httpd: disable directory index for static files
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
bef0e10d1e
commit
9906caefd5
6 changed files with 31 additions and 12 deletions
|
|
@ -1047,7 +1047,7 @@ func getServicesStatus() *ServicesStatus {
|
|||
return status
|
||||
}
|
||||
|
||||
func fileServer(r chi.Router, path string, root http.FileSystem) {
|
||||
func fileServer(r chi.Router, path string, root http.FileSystem, disableDirectoryIndex bool) {
|
||||
if path != "/" && path[len(path)-1] != '/' {
|
||||
r.Get(path, http.RedirectHandler(path+"/", http.StatusMovedPermanently).ServeHTTP)
|
||||
path += "/"
|
||||
|
|
@ -1057,7 +1057,11 @@ func fileServer(r chi.Router, path string, root http.FileSystem) {
|
|||
r.Get(path, func(w http.ResponseWriter, r *http.Request) {
|
||||
rctx := chi.RouteContext(r.Context())
|
||||
pathPrefix := strings.TrimSuffix(rctx.RoutePattern(), "/*")
|
||||
fs := http.StripPrefix(pathPrefix, http.FileServer(root))
|
||||
handler := http.FileServer(root)
|
||||
if disableDirectoryIndex {
|
||||
handler = neuter(handler)
|
||||
}
|
||||
fs := http.StripPrefix(pathPrefix, handler)
|
||||
fs.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24269,7 +24269,7 @@ func TestStaticFilesMock(t *testing.T) {
|
|||
req, err = http.NewRequest(http.MethodGet, location, nil)
|
||||
assert.NoError(t, err)
|
||||
rr = executeRequest(req)
|
||||
checkResponseCode(t, http.StatusOK, rr)
|
||||
checkResponseCode(t, http.StatusForbidden, rr)
|
||||
|
||||
req, err = http.NewRequest(http.MethodGet, "/openapi", nil)
|
||||
assert.NoError(t, err)
|
||||
|
|
|
|||
|
|
@ -386,7 +386,7 @@ func checkAPIKeyAuth(tokenAuth *jwtauth.JWTAuth, scope dataprovider.APIKeyScope)
|
|||
}
|
||||
if k.Scope != scope {
|
||||
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), dataprovider.ErrInvalidCredentials) //nolint:errcheck
|
||||
logger.Debug(logSender, "", "unable to authenticate api key %q: invalid scope: got %d, wnated: %d",
|
||||
logger.Debug(logSender, "", "unable to authenticate api key %q: invalid scope: got %d, wanted: %d",
|
||||
apiKey, k.Scope, scope)
|
||||
sendAPIResponse(w, r, fmt.Errorf("the provided api key is invalid for this request"), "", http.StatusForbidden)
|
||||
return
|
||||
|
|
@ -553,3 +553,14 @@ func checkPartialAuth(w http.ResponseWriter, r *http.Request, audience string, t
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func neuter(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if strings.HasSuffix(r.URL.Path, "/") {
|
||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,6 @@ import (
|
|||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
func serveStaticDir(router chi.Router, path, fsDirPath string) {
|
||||
fileServer(router, path, http.Dir(fsDirPath))
|
||||
func serveStaticDir(router chi.Router, path, fsDirPath string, disableDirectoryIndex bool) {
|
||||
fileServer(router, path, http.Dir(fsDirPath), disableDirectoryIndex)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,16 +18,20 @@
|
|||
package httpd
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/bundle"
|
||||
)
|
||||
|
||||
func serveStaticDir(router chi.Router, path, _ string) {
|
||||
func serveStaticDir(router chi.Router, path, fsDirPath string, disableDirectoryIndex bool) {
|
||||
switch path {
|
||||
case webStaticFilesPath:
|
||||
fileServer(router, path, bundle.GetStaticFs())
|
||||
fileServer(router, path, bundle.GetStaticFs(), disableDirectoryIndex)
|
||||
case webOpenAPIPath:
|
||||
fileServer(router, path, bundle.GetOpenAPIFs())
|
||||
fileServer(router, path, bundle.GetOpenAPIFs(), disableDirectoryIndex)
|
||||
default:
|
||||
fileServer(router, path, http.Dir(fsDirPath), disableDirectoryIndex)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1237,7 +1237,7 @@ func (s *httpdServer) initializeRouter() {
|
|||
|
||||
if hasHTTPSRedirect {
|
||||
if p := acme.GetHTTP01WebRoot(); p != "" {
|
||||
serveStaticDir(s.router, acmeChallengeURI, p)
|
||||
serveStaticDir(s.router, acmeChallengeURI, p, true)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1434,7 +1434,7 @@ func (s *httpdServer) initializeRouter() {
|
|||
if s.renderOpenAPI {
|
||||
s.router.Group(func(router chi.Router) {
|
||||
router.Use(compressor.Handler)
|
||||
serveStaticDir(router, webOpenAPIPath, s.openAPIPath)
|
||||
serveStaticDir(router, webOpenAPIPath, s.openAPIPath, false)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -1442,7 +1442,7 @@ func (s *httpdServer) initializeRouter() {
|
|||
if s.enableWebAdmin || s.enableWebClient {
|
||||
s.router.Group(func(router chi.Router) {
|
||||
router.Use(compressor.Handler)
|
||||
serveStaticDir(router, webStaticFilesPath, s.staticFilesPath)
|
||||
serveStaticDir(router, webStaticFilesPath, s.staticFilesPath, true)
|
||||
})
|
||||
if s.binding.OIDC.isEnabled() {
|
||||
s.router.Get(webOIDCRedirectPath, s.handleOIDCRedirect)
|
||||
|
|
|
|||
Loading…
Reference in a new issue