From e42716c43e0241e9d6d2ca7f7efe8d33a27127c2 Mon Sep 17 00:00:00 2001 From: tjpcc Date: Wed, 3 May 2023 13:21:34 -0600 Subject: hide private files from the FS - ResolveFile acts like ErrNotFound - ResolveDirectory acts like ErrNotFound - RenderDirectoryListing strips out dot-prefixed entries --- contrib/fs/dir.go | 11 +++++++++++ contrib/fs/file.go | 14 ++++++++++++++ contrib/fs/testdata/.secret-dir/public-file | 0 contrib/fs/testdata/.secret-file | 0 4 files changed, 25 insertions(+) create mode 100644 contrib/fs/testdata/.secret-dir/public-file create mode 100644 contrib/fs/testdata/.secret-file diff --git a/contrib/fs/dir.go b/contrib/fs/dir.go index bb2d933..69d17e9 100644 --- a/contrib/fs/dir.go +++ b/contrib/fs/dir.go @@ -24,6 +24,10 @@ func ResolveDirectory( path = "." } + if isPrivate(path) { + return "", nil, nil + } + file, err := fileSystem.Open(path) if isNotFound(err) { return "", nil, nil @@ -124,6 +128,13 @@ func dirlistNamespace(path string, dirFile fs.ReadDirFile, server sr.Server) (ma return nil, err } + for i := len(entries) - 1; i >= 0; i-- { + if strings.HasPrefix(entries[i].Name(), ".") { + copy(entries[i:], entries[i+1:]) + entries = entries[:len(entries)-1] + } + } + sort.Slice(entries, func(i, j int) bool { return entries[i].Name() < entries[j].Name() }) diff --git a/contrib/fs/file.go b/contrib/fs/file.go index 591c1bd..d231466 100644 --- a/contrib/fs/file.go +++ b/contrib/fs/file.go @@ -15,6 +15,11 @@ import ( // returned. func ResolveFile(request *sr.Request, fileSystem fs.FS) (string, fs.File, error) { filepath := strings.TrimPrefix(request.Path, "/") + + if isPrivate(filepath) { + return "", nil, nil + } + file, err := fileSystem.Open(filepath) if isNotFound(err) { return "", nil, nil @@ -57,3 +62,12 @@ func mediaType(filePath string) string { } return mtype } + +func isPrivate(fullpath string) bool { + for _, segment := range strings.Split(fullpath, "/") { + if len(segment) > 1 && segment[0] == '.' { + return true + } + } + return false +} diff --git a/contrib/fs/testdata/.secret-dir/public-file b/contrib/fs/testdata/.secret-dir/public-file new file mode 100644 index 0000000..e69de29 diff --git a/contrib/fs/testdata/.secret-file b/contrib/fs/testdata/.secret-file new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3