Merge branch 'prefix'

assets/index.html

@@ -6,14 +6,14 @@
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
   <meta name="theme-color" content="#000000">  
   <title>[[.Title]]</title>
-  <link rel="shortcut icon" type="image/png" href="/-/assets/favicon.png" />
-  <link rel="stylesheet" type="text/css" href="/-/assets/bootstrap-3.3.5/css/bootstrap.min.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/font-awesome-4.6.3/css/font-awesome.min.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/css/github-markdown.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/css/dropzone.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/css/scrollUp-image.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/css/style.css">
-  <link rel="stylesheet" type="text/css" href="/-/assets/themes/[[.Theme]].css">
+  <link rel="shortcut icon" type="image/png" href="[[.Prefix]]/-/assets/favicon.png" />
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/bootstrap-3.3.5/css/bootstrap.min.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/font-awesome-4.6.3/css/font-awesome.min.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/css/github-markdown.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/css/dropzone.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/css/scrollUp-image.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/css/style.css">
+  <link rel="stylesheet" type="text/css" href="[[.Prefix]]/-/assets/themes/[[.Theme]].css">
 </head>
 
 <body id="app">
@@ -27,7 +27,7 @@
             <span class="icon-bar"></span>
             <span class="icon-bar"></span>
           </button>
-          <a class="navbar-brand" href="/">[[.Title]]</a>
+          <a class="navbar-brand" href="[[.Prefix]]/">[[.Title]]</a>
         </div>
         <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-2">
           <ul class="nav navbar-nav">
@@ -261,19 +261,22 @@ <h4 class="modal-title">
       </div>
     </div>
   </div>
-  <script src="/-/assets/js/jquery-3.1.0.min.js"></script>
-  <script src="/-/assets/js/jquery.qrcode.js"></script>
-  <script src="/-/assets/js/jquery.scrollUp.min.js"></script>
-  <script src="/-/assets/js/qrcode.js"></script>
-  <script src="/-/assets/js/vue-1.0.min.js"></script>
-  <script src="/-/assets/js/showdown-1.6.4.min.js"></script>
-  <script src="/-/assets/js/moment.min.js"></script>
-  <script src="/-/assets/js/dropzone.js"></script>
-  <script src="/-/assets/js/underscore-min.js"></script>
-  <script src="/-/assets/js/clipboard-1.5.12.min.js"></script>
-  <script src="/-/assets/bootstrap-3.3.5/js/bootstrap.min.js"></script>
-  <script src='/-/assets/[["js/index.js" | urlhash ]]'></script>
-  <!-- <script src="/-/assets/js/index.js"></script> -->
+  <script>
+    window.URL_PFEFIX = "[[.Prefix]]"
+  </script>
+  <script src="[[.Prefix]]/-/assets/js/jquery-3.1.0.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/jquery.qrcode.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/jquery.scrollUp.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/qrcode.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/vue-1.0.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/showdown-1.6.4.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/moment.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/dropzone.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/underscore-min.js"></script>
+  <script src="[[.Prefix]]/-/assets/js/clipboard-1.5.12.min.js"></script>
+  <script src="[[.Prefix]]/-/assets/bootstrap-3.3.5/js/bootstrap.min.js"></script>
+  <script src='[[.Prefix]]/-/assets/[["js/index.js" | urlhash ]]'></script>
+  <!-- <script src="[[.Prefix]]/-/assets/js/index.js"></script> -->
   <!--Sync status bar color with border-color on mobile platforms.-->
   <script>
     var META = document.getElementsByTagName("meta");

assets/js/index.js

@@ -434,7 +434,7 @@ $(function () {
   loadFileList(location.pathname + location.search)
 
   // update version
-  $.getJSON("/-/sysinfo", function (res) {
+  $.getJSON(URL_PREFIX + "/-/sysinfo", function (res) {
     vm.version = res.version;
   })
 

httpstaticserver.go

@@ -44,6 +44,7 @@ type IndexFileItem struct {
 
 type HTTPStaticServer struct {
 	Root            string
+	Prefix          string
 	Upload          bool
 	Delete          bool
 	Title           string
@@ -58,10 +59,11 @@ type HTTPStaticServer struct {
 }
 
 func NewHTTPStaticServer(root string) *HTTPStaticServer {
-	if root == "" {
-		root = "./"
-	}
-	root = filepath.ToSlash(root)
+	// if root == "" {
+	// 	root = "./"
+	// }
+	// root = filepath.ToSlash(root)
+	root = filepath.ToSlash(filepath.Clean(root))
 	if !strings.HasSuffix(root, "/") {
 		root = root + "/"
 	}
@@ -102,9 +104,24 @@ func (s *HTTPStaticServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	s.m.ServeHTTP(w, r)
 }
 
