| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832 | package share/*	Arozos File Share Manager	author: tobychui	This module handle file share request and other stuffs*/import (	"encoding/json"	"errors"	"io/ioutil"	"log"	"net/http"	"net/url"	"os"	"path/filepath"	"strconv"	"strings"	"sync"	"time"	"github.com/valyala/fasttemplate"	uuid "github.com/satori/go.uuid"	"imuslab.com/arozos/mod/auth"	"imuslab.com/arozos/mod/database"	filesystem "imuslab.com/arozos/mod/filesystem"	"imuslab.com/arozos/mod/user")type Options struct {	AuthAgent   *auth.AuthAgent	Database    *database.Database	UserHandler *user.UserHandler	HostName    string	TmpFolder   string}type ShareOption struct {	UUID             string	FileRealPath     string	Owner            string	Accessibles      []string //Use to store username or group names if permission is groups or users	Permission       string   //Access permission, allow {anyone / signedin / samegroup / groups / users}	AllowLivePreview bool}type Manager struct {	fileToUrlMap *sync.Map	urlToFileMap *sync.Map	options      Options}//Create a new Share Managerfunc NewShareManager(options Options) *Manager {	//Create the share table if not exists	db := options.Database	db.NewTable("share")	fileToUrlMap := sync.Map{}	urlToFileMap := sync.Map{}	//Load the old share links	entries, _ := db.ListTable("share")	for _, keypairs := range entries {		shareObject := new(ShareOption)		json.Unmarshal(keypairs[1], &shareObject)		if shareObject != nil {			//Append this to the maps			fileToUrlMap.Store(shareObject.FileRealPath, shareObject)			urlToFileMap.Store(shareObject.UUID, shareObject)		}	}	//Return a new manager object	return &Manager{		options:      options,		fileToUrlMap: &fileToUrlMap,		urlToFileMap: &urlToFileMap,	}}//Main function for handle share. Must be called with http.HandleFunc (No auth)func (s *Manager) HandleShareAccess(w http.ResponseWriter, r *http.Request) {	id, err := mv(r, "id", false)	if err != nil {		http.NotFound(w, r)		return	}	directDownload := false	directServe := false	download, _ := mv(r, "download", false)	if download == "true" {		directDownload = true	}	serve, _ := mv(r, "serve", false)	if serve == "true" {		directServe = true	}	relpath, _ := mv(r, "rel", false)	//Check if id exists	val, ok := s.urlToFileMap.Load(id)	if ok {		//Parse the option structure		shareOption := val.(*ShareOption)		//Check for permission		if shareOption.Permission == "anyone" {			//OK to proceed		} else if shareOption.Permission == "signedin" {			if s.options.AuthAgent.CheckAuth(r) == false {				//Redirect to login page				if directDownload || directServe {					w.WriteHeader(http.StatusUnauthorized)					w.Write([]byte("401 - Unauthorized"))				} else {					http.Redirect(w, r, "/login.system?redirect=/share?id="+id, 307)				}				return			} else {				//Ok to proccedd			}		} else if shareOption.Permission == "samegroup" {			thisuserinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)			if err != nil {				if directDownload || directServe {					w.WriteHeader(http.StatusUnauthorized)					w.Write([]byte("401 - Unauthorized"))				} else {					http.Redirect(w, r, "/login.system?redirect=/share?id="+id, 307)				}				return			}			//Check if all the user groups are inside the share owner groups			valid := true			thisUsersGroupByName := []string{}			for _, pg := range thisuserinfo.PermissionGroup {				thisUsersGroupByName = append(thisUsersGroupByName, pg.Name)			}			for _, allowedpg := range shareOption.Accessibles {				if inArray(thisUsersGroupByName, allowedpg) {					//This required group is inside this user's group. OK				} else {					//This required group is not inside user's group. Reject					valid = false				}			}			if !valid {				//Serve permission denied page				if directDownload || directServe {					w.WriteHeader(http.StatusForbidden)					w.Write([]byte("401 - Forbidden"))				} else {					