2019-01-06 06:44:33 +08:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
2021-03-10 23:14:01 +08:00
|
|
|
"context"
|
2024-04-02 00:24:06 +08:00
|
|
|
"errors"
|
2019-01-06 06:44:33 +08:00
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"os"
|
2020-11-03 20:30:56 +08:00
|
|
|
"path"
|
2020-06-17 03:56:44 +08:00
|
|
|
"path/filepath"
|
2019-01-06 06:44:33 +08:00
|
|
|
"strings"
|
|
|
|
|
2022-06-02 18:52:24 +08:00
|
|
|
"github.com/shirou/gopsutil/v3/disk"
|
2020-07-21 01:38:43 +08:00
|
|
|
"github.com/spf13/afero"
|
|
|
|
|
2024-04-02 00:24:06 +08:00
|
|
|
fbErrors "github.com/filebrowser/filebrowser/v2/errors"
|
2020-06-06 23:45:51 +08:00
|
|
|
"github.com/filebrowser/filebrowser/v2/files"
|
2019-01-06 06:44:33 +08:00
|
|
|
"github.com/filebrowser/filebrowser/v2/fileutils"
|
|
|
|
)
|
|
|
|
|
|
|
|
var resourceGetHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2024-04-02 00:24:06 +08:00
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
2021-01-07 18:30:17 +08:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: r.URL.Path,
|
|
|
|
Modify: d.user.Perm.Modify,
|
|
|
|
Expand: true,
|
|
|
|
ReadHeader: d.server.TypeDetectionByHeader,
|
|
|
|
Checker: d,
|
2021-04-23 20:04:02 +08:00
|
|
|
Content: true,
|
2019-01-06 06:44:33 +08:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
if file.IsDir {
|
|
|
|
file.Listing.Sorting = d.user.Sorting
|
|
|
|
file.Listing.ApplySort()
|
|
|
|
return renderJSON(w, r, file)
|
|
|
|
}
|
|
|
|
|
|
|
|
if checksum := r.URL.Query().Get("checksum"); checksum != "" {
|
|
|
|
err := file.Checksum(checksum)
|
2024-04-02 00:24:06 +08:00
|
|
|
if errors.Is(err, fbErrors.ErrInvalidOption) {
|
2019-01-06 06:44:33 +08:00
|
|
|
return http.StatusBadRequest, nil
|
|
|
|
} else if err != nil {
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// do not waste bandwidth if we just want the checksum
|
|
|
|
file.Content = ""
|
|
|
|
}
|
|
|
|
|
|
|
|
return renderJSON(w, r, file)
|
|
|
|
})
|
|
|
|
|
2020-07-28 17:57:26 +08:00
|
|
|
func resourceDeleteHandler(fileCache FileCache) handleFunc {
|
2024-04-02 00:24:06 +08:00
|
|
|
return withUser(func(_ http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2020-07-28 17:57:26 +08:00
|
|
|
if r.URL.Path == "/" || !d.user.Perm.Delete {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2024-04-02 00:24:06 +08:00
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
2021-01-07 18:30:17 +08:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: r.URL.Path,
|
|
|
|
Modify: d.user.Perm.Modify,
|
2021-04-23 20:04:02 +08:00
|
|
|
Expand: false,
|
2021-01-07 18:30:17 +08:00
|
|
|
ReadHeader: d.server.TypeDetectionByHeader,
|
|
|
|
Checker: d,
|
2020-07-28 17:57:26 +08:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2020-07-28 17:57:26 +08:00
|
|
|
// delete thumbnails
|
2021-03-10 23:14:01 +08:00
|
|
|
err = delThumbs(r.Context(), fileCache, file)
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
2020-07-28 17:57:26 +08:00
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2022-05-04 04:48:45 +08:00
|
|
|
err = d.RunHook(func() error {
|
2020-07-28 17:57:26 +08:00
|
|
|
return d.user.Fs.RemoveAll(r.URL.Path)
|
|
|
|
}, "delete", r.URL.Path, "", d.user)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
|
2024-04-25 07:23:44 +08:00
|
|
|
return http.StatusNoContent, nil
|
2020-07-28 17:57:26 +08:00
|
|
|
})
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
func resourcePostHandler(fileCache FileCache) handleFunc {
|
|
|
|
return withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2021-03-11 01:38:11 +08:00
|
|
|
if !d.user.Perm.Create || !d.Check(r.URL.Path) {
|
2021-03-10 23:14:01 +08:00
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
// Directories creation on POST.
