diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 4 | ||||
-rw-r--r-- | modules/caddyhttp/staticfiles/browse.go | 308 | ||||
-rw-r--r-- | modules/caddyhttp/staticfiles/browselisting.go | 245 | ||||
-rw-r--r-- | modules/caddyhttp/staticfiles/browsetpl.go | 403 | ||||
-rw-r--r-- | modules/caddyhttp/staticfiles/staticfiles.go | 90 |
5 files changed, 843 insertions, 207 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 379c8f2..41b0c66 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "fmt" "log" - mathrand "math/rand" + weakrand "math/rand" "net" "net/http" "strconv" @@ -18,7 +18,7 @@ import ( ) func init() { - mathrand.Seed(time.Now().UnixNano()) + weakrand.Seed(time.Now().UnixNano()) err := caddy2.RegisterModule(caddy2.Module{ Name: "http", diff --git a/modules/caddyhttp/staticfiles/browse.go b/modules/caddyhttp/staticfiles/browse.go index 15ff105..2bb130f 100644 --- a/modules/caddyhttp/staticfiles/browse.go +++ b/modules/caddyhttp/staticfiles/browse.go @@ -1,58 +1,65 @@ package staticfiles import ( + "bytes" + "encoding/json" + "html/template" "net/http" + "os" + "path" + "strings" + + "bitbucket.org/lightcodelabs/caddy2" + "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp" ) // Browse configures directory browsing. type Browse struct { -} + TemplateFile string `json:"template_file"` -// ServeHTTP determines if the request is for this plugin, and if all prerequisites are met. -// If so, control is handed over to ServeListing. -func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) error { - // TODO: convert this handler - return nil + template *template.Template +} - // // Browse works on existing directories; delegate everything else - // requestedFilepath, err := bc.Fs.Root.Open(r.URL.Path) - // if err != nil { - // switch { - // case os.IsPermission(err): - // return http.StatusForbidden, err - // case os.IsExist(err): - // return http.StatusNotFound, err - // default: - // return b.Next.ServeHTTP(w, r) - // } - // } - // defer requestedFilepath.Close() +func (sf *StaticFiles) serveBrowse(dirPath string, w http.ResponseWriter, r *http.Request) error { + dir, err := sf.openFile(dirPath, w) + if err != nil { + return err + } + defer dir.Close() + + repl := r.Context().Value(caddy2.ReplacerCtxKey).(caddy2.Replacer) + + listing, err := sf.loadDirectoryContents(dir, r.URL.Path, repl) + switch { + case os.IsPermission(err): + return caddyhttp.Error(http.StatusForbidden, err) + case os.IsNotExist(err): + return caddyhttp.Error(http.StatusNotFound, err) + case err != nil: + return caddyhttp.Error(http.StatusInternalServerError, err) + } + + sf.browseApplyQueryParams(w, r, &listing) + + // write response as either JSON or HTML + var buf *bytes.Buffer + acceptHeader := strings.ToLower(strings.Join(r.Header["Accept"], ",")) + if strings.Contains(acceptHeader, "application/json") { + if buf, err = sf.browseWriteJSON(listing); err != nil { + return caddyhttp.Error(http.StatusInternalServerError, err) + } + w.Header().Set("Content-Type", "application/json; charset=utf-8") + } else { + if buf, err = sf.browseWriteHTML(listing); err != nil { + return caddyhttp.Error(http.StatusInternalServerError, err) + } + w.Header().Set("Content-Type", "text/html; charset=utf-8") + } + buf.WriteTo(w) - // info, err := requestedFilepath.Stat() - // if err != nil { - // switch { - // case os.IsPermission(err): - // return http.StatusForbidden, err - // case os.IsExist(err): - // return http.StatusGone, err - // default: - // return b.Next.ServeHTTP(w, r) - // } - // } - // if !info.IsDir() { - // return b.Next.ServeHTTP(w, r) - // } - - // // Do not reply to anything else because it might be nonsensical - // switch r.Method { - // case http.MethodGet, http.MethodHead: - // // proceed, noop - // case "PROPFIND", http.MethodOptions: - // return http.StatusNotImplemented, nil - // default: - // return b.Next.ServeHTTP(w, r) - // } + return nil + // TODO: Sigh... do we have to put this here? // // Browsing navigation gets messed up if browsing a directory // // that doesn't end in "/" (which it should, anyway) // u := *r.URL @@ -68,138 +75,83 @@ func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) error { // return b.ServeListing(w, r, requestedFilepath, bc) } -// func (b Browse) loadDirectoryContents(requestedFilepath http.File, urlPath string, config *Config) (*Listing, bool, error) { -// files, err := requestedFilepath.Readdir(-1) -// if err != nil { -// return nil, false, err -// } - -// // Determine if user can browse up another folder -// var canGoUp bool -// curPathDir := path.Dir(strings.TrimSuffix(urlPath, "/")) -// for _, other := range b.Configs { -// if strings.HasPrefix(curPathDir, other.PathScope) { -// canGoUp = true -// break -// } -// } - -// // Assemble listing of directory contents -// listing, hasIndex := directoryListing(files, canGoUp, urlPath, config) - -// return &listing, hasIndex, nil -// } - -// // handleSortOrder gets and stores for a Listing