From 22e0ad0831ab92c513968947f4b02af19ba18b8a Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Tue, 18 Oct 2016 17:56:35 +0100 Subject: [PATCH] update --- assets/embed/public/js/application.js | 4 +- directory/editor.go | 37 ++++++++------- directory/file.go | 2 - directory/update.go | 67 ++++++++++++--------------- filemanager.go | 57 ++++++++++++----------- 5 files changed, 81 insertions(+), 86 deletions(-) diff --git a/assets/embed/public/js/application.js b/assets/embed/public/js/application.js index 8dbe38b3..a4e2b86f 100644 --- a/assets/embed/public/js/application.js +++ b/assets/embed/public/js/application.js @@ -1,5 +1,7 @@ 'use strict'; +// TODO: way to get the webdav url + var tempID = "_fm_internal_temporary_id" var selectedItems = []; var token = ""; @@ -316,8 +318,6 @@ var handleFiles = function(files) { } } - - return false; } diff --git a/directory/editor.go b/directory/editor.go index 7ccb4ddd..b6b43371 100644 --- a/directory/editor.go +++ b/directory/editor.go @@ -42,23 +42,26 @@ func (i *Info) GetEditor() (*Editor, error) { // Handle the content depending on the file extension switch editor.Mode { case "markdown", "asciidoc", "rst": - if HasFrontMatterRune(i.Raw) { - // Starts a new buffer and parses the file using Hugo's functions - buffer := bytes.NewBuffer(i.Raw) - page, err = parser.ReadFrom(buffer) - if err != nil { - return editor, err - } - - // Parses the page content and the frontmatter - editor.Content = strings.TrimSpace(string(page.Content())) - editor.FrontMatter, _, err = frontmatter.Pretty(page.FrontMatter()) - editor.Class = "complete" - } else { - // The editor will handle only content + if !HasFrontMatterRune(i.Raw) { editor.Class = "content-only" editor.Content = i.Content + break } + + // Starts a new buffer and parses the file using Hugo's functions + buffer := bytes.NewBuffer(i.Raw) + page, err = parser.ReadFrom(buffer) + editor.Class = "complete" + + if err != nil { + editor.Class = "content-only" + editor.Content = i.Content + break + } + + // Parses the page content and the frontmatter + editor.Content = strings.TrimSpace(string(page.Content())) + editor.FrontMatter, _, err = frontmatter.Pretty(page.FrontMatter()) case "json", "toml", "yaml": // Defines the class and declares an error editor.Class = "frontmatter-only" @@ -72,13 +75,15 @@ func (i *Info) GetEditor() (*Editor, error) { // Check if there were any errors if err != nil { - return editor, err + editor.Class = "content-only" + editor.Content = i.Content + break } default: - // The editor will handle only content editor.Class = "content-only" editor.Content = i.Content } + return editor, nil } diff --git a/directory/file.go b/directory/file.go index e18b83d6..300691da 100644 --- a/directory/file.go +++ b/directory/file.go @@ -145,8 +145,6 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config } page.Info.Data = editor - - // TODO: if serve Single File finds an error while parsing, show the raw content to edit instead of giving 500 return page.PrintAsHTML(w, "frontmatter", "editor") } diff --git a/directory/update.go b/directory/update.go index 34d1ba15..10483769 100644 --- a/directory/update.go +++ b/directory/update.go @@ -16,54 +16,45 @@ import ( // Update is used to update a file that was edited func (i *Info) Update(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) { - // TODO: review this + var ( + data map[string]interface{} + file []byte + code int + err error + kind string + rawBuffer = new(bytes.Buffer) + ) - var data map[string]interface{} - kind := r.Header.Get("kind") - - var file []byte - var code int - - rawBuffer := new(bytes.Buffer) + kind = r.Header.Get("kind") rawBuffer.ReadFrom(r.Body) - if kind == "" { - file = rawBuffer.Bytes() - } else { - err := json.Unmarshal(rawBuffer.Bytes(), &data) + if kind != "" { + err = json.Unmarshal(rawBuffer.Bytes(), &data) if err != nil { return http.StatusInternalServerError, err } - - switch kind { - case "frontmatter-only": - if file, code, err = ParseFrontMatterOnlyFile(data, i.Name); err != nil { - return http.StatusInternalServerError, err - } - case "content-only": - mainContent := data["content"].