2021-06-05 14:07:09 +00:00
|
|
|
package httpd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
2021-07-23 08:19:27 +00:00
|
|
|
"io"
|
2021-11-06 13:13:20 +00:00
|
|
|
"mime/multipart"
|
2021-06-05 14:07:09 +00:00
|
|
|
"net/http"
|
2021-07-23 08:19:27 +00:00
|
|
|
"os"
|
|
|
|
"path"
|
2021-12-08 18:25:22 +00:00
|
|
|
"strconv"
|
2021-06-05 14:07:09 +00:00
|
|
|
|
|
|
|
"github.com/go-chi/render"
|
|
|
|
"github.com/rs/xid"
|
|
|
|
|
2021-06-26 05:31:41 +00:00
|
|
|
"github.com/drakkan/sftpgo/v2/common"
|
|
|
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
2021-07-23 08:19:27 +00:00
|
|
|
"github.com/drakkan/sftpgo/v2/logger"
|
2021-07-11 13:26:51 +00:00
|
|
|
"github.com/drakkan/sftpgo/v2/util"
|
2021-06-05 14:07:09 +00:00
|
|
|
)
|
|
|
|
|
2021-07-23 08:19:27 +00:00
|
|
|
func getUserConnection(w http.ResponseWriter, r *http.Request) (*Connection, error) {
|
2021-06-05 14:07:09 +00:00
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
2021-07-23 08:19:27 +00:00
|
|
|
return nil, fmt.Errorf("invalid token claims %w", err)
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
user, err := dataprovider.UserExists(claims.Username)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, nil, "Unable to retrieve your user", getRespStatus(err))
|
2021-07-23 08:19:27 +00:00
|
|
|
return nil, err
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
connID := xid.New().String()
|
2022-02-19 09:53:35 +00:00
|
|
|
protocol := getProtocolFromRequest(r)
|
|
|
|
connectionID := fmt.Sprintf("%v_%v", protocol, connID)
|
2021-06-05 14:07:09 +00:00
|
|
|
if err := checkHTTPClientUser(&user, r, connectionID); err != nil {
|
|
|
|
sendAPIResponse(w, r, err, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
2021-07-23 08:19:27 +00:00
|
|
|
return nil, err
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
connection := &Connection{
|
2022-02-19 09:53:35 +00:00
|
|
|
BaseConnection: common.NewBaseConnection(connID, protocol, util.GetHTTPLocalAddress(r),
|
2021-07-24 18:11:17 +00:00
|
|
|
r.RemoteAddr, user),
|
|
|
|
request: r,
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
return connection, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func readUserFolder(w http.ResponseWriter, r *http.Request) {
|
2021-08-17 16:08:32 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
2021-07-23 08:19:27 +00:00
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2021-06-05 14:07:09 +00:00
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-06-05 14:07:09 +00:00
|
|
|
contents, err := connection.ReadDir(name)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "Unable to get directory contents", getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
2022-02-06 15:46:43 +00:00
|
|
|
renderAPIDirContents(w, r, contents, false)
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
|
2021-07-23 08:19:27 +00:00
|
|
|
func createUserDir(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-12-19 11:14:53 +00:00
|
|
|
if getBoolQueryParam(r, "mkdir_parents") {
|
|
|
|
if err = connection.CheckParentDirs(path.Dir(name)); err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "Error checking parent directories", getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-01-15 16:16:49 +00:00
|
|
|
err = connection.CreateDir(name, true)
|
2021-06-05 14:07:09 +00:00
|
|
|
if err != nil {
|
2021-07-23 08:19:27 +00:00
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to create directory %#v", name), getMappedStatusCode(err))
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("Directory %#v created", name), http.StatusCreated)
|
|
|
|
}
|
|
|
|
|
|
|
|
func renameUserDir(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
oldName := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
|
|
|
newName := connection.User.GetCleanedPath(r.URL.Query().Get("target"))
|
2021-07-23 08:19:27 +00:00
|
|
|
err = connection.Rename(oldName, newName)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to rename directory %#v to %#v", oldName, newName),
|
|
|
|
getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("Directory %#v renamed to %#v", oldName, newName), http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func deleteUserDir(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-07-23 08:19:27 +00:00
|
|
|