the 'sort' and 'order', -// // and reads 'limit' if given. The latter is 0 if not given. -// // -// // This sets Cookies. -// func (b Browse) handleSortOrder(w http.ResponseWriter, r *http.Request, scope string) (sort string, order string, limit int, err error) { -// sort, order, limitQuery := r.URL.Query().Get("sort"), r.URL.Query().Get("order"), r.URL.Query().Get("limit") - -// // If the query 'sort' or 'order' is empty, use defaults or any values previously saved in Cookies -// switch sort { -// case "": -// sort = sortByNameDirFirst -// if sortCookie, sortErr := r.Cookie("sort"); sortErr == nil { -// sort = sortCookie.Value -// } -// case sortByName, sortByNameDirFirst, sortBySize, sortByTime: -// http.SetCookie(w, &http.Cookie{Name: "sort", Value: sort, Path: scope, Secure: r.TLS != nil}) -// } - -// switch order { -// case "": -// order = "asc" -// if orderCookie, orderErr := r.Cookie("order"); orderErr == nil { -// order = orderCookie.Value -// } -// case "asc", "desc": -// http.SetCookie(w, &http.Cookie{Name: "order", Value: order, Path: scope, Secure: r.TLS != nil}) -// } - -// if limitQuery != "" { -// limit, err = strconv.Atoi(limitQuery) -// if err != nil { // if the 'limit' query can't be interpreted as a number, return err -// return -// } -// } - -// return -// } - -// // ServeListing returns a formatted view of 'requestedFilepath' contents'. -// func (b Browse) ServeListing(w http.ResponseWriter, r *http.Request, requestedFilepath http.File, bc *Config) (int, error) { -// listing, containsIndex, err := b.loadDirectoryContents(requestedFilepath, r.URL.Path, bc) -// if err != nil { -// switch { -// case os.IsPermission(err): -// return http.StatusForbidden, err -// case os.IsExist(err): -// return http.StatusGone, err -// default: -// return http.StatusInternalServerError, err -// } -// } -// if containsIndex && !b.IgnoreIndexes { // directory isn't browsable -// return b.Next.ServeHTTP(w, r) -// } -// listing.Context = httpserver.Context{ -// Root: bc.Fs.Root, -// Req: r, -// URL: r.URL, -// } -// listing.User = bc.Variables - -// // Copy the query values into the Listing struct -// var limit int -// listing.Sort, listing.Order, limit, err = b.handleSortOrder(w, r, bc.PathScope) -// if err != nil { -// return http.StatusBadRequest, err -// } - -// listing.applySort() - -// if limit > 0 && limit <= len(listing.Items) { -// listing.Items = listing.Items[:limit] -// listing.ItemsLimitedTo = limit -// } - -// var buf *bytes.Buffer -// acceptHeader := strings.ToLower(strings.Join(r.Header["Accept"], ",")) -// switch { -// case strings.Contains(acceptHeader, "application/json"): -// if buf, err = b.formatAsJSON(listing, bc); err != nil { -// return http.StatusInternalServerError, err -// } -// w.Header().Set("Content-Type", "application/json; charset=utf-8") - -// default: // There's no 'application/json' in the 'Accept' header; browse normally -// if buf, err = b.formatAsHTML(listing, bc); err != nil { -// return http.StatusInternalServerError, err -// } -// w.Header().Set("Content-Type", "text/html; charset=utf-8") - -// } - -// _, _ = buf.WriteTo(w) - -// return http.StatusOK, nil -// } - -// func (b Browse) formatAsJSON(listing *Listing, bc *Config) (*bytes.Buffer, error) { -// marsh, err := json.Marshal(listing.Items) -// if err != nil { -// return nil, err -// } - -// buf := new(bytes.Buffer) -// _, err = buf.Write(marsh) -// return buf, err -// } - -// func (b Browse) formatAsHTML(listing *Listing, bc *Config) (*bytes.Buffer, error) { -// buf := new(bytes.Buffer) -// err := bc.Template.Execute(buf, listing) -// return buf, err -// } +func (sf *StaticFiles) loadDirectoryContents(dir *os.File, urlPath string, repl caddy2.Replacer) (browseListing, error) { + files, err := dir.Readdir(-1) + if err != nil { + return browseListing{}, err + } + + // determine if user can browse up another folder + curPathDir := path.Dir(strings.TrimSuffix(urlPath, "/")) + canGoUp := strings.HasPrefix(curPathDir, sf.Root) + + return sf.directoryListing(files, canGoUp, urlPath, repl), nil +} + +// browseApplyQueryParams applies query parameters to the listing. +// It mutates the listing and may set cookies. +func (sf *StaticFiles) browseApplyQueryParams(w http.ResponseWriter, r *http.Request, listing *browseListing) { + sortParam := r.URL.Query().Get("sort") + orderParam := r.URL.Query().Get("order") + limitParam := r.URL.Query().Get("limit") + + // first figure out what to sort by + switch sortParam { + case "": + sortParam = sortByNameDirFirst + if sortCookie, sortErr := r.Cookie("sort"); sortErr == nil { + sortParam = sortCookie.Value + } + case sortByName, sortByNameDirFirst, sortBySize, sortByTime: + http.SetCookie(w, &http.Cookie{Name: "sort", Value: sortParam, Secure: r.TLS != nil}) + } + + // then figure out the order + switch orderParam { + case "": + orderParam = "asc" + if orderCookie, orderErr := r.Cookie("order"); orderErr == nil { + orderParam = orderCookie.Value + } + case "asc", "desc": + http.SetCookie(w, &http.Cookie{Name: "order", Value: orderParam, Secure: r.TLS != nil}) + } + + // finally, apply the sorting and limiting + listing.applySortAndLimit(sortParam, orderParam, limitParam) +} + +func (sf *StaticFiles) browseWriteJSON(listing browseListing) (*bytes.Buffer, error) { + buf := new(bytes.Buffer) + err := json.NewEncoder(buf).Encode(listing.Items) + return buf, err +} + +func (sf *StaticFiles) browseWriteHTML(listing browseListing) (*bytes.Buffer, error) { + buf := new(bytes.Buffer) + err := sf.Browse.template.Execute(buf, listing) + return buf, err +} + +// isSymlink return true if f is a symbolic link +func isSymlink(f os.FileInfo) bool { + return f.Mode()&os.ModeSymlink != 0 +} + +// isSymlinkTargetDir return true if f's symbolic link target +// is a directory. Return false if not a symbolic link. +// TODO: Re-implement +func isSymlinkTargetDir(f os.FileInfo, urlPath string) bool { + // if !isSymlink(f) { + // return false + // } + + // // TODO: Ensure path is sanitized + // target:= path.Join(root, urlPath, f.Name())) + // targetInfo, err := os.Stat(target) + // if err != nil { + // return false + // } + // return targetInfo.IsDir() + return false +} diff --git a/modules/caddyhttp/staticfiles/browselisting.go b/modules/caddyhttp/staticfiles/browselisting.go new file mode 100644 index 0000000..11e6b9c --- /dev/null +++ b/modules/caddyhttp/staticfiles/browselisting.go @@ -0,0 +1,245 @@ +package staticfiles + +import ( + "net/url" + "os" + "path" + "sort" + "strconv" + "strings" + "time" + + "bitbucket.org/lightcodelabs/caddy2" + "github.com/dustin/go-humanize" +) + +func (sf *StaticFiles) directoryListing(files []os.FileInfo, canGoUp bool, urlPath string, repl caddy2.Replacer) browseListing { + filesToHide := sf.transformHidePaths(repl) + + var ( + fileInfos []fileInfo + dirCount, fileCount int + ) + + for _, f := range files { + name := f.Name() + + if fileHidden(name, filesToHide) { + continue + } + + isDir := f.IsDir() || isSymlinkTargetDir(f, urlPath) + + if isDir { + name += "/" + dirCount++ + } else { + fileCount++ + } + + u := url.URL{Path: "./" + name} // prepend with "./" to fix paths with ':' in the name + + fileInfos = append(fileInfos, fileInfo{ + IsDir: isDir, + IsSymlink: isSymlink(f), + Name: f.Name(), + Size: f.Size(), + URL: u.String(), + ModTime: f.ModTime().UTC(), + Mode: f.Mode(), + }) + } + + return browseListing{ + Name: path.Base(urlPath), + Path: urlPath, + CanGoUp: canGoUp, + Items: fileInfos, + NumDirs: dirCount, + NumFiles: fileCount, + } +} + +type browseListing struct { + // The name of the directory (the last element of the path). + Name string + + // The full path of the request. + Path string + + // Whether the parent directory is browseable. + CanGoUp bool + + // The items (files and folders) in the path. + Items []fileInfo + + // The number of directories in the listing. + NumDirs int + + // The number of files (items that aren't directories) in the listing. + NumFiles int + + // Sort column used + Sort string + + // Sorting order + Order string + + // If ≠0 then Items have been limited to that many elements. + ItemsLimitedTo int +} + +// Breadcrumbs returns l.Path where every element maps +// the link to the text to display. +func (l browseListing) Breadcrumbs() []crumb { + var result []crumb + + if len(l.Path) == 0 { + return result + } + + // skip trailing slash + lpath := l.Path + if lpath[len(lpath)-1] == '/' { + lpath = lpath[:len(lpath)-1] + } + + parts := strings.Split(lpath, "/") + for i := range parts { + txt := parts[i] + if i == 0 && parts[i] == "" { + txt = "/" + } + lnk := strings.Repeat("../", len(parts)-i-1) + result = append(result, crumb{Link: lnk, Text: txt}) + } + + return result +} + +func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam string) { + l.Sort = sortParam + l.Order = orderParam + + if l.Order == "desc" { + switch l.Sort { + case sortByName: + sort.Sort(sort.Reverse(byName(*l))) + case sortByNameDirFirst: + sort.Sort(sort.Reverse(byNameDirFirst(*l))) + case sortBySize: + sort.Sort(sort.Reverse(bySize(*l))) + case sortByTime: + sort.Sort(sort.Reverse(byTime(*l))) + } + } else { + switch l.Sort { + case sortByName: + sort.Sort(byName(*l)) + case sortByNameDirFirst: + sort.Sort(byNameDirFirst(*l)) + case sortBySize: + sort.Sort(bySize(*l)) + case sortByTime: + sort.Sort(byTime(*l)) + } + } + + if limitParam != "" { + limit, _ := strconv.Atoi(limitParam) + if limit > 0 && limit <= len(l.Items) { + l.Items = l.Items[:limit] + l.ItemsLimitedTo = limit + } + } +} + +// crumb represents part of a breadcrumb menu, +// pairing a link with the text to display. +type crumb struct { + Link, Text string +} + +// fileInfo contains serializable information +// about a file or directory. +type fileInfo struct { + Name string `json:"name"` + Size int64 `json:"size"` + URL string `json:"url"` + ModTime time.Time `json:"mod_time"` + Mode os.FileMode `json:"mode"` + IsDir