forked from m3ng9i/ran
-
Notifications
You must be signed in to change notification settings - Fork 0
/
context.go
139 lines (117 loc) · 3.13 KB
/
context.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package server
import "net/http"
import "os"
import "path"
import "path/filepath"
import "strings"
import "fmt"
import "net/url"
// context contains information about request path
type context struct {
cleanPath string // clean path relative to root
url string // cleanPath + query string (used to do 307 redirect if r.url is not clean)
absFilePath string // absolute path pointing to a file or dir of the disk
exist bool
isDir bool
indexPath string // if path is a directory, detect index path
// indexPath is a path contains index name and relative to root
// indexPath == path.Join(cleanPath, indexName)
}
// String() is used for log output
func (c *context) String() string {
return fmt.Sprintf("cleanPath: %s, url: %s, absFilePath: %s, exist: %t, isDir: %t, indexPath: %s",
c.cleanPath, c.url, c.absFilePath, c.exist, c.isDir, c.indexPath)
}
// Make a new context
func newContext(config Config, r *http.Request) (c *context, err error) {
c = new(context)
requestPath := r.URL.Path
// Fix directory traversal vulnerability under Windows, see https://github.com/justmiles/ran/issues/29
requestPath = strings.ReplaceAll(requestPath, `\`, `/`)
if !strings.HasPrefix(requestPath, "/") {
requestPath = "/" + requestPath
}
c.cleanPath = path.Clean(requestPath)
c.absFilePath, err = filepath.Abs(filepath.Join(config.Root, c.cleanPath))
if err != nil {
return
}
info, e := os.Stat(c.absFilePath)
if e != nil {
if os.IsNotExist(e) {
c.exist = false
} else {
err = e
return
}
} else {
c.exist = true
c.isDir = info.IsDir()
}
// if -serve-all is false and the path is a hidden path, then return 404 error.
// a hidden path is a path start with dot.
if !config.ServeAll && strings.Contains(c.cleanPath, "/.") {
c.exist = false
c.isDir = false
}
if c.isDir {
for _, name := range config.IndexName {
index := filepath.Join(c.absFilePath, name)
indexInfo, e := os.Stat(index)
if e != nil {
if os.IsNotExist(e) {
continue
} else {
err = e
return
}
}
if indexInfo.IsDir() {
continue
} else {
c.isDir = false
c.indexPath = path.Join(c.cleanPath, name)
c.absFilePath, err = filepath.Abs(filepath.Join(config.Root, c.indexPath))
if err != nil {
return
}
// add trailing slash if the request path is a directory and the directory contains a index file
if !strings.HasSuffix(c.cleanPath, "/") {
c.cleanPath += "/"
}
break
}
}
if !config.ListDir && c.indexPath == "" {
c.exist = false
}
}
c.url = c.cleanPath
if c.isDir && !strings.HasSuffix(c.url, "/") {
c.url += "/"
}
// use net/url package to escape url
newurl := url.URL{Path: c.url, RawQuery: r.URL.RawQuery}
c.url = newurl.String()
return
}
// Get parent from a url. Parameter url is start with "/".
func (this *context) parent() string {
u := this.url
if u == "/" {
return "/"
}
// remove query string (? and the string after it)
if i := strings.LastIndex(u, "?"); i > 0 {
u = u[:i]
}
// remove last "/"
if strings.HasSuffix(u, "/") {
u = u[:len(u)-1]
}
i := strings.LastIndex(u, "/")
if i <= 0 {
return "/"
}
return u[:i+1]
}