From 8d0214f74a5dae2230d93fb7b36047557cf6f62f Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Sun, 21 Aug 2016 20:20:13 +0100 Subject: [PATCH] server-side user-based command checking #24 --- config/config.go | 17 ++++++++++------- filemanager.go | 18 +++++++++++++----- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/config/config.go b/config/config.go index dbacacd9..f116952c 100644 --- a/config/config.go +++ b/config/config.go @@ -26,17 +26,21 @@ type Config struct { // UserConfig contains the configuration for each user type UserConfig struct { - PathScope string // Path the user have access - Root http.FileSystem // The virtual file system the user have access - StyleSheet string // Costum stylesheet - FrontMatter string // Default frontmatter to save files in + PathScope string `json:"-"` // Path the user have access + Root http.FileSystem `json:"-"` // The virtual file system the user have access + StyleSheet string `json:"-"` // Costum stylesheet + FrontMatter string `json:"-"` // Default frontmatter to save files in AllowNew bool // Can create files and folders AllowEdit bool // Can edit/rename files AllowCommands bool // Can execute commands Commands []string // Available Commands - Rules []*Rule // Access rules + Rules []*Rule `json:"-"` // Access rules } +// TODO: USE USER StyleSheet +// TODO: USE USER FRONTMATTER +// TODO: USE USER ROOT + // Rule is a dissalow/allow rule type Rule struct { Regex bool @@ -100,6 +104,7 @@ func Parse(c *caddy.Controller) ([]Config, error) { } cCfg.PathScope = c.Val() cCfg.PathScope = strings.TrimSuffix(cCfg.PathScope, "/") + cCfg.Root = http.Dir(cCfg.PathScope) case "styles": if !c.NextArg() { return configs, c.ArgErr() @@ -200,8 +205,6 @@ func Parse(c *caddy.Controller) ([]Config, error) { }) // NEW USER BLOCK? default: - cCfg.Root = http.Dir(cCfg.PathScope) - val := c.Val() // Checks if it's a new user if !strings.HasSuffix(val, ":") { diff --git a/filemanager.go b/filemanager.go index c8d76bdc..e24f5842 100644 --- a/filemanager.go +++ b/filemanager.go @@ -136,7 +136,7 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err return http.StatusUnauthorized, nil } - return vcsCommand(w, r, c) + return command(w, r, c, user) } // Creates a new folder return newDirectory(w, r, c) @@ -240,12 +240,20 @@ func newDirectory(w http.ResponseWriter, r *http.Request, c *config.Config) (int return http.StatusCreated, nil } -// vcsCommand handles the requests for VCS related commands: git, svn and mercurial -func vcsCommand(w http.ResponseWriter, r *http.Request, c *config.Config) (int, error) { +// command handles the requests for VCS related commands: git, svn and mercurial +func command(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.UserConfig) (int, error) { command := strings.Split(r.Header.Get("command"), " ") - // Check if the command is for git, mercurial or svn - if command[0] != "git" && command[0] != "hg" && command[0] != "svn" { + // Check if the command is allowed + mayContinue := false + + for _, cmd := range u.Commands { + if cmd == command[0] { + mayContinue = true + } + } + + if !mayContinue { return http.StatusForbidden, nil }