bool `json:"is_dir"` + IsSymlink bool `json:"is_symlink"` +} + +// HumanSize returns the size of the file as a +// human-readable string in IEC format (i.e. +// power of 2 or base 1024). +func (fi fileInfo) HumanSize() string { + return humanize.IBytes(uint64(fi.Size)) +} + +// HumanModTime returns the modified time of the file +// as a human-readable string given by format. +func (fi fileInfo) HumanModTime(format string) string { + return fi.ModTime.Format(format) +} + +type byName browseListing +type byNameDirFirst browseListing +type bySize browseListing +type byTime browseListing + +func (l byName) Len() int { return len(l.Items) } +func (l byName) Swap(i, j int) { l.Items[i], l.Items[j] = l.Items[j], l.Items[i] } + +func (l byName) Less(i, j int) bool { + return strings.ToLower(l.Items[i].Name) < strings.ToLower(l.Items[j].Name) +} + +func (l byNameDirFirst) Len() int { return len(l.Items) } +func (l byNameDirFirst) Swap(i, j int) { l.Items[i], l.Items[j] = l.Items[j], l.Items[i] } + +func (l byNameDirFirst) Less(i, j int) bool { + // sort by name if both are dir or file + if l.Items[i].IsDir == l.Items[j].IsDir { + return strings.ToLower(l.Items[i].Name) < strings.ToLower(l.Items[j].Name) + } + // sort dir ahead of file + return l.Items[i].IsDir +} + +func (l bySize) Len() int { return len(l.Items) } +func (l bySize) Swap(i, j int) { l.Items[i], l.Items[j] = l.Items[j], l.Items[i] } + +func (l bySize) Less(i, j int) bool { + const directoryOffset = -1 << 31 // = -math.MinInt32 + + iSize, jSize := l.Items[i].Size, l.Items[j].Size + + // directory sizes depend on the file system; to + // provide a consistent experience, put them up front + // and sort them by name + if l.Items[i].IsDir { + iSize = directoryOffset + } + if l.Items[j].IsDir { + jSize = directoryOffset + } + if l.Items[i].IsDir && l.Items[j].IsDir { + return strings.ToLower(l.Items[i].Name) < strings.ToLower(l.Items[j].Name) + } + + return iSize < jSize +} + +func (l byTime) Len() int { return len(l.Items) } +func (l byTime) Swap(i, j int) { l.Items[i], l.Items[j] = l.Items[j], l.Items[i] } +func (l byTime) Less(i, j int) bool { return l.Items[i].ModTime.Before(l.Items[j].ModTime) } + +const ( + sortByName = "name" + sortByNameDirFirst = "name_dir_first" + sortBySize = "size" + sortByTime = "time" +) diff --git a/modules/caddyhttp/staticfiles/browsetpl.go b/modules/caddyhttp/staticfiles/browsetpl.go new file mode 100644 index 0000000..ff2a1e1 --- /dev/null +++ b/modules/caddyhttp/staticfiles/browsetpl.go @@ -0,0 +1,403 @@ +package staticfiles + +const defaultBrowseTemplate = `<!DOCTYPE html> +<html> + <head> + <title>{{html .Name}}</title> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> +<style> +* { padding: 0; margin: 0; } + +body { + font-family: sans-serif; + text-rendering: optimizespeed; + background-color: #ffffff; +} + +a { + color: #006ed3; + text-decoration: none; +} + +a:hover, +h1 a:hover { + color: #319cff; +} + +header, +#summary { + padding-left: 5%; + padding-right: 5%; +} + +th:first-child, +td:first-child { + width: 5%; +} + +th:last-child, +td:last-child { + width: 5%; +} + +header { + padding-top: 25px; + padding-bottom: 15px; + background-color: #f2f2f2; +} + +h1 { + font-size: 20px; + font-weight: normal; + white-space: nowrap; + overflow-x: hidden; + text-overflow: ellipsis; + color: #999; +} + +h1 a { + color: #000; + margin: 0 4px; +} + +h1 a:hover { + text-decoration: underline; +} + +h1 a:first-child { + margin: 0; +} + +main { + display: block; +} + +.meta { + font-size: 12px; + font-family: Verdana, sans-serif; + border-bottom: 1px solid #9C9C9C; + padding-top: 10px; + padding-bottom: 10px; +} + +.meta-item { + margin-right: 1em; +} + +#filter { + padding: 4px; + border: 1px solid #CCC; +} + +table { + width: 100%; + border-collapse: collapse; +} + +tr { + border-bottom: 1px dashed #dadada; +} + +tbody tr:hover { + background-color: #ffffec; +} + +th, +td { + text-align: left; + padding: 10px 0; +} + +th { + padding-top: 15px; + padding-bottom: 15px; + font-size: 16px; + white-space: nowrap; +} + +th a { + color: black; +} + +th svg { + vertical-align: middle; +} + +td { + white-space: nowrap; + font-size: 14px; +} + +td:nth-child(2) { + width: 80%; +} + +td:nth-child(3), +th:nth-child(3) { + padding: 0 20px 0 20px; +} + +th:nth-child(4), +td:nth-child(4) { + text-align: right; +} + +td:nth-child(2) svg { + position: absolute; +} + +td .name, +td .goup { + margin-left: 1.75em; + word-break: break-all; + overflow-wrap: break-word; + white-space: pre-wrap; +} + +.icon { + margin-right: 5px; +} + +.icon.sort { + display: inline-block; + width: 1em; + height: 1em; + position: relative; + top: .2em; +} + +.icon.sort .top { + position: absolute; + left: 0; + top: -1px; +} + +.icon.sort .bottom { + position: absolute; + bottom: -1px; + left: 0; +} + +footer { + padding: 40px 20px; + font-size: 12px; + text-align: center; +} + +@media (max-width: 600px) { + .hideable { + display: none; + } + + td:nth-child(2) { + width: auto; + } + + th:nth-child(3), + td:nth-child(3) { + padding-right: 5%; + text-align: right; + } + + h1 { + color: #000; + } + + h1 a { + margin: 0; + } + + #filter { + max-width: 100px; + } +} +</style> + </head> + <body onload='filter()'> + <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="0" width="0" style="position: absolute;"> + <defs> + <!