ServePermissionDeniedPage(w)				}				return			}		} else if shareOption.Permission == "users" {			thisuserinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)			if err != nil {				//User not logged in. Redirect to login page				if directDownload || directServe {					w.WriteHeader(http.StatusUnauthorized)					w.Write([]byte("401 - Unauthorized"))				} else {					http.Redirect(w, r, "/login.system?redirect=/share?id="+id, 307)				}				return			}			//Check if username in the allowed user list			if !inArray(shareOption.Accessibles, thisuserinfo.Username) {				//Serve permission denied page				//Serve permission denied page				if directDownload || directServe {					w.WriteHeader(http.StatusForbidden)					w.Write([]byte("401 - Forbidden"))				} else {					ServePermissionDeniedPage(w)				}				return			}		} else if shareOption.Permission == "groups" {			thisuserinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)			if err != nil {				//User not logged in. Redirect to login page				if directDownload || directServe {					w.WriteHeader(http.StatusUnauthorized)					w.Write([]byte("401 - Unauthorized"))				} else {					http.Redirect(w, r, "/login.system?redirect=/share?id="+id, 307)				}				return			}			allowAccess := false			thisUsersGroupByName := []string{}			for _, pg := range thisuserinfo.PermissionGroup {				thisUsersGroupByName = append(thisUsersGroupByName, pg.Name)			}			for _, thisUserPg := range thisUsersGroupByName {				if inArray(shareOption.Accessibles, thisUserPg) {					allowAccess = true				}			}			if !allowAccess {				//Serve permission denied page				if directDownload || directServe {					w.WriteHeader(http.StatusForbidden)					w.Write([]byte("401 - Forbidden"))				} else {					ServePermissionDeniedPage(w)				}				return			}		} else {			//Unsupported mode. Show notfound			http.NotFound(w, r)			return		}		//Serve the download page		if isDir(shareOption.FileRealPath) {			type File struct {				Filename string				RelPath  string				Filesize string				IsDir    bool			}			if directDownload == true {				if relpath != "" {					//User specified a specific file within the directory. Escape the relpath					targetFilepath := filepath.Join(shareOption.FileRealPath, relpath)					//Check if file exists					if !fileExists(targetFilepath) {						http.NotFound(w, r)						return					}					//Validate the absolute path to prevent path escape					absroot, _ := filepath.Abs(shareOption.FileRealPath)					abstarget, _ := filepath.Abs(targetFilepath)					if len(abstarget) <= len(absroot) || abstarget[:len(absroot)] != absroot {						//Directory escape detected						w.WriteHeader(http.StatusBadRequest)						w.Write([]byte("400 - Bad Request: Invalid relative path"))						return					}					//Serve the target file					w.Header().Set("Content-Disposition", "attachment; filename*=UTF-8''"+strings.ReplaceAll(url.QueryEscape(filepath.Base(targetFilepath)), "+", "%20"))					w.Header().Set("Content-Type", r.Header.Get("Content-Type"))					http.ServeFile(w, r, targetFilepath)					sendOK(w)				} else {					//Download this folder as zip					//Build the filelist to download					//Create a zip using ArOZ Zipper, tmp zip files are located under tmp/share-cache/*.zip					tmpFolder := s.options.TmpFolder					tmpFolder = filepath.Join(tmpFolder, "share-cache")					os.MkdirAll(tmpFolder, 0755)					targetZipFilename := filepath.Join(tmpFolder, filepath.Base(shareOption.FileRealPath)) + ".zip"					//Build a filelist					err := filesystem.ArozZipFile([]string{shareOption.FileRealPath}, targetZipFilename, false)					if err != nil {						//Failed to create zip file						w.WriteHeader(http.StatusInternalServerError)						w.Write([]byte("500 - Internal Server Error: Zip file creation failed"))						log.Println("Failed to create zip file for share download: " + err.Error())						return					}					//Serve thje zip file					