code refactoring, added file download (#118)
This commit is contained in:
Marco
@@ -3,6 +3,7 @@ package handlers
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
@@ -136,14 +137,55 @@ func SendFile(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// TODO: further path / file validations
|
||||
if strings.Contains(filepath.Dir(filename), root) {
|
||||
w.Header().Add(
|
||||
"Content-Disposition",
|
||||
"inline; filename="+filepath.Base(filename),
|
||||
)
|
||||
|
||||
http.ServeFile(w, r, filename)
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
func DownloadFile(w http.ResponseWriter, r *http.Request) {
|
||||
path := chi.URLParam(r, "id")
|
||||
|
||||
if path == "" {
|
||||
http.Error(w, "inexistent path", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
path, err := url.QueryUnescape(path)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
decoded, err := base64.StdEncoding.DecodeString(path)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
filename := string(decoded)
|
||||
|
||||
root := config.Instance().DownloadPath
|
||||
|
||||
if strings.Contains(filepath.Dir(filename), root) {
|
||||
w.Header().Add(
|
||||
"Content-Disposition",
|
||||
"inline; filename="+filepath.Base(filename),
|
||||
)
|
||||
w.Header().Set(
|
||||
"Content-Type",
|
||||
"application/octet-stream",
|
||||
)
|
||||
|
||||
fd, err := os.Open(filename)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
io.Copy(w, fd)
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
@@ -42,19 +42,9 @@ func validateToken(tokenValue string) error {
|
||||
func Authenticated(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Header.Get("X-Authentication")
|
||||
|
||||
if err := validateToken(token); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
func WebSocketAuthentication(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.URL.Query().Get("token")
|
||||
if token == "" {
|
||||
token = r.URL.Query().Get("token")
|
||||
}
|
||||
|
||||
if err := validateToken(token); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
|
||||
@@ -18,18 +18,10 @@ func Container(db *internal.MemoryDB, mq *internal.MessageQueue) *Service {
|
||||
// RPC service must be registered before applying this router!
|
||||
func ApplyRouter() func(chi.Router) {
|
||||
return func(r chi.Router) {
|
||||
r.Route("/ws", func(r chi.Router) {
|
||||
if config.Instance().RequireAuth {
|
||||
r.Use(middlewares.WebSocketAuthentication)
|
||||
}
|
||||
r.Get("/", WebSocket)
|
||||
})
|
||||
|
||||
r.Route("/http", func(r chi.Router) {
|
||||
if config.Instance().RequireAuth {
|
||||
r.Use(middlewares.Authenticated)
|
||||
}
|
||||
r.Post("/", Post)
|
||||
})
|
||||
if config.Instance().RequireAuth {
|
||||
r.Use(middlewares.Authenticated)
|
||||
}
|
||||
r.Get("/ws", WebSocket)
|
||||
r.Post("/http", Post)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -102,7 +102,8 @@ func newServer(c serverConfig) *http.Server {
|
||||
}
|
||||
r.Post("/downloaded", handlers.ListDownloaded)
|
||||
r.Post("/delete", handlers.DeleteFile)
|
||||
r.Get("/d/{id}", handlers.SendFile)
|
||||
r.Get("/d/{id}", handlers.DownloadFile)
|
||||
r.Get("/v/{id}", handlers.SendFile)
|
||||
})
|
||||
|
||||
// Authentication routes
|
||||
|
||||
Reference in New Issue
Block a user