diff options
author | Antoni Sawicki <tenox@google.com> | 2022-06-20 01:02:46 -0700 |
---|---|---|
committer | Antoni Sawicki <tenox@google.com> | 2022-06-20 01:02:46 -0700 |
commit | 6db3ca4ed535e011a79ca847d2f88d95beacf06c (patch) | |
tree | 850505f960a14345053b43cc0790a5029b2d3329 | |
parent | 6f88a62024b86ed9597067ab4fca03f42892229a (diff) | |
download | wfm-6db3ca4ed535e011a79ca847d2f88d95beacf06c.tar.gz |
remove denypfx
-rw-r--r-- | dir.go | 11 | ||||
-rw-r--r-- | fileio.go | 59 | ||||
-rw-r--r-- | web.go | 5 | ||||
-rw-r--r-- | wfm.go | 6 |
4 files changed, 1 insertions, 80 deletions
@@ -1,7 +1,6 @@ package main import ( - "fmt" "html" "io/ioutil" "net/http" @@ -15,10 +14,6 @@ import ( ) func (r *wfmRequest) listFiles(hi string) { - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } i := icons(r.modern) d, err := ioutil.ReadDir(r.uDir) if err != nil { @@ -37,9 +32,6 @@ func (r *wfmRequest) listFiles(hi string) { // List Directories First for _, f := range d { - if deniedPfx(r.uDir + "/" + f.Name()) { - continue - } var ldir bool var li string if f.Mode()&os.ModeSymlink == os.ModeSymlink { @@ -84,9 +76,6 @@ func (r *wfmRequest) listFiles(hi string) { // List Files for _, f := range d { - if deniedPfx(r.uDir + "/" + f.Name()) { - continue - } var ldir bool var li string if f.Mode()&os.ModeSymlink == os.ModeSymlink { @@ -16,23 +16,8 @@ import ( "github.com/gabriel-vasile/mimetype" ) -func deniedPfx(pfx string) bool { - cPfx := filepath.Clean(pfx) - for _, p := range denyPfxs { - if strings.HasPrefix(cPfx, p) { - return true - } - } - return false -} - func (r *wfmRequest) dispFile() { fp := r.uDir + "/" + r.uFbn - // TODO(tenox): deniedpfx should be in handlers??? - if deniedPfx(fp) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } s := strings.Split(fp, ".") log.Printf("Dsiposition file=%v ext=%v", fp, s[len(s)-1]) switch strings.ToLower(s[len(s)-1]) { @@ -55,10 +40,6 @@ func (r *wfmRequest) dispFile() { func (r *wfmRequest) downFile() { fp := r.uDir + "/" + r.uFbn - if deniedPfx(fp) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } f, err := os.Stat(fp) if err != nil { htErr(r.w, "Unable to get file attributes", err) @@ -72,10 +53,6 @@ func (r *wfmRequest) downFile() { } func dispInline(w http.ResponseWriter, uFilePath string) { - if deniedPfx(uFilePath) { - htErr(w, "access", fmt.Errorf("forbidden")) - return - } f, err := os.Stat(uFilePath) if err != nil { htErr(w, "Unable to get file attributes", err) @@ -102,10 +79,6 @@ func dispInline(w http.ResponseWriter, uFilePath string) { } func streamFile(w http.ResponseWriter, uFilePath string) { - if deniedPfx(uFilePath) { - htErr(w, "access", fmt.Errorf("forbidden")) - return - } fi, err := os.Open(uFilePath) if err != nil { htErr(w, "Unable top open file", err) @@ -138,10 +111,6 @@ func (r *wfmRequest) uploadFile(h *multipart.FileHeader, f multipart.File) { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } defer f.Close() o, err := os.OpenFile(r.uDir+"/"+filepath.Base(h.Filename), os.O_RDWR|os.O_CREATE, 0644) @@ -175,10 +144,6 @@ func (r *wfmRequest) saveText(uData string) { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } if uData == "" { htErr(r.w, "text save", fmt.Errorf("zero lenght data")) return @@ -213,10 +178,6 @@ func (r *wfmRequest) mkdir() { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } if r.uFbn == "" { htErr(r.w, "mkdir", fmt.Errorf("directory name is empty")) @@ -236,10 +197,6 @@ func (r *wfmRequest) mkfile() { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } if r.uFbn == "" { htErr(r.w, "mkfile", fmt.Errorf("file name is empty")) @@ -259,10 +216,6 @@ func (r *wfmRequest) mkurl(eUrl string) { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } if r.uFbn == "" { htErr(r.w, "mkurl", fmt.Errorf("url file name is empty")) return @@ -286,10 +239,6 @@ func (r *wfmRequest) renFile(uNewf string) { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } if r.uFbn == "" || uNewf == "" { htErr(r.w, "rename", fmt.Errorf("filename is empty")) @@ -313,10 +262,6 @@ func (r *wfmRequest) moveFiles(uFilePaths []string, uDst string) { return } uDst = filepath.Clean(uDst) - if deniedPfx(r.uDir) || deniedPfx(uDst) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } log.Printf("move dir=%v files=%+v dst=%v user=%v@%v", r.uDir, uFilePaths, uDst, r.userName, r.remAddr) lF := "" @@ -340,10 +285,6 @@ func (r *wfmRequest) deleteFiles(uFilePaths []string) { htErr(r.w, "permission", fmt.Errorf("read only")) return } - if deniedPfx(r.uDir) { - htErr(r.w, "access", fmt.Errorf("forbidden")) - return - } log.Printf("delete dir=%v files=%+v user=%v@%v", r.uDir, uFilePaths, r.userName, r.remAddr) for _, f := range uFilePaths { @@ -85,9 +85,6 @@ func emit(s string, c int) string { } func upDnDir(uDir, uBn string) string { - if deniedPfx(uDir) { - return "" - } o := strings.Builder{} o.WriteString("<OPTION VALUE=\"/\">/ - Root</OPTION>\n") p := "/" @@ -109,7 +106,7 @@ func upDnDir(uDir, uBn string) string { return o.String() } for _, n := range d { - if !n.IsDir() || strings.HasPrefix(n.Name(), ".") || deniedPfx(uDir+"/"+n.Name()) { + if !n.IsDir() || strings.HasPrefix(n.Name(), ".") { continue } o.WriteString("<OPTION VALUE=\"" + @@ -39,7 +39,6 @@ var ( acmDir = flag.String("acm_dir", "", "autocert cache, eg: /var/cache (inside chroot)") acmBind = flag.String("acm_addr", "", "autocert manager listen address, eg: :80") acmWhlist multiString // this flag set in main - denyPfxs multiString allowAcmDir = flag.Bool("allow_acm_dir", false, "allow access to acm cache dir (insecure!)") f2bEnabled = flag.Bool("f2b", true, "ban ip addresses on user/pass failures") f2bDump = flag.String("f2b_dump", "", "enable f2b dump at this prefix, eg. /f2bdump (default no)") @@ -88,7 +87,6 @@ func (z *multiString) Set(v string) error { func main() { var err error flag.Var(&acmWhlist, "acm_host", "autocert manager allowed hostname (multi)") - flag.Var(&denyPfxs, "deny_pfx", "deny access / hide this path prefix (multi)") flag.Parse() if flag.Arg(0) == "user" { @@ -102,10 +100,6 @@ func main() { loadUsers() } - if !*allowAcmDir && *acmDir != "" { - denyPfxs = append(denyPfxs, *acmDir) - } - if *logFile != "" { lf, err := os.OpenFile(*logFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644) if err != nil { |