w.Header().Set("Content-Disposition", "attachment; filename*=UTF-8''"+strings.ReplaceAll(url.QueryEscape(filepath.Base(shareOption.FileRealPath)), "+", "%20")+".zip")					w.Header().Set("Content-Type", r.Header.Get("Content-Type"))					http.ServeFile(w, r, targetZipFilename)				}			} else {				//Show download page. Do not allow serving				content, err := ioutil.ReadFile("./system/share/downloadPageFolder.html")				if err != nil {					http.NotFound(w, r)					return				}				//Get file size				fsize, fcount := filesystem.GetDirctorySize(shareOption.FileRealPath, false)				//Build the tree list of the folder				treeList := map[string][]File{}				err = filepath.Walk(filepath.Clean(shareOption.FileRealPath), func(file string, info os.FileInfo, err error) error {					if err != nil {						//If error skip this						return nil					}					if filepath.Base(file)[:1] != "." {						fileSize := filesystem.GetFileSize(file)						if filesystem.IsDir(file) {							fileSize, _ = filesystem.GetDirctorySize(file, false)						}						relPath, err := filepath.Rel(shareOption.FileRealPath, file)						if err != nil {							relPath = ""						}						relPath = filepath.ToSlash(filepath.Clean(relPath))						relDir := filepath.ToSlash(filepath.Dir(relPath))						if relPath == "." {							//The root file object. Skip this							return nil						}						treeList[relDir] = append(treeList[relDir], File{							Filename: filepath.Base(file),							RelPath:  filepath.ToSlash(relPath),							Filesize: filesystem.GetFileDisplaySize(fileSize, 2),							IsDir:    filesystem.IsDir(file),						})					}					return nil				})				tl, _ := json.Marshal(treeList)				//Get modification time				fmodtime, _ := filesystem.GetModTime(shareOption.FileRealPath)				timeString := time.Unix(fmodtime, 0).Format("02-01-2006 15:04:05")				t := fasttemplate.New(string(content), "{{", "}}")				s := t.ExecuteString(map[string]interface{}{					"hostname":     s.options.HostName,					"reqid":        id,					"mime":         "application/x-directory",					"size":         filesystem.GetFileDisplaySize(fsize, 2),					"filecount":    strconv.Itoa(fcount),					"modtime":      timeString,					"downloadurl":  "./share?id=" + id + "&download=true",					"filename":     filepath.Base(shareOption.FileRealPath),					"reqtime":      strconv.Itoa(int(time.Now().Unix())),					"treelist":     tl,					"downloaduuid": id,				})				w.Write([]byte(s))				return			}		} else {			if directDownload == true {				//Serve the file directly				w.Header().Set("Content-Disposition", "attachment; filename*=UTF-8''"+strings.ReplaceAll(url.QueryEscape(filepath.Base(shareOption.FileRealPath)), "+", "%20"))				w.Header().Set("Content-Type", r.Header.Get("Content-Type"))				http.ServeFile(w, r, shareOption.FileRealPath)			} else if directServe == true {				w.Header().Set("Content-Type", r.Header.Get("Content-Type"))				http.ServeFile(w, r, shareOption.FileRealPath)			} else {				//Serve the download page				content, err := ioutil.ReadFile("./system/share/downloadPage.html")				if err != nil {					http.NotFound(w, r)					return				}				//Get file mime type				mime, ext, err := filesystem.GetMime(shareOption.FileRealPath)				if err != nil {					mime = "Unknown"				}				//Load the preview template				templateRoot := "./system/share/"				previewTemplate := filepath.Join(templateRoot, "defaultTemplate.html")				if ext == ".mp4" || ext == ".webm" {					previewTemplate = filepath.Join(templateRoot, "video.html")				} else if ext == ".mp3" || ext == ".wav" || ext == ".flac" || ext == ".ogg" {					previewTemplate = filepath.Join(templateRoot, "audio.html")				} else if ext == ".png" || ext == ".jpg" || ext == ".jpeg" || ext == ".webp" {					previewTemplate = filepath.Join(templateRoot, "image.html")				} else if ext == ".pdf" {					previewTemplate = filepath.Join(templateRoot, "iframe.html")				} else {					//Format do not support