(string) - mainContent = strings.TrimSpace(mainContent) - file = []byte(mainContent) - case "complete": - if file, code, err = ParseCompleteFile(data, i.Name, u.FrontMatter); err != nil { - return http.StatusInternalServerError, err - } - default: - return http.StatusBadRequest, nil - } } - // Overwrite the Body + switch kind { + case "frontmatter-only": + if file, code, err = ParseFrontMatterOnlyFile(data, i.Name); err != nil { + return http.StatusInternalServerError, err + } + case "content-only": + mainContent := data["content"].(string) + mainContent = strings.TrimSpace(mainContent) + file = []byte(mainContent) + case "complete": + if file, code, err = ParseCompleteFile(data, i.Name, u.FrontMatter); err != nil { + return http.StatusInternalServerError, err + } + default: + file = rawBuffer.Bytes() + } + + // Overwrite the request Body r.Body = ioutil.NopCloser(bytes.NewReader(file)) - - // Write the file - // err = ioutil.WriteFile(i.Path, file, 0666) - - //if err != nil { - //return http.StatusInternalServerError, err - // } - return code, nil } diff --git a/filemanager.go b/filemanager.go index f1dfe856..3efc3cd6 100644 --- a/filemanager.go +++ b/filemanager.go @@ -8,7 +8,7 @@ package filemanager import ( - "fmt" + e "errors" "net/http" "os/exec" "path/filepath" @@ -32,18 +32,21 @@ type FileManager struct { // ServeHTTP determines if the request is for this plugin, and if all prerequisites are met. func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) { var ( - c *config.Config - fi *directory.Info - code int - err error - serveAssets bool - user *config.User + c *config.Config + fi *directory.Info + code int + err error + user *config.User ) for i := range f.Configs { if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) { c = &f.Configs[i] - serveAssets = httpserver.Path(r.URL.Path).Matches(c.BaseURL + assets.BaseURL) + + if r.Method == http.MethodGet && httpserver.Path(r.URL.Path).Matches(c.BaseURL+assets.BaseURL) { + return assets.Serve(w, r, c) + } + username, _, _ := r.BasicAuth() if _, ok := c.Users[username]; ok { @@ -52,26 +55,10 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err user = c.User } - // TODO: make allow and block rules relative to baseurl and webdav - // Checks if the user has permission to access the current directory. - /*if !user.Allowed(r.URL.Path) { - if r.Method == http.MethodGet { - return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page.")) - } - - return http.StatusForbidden, nil - } - - // TODO: How to exclude web dav clients? :/ - // Security measures against CSRF attacks. - if r.Method != http.MethodGet { - if !c.CheckToken(r) { + if strings.HasPrefix(r.URL.Path, c.WebDavURL) { + if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.WebDavURL)) { return http.StatusForbidden, nil } - } */ - - if strings.HasPrefix(r.URL.Path, c.WebDavURL) { - fmt.Println("e") switch r.Method { case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE": @@ -95,8 +82,16 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err return 0, nil } - if r.Method == http.MethodGet && serveAssets { - return assets.Serve(w, r, c) + if !user.Allowed(strings.TrimPrefix(r.URL.Path, c.BaseURL)) { + if r.Method == http.MethodGet { + return errors.PrintHTML( + w, + http.StatusForbidden, + e.New("You don't have permission to access this page."), + ) + } + + return http.StatusForbidden, nil } if r.Method == http.MethodGet { @@ -143,6 +138,12 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err } if r.Method == http.MethodPost { + // TODO: How to exclude web dav clients? :/ + // Security measures against CSRF attacks. + if !c.CheckToken(r) { + return http.StatusForbidden, nil + } + /* TODO: search commands. USE PROPFIND? // Search and git commands. if r.Header.Get("Search") == "true" {