Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
allow limiting access by passwords (fix #194)
- Loading branch information
Showing
12 changed files
with
197 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
package main | ||
|
||
import ( | ||
"encoding/json" | ||
"errors" | ||
"net/http" | ||
"regexp" | ||
"strings" | ||
"time" | ||
|
||
"github.com/andreimarcu/linx-server/backends" | ||
"github.com/flosch/pongo2" | ||
"github.com/zenazn/goji/web" | ||
) | ||
|
||
type accessKeySource int | ||
|
||
const ( | ||
accessKeySourceNone accessKeySource = iota | ||
accessKeySourceCookie | ||
accessKeySourceHeader | ||
accessKeySourceForm | ||
accessKeySourceQuery | ||
) | ||
|
||
const accessKeyHeaderName = "Linx-Access-Key" | ||
const accessKeyParamName = "access_key" | ||
|
||
var ( | ||
errInvalidAccessKey = errors.New("invalid access key") | ||
|
||
cliUserAgentRe = regexp.MustCompile("(?i)(lib)?curl|wget") | ||
) | ||
|
||
func checkAccessKey(r *http.Request, metadata *backends.Metadata) (accessKeySource, error) { | ||
key := metadata.AccessKey | ||
if key == "" { | ||
return accessKeySourceNone, nil | ||
} | ||
|
||
cookieKey, err := r.Cookie(accessKeyHeaderName) | ||
if err == nil { | ||
if cookieKey.Value == key { | ||
return accessKeySourceCookie, nil | ||
} | ||
return accessKeySourceCookie, errInvalidAccessKey | ||
} | ||
|
||
headerKey := r.Header.Get(accessKeyHeaderName) | ||
if headerKey == key { | ||
return accessKeySourceHeader, nil | ||
} else if headerKey != "" { | ||
return accessKeySourceHeader, errInvalidAccessKey | ||
} | ||
|
||
formKey := r.PostFormValue(accessKeyParamName) | ||
if formKey == key { | ||
return accessKeySourceForm, nil | ||
} else if formKey != "" { | ||
return accessKeySourceForm, errInvalidAccessKey | ||
} | ||
|
||
queryKey := r.URL.Query().Get(accessKeyParamName) | ||
if queryKey == key { | ||
return accessKeySourceQuery, nil | ||
} else if formKey != "" { | ||
return accessKeySourceQuery, errInvalidAccessKey | ||
} | ||
|
||
return accessKeySourceNone, errInvalidAccessKey | ||
} | ||
|
||
func setAccessKeyCookies(w http.ResponseWriter, domain, fileName, value string, expires time.Time) { | ||
cookie := http.Cookie{ | ||
Name: accessKeyHeaderName, | ||
Value: value, | ||
HttpOnly: true, | ||
Domain: domain, | ||
Expires: expires, | ||
} | ||
|
||
cookie.Path = Config.sitePath + fileName | ||
http.SetCookie(w, &cookie) | ||
|
||
cookie.Path = Config.sitePath + Config.selifPath + fileName | ||
http.SetCookie(w, &cookie) | ||
} | ||
|
||
func fileAccessHandler(c web.C, w http.ResponseWriter, r *http.Request) { | ||
if !Config.noDirectAgents && cliUserAgentRe.MatchString(r.Header.Get("User-Agent")) && !strings.EqualFold("application/json", r.Header.Get("Accept")) { | ||
fileServeHandler(c, w, r) | ||
return | ||
} | ||
|
||
fileName := c.URLParams["name"] | ||
|
||
metadata, err := checkFile(fileName) | ||
if err == backends.NotFoundErr { | ||
notFoundHandler(c, w, r) | ||
return | ||
} else if err != nil { | ||
oopsHandler(c, w, r, RespAUTO, "Corrupt metadata.") | ||
return | ||
} | ||
|
||
if src, err := checkAccessKey(r, &metadata); err != nil { | ||
// remove invalid cookie | ||
if src == accessKeySourceCookie { | ||
setAccessKeyCookies(w, getSiteURL(r), fileName, "", time.Unix(0, 0)) | ||
} | ||
|
||
if strings.EqualFold("application/json", r.Header.Get("Accept")) { | ||
dec := json.NewEncoder(w) | ||
_ = dec.Encode(map[string]string{ | ||
"error": errInvalidAccessKey.Error(), | ||
}) | ||
|
||
return | ||
} | ||
|
||
_ = renderTemplate(Templates["access.html"], pongo2.Context{ | ||
"filename": fileName, | ||
"accesspath": fileName, | ||
}, r, w) | ||
|
||
return | ||
} | ||
|
||
if metadata.AccessKey != "" { | ||
var expiry time.Time | ||
if Config.accessKeyCookieExpiry != 0 { | ||
expiry = time.Now().Add(time.Duration(Config.accessKeyCookieExpiry) * time.Second) | ||
} | ||
setAccessKeyCookies(w, getSiteURL(r), fileName, metadata.AccessKey, expiry) | ||
} | ||
|
||
fileDisplayHandler(c, w, r, fileName, metadata) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{% extends "base.html" %} | ||
|
||
{% block content %} | ||
<div id="access"> | ||
<form action="{{ unlockpath }}" method="POST" enctype="multipart/form-data"> | ||
{{ filename }} is protected with password <br /> | ||
<input id="access_key" name="access_key" type="password" /> | ||
<input id="submitbtn" type="submit" value="Unlock"> | ||
</form> | ||
</div> | ||
{% endblock %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.