|
|
|
|
if strings.HasSuffix(r.URL.Path, "/") {
|
2024-01-30 17:12:38 +08:00
|
|
|
err := d.user.Fs.MkdirAll(r.URL.Path, files.PermDir)
|
2021-03-10 23:14:01 +08:00
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2024-04-02 00:24:06 +08:00
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
2021-03-10 23:14:01 +08:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: r.URL.Path,
|
|
|
|
Modify: d.user.Perm.Modify,
|
2021-04-23 20:04:02 +08:00
|
|
|
Expand: false,
|
2021-03-10 23:14:01 +08:00
|
|
|
ReadHeader: d.server.TypeDetectionByHeader,
|
|
|
|
Checker: d,
|
|
|
|
})
|
|
|
|
if err == nil {
|
|
|
|
if r.URL.Query().Get("override") != "true" {
|
|
|
|
return http.StatusConflict, nil
|
|
|
|
}
|
|
|
|
|
2021-03-26 21:30:14 +08:00
|
|
|
// Permission for overwriting the file
|
|
|
|
if !d.user.Perm.Modify {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
err = delThumbs(r.Context(), fileCache, file)
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
}
|
|
|
|
|
2022-05-04 04:48:45 +08:00
|
|
|
err = d.RunHook(func() error {
|
2021-03-23 21:13:46 +08:00
|
|
|
info, writeErr := writeFile(d.user.Fs, r.URL.Path, r.Body)
|
|
|
|
if writeErr != nil {
|
|
|
|
return writeErr
|
|
|
|
}
|
2021-03-10 21:32:11 +08:00
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
etag := fmt.Sprintf(`"%x%x"`, info.ModTime().UnixNano(), info.Size())
|
|
|
|
w.Header().Set("ETag", etag)
|
|
|
|
return nil
|
|
|
|
}, "upload", r.URL.Path, "", d.user)
|
2021-03-10 21:32:11 +08:00
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
if err != nil {
|
|
|
|
_ = d.user.Fs.RemoveAll(r.URL.Path)
|
|
|
|
}
|
2020-01-16 22:25:35 +08:00
|
|
|
|
2021-03-10 23:14:01 +08:00
|
|
|
return errToStatus(err), err
|
|
|
|
})
|
|
|
|
}
|
2020-06-17 03:56:44 +08:00
|
|
|
|
2021-03-10 21:32:11 +08:00
|
|
|
var resourcePutHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2021-03-11 01:38:11 +08:00
|
|
|
if !d.user.Perm.Modify || !d.Check(r.URL.Path) {
|
2021-03-10 21:32:11 +08:00
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
2021-03-10 21:32:11 +08:00
|
|
|
// Only allow PUT for files.
|
|
|
|
if strings.HasSuffix(r.URL.Path, "/") {
|
|
|
|
return http.StatusMethodNotAllowed, nil
|
|
|
|
}
|
|
|
|
|
2021-07-24 21:16:09 +08:00
|
|
|
exists, err := afero.Exists(d.user.Fs, r.URL.Path)
|
|
|
|
if err != nil {
|
|
|
|
return http.StatusInternalServerError, err
|
|
|
|
}
|
|
|
|
if !exists {
|
|
|
|
return http.StatusNotFound, nil
|
|
|
|
}
|
|
|
|
|
2022-05-04 04:48:45 +08:00
|
|
|
err = d.RunHook(func() error {
|
2021-03-23 21:13:46 +08:00
|
|
|
info, writeErr := writeFile(d.user.Fs, r.URL.Path, r.Body)
|
|
|
|
if writeErr != nil {
|
|
|
|
return writeErr
|
|
|
|
}
|
2019-01-06 06:44:33 +08:00
|
|
|
|
|
|
|
etag := fmt.Sprintf(`"%x%x"`, info.ModTime().UnixNano(), info.Size())
|
|
|
|
w.Header().Set("ETag", etag)
|
|
|
|
return nil
|
2021-03-10 21:32:11 +08:00
|
|
|
}, "save", r.URL.Path, "", d.user)
|
2019-01-06 06:44:33 +08:00
|
|
|
|
|
|
|
return errToStatus(err), err
|
|
|
|
})
|
|
|
|
|
2021-04-14 23:20:38 +08:00
|
|
|
func resourcePatchHandler(fileCache FileCache) handleFunc {
|
2024-04-02 00:24:06 +08:00
|
|
|
return withUser(func(_ http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2021-04-14 23:20:38 +08:00
|
|
|
src := r.URL.Path
