Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

webdav: remove the username path prefix

Browse Source 
so we have the same URIs for all protocols

Fixes #293
This commit is contained in:
Nicola Murino
2021-02-04 07:12:04 +01:00
parent fc9082c422
commit ce731020a7
2 changed files with 11 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
webdavd/server.go
View File

@@ -27,7 +27,6 @@ import (
var (
err401 = errors.New("Unauthorized")
err403 = errors.New("Forbidden")
xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
xRealIP = http.CanonicalHeaderKey("X-Real-IP")
)
@@ -105,11 +104,11 @@ func (s *webDavServer) verifyTLSConnection(state tls.ConnectionState) error {
return nil
}
// returns true if a response was sent
func (s *webDavServer) checkRequestMethod(ctx context.Context, r *http.Request, connection *Connection, prefix string) bool {
// returns true if we have to handle a HEAD response, for a directory, ourself
func (s *webDavServer) checkRequestMethod(ctx context.Context, r *http.Request, connection *Connection) bool {
// see RFC4918, section 9.4
if r.Method == http.MethodGet || r.Method == http.MethodHead {
p := strings.TrimPrefix(path.Clean(r.URL.Path), prefix)
p := path.Clean(r.URL.Path)
info, err := connection.Stat(ctx, p)
if err == nil && info.IsDir() {
if r.Method == http.MethodHead {
@@ -154,11 +153,6 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
if path.Clean(r.URL.Path) == "/" && (r.Method == http.MethodGet || r.Method == "PROPFIND" || r.Method == http.MethodOptions) {
http.Redirect(w, r, path.Join("/", user.Username), http.StatusMovedPermanently)
return
}
connectionID, err := s.validateUser(&user, r)
if err != nil {
updateLoginMetrics(&user, ipAddr, err)
@@ -187,8 +181,7 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
dataprovider.UpdateLastLogin(user) //nolint:errcheck
prefix := path.Join("/", user.Username)
if s.checkRequestMethod(ctx, r, connection, prefix) {
if s.checkRequestMethod(ctx, r, connection) {
w.Header().Set("Content-Type", "text/xml; charset=utf-8")
w.WriteHeader(http.StatusMultiStatus)
w.Write([]byte("")) //nolint:errcheck
@@ -196,7 +189,6 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
handler := webdav.Handler{
Prefix: prefix,
FileSystem: connection,
LockSystem: lockSystem,
Logger: writeLog,
@@ -257,12 +249,6 @@ func (s *webDavServer) validateUser(user *dataprovider.User, r *http.Request) (s
connID := xid.New().String()
connectionID := fmt.Sprintf("%v_%v", common.ProtocolWebDAV, connID)
uriSegments := strings.Split(path.Clean(r.URL.Path), "/")
if len(uriSegments) < 2 || uriSegments[1] != user.Username {
logger.Debug(logSender, connectionID, "URI %#v not allowed for user %#v", r.URL.Path, user.Username)
return connID, err403
}
if !filepath.IsAbs(user.HomeDir) {
logger.Warn(logSender, connectionID, "user %#v has an invalid home dir: %#v. Home dir must be an absolute path, login not allowed",
user.Username, user.HomeDir)