all repos — nirvash @ 119d66cd2726ad7bd8058a96dbe162d27da56a61

modular CMS using the quartzgun library

archetype/fileManager.go (raw)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
package archetype

import (
	"errors"
	"io/ioutil"
	"net/http"
	"os"
	"path/filepath"
	"strings"
)

type SimpleFileManager struct {
	Root       string
	ShowHtml   bool
	ShowHidden bool
}

type FileData struct {
	Error string
	Path  string
	Name  string
	IsDir bool
}

type FileListing struct {
	Error   string
	Root    string
	Up      string
	SubDirs []string
	Files   []string
}

type FileManager interface {
	Init(cfg *Config) error
	ListSubTree(root string) FileListing
	GetFileData(slug string) FileData
	AddFile(path string, req *http.Request) error
	MkDir(path, newDir string) error
	Remove(path string) error
	//	Rename(old, new string) error
}

func (self *SimpleFileManager) Init(cfg *Config) error {
	self.Root = filepath.Clean(cfg.StaticRoot)
	self.ShowHtml = cfg.StaticShowHtml
	self.ShowHidden = cfg.StaticShowHidden
	return nil
}

func (self *SimpleFileManager) ListSubTree(root string) FileListing {
	list := FileListing{}

	if strings.Contains(root, "../") || strings.Contains(root, "..\\") {
		list.Error = "You cannot escape!"
		return list
	}

	fullPath := filepath.Join(self.Root, root)

	files, err := ioutil.ReadDir(fullPath)

	if err != nil {
		list.Error = err.Error()
		return list
	}

	list.Root = root
	if !strings.HasSuffix(list.Root, "/") {
		list.Root += "/"
	}
	if !strings.HasPrefix(list.Root, "/") {
		list.Root = "/" + list.Root
	}

	levels := strings.Split(root, "/")
	if list.Root != "/" {
		list.Up = "/"
	}
	if len(levels) >= 2 {
		list.Up = "/" + strings.Join(levels[:len(levels)-1], "/")
	}

	for _, file := range files {
		if !self.ShowHidden && strings.HasPrefix(file.Name(), ".") {
			continue
		}
		if file.IsDir() {
			list.SubDirs = append(list.SubDirs, file.Name())
		} else {
			if !self.ShowHtml && strings.HasSuffix(file.Name(), ".html") {
				continue
			}
			list.Files = append(list.Files, file.Name())
		}
	}

	return list
}

func (self *SimpleFileManager) GetFileData(slug string) FileData {
	fullPath := filepath.Join(self.Root, slug)
	fileInfo, err := os.Stat(fullPath)

	if err != nil {
		return FileData{
			Error: err.Error(),
		}
	}
	if !strings.HasPrefix(fullPath, self.Root) {
		return FileData{
			Error: "You cannot escape!",
		}
	}

	cleanedSlug := filepath.Clean(slug)
	fileBase := filepath.Base(cleanedSlug)

	return FileData{
		Path:  filepath.Clean(slug),
		Name:  fileBase,
		IsDir: fileInfo.IsDir(),
	}
}

func (self *SimpleFileManager) Remove(slug string) error {
	fullPath := filepath.Join(self.Root, slug)
	_, err := os.Stat(fullPath)

	if err != nil {
		return err
	}
	if !strings.HasPrefix(fullPath, self.Root) {
		return errors.New("You cannot escape!")
	}

	return os.RemoveAll(fullPath)
}

func (self *SimpleFileManager) AddFile(path string, req *http.Request) error {
	fullPath := filepath.Join(self.Root, path)
	_, err := os.Stat(fullPath)
	if err != nil {
		return err
	}

	if !strings.HasPrefix(fullPath, filepath.Clean(self.Root)) {
		return errors.New("You cannot escape!")
	}

	req.ParseMultipartForm(250 << 20)
	file, header, err := req.FormFile("file")
	if err != nil {
		return err
	}

	fileData, err := ioutil.ReadAll(file)
	if err != nil {
		return err
	}

	destPath := filepath.Join(fullPath, header.Filename)
	dest, err := os.Create(destPath)
	if err != nil {
		return err
	}
	defer dest.Close()

	dest.Write(fileData)
	return nil
}

func (self *SimpleFileManager) MkDir(path, newDir string) error {
	fullPath := filepath.Join(self.Root, path)
	if !strings.HasPrefix(fullPath, self.Root) {
		return errors.New("You cannot escape!")
	}

	_, err := os.Stat(fullPath)
	if err != nil {
		return err
	}

	if strings.Contains(newDir, "/") || strings.Contains(newDir, "\\") {
		return errors.New("Cannot create nested directories at once")
	}

	newDirPath := filepath.Join(fullPath, newDir)
	_, err = os.Stat(newDirPath)
	if !os.IsNotExist(err) {
		return errors.New("Directory exists")
	}

	return os.Mkdir(newDirPath, 0755)
}