|
|
|
|
dst := r.URL.Query().Get("destination")
|
|
|
|
action := r.URL.Query().Get("action")
|
|
|
|
dst, err := url.QueryUnescape(dst)
|
|
|
|
if !d.Check(src) || !d.Check(dst) {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
if dst == "/" || src == "/" {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
2021-04-16 20:04:06 +08:00
|
|
|
|
|
|
|
err = checkParent(src, dst)
|
|
|
|
if err != nil {
|
2021-04-14 23:20:38 +08:00
|
|
|
return http.StatusBadRequest, err
|
2020-07-15 23:12:13 +08:00
|
|
|
}
|
2021-03-26 21:30:14 +08:00
|
|
|
|
2021-04-14 23:20:38 +08:00
|
|
|
override := r.URL.Query().Get("override") == "true"
|
|
|
|
rename := r.URL.Query().Get("rename") == "true"
|
|
|
|
if !override && !rename {
|
|
|
|
if _, err = d.user.Fs.Stat(dst); err == nil {
|
|
|
|
return http.StatusConflict, nil
|
2020-06-06 23:45:51 +08:00
|
|
|
}
|
2021-04-14 23:20:38 +08:00
|
|
|
}
|
|
|
|
if rename {
|
|
|
|
dst = addVersionSuffix(dst, d.user.Fs)
|
|
|
|
}
|
2020-07-21 01:38:43 +08:00
|
|
|
|
2021-04-14 23:20:38 +08:00
|
|
|
// Permission for overwriting the file
|
|
|
|
if override && !d.user.Perm.Modify {
|
|
|
|
return http.StatusForbidden, nil
|
|
|
|
}
|
2020-07-21 01:38:43 +08:00
|
|
|
|
2022-05-04 04:48:45 +08:00
|
|
|
err = d.RunHook(func() error {
|
2021-04-16 20:04:06 +08:00
|
|
|
return patchAction(r.Context(), action, src, dst, d, fileCache)
|
2021-04-14 23:20:38 +08:00
|
|
|
}, action, src, dst, d.user)
|
|
|
|
|
|
|
|
return errToStatus(err), err
|
|
|
|
})
|
|
|
|
}
|
2020-07-21 01:38:43 +08:00
|
|
|
|
|
|
|
func checkParent(src, dst string) error {
|
|
|
|
rel, err := filepath.Rel(src, dst)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
rel = filepath.ToSlash(rel)
|
|
|
|
if !strings.HasPrefix(rel, "../") && rel != ".." && rel != "." {
|
2024-04-02 00:24:06 +08:00
|
|
|
return fbErrors.ErrSourceIsParent
|
2020-07-21 01:38:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-11-03 20:30:56 +08:00
|
|
|
func addVersionSuffix(source string, fs afero.Fs) string {
|
2020-07-21 01:38:43 +08:00
|
|
|
counter := 1
|
2020-11-03 20:30:56 +08:00
|
|
|
dir, name := path.Split(source)
|
2020-07-21 01:38:43 +08:00
|
|
|
ext := filepath.Ext(name)
|
|
|
|
base := strings.TrimSuffix(name, ext)
|
|
|
|
|
|
|
|
for {
|
2020-11-03 20:30:56 +08:00
|
|
|
if _, err := fs.Stat(source); err != nil {
|
2020-07-21 01:38:43 +08:00
|
|
|
break
|
|
|
|
}
|
|
|
|
renamed := fmt.Sprintf("%s(%d)%s", base, counter, ext)
|
2020-11-03 20:30:56 +08:00
|
|
|
source = path.Join(dir, renamed)
|
2020-07-21 01:38:43 +08:00
|
|
|
counter++
|
|
|
|
}
|
|
|
|
|
2020-11-03 20:30:56 +08:00
|
|
|
return source
|
2020-07-21 01:38:43 +08:00
|
|
|
}
|
2021-03-10 21:32:11 +08:00
|
|
|
|
|
|
|
func writeFile(fs afero.Fs, dst string, in io.Reader) (os.FileInfo, error) {
|
|
|
|
dir, _ := path.Split(dst)
|
2024-01-30 17:12:38 +08:00
|
|
|
err := fs.MkdirAll(dir, files.PermDir)
|
2021-03-10 21:32:11 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-01-30 17:12:38 +08:00
|
|
|
file, err := fs.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, files.PermFile)
|
2021-03-10 21:32:11 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
_, err = io.Copy(file, in)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Gets the info about the file.
