diff options
| author | Matthew Holt <[email protected]> | 2015-04-12 17:44:02 -0600 |
|---|---|---|
| committer | Matthew Holt <[email protected]> | 2015-04-12 17:44:02 -0600 |
| commit | b7c8afab2f069871060238c1c9a9d64a051933fb (patch) | |
| tree | cb3c015b9d384a513504c97514d8bb5735b53768 /server | |
| parent | 6ca475def879c9ff5c12914d508d2bbad40dd596 (diff) | |
| download | caddy-b7c8afab2f069871060238c1c9a9d64a051933fb.tar.gz caddy-b7c8afab2f069871060238c1c9a9d64a051933fb.zip | |
Respond with 404 if requesting server's config file
Diffstat (limited to 'server')
| -rw-r--r-- | server/fileserver.go | 26 | ||||
| -rw-r--r-- | server/server.go | 2 |
2 files changed, 19 insertions, 9 deletions
diff --git a/server/fileserver.go b/server/fileserver.go index 2339db593..787a88251 100644 --- a/server/fileserver.go +++ b/server/fileserver.go @@ -10,20 +10,22 @@ import ( "github.com/mholt/caddy/middleware/browse" ) -// This FileServer is adapted from the one in net/http -// by the Go authors. Some modifications have been made. +// This FileServer is adapted from the one in net/http by +// the Go authors. Significant modifications have been made. +// // // License: // // Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -func FileServer(root http.FileSystem) middleware.Handler { - return &fileHandler{root} +func FileServer(root http.FileSystem, hide []string) middleware.Handler { + return &fileHandler{root: root, hide: hide} } type fileHandler struct { root http.FileSystem + hide []string // list of files to treat as "Not Found" } func (f *fileHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) { @@ -32,12 +34,12 @@ func (f *fileHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, er upath = "/" + upath r.URL.Path = upath } - return serveFile(w, r, f.root, path.Clean(upath)) + return f.serveFile(w, r, path.Clean(upath)) } // name is '/'-separated, not filepath.Separator. -func serveFile(w http.ResponseWriter, r *http.Request, fs http.FileSystem, name string) (int, error) { - f, err := fs.Open(name) +func (fh *fileHandler) serveFile(w http.ResponseWriter, r *http.Request, name string) (int, error) { + f, err := fh.root.Open(name) if err != nil { if os.IsPermission(err) { return http.StatusForbidden, err @@ -58,7 +60,7 @@ func serveFile(w http.ResponseWriter, r *http.Request, fs http.FileSystem, name if d.IsDir() { for _, indexPage := range browse.IndexPages { index := strings.TrimSuffix(name, "/") + "/" + indexPage - ff, err := fs.Open(index) + ff, err := fh.root.Open(index) if err == nil { defer ff.Close() dd, err := ff.Stat() @@ -78,6 +80,14 @@ func serveFile(w http.ResponseWriter, r *http.Request, fs http.FileSystem, name return http.StatusNotFound, nil } + // If the file is supposed to be hidden, return a 404 + // (TODO: If the slice gets large, a set may be faster) + for _, hiddenPath := range fh.hide { + if d.Name() == hiddenPath { + return http.StatusNotFound, nil + } + } + // Note: Errors generated by ServeContent are written immediately // to the response. This usually only happens if seeking fails (rare). http.ServeContent(w, r, d.Name(), d.ModTime(), f) diff --git a/server/server.go b/server/server.go index 0be945250..d44bc56d8 100644 --- a/server/server.go +++ b/server/server.go @@ -134,7 +134,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // on its config. This method should be called last before // ListenAndServe begins. func (s *Server) buildStack() error { - s.fileServer = FileServer(http.Dir(s.config.Root)) + s.fileServer = FileServer(http.Dir(s.config.Root), []string{s.config.ConfigFile}) // TODO: We only compile middleware for the "/" scope. // Partial support for multiple location contexts already |