-- Folder --> + <g id="folder" fill-rule="nonzero" fill="none"> + <path d="M285.22 37.55h-142.6L110.9 0H31.7C14.25 0 0 16.9 0 37.55v75.1h316.92V75.1c0-20.65-14.26-37.55-31.7-37.55z" fill="#FFA000"/> + <path d="M285.22 36H31.7C14.25 36 0 50.28 0 67.74v158.7c0 17.47 14.26 31.75 31.7 31.75H285.2c17.44 0 31.7-14.3 31.7-31.75V67.75c0-17.47-14.26-31.75-31.7-31.75z" fill="#FFCA28"/> + </g> + <g id="folder-shortcut" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> + <g id="folder-shortcut-group" fill-rule="nonzero"> + <g id="folder-shortcut-shape"> + <path d="M285.224876,37.5486902 L142.612438,37.5486902 L110.920785,0 L31.6916529,0 C14.2612438,0 0,16.8969106 0,37.5486902 L0,112.646071 L316.916529,112.646071 L316.916529,75.0973805 C316.916529,54.4456008 302.655285,37.5486902 285.224876,37.5486902 Z" id="Shape" fill="#FFA000"></path> + <path d="M285.224876,36 L31.6916529,36 C14.2612438,36 0,50.2838568 0,67.7419039 L0,226.451424 C0,243.909471 14.2612438,258.193328 31.6916529,258.193328 L285.224876,258.193328 C302.655285,258.193328 316.916529,243.909471 316.916529,226.451424 L316.916529,67.7419039 C316.916529,50.2838568 302.655285,36 285.224876,36 Z" id="Shape" fill="#FFCA28"></path> + </g> + <path d="M126.154134,250.559184 C126.850974,251.883673 127.300549,253.006122 127.772602,254.106122 C128.469442,255.206122 128.919016,256.104082 129.638335,257.002041 C130.559962,258.326531 131.728855,259 133.100057,259 C134.493737,259 135.415364,258.55102 136.112204,257.67551 C136.809044,257.002041 137.258619,255.902041 137.258619,254.577551 C137.258619,253.904082 137.258619,252.804082 137.033832,251.457143 C136.786566,249.908163 136.561779,249.032653 136.561779,248.583673 C136.089726,242.814286 135.864939,237.920408 135.864939,233.273469 C135.864939,225.057143 136.786566,217.514286 138.180246,210.846939 C139.798713,204.202041 141.889234,198.634694 144.429328,193.763265 C147.216689,188.869388 150.678411,184.873469 154.836973,181.326531 C158.995535,177.779592 163.626149,174.883673 168.481552,172.661224 C173.336954,170.438776 179.113983,168.665306 185.587852,167.340816 C192.061722,166.218367 198.760378,165.342857 205.481514,164.669388 C212.18017,164.220408 219.598146,163.995918 228.162535,163.995918 L246.055591,163.995918 L246.055591,195.514286 C246.055591,197.736735 246.752431,199.510204 248.370899,201.059184 C250.214153,202.608163 252.079886,203.506122 254.372715,203.506122 C256.463236,203.506122 258.531277,202.608163 260.172223,201.059184 L326.102289,137.797959 C327.720757,136.24898 328.642384,134.47551 328.642384,132.253061 C328.642384,130.030612 327.720757,128.257143 326.102289,126.708163 L260.172223,63.4469388 C258.553756,61.8979592 256.463236,61 254.395194,61 C252.079886,61 250.236632,61.8979592 248.393377,63.4469388 C246.77491,64.9959184 246.07807,66.7693878 246.07807,68.9918367 L246.07807,100.510204 L228.162535,100.510204 C166.863084,100.510204 129.166282,117.167347 115.274437,150.459184 C110.666301,161.54898 108.350993,175.310204 108.350993,191.742857 C108.350993,205.279592 113.903236,223.912245 124.760454,247.438776 C125.00772,248.112245 125.457294,249.010204 126.154134,250.559184 Z" id="Shape" fill="#FFFFFF" transform="translate(218.496689, 160.000000) scale(-1, 1) translate(-218.496689, -160.000000) "></path> + </g> + </g> + + <!-- File --> + <g id="file" stroke="#000" stroke-width="25" fill="#FFF" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"> + <path d="M13 24.12v274.76c0 6.16 5.87 11.12 13.17 11.12H239c7.3 0 13.17-4.96 13.17-11.12V136.15S132.6 13 128.37 13H26.17C18.87 13 13 17.96 13 24.12z"/> + <path d="M129.37 13L129 113.9c0 10.58 7.26 19.1 16.27 19.1H249L129.37 13z"/> + </g> + <g id="file-shortcut" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> + <g id="file-shortcut-group" transform="translate(13.000000, 13.000000)"> + <g id="file-shortcut-shape" stroke="#000000" stroke-width="25" fill="#FFFFFF" stroke-linecap="round" stroke-linejoin="round"> + <path d="M0,11.1214886 L0,285.878477 C0,292.039924 5.87498876,296.999983 13.1728373,296.999983 L225.997983,296.999983 C233.295974,296.999983 239.17082,292.039942 239.17082,285.878477 L239.17082,123.145388 C239.17082,123.145388 119.58541,2.84217094e-14 115.369423,2.84217094e-14 L13.1728576,2.84217094e-14 C5.87500907,-1.71479982e-05 0,4.96022995 0,11.1214886 Z" id="rect1171"></path> + <path d="M116.37005,0 L116,100.904964 C116,111.483663 123.258008,120 132.273377,120 L236,120 L116.37005,0 L116.37005,0 Z" id="rect1794"></path> + </g> + <path d="M47.803141,294.093878 C48.4999811,295.177551 48.9495553,296.095918 