err = connection.RemoveDir(name)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to delete directory %#v", name), getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("Directory %#v deleted", name), http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func getUserFile(w http.ResponseWriter, r *http.Request) {
|
2021-08-17 16:08:32 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
2021-07-23 08:19:27 +00:00
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-06-05 14:07:09 +00:00
|
|
|
if name == "/" {
|
|
|
|
sendAPIResponse(w, r, nil, "Please set the path to a valid file", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
info, err := connection.Stat(name, 0)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "Unable to stat the requested file", getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if info.IsDir() {
|
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("Please set the path to a valid file, %#v is a directory", name), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-11-25 18:24:32 +00:00
|
|
|
inline := r.URL.Query().Get("inline") != ""
|
2022-02-06 15:46:43 +00:00
|
|
|
if status, err := downloadFile(w, r, connection, name, info, inline, nil); err != nil {
|
2021-06-05 14:07:09 +00:00
|
|
|
resp := apiResponse{
|
|
|
|
Error: err.Error(),
|
|
|
|
Message: http.StatusText(status),
|
|
|
|
}
|
|
|
|
ctx := r.Context()
|
|
|
|
if status != 0 {
|
|
|
|
ctx = context.WithValue(ctx, render.StatusCtxKey, status)
|
|
|
|
}
|
|
|
|
render.JSON(w, r.WithContext(ctx), resp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-12-08 18:25:22 +00:00
|
|
|
func setFileDirMetadata(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
|
|
|
|
metadata := make(map[string]int64)
|
|
|
|
err := render.DecodeJSON(r.Body, &metadata)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
mTime, ok := metadata["modification_time"]
|
|
|
|
if !ok || !r.URL.Query().Has("path") {
|
|
|
|
sendAPIResponse(w, r, errors.New("please set a modification_time and a path"), "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-12-08 18:25:22 +00:00
|
|
|
attrs := common.StatAttributes{
|
|
|
|
Flags: common.StatAttrTimes,
|
|
|
|
Atime: util.GetTimeFromMsecSinceEpoch(mTime),
|
|
|
|
Mtime: util.GetTimeFromMsecSinceEpoch(mTime),
|
|
|
|
}
|
|
|
|
err = connection.SetStat(name, &attrs)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to set metadata for path %#v", name), getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, "OK", http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func uploadUserFile(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if maxUploadFileSize > 0 {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxUploadFileSize)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !r.URL.Query().Has("path") {
|
|
|
|
sendAPIResponse(w, r, errors.New("please set a file path"), "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
filePath := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-12-19 11:14:53 +00:00
|
|
|
if getBoolQueryParam(r, "mkdir_parents") {
|
|
|
|
if err = connection.CheckParentDirs(path.Dir(filePath)); err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "Error checking parent directories", getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2021-12-08 18:25:22 +00:00
|
|
|
doUploadFile(w, r, connection, filePath) //nolint:errcheck
|
|
|
|
}
|
|
|
|
|
|
|
|
func doUploadFile(w http.ResponseWriter, r *http.Request, connection *Connection, filePath string) error {
|
|
|
|
writer, err := connection.getFileWriter(filePath)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to write file %#v", filePath), getMappedStatusCode(err))
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
_, err = io.Copy(writer, r.Body)
|
|
|
|
if err != nil {
|
|
|
|
writer.Close() //nolint:errcheck
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Error saving file %#v", filePath), getMappedStatusCode(err))
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = writer.Close()
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Error closing file %#v", filePath), getMappedStatusCode(err))
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
setModificationTimeFromHeader(r, connection, filePath)
|
|
|
|
sendAPIResponse(w, r, nil, "Upload completed", http.StatusCreated)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-07-23 08:19:27 +00:00
|
|
|
func uploadUserFiles(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if maxUploadFileSize > 0 {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxUploadFileSize)
