Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
Apq
/
sftpgo
kopia lustrzana https://github.com/drakkan/sftpgo.git
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: v2.6.0
Gałęzie Tagi
sftpgo
/
internal
/
httpd
/
web.go

web.go 4.0 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. // Copyright (C) 2019 Nicola Murino
    2. 

  2. //
    3. 

  3. // This program is free software: you can redistribute it and/or modify
    4. 

  4. // it under the terms of the GNU Affero General Public License as published
    5. 

  5. // by the Free Software Foundation, version 3.
    6. 

  6. //
    7. 

  7. // This program is distributed in the hope that it will be useful,
    8. 

  8. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    9. 

  9. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    10. 

  10. // GNU Affero General Public License for more details.
    11. 

  11. //
    12. 

  12. // You should have received a copy of the GNU Affero General Public License
    13. 

  13. // along with this program. If not, see <https://www.gnu.org/licenses/>.
    14. 

  14. 

  15. package httpd
    16. 

  16. 

  17. import (
    18. 

  18. 	"errors"
    19. 

  19. 	"net/http"
    20. 

  20. 	"strings"
    21. 

  21. 

  22. 	"github.com/go-chi/render"
    23. 

  23. 	"github.com/unrolled/secure"
    24. 

  24. 

  25. 	"github.com/drakkan/sftpgo/v2/internal/util"
    26. 

  26. 	"github.com/drakkan/sftpgo/v2/internal/version"
    27. 

  27. )
    28. 

  28. 

  29. const (
    30. 

  30. 	pageMFATitle               = "Two-factor authentication"
    31. 

  31. 	pageTwoFactorTitle         = "Two-Factor authentication"
    32. 

  32. 	pageTwoFactorRecoveryTitle = "Two-Factor recovery"
    33. 

  33. 	webDateTimeFormat          = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
    34. 

  34. 	redactedSecret             = "[**redacted**]"
    35. 

  35. 	csrfFormToken              = "_form_token"
    36. 

  36. 	csrfHeaderToken            = "X-CSRF-TOKEN"
    37. 

  37. 	templateCommonDir          = "common"
    38. 

  38. 	templateTwoFactor          = "twofactor.html"
    39. 

  39. 	templateTwoFactorRecovery  = "twofactor-recovery.html"
    40. 

  40. 	templateForgotPassword     = "forgot-password.html"
    41. 

  41. 	templateResetPassword      = "reset-password.html"
    42. 

  42. 	templateChangePwd          = "changepassword.html"
    43. 

  43. 	templateMessage            = "message.html"
    44. 

  44. 	templateCommonBase         = "base.html"
    45. 

  45. 	templateCommonBaseLogin    = "baselogin.html"
    46. 

  46. 	templateCommonLogin        = "login.html"
    47. 

  47. )
    48. 

  48. 

  49. var (
    50. 

  50. 	errInvalidTokenClaims = errors.New("invalid token claims")
    51. 

  51. )
    52. 

  52. 

  53. type commonBasePage struct {
    54. 

  54. 	CSPNonce  string
    55. 

  55. 	StaticURL string
    56. 

  56. 	Version   string
    57. 

  57. }
    58. 

  58. 

  59. type loginPage struct {
    60. 

  60. 	commonBasePage
    61. 

  61. 	CurrentURL     string
    62. 

  62. 	Error          *util.I18nError
    63. 

  63. 	CSRFToken      string
    64. 

  64. 	AltLoginURL    string
    65. 

  65. 	AltLoginName   string
    66. 

  66. 	ForgotPwdURL   string
    67. 

  67. 	OpenIDLoginURL string
    68. 

  68. 	Title          string
    69. 

  69. 	Branding       UIBranding
    70. 

  70. 	FormDisabled   bool
    71. 

  71. 	CheckRedirect  bool
    72. 

  72. }
    73. 

  73. 

  74. type twoFactorPage struct {
    75. 

  75. 	commonBasePage
    76. 

  76. 	CurrentURL  string
    77. 

  77. 	Error       *util.I18nError
    78. 

  78. 	CSRFToken   string
    79. 

  79. 	RecoveryURL string
    80. 

  80. 	Title       string
    81. 

  81. 	Branding    UIBranding
    82. 

  82. }
    83. 

  83. 

  84. type forgotPwdPage struct {
    85. 

  85. 	commonBasePage
    86. 

  86. 	CurrentURL string
    87. 

  87. 	Error      *util.I18nError
    88. 

  88. 	CSRFToken  string
    89. 

  89. 	LoginURL   string
    90. 

  90. 	Title      string
    91. 

  91. 	Branding   UIBranding
    92. 

  92. }
    93. 

  93. 

  94. type resetPwdPage struct {
    95. 

  95. 	commonBasePage
    96. 

  96. 	CurrentURL string
    97. 

  97. 	Error      *util.I18nError
    98. 

  98. 	CSRFToken  string
    99. 

  99. 	LoginURL   string
    100. 

  100. 	Title      string
    101. 

  101. 	Branding   UIBranding
    102. 

  102. }
    103. 

  103. 

  104. func getSliceFromDelimitedValues(values, delimiter string) []string {
    105. 

  105. 	result := []string{}
    106. 

  106. 	for _, v := range strings.Split(values, delimiter) {
    107. 

  107. 		cleaned := strings.TrimSpace(v)
    108. 

  108. 		if cleaned != "" {
    109. 

  109. 			result = append(result, cleaned)
    110. 

  110. 		}
    111. 

  111. 	}
    112. 

  112. 	return result
    113. 

  113. }
    114. 

  114. 

  115. func hasPrefixAndSuffix(key, prefix, suffix string) bool {
    116. 

  116. 	return strings.HasPrefix(key, prefix) && strings.HasSuffix(key, suffix)
    117. 

  117. }
    118. 

  118. 

  119. func getCommonBasePage(r *http.Request) commonBasePage {
    120. 

  120. 	return commonBasePage{
    121. 

  121. 		CSPNonce:  secure.CSPNonce(r.Context()),
    122. 

  122. 		StaticURL: webStaticFilesPath,
    123. 

  123. 		Version:   version.GetServerVersion(" ", true),
    124. 

  124. 	}
    125. 

  125. }
    126. 

  126. 

  127. func i18nListDirMsg(status int) string {
    128. 

  128. 	if status == http.StatusForbidden {
    129. 

  129. 		return util.I18nErrorDirList403
    130. 

  130. 	}
    131. 

  131. 	return util.I18nErrorDirListGeneric
    132. 

  132. }
    133. 

  133. 

  134. func i18nFsMsg(status int) string {
    135. 

  135. 	if status == http.StatusForbidden {
    136. 

  136. 		return util.I18nError403Message
    137. 

  137. 	}
    138. 

  138. 	return util.I18nErrorFsGeneric
    139. 

  139. }
    140. 

  140. 

  141. func getI18NErrorString(err error, fallback string) string {
    142. 

  142. 	var errI18n *util.I18nError
    143. 

  143. 	if errors.As(err, &errI18n) {
    144. 

  144. 		return errI18n.Message
    145. 

  145. 	}
    146. 

  146. 	return fallback
    147. 

  147. }
    148. 

  148. 

  149. func getI18nError(err error) *util.I18nError {
    150. 

  150. 	var errI18n *util.I18nError
    151. 

  151. 	if err != nil {
    152. 

  152. 		errI18n = util.NewI18nError(err, util.I18nError500Message)
    153. 

  153. 	}
    154. 

  154. 	return errI18n
    155. 

  155. }
    156. 

  156. 

  157. func handlePingRequest(w http.ResponseWriter, r *http.Request) {
    158. 

  158. 	r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
    159. 

  159. 	render.PlainText(w, r, "PONG")
    160. 

  160. }
    161.