1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
package static
import (
"io/fs"
"net/http"
"path/filepath"
"strings"
httpConfig "github.com/spiral/roadrunner/v2/plugins/http/config"
)
type ExtensionFilter struct {
allowed map[string]struct{}
forbidden map[string]struct{}
}
func NewExtensionFilter(allow, forbid []string) *ExtensionFilter {
ef := &ExtensionFilter{
allowed: make(map[string]struct{}, len(allow)),
forbidden: make(map[string]struct{}, len(forbid)),
}
for i := 0; i < len(forbid); i++ {
// skip empty lines
if forbid[i] == "" {
continue
}
ef.forbidden[forbid[i]] = struct{}{}
}
for i := 0; i < len(allow); i++ {
// skip empty lines
if allow[i] == "" {
continue
}
ef.allowed[allow[i]] = struct{}{}
}
// check if any forbidden items presented in the allowed
// if presented, delete such items from allowed
for k := range ef.allowed {
if _, ok := ef.forbidden[k]; ok {
delete(ef.allowed, k)
}
}
return ef
}
type FileSystem struct {
ef *ExtensionFilter
// embedded
http.FileSystem
}
// Open wrapper around http.FileSystem Open method, name here is the name of the
func (f FileSystem) Open(name string) (http.File, error) {
file, err := f.FileSystem.Open(name)
if err != nil {
return nil, err
}
fstat, err := file.Stat()
if err != nil {
return nil, fs.ErrNotExist
}
if fstat.IsDir() {
return nil, fs.ErrPermission
}
ext := strings.ToLower(filepath.Ext(fstat.Name()))
if _, ok := f.ef.forbidden[ext]; ok {
return nil, fs.ErrPermission
}
// if file extension is allowed, append it to the FileInfo slice
if _, ok := f.ef.allowed[ext]; ok {
return file, nil
}
return nil, fs.ErrNotExist
}
// FS is a constructor for the http.FileSystem
func FS(config *httpConfig.Static) http.FileSystem {
return FileSystem{NewExtensionFilter(config.Allow, config.Forbid), http.Dir(config.Dir)}
}
|
