sashakoshka/step
sashakoshka/step
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

http: Add mechanism to forbid certain files/directories

Browse Source
This commit is contained in:
Sasha Koshka 2024-12-10 00:38:47 -05:00
parent 11e8e7460a
commit 7480742e9e
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
http/handler.go
View File

@ -17,12 +17,13 @@ type ErrorData struct {
} }
type Handler struct { type Handler struct {
Environment *step.Environment Environment *step.Environment
Directories bool Directories bool
StepExt ucontainer.Set[string] StepExt ucontainer.Set[string]
Index []string Index []string
ErrorDocument string ErrorDocument string
DirectoryDocument string DirectoryDocument string
DenyAll ucontainer.Set[string]
} }
func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) { func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
@ -43,8 +44,15 @@ func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
} }
hasTrailingSlash := strings.HasSuffix(pat, "/") hasTrailingSlash := strings.HasSuffix(pat, "/")
pat = path.Clean(req.URL.Path) pat = path.Clean(req.URL.Path)
name := pathToName(pat)
info, err := statFile(filesystem, pathToName(pat)) // access control
if this.DenyAll.Has(name) {
this.serveError(res, req, http.StatusForbidden, req.URL, false)
return
}
info, err := statFile(filesystem, name)
if err != nil { if err != nil {
this.serveError(res, req, http.StatusNotFound, req.URL, false) this.serveError(res, req, http.StatusNotFound, req.URL, false)
return return