mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-22 07:30:25 +00:00
httpd: disable directory index for static files
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
bef0e10d1e
commit
9906caefd5
6 changed files with 31 additions and 12 deletions
|
|
@ -1047,7 +1047,7 @@ func getServicesStatus() *ServicesStatus {
|
||||||
return status
|
return status
|
||||||
}
|
}
|
||||||
|
|
||||||
func fileServer(r chi.Router, path string, root http.FileSystem) {
|
func fileServer(r chi.Router, path string, root http.FileSystem, disableDirectoryIndex bool) {
|
||||||
if path != "/" && path[len(path)-1] != '/' {
|
if path != "/" && path[len(path)-1] != '/' {
|
||||||
r.Get(path, http.RedirectHandler(path+"/", http.StatusMovedPermanently).ServeHTTP)
|
r.Get(path, http.RedirectHandler(path+"/", http.StatusMovedPermanently).ServeHTTP)
|
||||||
path += "/"
|
path += "/"
|
||||||
|
|
@ -1057,7 +1057,11 @@ func fileServer(r chi.Router, path string, root http.FileSystem) {
|
||||||
r.Get(path, func(w http.ResponseWriter, r *http.Request) {
|
r.Get(path, func(w http.ResponseWriter, r *http.Request) {
|
||||||
rctx := chi.RouteContext(r.Context())
|
rctx := chi.RouteContext(r.Context())
|
||||||
pathPrefix := strings.TrimSuffix(rctx.RoutePattern(), "/*")
|
pathPrefix := strings.TrimSuffix(rctx.RoutePattern(), "/*")
|
||||||
fs := http.StripPrefix(pathPrefix, http.FileServer(root))
|
handler := http.FileServer(root)
|
||||||
|
if disableDirectoryIndex {
|
||||||
|
handler = neuter(handler)
|
||||||
|
}
|
||||||
|
fs := http.StripPrefix(pathPrefix, handler)
|
||||||
fs.ServeHTTP(w, r)
|
fs.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24269,7 +24269,7 @@ func TestStaticFilesMock(t *testing.T) {
|
||||||
req, err = http.NewRequest(http.MethodGet, location, nil)
|
req, err = http.NewRequest(http.MethodGet, location, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
rr = executeRequest(req)
|
rr = executeRequest(req)
|
||||||
checkResponseCode(t, http.StatusOK, rr)
|
checkResponseCode(t, http.StatusForbidden, rr)
|
||||||
|
|
||||||
req, err = http.NewRequest(http.MethodGet, "/openapi", nil)
|
req, err = http.NewRequest(http.MethodGet, "/openapi", nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
|
||||||
|
|
@ -386,7 +386,7 @@ func checkAPIKeyAuth(tokenAuth *jwtauth.JWTAuth, scope dataprovider.APIKeyScope)
|
||||||
}
|
}
|
||||||
if k.Scope != scope {
|
if k.Scope != scope {
|
||||||
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), dataprovider.ErrInvalidCredentials) //nolint:errcheck
|
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), dataprovider.ErrInvalidCredentials) //nolint:errcheck
|
||||||
logger.Debug(logSender, "", "unable to authenticate api key %q: invalid scope: got %d, wnated: %d",
|
logger.Debug(logSender, "", "unable to authenticate api key %q: invalid scope: got %d, wanted: %d",
|
||||||
apiKey, k.Scope, scope)
|
apiKey, k.Scope, scope)
|
||||||
sendAPIResponse(w, r, fmt.Errorf("the provided api key is invalid for this request"), "", http.StatusForbidden)
|
sendAPIResponse(w, r, fmt.Errorf("the provided api key is invalid for this request"), "", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
|
|
@ -553,3 +553,14 @@ func checkPartialAuth(w http.ResponseWriter, r *http.Request, audience string, t
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func neuter(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if strings.HasSuffix(r.URL.Path, "/") {
|
||||||
|
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,6 @@ import (
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
)
|
)
|
||||||
|
|
||||||
func serveStaticDir(router chi.Router, path, fsDirPath string) {
|
func serveStaticDir(router chi.Router, path, fsDirPath string, disableDirectoryIndex bool) {
|
||||||
fileServer(router, path, http.Dir(fsDirPath))
|
fileServer(router, path, http.Dir(fsDirPath), disableDirectoryIndex)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,16 +18,20 @@
|
||||||
package httpd
|
package httpd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/internal/bundle"
|
"github.com/drakkan/sftpgo/v2/internal/bundle"
|
||||||
)
|
)
|
||||||
|
|
||||||
func serveStaticDir(router chi.Router, path, _ string) {
|
func serveStaticDir(router chi.Router, path, fsDirPath string, disableDirectoryIndex bool) {
|
||||||
switch path {
|
switch path {
|
||||||
case webStaticFilesPath:
|
case webStaticFilesPath:
|
||||||
fileServer(router, path, bundle.GetStaticFs())
|
fileServer(router, path, bundle.GetStaticFs(), disableDirectoryIndex)
|
||||||
case webOpenAPIPath:
|
case webOpenAPIPath:
|
||||||
fileServer(router, path, bundle.GetOpenAPIFs())
|
fileServer(router, path, bundle.GetOpenAPIFs(), disableDirectoryIndex)
|
||||||
|
default:
|
||||||
|
fileServer(router, path, http.Dir(fsDirPath), disableDirectoryIndex)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1237,7 +1237,7 @@ func (s *httpdServer) initializeRouter() {
|
||||||
|
|
||||||
if hasHTTPSRedirect {
|
if hasHTTPSRedirect {
|
||||||
if p := acme.GetHTTP01WebRoot(); p != "" {
|
if p := acme.GetHTTP01WebRoot(); p != "" {
|
||||||
serveStaticDir(s.router, acmeChallengeURI, p)
|
serveStaticDir(s.router, acmeChallengeURI, p, true)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1434,7 +1434,7 @@ func (s *httpdServer) initializeRouter() {
|
||||||
if s.renderOpenAPI {
|
if s.renderOpenAPI {
|
||||||
s.router.Group(func(router chi.Router) {
|
s.router.Group(func(router chi.Router) {
|
||||||
router.Use(compressor.Handler)
|
router.Use(compressor.Handler)
|
||||||
serveStaticDir(router, webOpenAPIPath, s.openAPIPath)
|
serveStaticDir(router, webOpenAPIPath, s.openAPIPath, false)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1442,7 +1442,7 @@ func (s *httpdServer) initializeRouter() {
|
||||||
if s.enableWebAdmin || s.enableWebClient {
|
if s.enableWebAdmin || s.enableWebClient {
|
||||||
s.router.Group(func(router chi.Router) {
|
s.router.Group(func(router chi.Router) {
|
||||||
router.Use(compressor.Handler)
|
router.Use(compressor.Handler)
|
||||||
serveStaticDir(router, webStaticFilesPath, s.staticFilesPath)
|
serveStaticDir(router, webStaticFilesPath, s.staticFilesPath, true)
|
||||||
})
|
})
|
||||||
if s.binding.OIDC.isEnabled() {
|
if s.binding.OIDC.isEnabled() {
|
||||||
s.router.Get(webOIDCRedirectPath, s.handleOIDCRedirect)
|
s.router.Get(webOIDCRedirectPath, s.handleOIDCRedirect)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue