sftpgo-mirror/httpd/api_utils.go

package httpd

import (
	"context"
	"errors"
	"io"
	"net/http"
	"os"
	"path"
	"strconv"
	"strings"

	"github.com/go-chi/render"
	"github.com/klauspost/compress/zip"

	"github.com/drakkan/sftpgo/common"
	"github.com/drakkan/sftpgo/dataprovider"
	"github.com/drakkan/sftpgo/logger"
)

func sendAPIResponse(w http.ResponseWriter, r *http.Request, err error, message string, code int) {
	var errorString string
	if err != nil {
		errorString = err.Error()
	}
	resp := apiResponse{
		Error:   errorString,
		Message: message,
	}
	ctx := context.WithValue(r.Context(), render.StatusCtxKey, code)
	render.JSON(w, r.WithContext(ctx), resp)
}

func getRespStatus(err error) int {
	if _, ok := err.(*dataprovider.ValidationError); ok {
		return http.StatusBadRequest
	}
	if _, ok := err.(*dataprovider.MethodDisabledError); ok {
		return http.StatusForbidden
	}
	if _, ok := err.(*dataprovider.RecordNotFoundError); ok {
		return http.StatusNotFound
	}
	if os.IsNotExist(err) {
		return http.StatusBadRequest
	}
	return http.StatusInternalServerError
}

func handleCloseConnection(w http.ResponseWriter, r *http.Request) {
	connectionID := getURLParam(r, "connectionID")
	if connectionID == "" {
		sendAPIResponse(w, r, nil, "connectionID is mandatory", http.StatusBadRequest)
		return
	}
	if common.Connections.Close(connectionID) {
		sendAPIResponse(w, r, nil, "Connection closed", http.StatusOK)
	} else {
		sendAPIResponse(w, r, nil, "Not Found", http.StatusNotFound)
	}
}

func getSearchFilters(w http.ResponseWriter, r *http.Request) (int, int, string, error) {
	var err error
	limit := 100
	offset := 0
	order := dataprovider.OrderASC
	if _, ok := r.URL.Query()["limit"]; ok {
		limit, err = strconv.Atoi(r.URL.Query().Get("limit"))
		if err != nil {
			err = errors.New("invalid limit")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return limit, offset, order, err
		}
		if limit > 500 {
			limit = 500
		}
	}
	if _, ok := r.URL.Query()["offset"]; ok {
		offset, err = strconv.Atoi(r.URL.Query().Get("offset"))
		if err != nil {
			err = errors.New("invalid offset")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return limit, offset, order, err
		}
	}
	if _, ok := r.URL.Query()["order"]; ok {
		order = r.URL.Query().Get("order")
		if order != dataprovider.OrderASC && order != dataprovider.OrderDESC {
			err = errors.New("invalid order")
			sendAPIResponse(w, r, err, "", http.StatusBadRequest)
			return limit, offset, order, err
		}
	}

	return limit, offset, order, err
}

func renderCompressedFiles(w http.ResponseWriter, conn *Connection, baseDir string, files []string) {
	w.Header().Set("Content-Type", "application/zip")
	w.Header().Set("Accept-Ranges", "none")
	w.Header().Set("Content-Transfer-Encoding", "binary")
	w.WriteHeader(http.StatusOK)

	wr := zip.NewWriter(w)

	for _, file := range files {
		fullPath := path.Join(baseDir, file)
		if err := addZipEntry(wr, conn, fullPath, baseDir); err != nil {
			panic(http.ErrAbortHandler)
		}
	}
	if err := wr.Close(); err != nil {
		conn.Log(logger.LevelWarn, "unable to close zip file: %v", err)
		panic(http.ErrAbortHandler)
	}
}

func addZipEntry(wr *zip.Writer, conn *Connection, entryPath, baseDir string) error {
	info, err := conn.Stat(entryPath, 1)
	if err != nil {
		conn.Log(logger.LevelDebug, "unable to add zip entry %#v, stat error: %v", entryPath, err)
		return err
	}
	if info.IsDir() {
		_, err := wr.Create(getZipEntryName(entryPath, baseDir) + "/")
		if err != nil {
			conn.Log(logger.LevelDebug, "unable to create zip entry %#v: %v", entryPath, err)
			return err
		}
		contents, err := conn.ReadDir(entryPath)
		if err != nil {
			conn.Log(logger.LevelDebug, "unable to add zip entry %#v, read dir error: %v", entryPath, err)
			return err
		}
		for _, info := range contents {
			fullPath := path.Join(entryPath, info.Name())
			if err := addZipEntry(wr, conn, fullPath, baseDir); err != nil {
				return err
			}
		}
		return nil
	}
	if !info.Mode().IsRegular() {
		// we only allow regular files
		conn.Log(logger.LevelDebug, "skipping zip entry for non regular file %#v", entryPath)
		return nil
	}
	reader, err := conn.getFileReader(entryPath, 0, http.MethodGet)
	if err != nil {
		conn.Log(logger.LevelDebug, "unable to add zip entry %#v, cannot open file: %v", entryPath, err)
		return err
	}
	defer reader.Close()

