/fs')
| -rw-r--r-- | contrib/fs/dir.go | 11 | ||||
| -rw-r--r-- | contrib/fs/file.go | 14 | ||||
| -rw-r--r-- | contrib/fs/testdata/.secret-dir/public-file | 0 | ||||
| -rw-r--r-- | contrib/fs/testdata/.secret-file | 0 |
4 files changed, 25 insertions, 0 deletions
diff --git a/contrib/fs/dir.go b/contrib/fs/dir.go index bb2d933..69d17e9 100644 --- a/contrib/fs/dir.go +++ b/contrib/fs/dir.go @@ -24,6 +24,10 @@ func ResolveDirectory( path = "." } + if isPrivate(path) { + return "", nil, nil + } + file, err := fileSystem.Open(path) if isNotFound(err) { return "", nil, nil @@ -124,6 +128,13 @@ func dirlistNamespace(path string, dirFile fs.ReadDirFile, server sr.Server) (ma return nil, err } + for i := len(entries) - 1; i >= 0; i-- { + if strings.HasPrefix(entries[i].Name(), ".") { + copy(entries[i:], entries[i+1:]) + entries = entries[:len(entries)-1] + } + } + sort.Slice(entries, func(i, j int) bool { return entries[i].Name() < entries[j].Name() }) diff --git a/contrib/fs/file.go b/contrib/fs/file.go index 591c1bd..d231466 100644 --- a/contrib/fs/file.go +++ b/contrib/fs/file.go @@ -15,6 +15,11 @@ import ( // returned. func ResolveFile(request *sr.Request, fileSystem fs.FS) (string, fs.File, error) { filepath := strings.TrimPrefix(request.Path, "/") + + if isPrivate(filepath) { + return "", nil, nil + } + file, err := fileSystem.Open(filepath) if isNotFound(err) { return "", nil, nil @@ -57,3 +62,12 @@ func mediaType(filePath string) string { } return mtype } + +func isPrivate(fullpath string) bool { + for _, segment := range strings.Split(fullpath, "/") { + if len(segment) > 1 && segment[0] == '.' { + return true + } + } + return false +} diff --git a/contrib/fs/testdata/.secret-dir/public-file b/contrib/fs/testdata/.secret-dir/public-file new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/contrib/fs/testdata/.secret-dir/public-file diff --git a/contrib/fs/testdata/.secret-file b/contrib/fs/testdata/.secret-file new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/contrib/fs/testdata/.secret-file |