+// Return real path with Seperator(/)
+func (s *HTTPStaticServer) getRealPath(r *http.Request) string {
+	path := mux.Vars(r)["path"]
+	if !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+	path = filepath.Clean(path) // prevent .. for safe issues
+	relativePath, err := filepath.Rel(s.Prefix, path)
+	if err != nil {
+		relativePath = path
+	}
+	realPath := filepath.Join(s.Root, relativePath)
+	return filepath.ToSlash(realPath)
+}
+
 func (s *HTTPStaticServer) hIndex(w http.ResponseWriter, r *http.Request) {
 	path := mux.Vars(r)["path"]
-	relPath := filepath.Join(s.Root, path)
+	realPath := s.getRealPath(r)
 	if r.FormValue("json") == "true" {
 		s.hJSONList(w, r)
 		return
@@ -120,15 +137,15 @@ func (s *HTTPStaticServer) hIndex(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	log.Println("GET", path, relPath)
-	if r.FormValue("raw") == "false" || isDir(relPath) {
+	log.Println("GET", path, realPath)
+	if r.FormValue("raw") == "false" || isDir(realPath) {
 		if r.Method == "HEAD" {
 			return
 		}
 		renderHTML(w, "index.html", s)
 	} else {
 		if filepath.Base(path) == YAMLCONF {
-			auth := s.readAccessConf(path)
+			auth := s.readAccessConf(realPath)
 			if !auth.Delete {
 				http.Error(w, "Security warning, not allowed to read", http.StatusForbidden)
 				return
@@ -137,42 +154,22 @@ func (s *HTTPStaticServer) hIndex(w http.ResponseWriter, r *http.Request) {
 		if r.FormValue("download") == "true" {
 			w.Header().Set("Content-Disposition", "attachment; filename="+strconv.Quote(filepath.Base(path)))
 		}
-		http.ServeFile(w, r, relPath)
+		http.ServeFile(w, r, realPath)
 	}
 }
 
-func (s *HTTPStaticServer) hMkdir(w http.ResponseWriter, req *http.Request) {
-	path := filepath.Dir(mux.Vars(req)["path"])
-	auth := s.readAccessConf(path)
-	if !auth.canDelete(req) {
-		http.Error(w, "Mkdir forbidden", http.StatusForbidden)
-		return
-	}
-
-	name := filepath.Base(mux.Vars(req)["path"])
-	if err := checkFilename(name); err != nil {
-		http.Error(w, err.Error(), http.StatusForbidden)
-		return
-	}
-	err := os.Mkdir(filepath.Join(s.Root, path, name), 0755)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	w.Write([]byte("Success"))
-}
-
 func (s *HTTPStaticServer) hDelete(w http.ResponseWriter, req *http.Request) {
 	path := mux.Vars(req)["path"]
-	path = filepath.Clean(path) // for safe reason, prevent path contain ..
-	auth := s.readAccessConf(path)
+	realPath := s.getRealPath(req)
+	// path = filepath.Clean(path) // for safe reason, prevent path contain ..
+	auth := s.readAccessConf(realPath)
 	if !auth.canDelete(req) {
 		http.Error(w, "Delete forbidden", http.StatusForbidden)
 		return
 	}
 
 	// TODO: path safe check
-	err := os.RemoveAll(filepath.Join(s.Root, path))
+	err := os.RemoveAll(realPath)
 	if err != nil {
 		pathErr, ok := err.(*os.PathError)
 		if ok {
@@ -186,11 +183,10 @@ func (s *HTTPStaticServer) hDelete(w http.ResponseWriter, req *http.Request) {
 }
 
 func (s *HTTPStaticServer) hUploadOrMkdir(w http.ResponseWriter, req *http.Request) {
-	path := mux.Vars(req)["path"]
-	dirpath := filepath.Join(s.Root, path)
+	dirpath := s.getRealPath(req)
 