	f, err := wr.Create(getZipEntryName(entryPath, baseDir))
	if err != nil {
		conn.Log(logger.LevelDebug, "unable to create zip entry %#v: %v", entryPath, err)
		return err
	}
	_, err = io.Copy(f, reader)
	return err
}

func getZipEntryName(entryPath, baseDir string) string {
	entryPath = strings.TrimPrefix(entryPath, baseDir)
	return strings.TrimPrefix(entryPath, "/")
}
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`package httpd`
first version 2019-07-20 10:26:52 +00:00
			`import (`
update deps and simplify some code 2020-01-31 22:26:56 +00:00			`"context"`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00			`"errors"`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00			`"io"`
first version 2019-07-20 10:26:52 +00:00			`"net/http"`
add backup/restore REST API 2019-12-27 22:12:44 +00:00			`"os"`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00			`"path"`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00			`"strconv"`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00			`"strings"`
first version 2019-07-20 10:26:52 +00:00
add more linters test cases migration to testify is now complete. Linters are enabled for test cases too 2020-05-06 17:36:34 +00:00			`"github.com/go-chi/render"`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00			`"github.com/klauspost/compress/zip"`
add more linters test cases migration to testify is now complete. Linters are enabled for test cases too 2020-05-06 17:36:34 +00:00
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`"github.com/drakkan/sftpgo/common"`
first version 2019-07-20 10:26:52 +00:00			`"github.com/drakkan/sftpgo/dataprovider"`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00			`"github.com/drakkan/sftpgo/logger"`
first version 2019-07-20 10:26:52 +00:00			`)`

add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`func sendAPIResponse(w http.ResponseWriter, r *http.Request, err error, message string, code int) {`
			`var errorString string`
			`if err != nil {`
			`errorString = err.Error()`
			`}`
			`resp := apiResponse{`
REST API: remove status from ApiResponse it duplicates the header HTTP status 2020-09-08 07:45:21 +00:00			`Error: errorString,`
			`Message: message,`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`}`
update deps and simplify some code 2020-01-31 22:26:56 +00:00			`ctx := context.WithValue(r.Context(), render.StatusCtxKey, code)`
			`render.JSON(w, r.WithContext(ctx), resp)`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`}`

			`func getRespStatus(err error) int {`
			`if _, ok := err.(*dataprovider.ValidationError); ok {`
			`return http.StatusBadRequest`
			`}`
			`if _, ok := err.(*dataprovider.MethodDisabledError); ok {`
			`return http.StatusForbidden`
			`}`
Add API endpoint to set current quota Fixes #130 2020-06-20 10:38:04 +00:00			`if _, ok := err.(*dataprovider.RecordNotFoundError); ok {`
			`return http.StatusNotFound`
			`}`
add backup/restore REST API 2019-12-27 22:12:44 +00:00			`if os.IsNotExist(err) {`
			`return http.StatusBadRequest`
			`}`
add a basic web interface The builtin web interface allows to manage users and connections 2019-10-07 16:19:01 +00:00			`return http.StatusInternalServerError`
			`}`

