feat: v2 (#599)

Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7
2025-11-26 14:25:26 +08:00 · 2019-01-05 22:44:33 +00:00
parent 53a4601361
commit 12b2c21522
121 changed files with 5410 additions and 4697 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -0,0 +1,15 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// Auther is the authentication interface.
+type Auther interface {
+	// Auth is called to authenticate a request.
+	Auth(*http.Request) (*users.User, error)
+	// SetStorage attaches the Storage instance.
+	SetStorage(*users.Storage)
+}
--- a/auth/json.go
+++ b/auth/json.go
@@ -0,0 +1,108 @@
+package auth
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodJSONAuth is used to identify json auth.
+const MethodJSONAuth settings.AuthMethod = "json"
+
+type jsonCred struct {
+	Password  string `json:"password"`
+	Username  string `json:"username"`
+	ReCaptcha string `json:"recaptcha"`
+}
+
+// JSONAuth is a json implementaion of an Auther.
+type JSONAuth struct {
+	ReCaptcha *ReCaptcha
+	storage   *users.Storage
+}
+
+// Auth authenticates the user via a json in content body.
+func (a *JSONAuth) Auth(r *http.Request) (*users.User, error) {
+	var cred jsonCred
+
+	if r.Body == nil {
+		return nil, os.ErrPermission
+	}
+
+	err := json.NewDecoder(r.Body).Decode(&cred)
+	if err != nil {
+		return nil, os.ErrPermission
+	}
+
+	// If ReCaptcha is enabled, check the code.
+	if a.ReCaptcha != nil && len(a.ReCaptcha.Secret) > 0 {
+		ok, err := a.ReCaptcha.Ok(cred.ReCaptcha)
+
+		if err != nil {
+			return nil, err
+		}
+
+		if !ok {
+			return nil, os.ErrPermission
+		}
+	}
+
+	u, err := a.storage.Get(cred.Username)
+	if err != nil || !users.CheckPwd(cred.Password, u.Password) {
+		return nil, os.ErrPermission
+	}
+
+	return u, nil
+}
+
+// SetStorage attaches the storage to the auther.
+func (a *JSONAuth) SetStorage(s *users.Storage) {
+	a.storage = s
+}
+
+const reCaptchaAPI = "/recaptcha/api/siteverify"
+
+// ReCaptcha identifies a recaptcha conenction.
+type ReCaptcha struct {
+	Host   string `json:"host"`
+	Key    string `json:"key"`
+	Secret string `json:"secret"`
+}
+
+// Ok checks if a reCaptcha responde is correct.
+func (r *ReCaptcha) Ok(response string) (bool, error) {
+	body := url.Values{}
+	body.Set("secret", r.Key)
+	body.Add("response", response)
+
+	client := &http.Client{}
+
+	resp, err := client.Post(
+		r.Host+reCaptchaAPI,
+		"application/x-www-form-urlencoded",
+		strings.NewReader(body.Encode()),
+	)
+	if err != nil {
+		return false, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return false, nil
+	}
+
+	var data struct {
+		Success bool `json:"success"`
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(&data)
+	if err != nil {
+		return false, err
+	}
+
+	return data.Success, nil
+}
--- a/auth/none.go
+++ b/auth/none.go
@@ -0,0 +1,26 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// MethodNoAuth is used to identify no auth.
+const MethodNoAuth settings.AuthMethod = "noauth"
+
+// NoAuth is no auth implementation of auther.
+type NoAuth struct {
+	storage *users.Storage
+}
+
+// Auth uses authenticates user 1.
+func (a *NoAuth) Auth(r *http.Request) (*users.User, error) {
+	return a.storage.Get(1)
+}
+
+// SetStorage attaches the storage to the auther.
+func (a *NoAuth) SetStorage(s *users.Storage) {
+	a.storage = s
+}
--- a/auth/proxy.go
+++ b/auth/proxy.go
@@ -0,0 +1,35 @@
+package auth
+
+import (
+	"net/http"
+	"os"
+
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+	"github.com/filebrowser/filebrowser/v2/errors"
+)
+
+// MethodProxyAuth is used to identify no auth.
+const MethodProxyAuth settings.AuthMethod = "proxy"
+
+// ProxyAuth is a proxy implementation of an auther.
+type ProxyAuth struct {
+	Header  string
+	storage *users.Storage
+}
+
+// Auth authenticates the user via an HTTP header.
+func (a *ProxyAuth) Auth(r *http.Request) (*users.User, error) {
+	username := r.Header.Get(a.Header)
+	user, err := a.storage.Get(username)
+	if err == errors.ErrNotExist {
+		return nil, os.ErrPermission
+	}
+
+	return user, err
+}
+
+// SetStorage attaches the storage to the auther.
+func (a *ProxyAuth) SetStorage(s *users.Storage) {
+	a.storage = s
+}
--- a/auth/storage.go
+++ b/auth/storage.go
@@ -0,0 +1,39 @@
+package auth
+
+import (
+	"github.com/filebrowser/filebrowser/v2/settings"
+	"github.com/filebrowser/filebrowser/v2/users"
+)
+
+// StorageBackend is a storage backend for auth storage.
+type StorageBackend interface {
+	Get(settings.AuthMethod) (Auther, error)
+	Save(Auther) error
+}
+
+// Storage is a auth storage.
+type Storage struct {
+	back  StorageBackend
+	users *users.Storage
+}
+
+// NewStorage creates a auth storage from a backend.
+func NewStorage(back StorageBackend, users *users.Storage) *Storage {
+	return &Storage{back: back, users: users}
+}
+
+// Get wraps a StorageBackend.Get and calls SetStorage on the auther.
+func (s *Storage) Get(t settings.AuthMethod) (Auther, error) {
+	auther, err := s.back.Get(t)
+	if err != nil {
+		return nil, err
+	}
+
+	auther.SetStorage(s.users)
+	return auther, nil
+}
+
+// Save wraps a StorageBackend.Save.
+func (s *Storage) Save(a Auther) error {
+	return s.back.Save(a)
+}