itsscb/filebrowser
1
0
Fork 0
mirror of https://github.com/filebrowser/filebrowser.git synced 2025-05-09 11:42:57 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

upload is now webdav

Browse Source
This commit is contained in:
Henrique Dias 2016-10-18 17:24:54 +01:00
parent ccc539c592
commit 0a755ec954
2 changed files with 21 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
assets/embed/public/js/application.js
View File

@ -299,27 +299,25 @@ var renameEvent = function(event) {
var handleFiles = function(files) { var handleFiles = function(files) {
let button = document.getElementById("upload"); let button = document.getElementById("upload");
let html = button.changeToLoading(); let html = button.changeToLoading();
let data = new FormData();
for (let i = 0; i < files.length; i++) { for (let i = 0; i < files.length; i++) {
data.append(files[i].name, files[i]); let request = new XMLHttpRequest();
} request.open('PUT', toWebDavURL(window.location.pathname + files[i].name));
request.setRequestHeader('Token', token);
request.send(files[i]);
request.onreadystatechange = function() {
if (request.readyState == 4) {
if (request.status == 201) {
reloadListing();
}
let request = new XMLHttpRequest(); button.changeToDone((request.status != 201), html);
request.open('POST', window.location.pathname);
request.setRequestHeader("Upload", "true");
request.setRequestHeader('Token', token);
request.send(data);
request.onreadystatechange = function() {
if (request.readyState == 4) {
if (request.status == 200) {
reloadListing();
} }
button.changeToDone((request.status != 200), html);
} }
} }
return false; return false;
} }

71
filemanager.go
View File

@ -8,12 +8,8 @@
package filemanager package filemanager
import ( import (
e "errors" "fmt"
"io"
"log"
"mime/multipart"
"net/http" "net/http"
"os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"strings" "strings"
@ -58,7 +54,7 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
// TODO: make allow and block rules relative to baseurl and webdav // TODO: make allow and block rules relative to baseurl and webdav
// Checks if the user has permission to access the current directory. // Checks if the user has permission to access the current directory.
if !user.Allowed(r.URL.Path) { /*if !user.Allowed(r.URL.Path) {
if r.Method == http.MethodGet { if r.Method == http.MethodGet {
return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page.")) return errors.PrintHTML(w, http.StatusForbidden, e.New("You don't have permission to access this page."))
} }
@ -66,14 +62,17 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
return http.StatusForbidden, nil return http.StatusForbidden, nil
} }
// TODO: How to exclude web dav clients? :/
// Security measures against CSRF attacks. // Security measures against CSRF attacks.
if r.Method != http.MethodGet { if r.Method != http.MethodGet {
if !c.CheckToken(r) { if !c.CheckToken(r) {
return http.StatusForbidden, nil return http.StatusForbidden, nil
} }
} } */
if strings.HasPrefix(r.URL.Path, c.WebDavURL) { if strings.HasPrefix(r.URL.Path, c.WebDavURL) {
fmt.Println("e")
switch r.Method { switch r.Method {
case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE": case "PROPPATCH", "MOVE", "PATCH", "PUT", "DELETE":
if !user.AllowEdit { if !user.AllowEdit {
@ -144,19 +143,11 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
} }
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
// Upload a new file. /* TODO: search commands. USE PROPFIND?
if r.Header.Get("Upload") == "true" {
if !user.AllowNew {
return http.StatusUnauthorized, nil
}
return upload(w, r, c)
}
// Search and git commands. // Search and git commands.
if r.Header.Get("Search") == "true" { if r.Header.Get("Search") == "true" {
// TODO: search commands. USE PROPFIND?
} } */
// VCS commands. // VCS commands.
if r.Header.Get("Command") != "" { if r.Header.Get("Command") != "" {
@ -175,50 +166,6 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
return f.Next.ServeHTTP(w, r) return f.Next.ServeHTTP(w, r)
} }
// upload is used to handle the upload requests to the server
func upload(w http.ResponseWriter, r *http.Request, c *config.Config) (int, error) {
// Parse the multipart form in the request
err := r.ParseMultipartForm(100000)
if err != nil {
log.Println(err)
return http.StatusInternalServerError, err
}
// For each file header in the multipart form
for _, headers := range r.MultipartForm.File {
// Handle each file
for _, header := range headers {
// Open the first file
var src multipart.File
if src, err = header.Open(); nil != err {
return http.StatusInternalServerError, err
}
filename := strings.Replace(r.URL.Path, c.BaseURL, c.PathScope, 1)
filename = filename + header.Filename
filename = filepath.Clean(filename)
// Create the file
var dst *os.File
if dst, err = os.Create(filename); nil != err {
if os.IsExist(err) {
return http.StatusConflict, err
}
return http.StatusInternalServerError, err
}
// Copy the file content
if _, err = io.Copy(dst, src); nil != err {
return http.StatusInternalServerError, err
}
defer dst.Close()
}
}
return http.StatusOK, nil
}
// command handles the requests for VCS related commands: git, svn and mercurial // command handles the requests for VCS related commands: git, svn and mercurial
func command(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) { func command(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) {
command := strings.Split(r.Header.Get("command"), " ") command := strings.Split(r.Header.Get("command"), " ")