 	// check auth
-	auth := s.readAccessConf(path)
+	auth := s.readAccessConf(dirpath)
 	if !auth.canUpload(req) {
 		http.Error(w, "Upload forbidden", http.StatusForbidden)
 		return
@@ -319,7 +315,7 @@ func parseApkInfo(path string) (ai *ApkInfo) {
 
 func (s *HTTPStaticServer) hInfo(w http.ResponseWriter, r *http.Request) {
 	path := mux.Vars(r)["path"]
-	relPath := filepath.Join(s.Root, path)
+	relPath := s.getRealPath(r)
 
 	fi, err := os.Stat(relPath)
 	if err != nil {
@@ -350,8 +346,7 @@ func (s *HTTPStaticServer) hInfo(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *HTTPStaticServer) hZip(w http.ResponseWriter, r *http.Request) {
-	path := mux.Vars(r)["path"]
-	CompressToZip(w, filepath.Join(s.Root, path))
+	CompressToZip(w, s.getRealPath(r))
 }
 
 func (s *HTTPStaticServer) hUnzip(w http.ResponseWriter, r *http.Request) {
@@ -383,7 +378,7 @@ func (s *HTTPStaticServer) hPlist(w http.ResponseWriter, r *http.Request) {
 		path = path[0:len(path)-6] + ".ipa"
 	}
 
-	relPath := filepath.Join(s.Root, path)
+	relPath := s.getRealPath(r)
 	plinfo, err := parseIPA(relPath)
 	if err != nil {
 		http.Error(w, err.Error(), 500)
@@ -463,8 +458,7 @@ func (s *HTTPStaticServer) genPlistLink(httpPlistLink string) (plistUrl string,
 }
 
 func (s *HTTPStaticServer) hFileOrDirectory(w http.ResponseWriter, r *http.Request) {
-	path := mux.Vars(r)["path"]
-	http.ServeFile(w, r, filepath.Join(s.Root, path))
+	http.ServeFile(w, r, s.getRealPath(r))
 }
 
 type HTTPFileInfo struct {
@@ -567,9 +561,9 @@ func (c *AccessConf) canUpload(r *http.Request) bool {
 
 func (s *HTTPStaticServer) hJSONList(w http.ResponseWriter, r *http.Request) {
 	requestPath := mux.Vars(r)["path"]
-	localPath := filepath.Join(s.Root, requestPath)
+	realPath := s.getRealPath(r)
 	search := r.FormValue("search")
-	auth := s.readAccessConf(requestPath)
+	auth := s.readAccessConf(realPath)
 	auth.Upload = auth.canUpload(r)
 	auth.Delete = auth.canDelete(r)
 
@@ -587,7 +581,7 @@ func (s *HTTPStaticServer) hJSONList(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 	} else {
-		infos, err := ioutil.ReadDir(localPath)
+		infos, err := ioutil.ReadDir(realPath)
 		if err != nil {
 			http.Error(w, err.Error(), 500)
 			return
@@ -616,7 +610,7 @@ func (s *HTTPStaticServer) hJSONList(w http.ResponseWriter, r *http.Request) {
 			lr.Name = filepath.ToSlash(name) // fix for windows
 		}
 		if info.IsDir() {
-			name := deepPath(localPath, info.Name())
+			name := deepPath(realPath, info.Name())
 			lr.Name = name
 			lr.Path = filepath.Join(filepath.Dir(path), name)
 			lr.Type = "dir"
@@ -707,19 +701,19 @@ func (s *HTTPStaticServer) defaultAccessConf() AccessConf {
 	}
 }
 
-func (s *HTTPStaticServer) readAccessConf(requestPath string) (ac AccessConf) {
-	requestPath = filepath.Clean(requestPath)
-	if requestPath == "/" || requestPath == "" || requestPath == "." {
+func (s *HTTPStaticServer) readAccessConf(realPath string) (ac AccessConf) {
+	relativePath, err := filepath.Rel(s.Root, realPath)
+	if err != nil || relativePath == "." || relativePath == "" { // actually relativePath is always "." if root == realPath
 		ac = s.defaultAccessConf()
+		realPath = s.Root
 	} else {
-		parentPath := filepath.Dir(requestPath)
+		parentPath := filepath.Dir(realPath)
 		ac = s.readAccessConf(parentPath)
 	}
-	relPath := filepath.Join(s.Root, requestPath)
-	if isFile(relPath) {
-		relPath = filepath.Dir(relPath)
+	if isFile(realPath) {
+		realPath = filepath.Dir(realPath)
 	}
-	cfgFile := filepath.Join(relPath, YAMLCONF)
+	cfgFile := filepath.Join(realPath, YAMLCONF)
 	data, err := ioutil.ReadFile(cfgFile)
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -752,16 +746,6 @@ func deepPath(basedir, name string) string {
 	return name
 }
 
-func isFile(path string) bool {
-	info, err := os.Stat(path)
-	return err == nil && info.Mode().IsRegular()
-}
-
-func isDir(path string) bool {
-	info, err := os.Stat(path)
-	return err == nil && info.Mode().IsDir()
-}
-
 func assetsContent(name string) string {
 	fd, err := Assets.Open(name)
 	if err != nil {