preview. Use the default.html					previewTemplate = filepath.Join(templateRoot, "default.html")				}				tp, err := ioutil.ReadFile(previewTemplate)				if err != nil {					tp = []byte("")				}				//Merge two templates				content = []byte(strings.ReplaceAll(string(content), "{{previewer}}", string(tp)))				//Get file size				fsize := filesystem.GetFileSize(shareOption.FileRealPath)				//Get modification time				fmodtime, _ := filesystem.GetModTime(shareOption.FileRealPath)				timeString := time.Unix(fmodtime, 0).Format("02-01-2006 15:04:05")				t := fasttemplate.New(string(content), "{{", "}}")				s := t.ExecuteString(map[string]interface{}{					"hostname":    s.options.HostName,					"reqid":       id,					"mime":        mime,					"ext":         ext,					"size":        filesystem.GetFileDisplaySize(fsize, 2),					"modtime":     timeString,					"downloadurl": "/share?id=" + id + "&download=true",					"preview_url": "/share?id=" + id + "&serve=true",					"filename":    filepath.Base(shareOption.FileRealPath),					"reqtime":     strconv.Itoa(int(time.Now().Unix())),				})				w.Write([]byte(s))				return			}		}	} else {		//This share not exists		if err != nil {			//Template not found. Just send a 404 Not Found			http.NotFound(w, r)			return		}		if directDownload == true {			//Send 404 header			http.NotFound(w, r)			return		} else {			//Send not found page			content, err := ioutil.ReadFile("./system/share/notfound.html")			if err != nil {				http.NotFound(w, r)				return			}			t := fasttemplate.New(string(content), "{{", "}}")			s := t.ExecuteString(map[string]interface{}{				"hostname": s.options.HostName,				"reqid":    id,				"reqtime":  strconv.Itoa(int(time.Now().Unix())),			})			w.Write([]byte(s))			return		}	}}//Create new share from the given pathfunc (s *Manager) HandleCreateNewShare(w http.ResponseWriter, r *http.Request) {	//Get the vpath from paramters	vpath, err := mv(r, "path", true)	if err != nil {		sendErrorResponse(w, "Invalid path given")		return	}	//Get userinfo	userinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)	if err != nil {		sendErrorResponse(w, "User not logged in")		return	}	share, err := s.CreateNewShare(userinfo, vpath)	if err != nil {		sendErrorResponse(w, err.Error())		return	}	js, _ := json.Marshal(share)	sendJSONResponse(w, string(js))}// Handle Share Edit.// For allowing groups / users, use the following syntax// groups:group1,group2,group3// users:user1,user2,user3// For basic modes, use the following keywords// anyone / signedin / samegroup// anyone: Anyone who has the link// signedin: Anyone logged in to this system// samegroup: The requesting user has the same (or more) user group as the share ownerfunc (s *Manager) HandleEditShare(w http.ResponseWriter, r *http.Request) {	userinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)	if err != nil {		sendErrorResponse(w, "User not logged in")		return	}	uuid, err := mv(r, "uuid", true)	if err != nil {		sendErrorResponse(w, "Invalid path given")		return	}	shareMode, _ := mv(r, "mode", true)	if shareMode == "" {		shareMode = "signedin"	}	//Check if share exists	so := s.GetShareObjectFromUUID(uuid)	if so == nil {		//This share url not exists		sendErrorResponse(w, "Share UUID not exists")		return	}	//Check if the user has permission to edit this share	if so.Owner != userinfo.Username && userinfo.IsAdmin() == false {		//This file is not shared by this user and this user is not admin. Block this request		sendErrorResponse(w, "Permission denied")		return	}	//Validate and extract the storage mode	ok, sharetype, settings := validateShareModes(shareMode)	if !ok {		sendErrorResponse(w, "Invalid share setting")		return	}	//Analysis the sharetype	if sharetype == "anyone" || sharetype == "signedin" || sharetype == "samegroup" {		//Basic types.		