Add install scripts
This commit is contained in:
13
main.go
13
main.go
@@ -69,7 +69,10 @@ func main() {
|
||||
|
||||
mux.HandleFunc("/open", func(w http.ResponseWriter, r *http.Request) {
|
||||
withCORS(w, r)
|
||||
start := time.Now()
|
||||
var rawPath string
|
||||
if r.Method == http.MethodOptions {
|
||||
log.Printf("/open preflight remote=%s origin=%q", r.RemoteAddr, r.Header.Get("Origin"))
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
return
|
||||
}
|
||||
@@ -82,18 +85,24 @@ func main() {
|
||||
dec := json.NewDecoder(http.MaxBytesReader(w, r.Body, 32*1024))
|
||||
dec.DisallowUnknownFields()
|
||||
if err := dec.Decode(&req); err != nil {
|
||||
log.Printf("/open bad-json remote=%s method=%s err=%v dur=%s", r.RemoteAddr, r.Method, err, time.Since(start))
|
||||
writeJSON(w, http.StatusBadRequest, openResponse{OK: false, Message: "invalid json"})
|
||||
return
|
||||
}
|
||||
default:
|
||||
log.Printf("/open method-not-allowed remote=%s method=%s dur=%s", r.RemoteAddr, r.Method, time.Since(start))
|
||||
writeJSON(w, http.StatusMethodNotAllowed, openResponse{OK: false, Message: "GET or POST required"})
|
||||
return
|
||||
}
|
||||
|
||||
rawPath = req.Path
|
||||
log.Printf("/open request remote=%s method=%s ua=%q path=%q", r.RemoteAddr, r.Method, r.UserAgent(), rawPath)
|
||||
|
||||
if !checkToken(r, *token) {
|
||||
// Allow token to be supplied via query string for GET fallback.
|
||||
qt := strings.TrimSpace(r.URL.Query().Get("token"))
|
||||
if qt == "" || !subtleStringEqual(qt, strings.TrimSpace(*token)) {
|
||||
log.Printf("/open unauthorized remote=%s method=%s path=%q headerToken=%t queryToken=%t dur=%s", r.RemoteAddr, r.Method, rawPath, strings.TrimSpace(r.Header.Get("X-Filetools-Token")) != "", qt != "", time.Since(start))
|
||||
writeJSON(w, http.StatusUnauthorized, openResponse{OK: false, Message: "unauthorized"})
|
||||
return
|
||||
}
|
||||
@@ -101,19 +110,23 @@ func main() {
|
||||
|
||||
target, err := normalizePath(req.Path)
|
||||
if err != nil {
|
||||
log.Printf("/open bad-path remote=%s method=%s path=%q err=%v dur=%s", r.RemoteAddr, r.Method, rawPath, err, time.Since(start))
|
||||
writeJSON(w, http.StatusBadRequest, openResponse{OK: false, Message: err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
if len(allowed) > 0 && !isAllowed(target, allowed) {
|
||||
log.Printf("/open forbidden remote=%s method=%s path=%q normalized=%q dur=%s", r.RemoteAddr, r.Method, rawPath, target, time.Since(start))
|
||||
writeJSON(w, http.StatusForbidden, openResponse{OK: false, Message: "path not allowed"})
|
||||
return
|
||||
}
|
||||
|
||||
if err := openFolder(target); err != nil {
|
||||
log.Printf("/open open-failed remote=%s method=%s path=%q normalized=%q err=%v dur=%s", r.RemoteAddr, r.Method, rawPath, target, err, time.Since(start))
|
||||
writeJSON(w, http.StatusInternalServerError, openResponse{OK: false, Message: err.Error()})
|
||||
return
|
||||
}
|
||||
log.Printf("/open opened remote=%s method=%s path=%q normalized=%q dur=%s", r.RemoteAddr, r.Method, rawPath, target, time.Since(start))
|
||||
|
||||
if r.Method == http.MethodGet {
|
||||
// For GET callers (image-ping), a 204 avoids console noise from non-image responses.
|
||||
|
||||
Reference in New Issue
Block a user