REST API v2 - add JWT authentication - admins are now stored inside the data provider - admin access can be restricted based on the source IP: both proxy header and connection IP are checked - deprecate REST API CLI: it is not relevant anymore Some other changes to the REST API can still happen before releasing SFTPGo 2.0.0 Fixes #197 2021-01-17 21:29:08 +00:00			`func handleCloseConnection(w http.ResponseWriter, r *http.Request) {`
			`connectionID := getURLParam(r, "connectionID")`
			`if connectionID == "" {`
			`sendAPIResponse(w, r, nil, "connectionID is mandatory", http.StatusBadRequest)`
			`return`
refactor virtual folders The same virtual folder can now be shared among users and different folder quota limits for each user are supported. Fixes #120 2020-06-07 21:30:18 +00:00			`}`
REST API v2 - add JWT authentication - admins are now stored inside the data provider - admin access can be restricted based on the source IP: both proxy header and connection IP are checked - deprecate REST API CLI: it is not relevant anymore Some other changes to the REST API can still happen before releasing SFTPGo 2.0.0 Fixes #197 2021-01-17 21:29:08 +00:00			`if common.Connections.Close(connectionID) {`
			`sendAPIResponse(w, r, nil, "Connection closed", http.StatusOK)`
refactor virtual folders The same virtual folder can now be shared among users and different folder quota limits for each user are supported. Fixes #120 2020-06-07 21:30:18 +00:00			`} else {`
REST API v2 - add JWT authentication - admins are now stored inside the data provider - admin access can be restricted based on the source IP: both proxy header and connection IP are checked - deprecate REST API CLI: it is not relevant anymore Some other changes to the REST API can still happen before releasing SFTPGo 2.0.0 Fixes #197 2021-01-17 21:29:08 +00:00			`sendAPIResponse(w, r, nil, "Not Found", http.StatusNotFound)`
REST API/Web admin: add a parameter to disconnect a user after an update This way you can force the user to login again and so to use the updated configuration. A deleted user will be automatically disconnected. Fixes #163 Improved some docs too. 2020-09-01 14:10:26 +00:00			`}`
			`}`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00
			`func getSearchFilters(w http.ResponseWriter, r *http.Request) (int, int, string, error) {`
			`var err error`
			`limit := 100`
			`offset := 0`
			`order := dataprovider.OrderASC`
			`if _, ok := r.URL.Query()["limit"]; ok {`
			`limit, err = strconv.Atoi(r.URL.Query().Get("limit"))`
			`if err != nil {`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`err = errors.New("invalid limit")`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return limit, offset, order, err`
			`}`
			`if limit > 500 {`
			`limit = 500`
			`}`
			`}`
			`if _, ok := r.URL.Query()["offset"]; ok {`
			`offset, err = strconv.Atoi(r.URL.Query().Get("offset"))`
			`if err != nil {`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`err = errors.New("invalid offset")`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return limit, offset, order, err`
			`}`
			`}`
			`if _, ok := r.URL.Query()["order"]; ok {`
			`order = r.URL.Query().Get("order")`
			`if order != dataprovider.OrderASC && order != dataprovider.OrderDESC {`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`err = errors.New("invalid order")`
virtual folders: change dataprovider structure This way we no longer depend on the local file system path and so we can add support for cloud backends in future updates 2021-02-01 18:04:15 +00:00			`sendAPIResponse(w, r, err, "", http.StatusBadRequest)`
			`return limit, offset, order, err`
			`}`
			`}`

			`return limit, offset, order, err`
			`}`
webclient: allow to download multiple files as zip 2021-05-30 21:07:46 +00:00
			`func renderCompressedFiles(w http.ResponseWriter, conn *Connection, baseDir string, files []string) {`
			`w.Header().Set("Content-Type", "application/zip")`
			`w.Header().Set("Accept-Ranges", "none")`
			`w.Header().Set("Content-Transfer-Encoding", "binary")`
			`w.WriteHeader(http.StatusOK)`

			`wr := zip.NewWriter(w)`

			`for _, file := range files {`
			`fullPath := path.Join(baseDir, file)`
			`if err := addZipEntry(wr, conn, fullPath, baseDir); err != nil {`
			`panic(http.ErrAbortHandler)`
			`}`
			`}`
			`if err := wr.Close(); err != nil {`
			`conn.Log(logger.LevelWarn, "unable to close zip file: %v", err)`
			`panic(http.ErrAbortHandler)`
			`}`
			`}`

			`func addZipEntry(wr zip.Writer, conn Connection, entryPath, baseDir string) error {`
			`info, err := conn.Stat(entryPath, 1)`
			`if err != nil {`
			`conn.Log(logger.LevelDebug, "unable to add zip entry %#v, stat error: %v", entryPath, err)`
			`return err`
			`}`
			`if info.IsDir() {`
			`_, err := wr.Create(getZipEntryName(entryPath, baseDir) + "/")`
			`if err != nil {`
			`conn.Log(logger.LevelDebug, "unable to create zip entry %#v: %v", entryPath, err)`
			`return err`
			`}`
			`contents, err := conn.ReadDir(entryPath)`
			`if err != nil {`
			`conn.Log(logger.LevelDebug, "unable to add zip entry %#v, read dir error: %v", entryPath, err)`
			`return err`
			`}`
			`for _, info := range contents {`
			`fullPath := path.Join(entryPath, info.Name())`
			`if err := addZipEntry(wr, conn, fullPath, baseDir); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
			`if !info.Mode().IsRegular() {`
			`// we only allow regular files`
			`conn.Log(logger.LevelDebug, "skipping zip entry for non regular file %#v", entryPath)`
			`return nil`
			`}`
			`reader, err := conn.getFileReader(entryPath, 0, http.MethodGet)`
			`if err != nil {`
			`conn.Log(logger.LevelDebug, "unable to add zip entry %#v, cannot open file: %v", entryPath, err)`
			`return err`
			`}`
			`defer reader.Close()`

			`f, err := wr.Create(getZipEntryName(entryPath, baseDir))`
			`if err != nil {`
			`conn.Log(logger.LevelDebug, "unable to create zip entry %#v: %v", entryPath, err)`
			`return err`
			`}`
			`_, err = io.Copy(f, reader)`
			`return err`
			`}`

			`func getZipEntryName(entryPath, baseDir string) string {`
			`entryPath = strings.TrimPrefix(entryPath, baseDir)`
			`return strings.TrimPrefix(entryPath, "/")`
			`}`