|
|
|
|
}
|
|
|
|
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2022-01-30 10:42:36 +00:00
|
|
|
transferQuota := connection.GetTransferQuota()
|
|
|
|
if !transferQuota.HasUploadSpace() {
|
|
|
|
connection.Log(logger.LevelInfo, "denying file write due to transfer quota limits")
|
|
|
|
sendAPIResponse(w, r, common.ErrQuotaExceeded, "Denying file write due to transfer quota limits",
|
|
|
|
http.StatusRequestEntityTooLarge)
|
|
|
|
return
|
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2021-11-30 17:40:50 +00:00
|
|
|
t := newThrottledReader(r.Body, connection.User.UploadBandwidth, connection)
|
|
|
|
r.Body = t
|
2021-07-23 08:19:27 +00:00
|
|
|
err = r.ParseMultipartForm(maxMultipartMem)
|
2021-06-05 14:07:09 +00:00
|
|
|
if err != nil {
|
2021-11-30 17:40:50 +00:00
|
|
|
connection.RemoveTransfer(t)
|
2021-07-23 08:19:27 +00:00
|
|
|
sendAPIResponse(w, r, err, "Unable to parse multipart form", http.StatusBadRequest)
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2021-11-30 17:40:50 +00:00
|
|
|
connection.RemoveTransfer(t)
|
2021-07-23 19:41:02 +00:00
|
|
|
defer r.MultipartForm.RemoveAll() //nolint:errcheck
|
2021-07-23 08:19:27 +00:00
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
parentDir := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-11-06 13:13:20 +00:00
|
|
|
files := r.MultipartForm.File["filenames"]
|
2021-07-23 08:19:27 +00:00
|
|
|
if len(files) == 0 {
|
2021-11-06 13:13:20 +00:00
|
|
|
sendAPIResponse(w, r, nil, "No files uploaded!", http.StatusBadRequest)
|
2021-06-05 14:07:09 +00:00
|
|
|
return
|
|
|
|
}
|
2021-12-19 11:14:53 +00:00
|
|
|
if getBoolQueryParam(r, "mkdir_parents") {
|
|
|
|
if err = connection.CheckParentDirs(parentDir); err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "Error checking parent directories", getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2021-11-06 13:13:20 +00:00
|
|
|
doUploadFiles(w, r, connection, parentDir, files)
|
|
|
|
}
|
2021-07-23 08:19:27 +00:00
|
|
|
|
2021-11-06 13:13:20 +00:00
|
|
|
func doUploadFiles(w http.ResponseWriter, r *http.Request, connection *Connection, parentDir string,
|
|
|
|
files []*multipart.FileHeader,
|
|
|
|
) int {
|
|
|
|
uploaded := 0
|
2021-11-30 17:40:50 +00:00
|
|
|
connection.User.UploadBandwidth = 0
|
2021-07-23 08:19:27 +00:00
|
|
|
for _, f := range files {
|
|
|
|
file, err := f.Open()
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to read uploaded file %#v", f.Filename), getMappedStatusCode(err))
|
2021-11-06 13:13:20 +00:00
|
|
|
return uploaded
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
filePath := path.Join(parentDir, f.Filename)
|
|
|
|
writer, err := connection.getFileWriter(filePath)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to write file %#v", f.Filename), getMappedStatusCode(err))
|
2021-11-06 13:13:20 +00:00
|
|
|
return uploaded
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
|
|
|
_, err = io.Copy(writer, file)
|
|
|
|
if err != nil {
|
|
|
|
writer.Close() //nolint:errcheck
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Error saving file %#v", f.Filename), getMappedStatusCode(err))
|
2021-11-06 13:13:20 +00:00
|
|
|
return uploaded
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
|
|
|
err = writer.Close()
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Error closing file %#v", f.Filename), getMappedStatusCode(err))
|
2021-11-06 13:13:20 +00:00
|
|
|
return uploaded
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
2021-11-06 13:13:20 +00:00
|
|
|
uploaded++
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, "Upload completed", http.StatusCreated)
|
2021-11-06 13:13:20 +00:00
|
|
|
return uploaded
|
2021-07-23 08:19:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func renameUserFile(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
oldName := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
|
|
|
newName := connection.User.GetCleanedPath(r.URL.Query().Get("target"))
|
2021-07-23 08:19:27 +00:00
|
|
|
err = connection.Rename(oldName, newName)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to rename file %#v to %#v", oldName, newName),
|
|
|
|
getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("File %#v renamed to %#v", oldName, newName), http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func deleteUserFile(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
