aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntoni Sawicki <tenox@google.com>2022-06-20 01:02:46 -0700
committerAntoni Sawicki <tenox@google.com>2022-06-20 01:02:46 -0700
commit6db3ca4ed535e011a79ca847d2f88d95beacf06c (patch)
tree850505f960a14345053b43cc0790a5029b2d3329
parent6f88a62024b86ed9597067ab4fca03f42892229a (diff)
downloadwfm-6db3ca4ed535e011a79ca847d2f88d95beacf06c.tar.gz
remove denypfx
Diffstat
-rw-r--r--dir.go11
-rw-r--r--fileio.go59
-rw-r--r--web.go5
-rw-r--r--wfm.go6
4 files changed, 1 insertions, 80 deletions
diff --git a/dir.go b/dir.go
index 88c4660..f011a93 100644
--- a/dir.go
+++ b/dir.go
@@ -1,7 +1,6 @@
package main
import (
- "fmt"
"html"
"io/ioutil"
"net/http"
@@ -15,10 +14,6 @@ import (
)
func (r *wfmRequest) listFiles(hi string) {
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
i := icons(r.modern)
d, err := ioutil.ReadDir(r.uDir)
if err != nil {
@@ -37,9 +32,6 @@ func (r *wfmRequest) listFiles(hi string) {
// List Directories First
for _, f := range d {
- if deniedPfx(r.uDir + "/" + f.Name()) {
- continue
- }
var ldir bool
var li string
if f.Mode()&os.ModeSymlink == os.ModeSymlink {
@@ -84,9 +76,6 @@ func (r *wfmRequest) listFiles(hi string) {
// List Files
for _, f := range d {
- if deniedPfx(r.uDir + "/" + f.Name()) {
- continue
- }
var ldir bool
var li string
if f.Mode()&os.ModeSymlink == os.ModeSymlink {
diff --git a/fileio.go b/fileio.go
index ed97987..7d3af72 100644
--- a/fileio.go
+++ b/fileio.go
@@ -16,23 +16,8 @@ import (
"github.com/gabriel-vasile/mimetype"
)
-func deniedPfx(pfx string) bool {
- cPfx := filepath.Clean(pfx)
- for _, p := range denyPfxs {
- if strings.HasPrefix(cPfx, p) {
- return true
- }
- }
- return false
-}
-
func (r *wfmRequest) dispFile() {
fp := r.uDir + "/" + r.uFbn
- // TODO(tenox): deniedpfx should be in handlers???
- if deniedPfx(fp) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
s := strings.Split(fp, ".")
log.Printf("Dsiposition file=%v ext=%v", fp, s[len(s)-1])
switch strings.ToLower(s[len(s)-1]) {
@@ -55,10 +40,6 @@ func (r *wfmRequest) dispFile() {
func (r *wfmRequest) downFile() {
fp := r.uDir + "/" + r.uFbn
- if deniedPfx(fp) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
f, err := os.Stat(fp)
if err != nil {
htErr(r.w, "Unable to get file attributes", err)
@@ -72,10 +53,6 @@ func (r *wfmRequest) downFile() {
}
func dispInline(w http.ResponseWriter, uFilePath string) {
- if deniedPfx(uFilePath) {
- htErr(w, "access", fmt.Errorf("forbidden"))
- return
- }
f, err := os.Stat(uFilePath)
if err != nil {
htErr(w, "Unable to get file attributes", err)
@@ -102,10 +79,6 @@ func dispInline(w http.ResponseWriter, uFilePath string) {
}
func streamFile(w http.ResponseWriter, uFilePath string) {
- if deniedPfx(uFilePath) {
- htErr(w, "access", fmt.Errorf("forbidden"))
- return
- }
fi, err := os.Open(uFilePath)
if err != nil {
htErr(w, "Unable top open file", err)
@@ -138,10 +111,6 @@ func (r *wfmRequest) uploadFile(h *multipart.FileHeader, f multipart.File) {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
defer f.Close()
o, err := os.OpenFile(r.uDir+"/"+filepath.Base(h.Filename), os.O_RDWR|os.O_CREATE, 0644)
@@ -175,10 +144,6 @@ func (r *wfmRequest) saveText(uData string) {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
if uData == "" {
