// Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package fileserver import ( "bytes" "context" _ "embed" "encoding/json" "errors" "fmt" "io" "io/fs" "net/http" "os" "path" "strings" "sync" "text/template" "go.uber.org/zap" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" ) // BrowseTemplate is the default template document to use for // file listings. By default, its default value is an embedded // document. You can override this value at program start, or // if you are running Caddy via config, you can specify a // custom template_file in the browse configuration. // //go:embed browse.html var BrowseTemplate string // Browse configures directory browsing. type Browse struct { // Filename of the template to use instead of the embedded browse template. TemplateFile string `json:"template_file,omitempty"` } func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { fsrv.logger.Debug("browse enabled; listing directory contents", zap.String("path", dirPath), zap.String("root", root)) // Navigation on the client-side gets messed up if the // URL doesn't end in a trailing slash because hrefs to // "b/c" at path "/a" end up going to "/b/c" instead // of "/a/b/c" - so we have to redirect in this case // so that the path is "/a/" and the client constructs // relative hrefs "b/c" to be "/a/b/c". // // Only redirect if the last element of the path (the filename) was not // rewritten; if the admin wanted to rewrite to the canonical path, they // would have, and we have to be very careful not to introduce unwanted // redirects and especially redirect loops! (Redirecting using the // original URI is necessary because that's the URI the browser knows, // we don't want to redirect from internally-rewritten URIs.) // See https://github.com/caddyserver/caddy/issues/4205. // We also redirect if the path is empty, because this implies the path // prefix was fully stripped away by a `handle_path` handler for example. // See https://github.com/caddyserver/caddy/issues/4466. origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { if !strings.HasSuffix(origReq.URL.Path, "/") { fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) return redirect(w, r, origReq.URL.Path+"/") } } dir, err := fsrv.openFile(dirPath, w) if err != nil { return err } defer dir.Close() repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // TODO: not entirely sure if path.Clean() is necessary here but seems like a safe plan (i.e. /%2e%2e%2f) - someone could verify this listing, err := fsrv.loadDirectoryContents(r.Context(), dir.(fs.ReadDirFile), root, path.Clean(r.URL.EscapedPath()), repl) switch { case errors.Is(err, fs.ErrPermission): return caddyhttp.Error(http.StatusForbidden, err) case errors.Is(err, fs.ErrNotExist): return fsrv.notFound(w, r, next) case err != nil: return caddyhttp.Error(http.StatusInternalServerError, err) } fsrv.browseApplyQueryParams(w, r, listing) buf := bufPool.Get().(*bytes.Buffer) buf.Reset() defer bufPool.Put(buf) acceptHeader := strings.ToLower(strings.Join(r.Header["Accept"], ",")) // write response as either JSON or HTML if strings.Contains(acceptHeader, "application/json") { if err := json.NewEncoder(buf).Encode(listing.Items); err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } w.Header().Set("Content-Type", "application/json; charset=utf-8") } else { var fs http.FileSystem if fsrv.Root != "" { fs = http.Dir(repl.ReplaceAll(fsrv.Root, ".")) } tplCtx := &templateContext{ TemplateContext: templates.TemplateContext{ Root: fs, Req: r, RespHeader: templates.WrappedHeader{Header: w.Header()}, }, browseTemplateContext: listing, } tpl, err := fsrv.makeBrowseTemplate(tplCtx) if err != nil { return fmt.Errorf("parsing browse template: %v", err) } if err := tpl.Execute(buf, tplCtx); err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } w.Header().Set("Content-Type", "text/html; charset=utf-8") } _, _ = buf.WriteTo(w) return nil } func (fsrv *FileServer) loadDirectoryContents(ctx context.Context, dir fs.ReadDirFile, root, urlPath string, repl *caddy.Replacer) (*browseTemplateContext, error) { files, err := dir.ReadDir(10000) // TODO: this limit should probably be configurable if err != nil && err != io.EOF { return nil, err } // user can presumably browse "up" to parent folder if path is longer than "/" canGoUp := len(urlPath) > 1 return fsrv.directoryListing(ctx, files, canGoUp, root, urlPath, repl), nil } // browseApplyQueryParams applies query parameters to the listing. // It mutates the listing and may set cookies. func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Request, listing *browseTemplateContext) { layoutParam := r.URL.Query().Get("layout") sortParam := r.URL.Query().Get("sort") orderParam := r.URL.Query().Get("order") limitParam := r.URL.Query().Get("limit") offsetParam := r.URL.Query().Get("offset") switch layoutParam { case "list", "grid", "": listing.Layout = layoutParam default: listing.Layout = "list" } // figure out what to sort by switch sortParam { case "": sortParam = sortByNameDirFirst if sortCookie, sortErr := r.Cookie("sort"); sortErr == nil { sortParam = sortCookie.Value } case sortByName, sortByNameDirFirst, sortBySize, sortByTime: http.SetCookie(w, &http.Cookie{Name: "sort", Value: sortParam, Secure: r.TLS != nil}) } // then figure out the order switch orderParam { case "": orderParam = "asc" if orderCookie, orderErr := r.Cookie("order"); orderErr == nil { orderParam = orderCookie.Value } case "asc", "desc": http.SetCookie(w, &http.Cookie{Name: "order", Value: orderParam, Secure: r.TLS != nil}) } // finally, apply the sorting and limiting listing.applySortAndLimit(sortParam, orderParam, limitParam, offsetParam) } // makeBrowseTemplate creates the template to be used for directory listings. func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) (*template.Template, error) { var tpl *template.Template var err error if fsrv.Browse.TemplateFile != "" { tpl = tplCtx.NewTemplate(path.Base(fsrv.Browse.TemplateFile)) tpl, err = tpl.ParseFiles(fsrv.Browse.TemplateFile) if err != nil { return nil, fmt.Errorf("parsing browse template file: %v", err) } } else { tpl = tplCtx.NewTemplate("default_listing") tpl, err = tpl.Parse(BrowseTemplate) if err != nil { return nil, fmt.Errorf("parsing default browse template: %v", err) } } return tpl, nil } // isSymlinkTargetDir returns true if f's symbolic link target // is a directory. func (fsrv *FileServer) isSymlinkTargetDir(f fs.FileInfo, root, urlPath string) bool { if !isSymlink(f) { return false } target := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) targetInfo, err := fs.Stat(fsrv.fileSystem, target) if err != nil { return false } return targetInfo.IsDir() } // isSymlink return true if f is a symbolic link. func isSymlink(f fs.FileInfo) bool { return f.Mode()&os.ModeSymlink != 0 } // templateContext powers the context used when evaluating the browse template. // It combines browse-specific features with the standard templates handler // features. type templateContext struct { templates.TemplateContext *browseTemplateContext } // bufPool is used to increase the efficiency of file listings. var bufPool = sync.Pool{ New: func() any { return new(bytes.Buffer) }, }