49.4216083,296.995918 C50.1184484,297.895918 50.5680227,298.630612 51.2873415,299.365306 C52.2089688,300.44898 53.3778619,301 54.7490634,301 C56.1427436,301 57.0643709,300.632653 57.761211,299.916327 C58.4580511,299.365306 58.9076254,298.465306 58.9076254,297.381633 C58.9076254,296.830612 58.9076254,295.930612 58.6828382,294.828571 C58.4355724,293.561224 58.2107852,292.844898 58.2107852,292.477551 C57.7387323,287.757143 57.5139451,283.753061 57.5139451,279.95102 C57.5139451,273.228571 58.4355724,267.057143 59.8292526,261.602041 C61.44772,256.165306 63.5382403,251.610204 66.0783349,247.62449 C68.8656954,243.620408 72.3274172,240.35102 76.4859792,237.44898 C80.6445412,234.546939 85.2751561,232.177551 90.1305582,230.359184 C94.9859603,228.540816 100.76299,227.089796 107.236859,226.006122 C113.710728,225.087755 120.409385,224.371429 127.13052,223.820408 C133.829177,223.453061 141.247152,223.269388 149.811542,223.269388 L167.704598,223.269388 L167.704598,249.057143 C167.704598,250.87551 168.401438,252.326531 170.019905,253.593878 C171.86316,254.861224 173.728893,255.595918 176.021722,255.595918 C178.112242,255.595918 180.180284,254.861224 181.82123,253.593878 L247.751296,201.834694 C249.369763,200.567347 250.291391,199.116327 250.291391,197.297959 C250.291391,195.479592 249.369763,194.028571 247.751296,192.761224 L181.82123,141.002041 C180.202763,139.734694 178.112242,139 176.044201,139 C173.728893,139 171.885639,139.734694 170.042384,141.002041 C168.423917,142.269388 167.727077,143.720408 167.727077,145.538776 L167.727077,171.326531 L149.811542,171.326531 C88.5120908,171.326531 50.8152886,184.955102 36.9234437,212.193878 C32.3153075,221.267347 30,232.526531 30,245.971429 C30,257.046939 35.5522422,272.291837 46.4094607,291.540816 C46.6567266,292.091837 47.1063009,292.826531 47.803141,294.093878 Z" id="Shape-Copy" fill="#000000" fill-rule="nonzero" transform="translate(140.145695, 220.000000) scale(-1, 1) translate(-140.145695, -220.000000) "></path> + </g> + </g> + + <!-- Up arrow --> + <g id="up-arrow" transform="translate(-279.22 -208.12)"> + <path transform="matrix(.22413 0 0 .12089 335.67 164.35)" stroke-width="0" d="m-194.17 412.01h-28.827-28.827l14.414-24.965 14.414-24.965 14.414 24.965z"/> + </g> + + <!-- Down arrow --> + <g id="down-arrow" transform="translate(-279.22 -208.12)"> + <path transform="matrix(.22413 0 0 -.12089 335.67 257.93)" stroke-width="0" d="m-194.17 412.01h-28.827-28.827l14.414-24.965 14.414-24.965 14.414 24.965z"/> + </g> + </defs> + </svg> + + <header> + <h1> + {{range $i, $crumb := .Breadcrumbs}}<a href="{{html $crumb.Link}}">{{html $crumb.Text}}</a>{{if ne $i 0}}/{{end}}{{end}} + </h1> + </header> + <main> + <div class="meta"> + <div id="summary"> + <span class="meta-item"><b>{{.NumDirs}}</b> director{{if eq 1 .NumDirs}}y{{else}}ies{{end}}</span> + <span class="meta-item"><b>{{.NumFiles}}</b> file{{if ne 1 .NumFiles}}s{{end}}</span> + {{- if ne 0 .ItemsLimitedTo}} + <span class="meta-item">(of which only <b>{{.ItemsLimitedTo}}</b> are displayed)</span> + {{- end}} + <span class="meta-item"><input type="text" placeholder="filter" id="filter" onkeyup='filter()'></span> + </div> + </div> + <div class="listing"> + <table aria-describedby="summary"> + <thead> + <tr> + <th></th> + <th> + {{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} + <a href="?sort=namedirfirst&order=desc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}" class="icon"><svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg></a> + {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} + <a href="?sort=namedirfirst&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}" class="icon"><svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a> + {{- else}} + <a href="?sort=namedirfirst&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}" class="icon sort"><svg class="top" width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg><svg class="bottom" width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a> + {{- end}} + + {{- if and (eq .Sort "name") (ne .Order "desc")}} + <a href="?sort=name&order=desc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Name <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg></a> + {{- else if and (eq .Sort "name") (ne .Order "asc")}} + <a href="?sort=name&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Name <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a> + {{- else}} + <a href="?sort=name&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Name</a> + {{- end}} + </th> + <th> + {{- if and (eq .Sort "size") (ne .Order "desc")}} + <a href="?sort=size&order=desc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Size <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg></a> + {{- else if and (eq .Sort "size") (ne .Order "asc")}} + <a href="?sort=size&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Size <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a> + {{- else}} + <a