ProfouzorsLinx/fileserve.go

package main

import (
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"time"

	"github.com/andreimarcu/linx-server/backends"
	"github.com/andreimarcu/linx-server/expiry"
	"github.com/andreimarcu/linx-server/httputil"
	"github.com/zenazn/goji/web"
)

func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) {
	fileName := c.URLParams["name"]

	metadata, err := checkFile(fileName)
	if err == backends.NotFoundErr {
		notFoundHandler(c, w, r)
		return
	} else if err != nil {
		oopsHandler(c, w, r, RespAUTO, "Corrupt metadata.")
		return
	}

	if !Config.allowHotlink {
		referer := r.Header.Get("Referer")
		u, _ := url.Parse(referer)
		p, _ := url.Parse(getSiteURL(r))
		if referer != "" && !sameOrigin(u, p) {
			http.Redirect(w, r, Config.sitePath+fileName, 303)
			return
		}
	}

	w.Header().Set("Content-Security-Policy", Config.fileContentSecurityPolicy)
	w.Header().Set("Referrer-Policy", Config.fileReferrerPolicy)

	w.Header().Set("Content-Type", metadata.Mimetype)
	w.Header().Set("Content-Length", strconv.FormatInt(metadata.Size, 10))
	w.Header().Set("Etag", fmt.Sprintf("\"%s\"", metadata.Sha256sum))
	w.Header().Set("Cache-Control", "public, no-cache")

	modtime := time.Unix(0, 0)
	if done := httputil.CheckPreconditions(w, r, modtime); done == true {
		return
	}

	if r.Method != "HEAD" {
		_, reader, err := storageBackend.Get(fileName)
		if err != nil {
			oopsHandler(c, w, r, RespAUTO, "Unable to open file.")
			return
		}
		defer reader.Close()

		if _, err = io.CopyN(w, reader, metadata.Size); err != nil {
			oopsHandler(c, w, r, RespAUTO, err.Error())
		}
	}
}

func staticHandler(c web.C, w http.ResponseWriter, r *http.Request) {
	path := r.URL.Path
	if path[len(path)-1:] == "/" {
		notFoundHandler(c, w, r)
		return
	} else {
		if path == "/favicon.ico" {
			path = Config.sitePath + "/static/images/favicon.gif"
		}

		filePath := strings.TrimPrefix(path, Config.sitePath+"static/")
		file, err := staticBox.Open(filePath)
		if err != nil {
			notFoundHandler(c, w, r)
			return
		}

		w.Header().Set("Etag", fmt.Sprintf("\"%s\"", timeStartedStr))
		w.Header().Set("Cache-Control", "public, max-age=86400")
		http.ServeContent(w, r, filePath, timeStarted, file)
		return
	}
}

func checkFile(filename string) (metadata backends.Metadata, err error) {
	metadata, err = storageBackend.Head(filename)
	if err != nil {
		return
	}

	if expiry.IsTsExpired(metadata.Expiry) {
		storageBackend.Delete(filename)
		err = backends.NotFoundErr
		return
	}

	return
}
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`package main`

			`import (`
Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`"fmt"`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`"io"`
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`"net/http"`
do a proper same-origin check String prefix matching is hacky and provides insufficient checking if it does not end with a /. 2015-10-14 04:52:55 +02:00			`"net/url"`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`"strconv"`
Implement hotlink protection 2015-09-30 01:28:10 +02:00			`"strings"`
Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`"time"`
this file might be useful to add here 2015-09-25 01:58:50 +02:00
Add linx-cleanup tool This doesn't completely fix #116, but it makes setting up a cron job to do cleanup much more pleasant. 2017-05-02 06:25:56 +02:00			`"github.com/andreimarcu/linx-server/backends"`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`"github.com/andreimarcu/linx-server/expiry"`
Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`"github.com/andreimarcu/linx-server/httputil"`
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`"github.com/zenazn/goji/web"`
			`)`

			`func fileServeHandler(c web.C, w http.ResponseWriter, r *http.Request) {`
Add basic video support Additionally use filePath instead of absPath, and fileName instead of filename. 2015-09-25 04:20:44 +02:00			`fileName := c.URLParams["name"]`
this file might be useful to add here 2015-09-25 01:58:50 +02:00
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`metadata, err := checkFile(fileName)`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`if err == backends.NotFoundErr {`
Performance improvements, custom 404+500, -nologs, PUT uploads fix 2015-09-25 18:00:14 +02:00			`notFoundHandler(c, w, r)`
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`return`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`} else if err != nil {`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`oopsHandler(c, w, r, RespAUTO, "Corrupt metadata.")`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`return`
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`}`

