feat: filebrowser with encfs

2024-09-03 00:26:36 +08:00
parent 14024c56a3
commit b0b9f70129
330 changed files with 44745 additions and 87 deletions
--- a/http/public.go
+++ b/http/public.go
@@ -0,0 +1,148 @@
+package http
+
+import (
+	"errors"
+	"net/http"
+	"net/url"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/afero"
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/filebrowser/filebrowser/v2/files"
+	"github.com/filebrowser/filebrowser/v2/share"
+)
+
+var withHashFile = func(fn handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
+		id, ifPath := ifPathWithName(r)
+		link, err := d.store.Share.GetByHash(id)
+		if err != nil {
+			return errToStatus(err), err
+		}
+
+		status, err := authenticateShareRequest(r, link)
+		if status != 0 || err != nil {
+			return status, err
+		}
+
+		user, err := d.store.Users.Get(d.server.Root, link.UserID)
+		if err != nil {
+			return errToStatus(err), err
+		}
+
+		d.user = user
+
+		file, err := files.NewFileInfo(&files.FileOptions{
+			Fs:         d.user.Fs,
+			Path:       link.Path,
+			Modify:     d.user.Perm.Modify,
+			Expand:     false,
+			ReadHeader: d.server.TypeDetectionByHeader,
+			Checker:    d,
+			Token:      link.Token,
+		})
+		if err != nil {
+			return errToStatus(err), err
+		}
+
+		// share base path
+		basePath := link.Path
+
+		// file relative path
+		filePath := ""
+
+		if file.IsDir {
+			basePath = filepath.Dir(basePath)
+			filePath = ifPath
+		}
+
+		// set fs root to the shared file/folder
+		d.user.Fs = afero.NewBasePathFs(d.user.Fs, basePath)
+
+		file, err = files.NewFileInfo(&files.FileOptions{
+			Fs:      d.user.Fs,
+			Path:    filePath,
+			Modify:  d.user.Perm.Modify,
+			Expand:  true,
+			Checker: d,
+			Token:   link.Token,
+		})
+		if err != nil {
+			return errToStatus(err), err
+		}
+
+		d.raw = file
+		return fn(w, r, d)
+	}
+}
+
+// ref to https://github.com/filebrowser/filebrowser/pull/727
+// `/api/public/dl/MEEuZK-v/file-name.txt` for old browsers to save file with correct name
+func ifPathWithName(r *http.Request) (id, filePath string) {
+	pathElements := strings.Split(r.URL.Path, "/")
+	// prevent maliciously constructed parameters like `/api/public/dl/XZzCDnK2_not_exists_hash_name`
+	// len(pathElements) will be 1, and golang will panic `runtime error: index out of range`
+
+	switch len(pathElements) {
+	case 1:
+		return r.URL.Path, "/"
+	default:
+		return pathElements[0], path.Join("/", path.Join(pathElements[1:]...))
+	}
+}
+
+var publicShareHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
+	file := d.raw.(*files.FileInfo)
+
+	if file.IsDir {
+		file.Listing.Sorting = files.Sorting{By: "name", Asc: false}
+		file.Listing.ApplySort()
+		return renderJSON(w, r, file)
+	}
+
+	return renderJSON(w, r, file)
+})
+
+var publicDlHandler = withHashFile(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
+	file := d.raw.(*files.FileInfo)
+	if !file.IsDir {
+		return rawFileHandler(w, r, file)
+	}
+
+	return rawDirHandler(w, r, d, file)
+})
+
+func authenticateShareRequest(r *http.Request, l *share.Link) (int, error) {
+	if l.PasswordHash == "" {
+		return 0, nil
+	}
+
+	if r.URL.Query().Get("token") == l.Token {
+		return 0, nil
+	}
+
+	password := r.Header.Get("X-SHARE-PASSWORD")
+	password, err := url.QueryUnescape(password)
+	if err != nil {
+		return 0, err
+	}
+	if password == "" {
+		return http.StatusUnauthorized, nil
+	}
+	if err := bcrypt.CompareHashAndPassword([]byte(l.PasswordHash), []byte(password)); err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return http.StatusUnauthorized, nil
+		}
+		return 0, err
+	}
+
+	return 0, nil
+}
+
+func healthHandler(w http.ResponseWriter, _ *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	_, _ = w.Write([]byte(`{"status":"OK"}`))
+}