href="?sort=size&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Size</a> + {{- end}} + </th> + <th class="hideable"> + {{- if and (eq .Sort "time") (ne .Order "desc")}} + <a href="?sort=time&order=desc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Modified <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#up-arrow"></use></svg></a> + {{- else if and (eq .Sort "time") (ne .Order "asc")}} + <a href="?sort=time&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Modified <svg width="1em" height=".5em" version="1.1" viewBox="0 0 12.922194 6.0358899"><use xlink:href="#down-arrow"></use></svg></a> + {{- else}} + <a href="?sort=time&order=asc{{if ne 0 .ItemsLimitedTo}}&limit={{.ItemsLimitedTo}}{{end}}">Modified</a> + {{- end}} + </th> + <th class="hideable"></th> + </tr> + </thead> + <tbody> + {{- if .CanGoUp}} + <tr> + <td></td> + <td> + <a href=".."> + <span class="goup">Go up</span> + </a> + </td> + <td>—</td> + <td class="hideable">—</td> + <td class="hideable"></td> + </tr> + {{- end}} + {{- range .Items}} + <tr class="file"> + <td></td> + <td> + <a href="{{html .URL}}"> + {{- if .IsDir}} + <svg width="1.5em" height="1em" version="1.1" viewBox="0 0 317 259"><use xlink:href="#folder{{if .IsSymlink}}-shortcut{{end}}"></use></svg> + {{- else}} + <svg width="1.5em" height="1em" version="1.1" viewBox="0 0 265 323"><use xlink:href="#file{{if .IsSymlink}}-shortcut{{end}}"></use></svg> + {{- end}} + <span class="name">{{html .Name}}</span> + </a> + </td> + {{- if .IsDir}} + <td data-order="-1">—</td> + {{- else}} + <td data-order="{{.Size}}">{{.HumanSize}}</td> + {{- end}} + <td class="hideable"><time datetime="{{.HumanModTime "2006-01-02T15:04:05Z"}}">{{.HumanModTime "01/02/2006 03:04:05 PM -07:00"}}</time></td> + <td class="hideable"></td> + </tr> + {{- end}} + </tbody> + </table> + </div> + </main> + <footer> + Served with <a rel="noopener noreferrer" href="https://caddyserver.com">Caddy</a> + </footer> + <script> + var filterEl = document.getElementById('filter'); + filterEl.focus(); + + function filter() { + var q = filterEl.value.trim().toLowerCase(); + var elems = document.querySelectorAll('tr.file'); + elems.forEach(function(el) { + if (!q) { + el.style.display = ''; + return; + } + var nameEl = el.querySelector('.name'); + var nameVal = nameEl.textContent.trim().toLowerCase(); + if (nameVal.indexOf(q) !== -1) { + el.style.display = ''; + } else { + el.style.display = 'none'; + } + }); + } + + function localizeDatetime(e, index, ar) { + if (e.textContent === undefined) { + return; + } + var d = new Date(e.getAttribute('datetime')); + if (isNaN(d)) { + d = new Date(e.textContent); + if (isNaN(d)) { + return; + } + } + e.textContent = d.toLocaleString([], {day: "2-digit", month: "2-digit", year: "numeric", hour: "2-digit", minute: "2-digit", second: "2-digit"}); + } + var timeList = Array.prototype.slice.call(document.getElementsByTagName("time")); + timeList.forEach(localizeDatetime); + </script> + </body> +</html>` diff --git a/modules/caddyhttp/staticfiles/staticfiles.go b/modules/caddyhttp/staticfiles/staticfiles.go index 0ef3c63..e3af352 100644 --- a/modules/caddyhttp/staticfiles/staticfiles.go +++ b/modules/caddyhttp/staticfiles/staticfiles.go @@ -2,6 +2,7 @@ package staticfiles import ( "fmt" + "html/template" weakrand "math/rand" "net/http" "os" @@ -16,6 +17,8 @@ import ( ) func init() { + weakrand.Seed(time.Now().UnixNano()) + caddy2.RegisterModule(caddy2.Module{ Name: "http.responders.static_files", New: func() (interface{}, error) { return new(StaticFiles), nil }, @@ -25,13 +28,13 @@ func init() { // StaticFiles implements a static file server responder for Caddy. type StaticFiles struct { Root string `json:"root"` // default is current directory + Hide []string `json:"hide"` IndexNames []string `json:"index_names"` - Files []string `json:"files"` // all relative to the root; default is request URI path + Files []string `json:"files"` // all relative to the root; default is request URI path + Rehandle bool `json:"rehandle"` // issue a rehandle (internal redirect) if request is rewritten SelectionPolicy string `json:"selection_policy"` Fallback caddyhttp.RouteList `json:"fallback"` Browse *Browse `json:"browse"` - Hide []string `json:"hide"` - Rehandle bool `json:"rehandle"` // issue a rehandle (internal redirect) if request is rewritten // TODO: Etag // TODO: Content negotiation } @@ -44,9 +47,28 @@ func (sf *StaticFiles) Provision(ctx caddy2.Context) error { return fmt.Errorf("setting up fallback routes: %v", err) } } + if sf.IndexNames == nil { sf.IndexNames = defaultIndexNames } + + if sf.Browse != nil { + var tpl *template.Template + var err error + if sf.Browse.TemplateFile != "" { + tpl, err = template.ParseFiles(sf.Browse.TemplateFile) + if err != nil { + return fmt.Errorf("parsing browse template file: %v", err) + } + } else { + tpl, err = template.New("default_listing").Parse(defaultBrowseTemplate) + if err != nil { + return fmt.Errorf("parsing default browse