2022-03-03 11:44:56 +00:00
|
|
|
name := connection.User.GetCleanedPath(r.URL.Query().Get("path"))
|
2021-07-23 08:19:27 +00:00
|
|
|
fs, p, err := connection.GetFsAndResolvedPath(name)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to delete file %#v", name), getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var fi os.FileInfo
|
|
|
|
if fi, err = fs.Lstat(p); err != nil {
|
2021-12-16 18:53:00 +00:00
|
|
|
connection.Log(logger.LevelError, "failed to remove file %#v: stat error: %+v", p, err)
|
2021-07-23 08:19:27 +00:00
|
|
|
err = connection.GetFsError(fs, err)
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to delete file %#v", name), getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if fi.IsDir() && fi.Mode()&os.ModeSymlink == 0 {
|
|
|
|
connection.Log(logger.LevelDebug, "cannot remove %#v is not a file/symlink", p)
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable delete %#v, it is not a file/symlink", name), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = connection.RemoveFile(fs, p, name, fi)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, fmt.Sprintf("Unable to delete file %#v", name), getMappedStatusCode(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, nil, fmt.Sprintf("File %#v deleted", name), http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func getUserFilesAsZipStream(w http.ResponseWriter, r *http.Request) {
|
2021-08-17 16:08:32 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
2021-07-23 08:19:27 +00:00
|
|
|
connection, err := getUserConnection(w, r)
|
|
|
|
if err != nil {
|
|
|
|
return
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
common.Connections.Add(connection)
|
|
|
|
defer common.Connections.Remove(connection.GetID())
|
|
|
|
|
|
|
|
var filesList []string
|
|
|
|
err = render.DecodeJSON(r.Body, &filesList)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
baseDir := "/"
|
|
|
|
for idx := range filesList {
|
2021-07-11 13:26:51 +00:00
|
|
|
filesList[idx] = util.CleanPath(filesList[idx])
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
|
2021-11-06 13:13:20 +00:00
|
|
|
filesList = util.RemoveDuplicates(filesList)
|
|
|
|
|
2021-06-05 14:07:09 +00:00
|
|
|
w.Header().Set("Content-Disposition", "attachment; filename=\"sftpgo-download.zip\"")
|
2021-11-06 13:13:20 +00:00
|
|
|
renderCompressedFiles(w, connection, baseDir, filesList, nil)
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func getUserPublicKeys(w http.ResponseWriter, r *http.Request) {
|
2021-08-17 16:08:32 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
2021-06-05 14:07:09 +00:00
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
user, err := dataprovider.UserExists(claims.Username)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, nil, "Unable to retrieve your user", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
render.JSON(w, r, user.PublicKeys)
|
|
|
|
}
|
|
|
|
|
|
|
|
func setUserPublicKeys(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
|
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
user, err := dataprovider.UserExists(claims.Username)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, nil, "Unable to retrieve your user", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var publicKeys []string
|
|
|
|
err = render.DecodeJSON(r.Body, &publicKeys)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
user.PublicKeys = publicKeys
|
2021-10-10 11:08:05 +00:00
|
|
|
err = dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
2021-06-05 14:07:09 +00:00
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, err, "Public keys updated", http.StatusOK)
|
|
|
|
}
|
|
|
|
|
2021-09-29 16:46:15 +00:00
|
|
|
func getUserProfile(w http.ResponseWriter, r *http.Request) {
|
2021-09-06 16:46:35 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
user, err := dataprovider.UserExists(claims.Username)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
2021-09-29 16:46:15 +00:00
|
|
|
resp := userProfile{
|
|
|
|
baseProfile: baseProfile{
|
|
|
|
Email: user.Email,
|
|
|
|
Description: user.Description,
|
|
|
|
AllowAPIKeyAuth: user.Filters.AllowAPIKeyAuth,
|
|
|
|
},
|
|
|
|
PublicKeys: user.PublicKeys,
|
2021-09-06 16:46:35 +00:00
|
|
|
}
|
|
|
|
render.JSON(w, r, resp)
|
|
|
|
}
|
|
|
|
|
2021-09-29 16:46:15 +00:00
|
|
|