|
|
|
|
info, err := file.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return info, nil
|
|
|
|
}
|
2021-03-10 23:14:01 +08:00
|
|
|
|
|
|
|
func delThumbs(ctx context.Context, fileCache FileCache, file *files.FileInfo) error {
|
|
|
|
for _, previewSizeName := range PreviewSizeNames() {
|
|
|
|
size, _ := ParsePreviewSize(previewSizeName)
|
2022-02-22 02:59:22 +08:00
|
|
|
if err := fileCache.Delete(ctx, previewCacheKey(file, size)); err != nil {
|
2021-03-10 23:14:01 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2021-04-16 20:04:06 +08:00
|
|
|
|
|
|
|
func patchAction(ctx context.Context, action, src, dst string, d *data, fileCache FileCache) error {
|
|
|
|
switch action {
|
|
|
|
case "copy":
|
|
|
|
if !d.user.Perm.Create {
|
2024-04-02 00:24:06 +08:00
|
|
|
return fbErrors.ErrPermissionDenied
|
2021-04-16 20:04:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return fileutils.Copy(d.user.Fs, src, dst)
|
|
|
|
case "rename":
|
|
|
|
if !d.user.Perm.Rename {
|
2024-04-02 00:24:06 +08:00
|
|
|
return fbErrors.ErrPermissionDenied
|
2021-04-16 20:04:06 +08:00
|
|
|
}
|
|
|
|
src = path.Clean("/" + src)
|
|
|
|
dst = path.Clean("/" + dst)
|
|
|
|
|
2024-04-02 00:24:06 +08:00
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
2021-04-16 20:04:06 +08:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: src,
|
|
|
|
Modify: d.user.Perm.Modify,
|
|
|
|
Expand: false,
|
|
|
|
ReadHeader: false,
|
|
|
|
Checker: d,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// delete thumbnails
|
|
|
|
err = delThumbs(ctx, fileCache, file)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return fileutils.MoveFile(d.user.Fs, src, dst)
|
|
|
|
default:
|
2024-04-02 00:24:06 +08:00
|
|
|
return fmt.Errorf("unsupported action %s: %w", action, fbErrors.ErrInvalidRequestParams)
|
2021-04-16 20:04:06 +08:00
|
|
|
}
|
|
|
|
}
|
2022-06-02 18:52:24 +08:00
|
|
|
|
|
|
|
type DiskUsageResponse struct {
|
|
|
|
Total uint64 `json:"total"`
|
|
|
|
Used uint64 `json:"used"`
|
|
|
|
}
|
|
|
|
|
|
|
|
var diskUsage = withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
2024-04-02 00:24:06 +08:00
|
|
|
file, err := files.NewFileInfo(&files.FileOptions{
|
2022-06-02 18:52:24 +08:00
|
|
|
Fs: d.user.Fs,
|
|
|
|
Path: r.URL.Path,
|
|
|
|
Modify: d.user.Perm.Modify,
|
|
|
|
Expand: false,
|
|
|
|
ReadHeader: false,
|
|
|
|
Checker: d,
|
|
|
|
Content: false,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
fPath := file.RealPath()
|
2022-06-13 18:50:39 +08:00
|
|
|
if !file.IsDir {
|
|
|
|
return renderJSON(w, r, &DiskUsageResponse{
|
|
|
|
Total: 0,
|
|
|
|
Used: 0,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-06-02 18:52:24 +08:00
|
|
|
usage, err := disk.UsageWithContext(r.Context(), fPath)
|
|
|
|
if err != nil {
|
|
|
|
return errToStatus(err), err
|
|
|
|
}
|
|
|
|
return renderJSON(w, r, &DiskUsageResponse{
|
|
|
|
Total: usage.Total,
|
|
|
|
Used: usage.Used,
|
|
|
|
})
|
|
|
|
})
|