htErr(r.w, "text save", fmt.Errorf("zero lenght data"))
return
@@ -213,10 +178,6 @@ func (r *wfmRequest) mkdir() {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
if r.uFbn == "" {
htErr(r.w, "mkdir", fmt.Errorf("directory name is empty"))
@@ -236,10 +197,6 @@ func (r *wfmRequest) mkfile() {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
if r.uFbn == "" {
htErr(r.w, "mkfile", fmt.Errorf("file name is empty"))
@@ -259,10 +216,6 @@ func (r *wfmRequest) mkurl(eUrl string) {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
if r.uFbn == "" {
htErr(r.w, "mkurl", fmt.Errorf("url file name is empty"))
return
@@ -286,10 +239,6 @@ func (r *wfmRequest) renFile(uNewf string) {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
if r.uFbn == "" || uNewf == "" {
htErr(r.w, "rename", fmt.Errorf("filename is empty"))
@@ -313,10 +262,6 @@ func (r *wfmRequest) moveFiles(uFilePaths []string, uDst string) {
return
}
uDst = filepath.Clean(uDst)
- if deniedPfx(r.uDir) || deniedPfx(uDst) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
log.Printf("move dir=%v files=%+v dst=%v user=%v@%v", r.uDir, uFilePaths, uDst, r.userName, r.remAddr)
lF := ""
@@ -340,10 +285,6 @@ func (r *wfmRequest) deleteFiles(uFilePaths []string) {
htErr(r.w, "permission", fmt.Errorf("read only"))
return
}
- if deniedPfx(r.uDir) {
- htErr(r.w, "access", fmt.Errorf("forbidden"))
- return
- }
log.Printf("delete dir=%v files=%+v user=%v@%v", r.uDir, uFilePaths, r.userName, r.remAddr)
for _, f := range uFilePaths {
diff --git a/web.go b/web.go
index 81b2c0b..e5cf81a 100644
--- a/web.go
+++ b/web.go
@@ -85,9 +85,6 @@ func emit(s string, c int) string {
}
func upDnDir(uDir, uBn string) string {
- if deniedPfx(uDir) {
- return ""
- }
o := strings.Builder{}
o.WriteString("<OPTION VALUE=\"/\">/ - Root</OPTION>\n")
p := "/"
@@ -109,7 +106,7 @@ func upDnDir(uDir, uBn string) string {
return o.String()
}
for _, n := range d {
- if !n.IsDir() || strings.HasPrefix(n.Name(), ".") || deniedPfx(uDir+"/"+n.Name()) {
+ if !n.IsDir() || strings.HasPrefix(n.Name(), ".") {
continue
}
o.WriteString("<OPTION VALUE=\"" +
diff --git a/wfm.go b/wfm.go
index bde7ebb..57566c6 100644
--- a/wfm.go
+++ b/wfm.go
@@ -39,7 +39,6 @@ var (
acmDir = flag.String("acm_dir", "", "autocert cache, eg: /var/cache (inside chroot)")
acmBind = flag.String("acm_addr", "", "autocert manager listen address, eg: :80")
acmWhlist multiString // this flag set in main
- denyPfxs multiString
allowAcmDir = flag.Bool("allow_acm_dir", false, "allow access to acm cache dir (insecure!)")
f2bEnabled = flag.Bool("f2b", true, "ban ip addresses on user/pass failures")
f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump (default no)")
@@ -88,7 +87,6 @@ func (z *multiString) Set(v string) error {
func main() {
var err error
flag.Var(&acmWhlist, "acm_host", "autocert manager allowed hostname (multi)")
- flag.Var(&denyPfxs, "deny_pfx", "deny access / hide this path prefix (multi)")
flag.Parse()
if flag.Arg(0) == "user" {
@@ -102,10 +100,6 @@ func main() {
loadUsers()
}
- if !*allowAcmDir && *acmDir != "" {
- denyPfxs = append(denyPfxs, *acmDir)
- }
-
if *logFile != "" {
lf, err := os.OpenFile(*logFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
if err != nil {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 09:05:46 +0000