http: Add mechanism to forbid certain files/directories

2024-12-10 00:38:47 -05:00 · 2024-12-10 00:38:47 -05:00 · 7480742e9e
commit 7480742e9e
parent 11e8e7460a
1 changed files with 13 additions and 5 deletions
--- a/http/handler.go
+++ b/http/handler.go
@ -17,12 +17,13 @@ type ErrorData struct {
 }

 type Handler struct {
-	Environment *step.Environment
-	Directories bool
-	StepExt     ucontainer.Set[string]
-	Index       []string
+	Environment       *step.Environment
+	Directories       bool
+	StepExt           ucontainer.Set[string]
+	Index             []string
 	ErrorDocument     string
 	DirectoryDocument string
+	DenyAll           ucontainer.Set[string]
 }

 func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
@ -43,8 +44,15 @@ func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
 	}
 	hasTrailingSlash := strings.HasSuffix(pat, "/")
 	pat = path.Clean(req.URL.Path)
+	name := pathToName(pat)

-	info, err := statFile(filesystem, pathToName(pat))
+	// access control
+	if this.DenyAll.Has(name) {
+		this.serveError(res, req, http.StatusForbidden, req.URL, false)
+		return
+	}
+
+	info, err := statFile(filesystem, name)
 	if err != nil {
 		this.serveError(res, req, http.StatusNotFound, req.URL, false)
 		return