func updateUserProfile(w http.ResponseWriter, r *http.Request) {
|
2021-09-06 16:46:35 +00:00
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2021-09-29 16:46:15 +00:00
|
|
|
var req userProfile
|
2021-09-06 16:46:35 +00:00
|
|
|
err = render.DecodeJSON(r.Body, &req)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
user, err := dataprovider.UserExists(claims.Username)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
2021-09-29 16:46:15 +00:00
|
|
|
if !user.CanManagePublicKeys() && !user.CanChangeAPIKeyAuth() && !user.CanChangeInfo() {
|
|
|
|
sendAPIResponse(w, r, nil, "You are not allowed to change anything", http.StatusForbidden)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if user.CanManagePublicKeys() {
|
|
|
|
user.PublicKeys = req.PublicKeys
|
|
|
|
}
|
|
|
|
if user.CanChangeAPIKeyAuth() {
|
|
|
|
user.Filters.AllowAPIKeyAuth = req.AllowAPIKeyAuth
|
|
|
|
}
|
|
|
|
if user.CanChangeInfo() {
|
|
|
|
user.Email = req.Email
|
|
|
|
user.Description = req.Description
|
|
|
|
}
|
2021-10-10 11:08:05 +00:00
|
|
|
if err := dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, util.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
|
2021-09-06 16:46:35 +00:00
|
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
2021-09-29 16:46:15 +00:00
|
|
|
sendAPIResponse(w, r, err, "Profile updated", http.StatusOK)
|
2021-09-06 16:46:35 +00:00
|
|
|
}
|
|
|
|
|
2021-06-05 14:07:09 +00:00
|
|
|
func changeUserPassword(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
|
|
|
|
var pwd pwdChange
|
|
|
|
err := render.DecodeJSON(r.Body, &pwd)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = doChangeUserPassword(r, pwd.CurrentPassword, pwd.NewPassword, pwd.NewPassword)
|
|
|
|
if err != nil {
|
|
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sendAPIResponse(w, r, err, "Password updated", http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
func doChangeUserPassword(r *http.Request, currentPassword, newPassword, confirmNewPassword string) error {
|
|
|
|
if currentPassword == "" || newPassword == "" || confirmNewPassword == "" {
|
2021-07-11 13:26:51 +00:00
|
|
|
return util.NewValidationError("please provide the current password and the new one two times")
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
if newPassword != confirmNewPassword {
|
2021-07-11 13:26:51 +00:00
|
|
|
return util.NewValidationError("the two password fields do not match")
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
if currentPassword == newPassword {
|
2021-07-11 13:26:51 +00:00
|
|
|
return util.NewValidationError("the new password must be different from the current one")
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
claims, err := getTokenClaims(r)
|
|
|
|
if err != nil || claims.Username == "" {
|
|
|
|
return errors.New("invalid token claims")
|
|
|
|
}
|
2021-07-11 13:26:51 +00:00
|
|
|
user, err := dataprovider.CheckUserAndPass(claims.Username, currentPassword, util.GetIPFromRemoteAddress(r.RemoteAddr),
|
2022-02-19 09:53:35 +00:00
|
|
|
getProtocolFromRequest(r))
|
2021-06-05 14:07:09 +00:00
|
|
|
if err != nil {
|
2021-07-11 13:26:51 +00:00
|
|
|
return util.NewValidationError("current password does not match")
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
|
|
|
user.Password = newPassword
|
|
|
|
|
2021-10-10 11:08:05 +00:00
|
|
|
return dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, util.GetIPFromRemoteAddress(r.RemoteAddr))
|
2021-06-05 14:07:09 +00:00
|
|
|
}
|
2021-12-08 18:25:22 +00:00
|
|
|
|
|
|
|
func setModificationTimeFromHeader(r *http.Request, c *Connection, filePath string) {
|
|
|
|
mTimeString := r.Header.Get(mTimeHeader)
|
|
|
|
if mTimeString != "" {
|
|
|
|
// we don't return an error here if we fail to set the modification time
|
|
|
|
mTime, err := strconv.ParseInt(mTimeString, 10, 64)
|
|
|
|
if err == nil {
|
|
|
|
attrs := common.StatAttributes{
|
|
|
|
Flags: common.StatAttrTimes,
|
|
|
|
Atime: util.GetTimeFromMsecSinceEpoch(mTime),
|
|
|
|
Mtime: util.GetTimeFromMsecSinceEpoch(mTime),
|
|
|
|
}
|
|
|
|
err = c.SetStat(filePath, &attrs)
|
|
|
|
c.Log(logger.LevelDebug, "requested modification time %v for file %#v, error: %v",
|
|
|
|
attrs.Mtime, filePath, err)
|
|
|
|
} else {
|
|
|
|
c.Log(logger.LevelInfo, "invalid modification time header was ignored: %v", mTimeString)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|