template: %v", err) + } + } + sf.Browse.template = tpl + } + return nil } @@ -67,10 +89,6 @@ func (sf *StaticFiles) Validate() error { func (sf *StaticFiles) ServeHTTP(w http.ResponseWriter, r *http.Request) error { // TODO: Prevent directory traversal, see https://play.golang.org/p/oh77BiVQFti - // http.FileServer(http.Dir(sf.Directory)).ServeHTTP(w, r) - - ////////////// - // TODO: Still needed? // // Prevent absolute path access on Windows, e.g.: http://localhost:5000/C:\Windows\notepad.exe // // TODO: does stdlib http.Dir handle this? see first check of http.Dir.Open()... @@ -119,7 +137,7 @@ func (sf *StaticFiles) ServeHTTP(w http.ResponseWriter, r *http.Request) error { for _, indexPage := range sf.IndexNames { indexPath := path.Join(filename, indexPage) - if fileIsHidden(indexPath, filesToHide) { + if fileHidden(indexPath, filesToHide) { // pretend this file doesn't exist continue } @@ -140,6 +158,7 @@ func (sf *StaticFiles) ServeHTTP(w http.ResponseWriter, r *http.Request) error { } info = indexInfo + filename = indexPath break } } @@ -148,43 +167,54 @@ func (sf *StaticFiles) ServeHTTP(w http.ResponseWriter, r *http.Request) error { // to browse or return an error if info.IsDir() { if sf.Browse != nil { - return sf.Browse.ServeHTTP(w, r) + return sf.serveBrowse(filename, w, r) } return caddyhttp.Error(http.StatusNotFound, nil) } // open the file - file, err := os.Open(info.Name()) + file, err := sf.openFile(filename, w) if err != nil { - if os.IsNotExist(err) { - return caddyhttp.Error(http.StatusNotFound, err) - } else if os.IsPermission(err) { - return caddyhttp.Error(http.StatusForbidden, err) - } - // maybe the server is under load and ran out of file descriptors? - // have client wait arbitrary seconds to help prevent a stampede - backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff - w.Header().Set("Retry-After", strconv.Itoa(backoff)) - return caddyhttp.Error(http.StatusServiceUnavailable, err) + return err } defer file.Close() - // TODO: Right now we return an invalid response if the - // request is for a directory and there is no index file - // or dir browsing; we should return a 404 I think... - // TODO: Etag? // TODO: content negotiation? (brotli sidecar files, etc...) // let the standard library do what it does best; note, however, // that errors generated by ServeContent are written immediately - // to the response, so we cannot handle them (but errors here are rare) + // to the response, so we cannot handle them (but errors here + // are rare) http.ServeContent(w, r, info.Name(), info.ModTime(), file) return nil } +// openFile opens the file at the given filename. If there was an error, +// the response is configured to inform the client how to best handle it +// and a well-described handler error is returned (do not wrap the +// returned error value). +func (sf *StaticFiles) openFile(filename string, w http.ResponseWriter) (*os.File, error) { + file, err := os.Open(filename) + if err != nil { + if os.IsNotExist(err) { + return nil, caddyhttp.Error(http.StatusNotFound, err) + } else if os.IsPermission(err) { + return nil, caddyhttp.Error(http.StatusForbidden, err) + } + // maybe the server is under load and ran out of file descriptors? + // have client wait arbitrary seconds to help prevent a stampede + backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff + w.Header().Set("Retry-After", strconv.Itoa(backoff)) + return nil, caddyhttp.Error(http.StatusServiceUnavailable, err) + } + return file, nil +} + +// transformHidePaths performs replacements for all the elements of +// sf.Hide and returns a new list of the transformed values. func (sf *StaticFiles) transformHidePaths(repl caddy2.Replacer) []string { hide := make([]string, len(sf.Hide)) for i := range sf.Hide { @@ -193,6 +223,10 @@ func (sf *StaticFiles) transformHidePaths(repl caddy2.Replacer) []string { return hide } +// selectFile uses the specified selection policy (or first_existing +// by default) to map the request r to a filename. The full path to +// the file is returned if one is found; otherwise, an empty string +// is returned. func (sf *StaticFiles) selectFile(r *http.Request, repl caddy2.Replacer) string { root := repl.ReplaceAll(sf.Root, "") if root == "" { @@ -211,7 +245,7 @@ func (sf *StaticFiles) selectFile(r *http.Request, repl caddy2.Replacer) string suffix := repl.ReplaceAll(f, "") // TODO: sanitize path fullpath := filepath.Join(root, suffix) - if !fileIsHidden(fullpath, filesToHide) && fileExists(fullpath) { + if !fileHidden(fullpath, filesToHide) && fileExists(fullpath) { r.URL.Path = suffix return fullpath } @@ -282,7 +316,9 @@ func fileExists(file string) bool { return !os.IsNotExist(err) } -func fileIsHidden(filename string, hide []string) bool { +// fileHidden returns true if filename is hidden +// according to the hide list. +func fileHidden(filename string, hide []string) bool { nameOnly := filepath.Base(filename) sep := string(filepath.Separator) |