Implement hotlink protection 2015-09-30 01:28:10 +02:00			`if !Config.allowHotlink {`
			`referer := r.Header.Get("Referer")`
do a proper same-origin check String prefix matching is hacky and provides insufficient checking if it does not end with a /. 2015-10-14 04:52:55 +02:00			`u, _ := url.Parse(referer)`
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before. 2016-06-04 10:22:01 +02:00			`p, _ := url.Parse(getSiteURL(r))`
do a proper same-origin check String prefix matching is hacky and provides insufficient checking if it does not end with a /. 2015-10-14 04:52:55 +02:00			`if referer != "" && !sameOrigin(u, p) {`
Redirect hotlink instead of 403. Fixes #69 2015-11-12 06:56:22 +01:00			`http.Redirect(w, r, Config.sitePath+fileName, 303)`
Implement hotlink protection 2015-09-30 01:28:10 +02:00			`return`
			`}`
			`}`

add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware. 2015-10-04 23:58:00 +02:00			`w.Header().Set("Content-Security-Policy", Config.fileContentSecurityPolicy)`
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags. 2019-01-08 20:56:09 +01:00			`w.Header().Set("Referrer-Policy", Config.fileReferrerPolicy)`
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware. 2015-10-04 23:58:00 +02:00
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`w.Header().Set("Content-Type", metadata.Mimetype)`
			`w.Header().Set("Content-Length", strconv.FormatInt(metadata.Size, 10))`
Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`w.Header().Set("Etag", fmt.Sprintf("\"%s\"", metadata.Sha256sum))`
			`w.Header().Set("Cache-Control", "public, no-cache")`

			`modtime := time.Unix(0, 0)`
			`if done := httputil.CheckPreconditions(w, r, modtime); done == true {`
			`return`
			`}`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`if r.Method != "HEAD" {`
Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`_, reader, err := storageBackend.Get(fileName)`
			`if err != nil {`
			`oopsHandler(c, w, r, RespAUTO, "Unable to open file.")`
			`return`
			`}`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`defer reader.Close()`

			`if _, err = io.CopyN(w, reader, metadata.Size); err != nil {`
			`oopsHandler(c, w, r, RespAUTO, err.Error())`
			`}`
			`}`
upload expiry/barename respect, random fixes 2015-09-28 06:25:57 +02:00			`}`
Add preliminary metadata support 2015-09-28 04:17:12 +02:00
Fix static directory listing recursion 2015-09-30 21:54:30 +02:00			`func staticHandler(c web.C, w http.ResponseWriter, r *http.Request) {`
			`path := r.URL.Path`
			`if path[len(path)-1:] == "/" {`
			`notFoundHandler(c, w, r)`
			`return`
			`} else {`
Add /favicon.ico route 2015-10-04 18:58:30 +02:00			`if path == "/favicon.ico" {`
Allow for non-/ deployments. Fixes #61 2015-10-30 23:36:47 +01:00			`path = Config.sitePath + "/static/images/favicon.gif"`
Add /favicon.ico route 2015-10-04 18:58:30 +02:00			`}`

Allow for non-/ deployments. Fixes #61 2015-10-30 23:36:47 +01:00			`filePath := strings.TrimPrefix(path, Config.sitePath+"static/")`
Removed unnecessary duplicate static caching 2015-10-14 20:58:27 +02:00			`file, err := staticBox.Open(filePath)`
			`if err != nil {`
			`notFoundHandler(c, w, r)`
			`return`
Fix static directory listing recursion 2015-09-30 21:54:30 +02:00			`}`

Add support for conditional requests (#162) This change pulls in some code copied from net/http's fs.go so that we can support If-Match/If-None-Match requests. This will make it easy to put a caching proxy in front of linx-server instances. Request validation will still happen as long as the proxy can contact the origin, so expiration and deletion will still work as expected under normal circumstances. 2019-01-31 07:52:43 +01:00			`w.Header().Set("Etag", fmt.Sprintf("\"%s\"", timeStartedStr))`
			`w.Header().Set("Cache-Control", "public, max-age=86400")`
Removed unnecessary duplicate static caching 2015-10-14 20:58:27 +02:00			`http.ServeContent(w, r, filePath, timeStarted, file)`
Fix static directory listing recursion 2015-09-30 21:54:30 +02:00			`return`
			`}`
			`}`

Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`func checkFile(filename string) (metadata backends.Metadata, err error) {`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`metadata, err = storageBackend.Head(filename)`
Metadata holds mimetype, sha256sum, archiveFiles 2015-10-08 04:45:34 +02:00			`if err != nil {`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`return`
Add preliminary metadata support 2015-09-28 04:17:12 +02:00			`}`
this file might be useful to add here 2015-09-25 01:58:50 +02:00
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`if expiry.IsTsExpired(metadata.Expiry) {`
Add S3 backend (#156) 2019-01-25 08:33:11 +01:00			`storageBackend.Delete(filename)`
			`err = backends.NotFoundErr`
Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`return`
upload expiry/barename respect, random fixes 2015-09-28 06:25:57 +02:00			`}`

Add file ETag support (fix #138) (#152) 2019-01-09 05:28:01 +01:00			`return`
this file might be useful to add here 2015-09-25 01:58:50 +02:00			`}`