so.Permission = sharetype		if sharetype == "samegroup" {			//Write user groups into accessible (Must be all match inorder to allow access)			userpg := []string{}			for _, pg := range userinfo.PermissionGroup {				userpg = append(userpg, pg.Name)			}			so.Accessibles = userpg		}		//Write changes to database		s.options.Database.Write("share", uuid, so)	} else if sharetype == "groups" || sharetype == "users" {		//Username or group is listed = ok		so.Permission = sharetype		so.Accessibles = settings		//Write changes to database		s.options.Database.Write("share", uuid, so)	}	sendOK(w)}func (s *Manager) HandleDeleteShare(w http.ResponseWriter, r *http.Request) {	//Get the vpath from paramters	vpath, err := mv(r, "path", true)	if err != nil {		sendErrorResponse(w, "Invalid path given")		return	}	//Get userinfo	userinfo, err := s.options.UserHandler.GetUserInfoFromRequest(w, r)	if err != nil {		sendErrorResponse(w, "User not logged in")		return	}	//Delete the share setting	err = s.DeleteShare(userinfo, vpath)	if err != nil {		sendErrorResponse(w, err.Error())	} else {		sendOK(w)	}}//Craete a new file or folder sharefunc (s *Manager) CreateNewShare(userinfo *user.User, vpath string) (*ShareOption, error) {	//Translate the vpath to realpath	rpath, err := userinfo.VirtualPathToRealPath(vpath)	if err != nil {		return nil, errors.New("Unable to find the file on disk")	}	rpath = filepath.ToSlash(filepath.Clean(rpath))	//Check if source file exists	if !fileExists(rpath) {		return nil, errors.New("Unable to find the file on disk")	}	//Check if the share already exists. If yes, use the previous link	val, ok := s.fileToUrlMap.Load(rpath)	if ok {		//Exists. Send back the old share url		ShareOption := val.(*ShareOption)		return ShareOption, nil	} else {		//Create new link for this file		shareUUID := uuid.NewV4().String()		//user groups when share		groups := []string{}		for _, pg := range userinfo.GetUserPermissionGroup() {			groups = append(groups, pg.Name)		}		//Create a share object		shareOption := ShareOption{			UUID:             shareUUID,			FileRealPath:     rpath,			Owner:            userinfo.Username,			Accessibles:      groups,			Permission:       "anyone",			AllowLivePreview: true,		}		//Store results on two map to make sure O(1) Lookup time		s.fileToUrlMap.Store(rpath, &shareOption)		s.urlToFileMap.Store(shareUUID, &shareOption)		//Write object to database		s.options.Database.Write("share", shareUUID, shareOption)		return &shareOption, nil	}}//Delete the share on this vpathfunc (s *Manager) DeleteShare(userinfo *user.User, vpath string) error {	//Translate the vpath to realpath	rpath, err := userinfo.VirtualPathToRealPath(vpath)	if err != nil {		return errors.New("Unable to find the file on disk")	}	//Check if the share already exists. If yes, use the previous link	val, ok := s.fileToUrlMap.Load(rpath)	if ok {		//Exists. Send back the old share url		uuid := val.(*ShareOption).UUID		//Remove this from the database		err = s.options.Database.Delete("share", uuid)		if err != nil {			return err		}		//Remove this form the current sync map		s.urlToFileMap.Delete(uuid)		s.fileToUrlMap.Delete(rpath)		return nil	} else {		//Already deleted from buffered record.		return nil	}}func (s *Manager) GetShareUUIDFromPath(rpath string) string {	targetShareObject := s.GetShareObjectFromRealPath(rpath)	if (targetShareObject) != nil {		return targetShareObject.UUID	}	return ""}func (s *Manager) GetShareObjectFromRealPath(rpath string) *ShareOption {	rpath = filepath.ToSlash(filepath.Clean(rpath))	var targetShareOption *ShareOption	s.fileToUrlMap.Range(func(k, v interface{}) bool {		filePath := k.(string)		shareObject := v.(*ShareOption)		if filepath.ToSlash(filepath.Clean(filePath)) == rpath {			targetShareOption = shareObject		}		return true	})	return targetShareOption}func (s *Manager) GetShareObjectFromUUID(uuid string) *ShareOption {	var targetShareOption *ShareOption	s.urlToFileMap.Range(func(k, v interface{}) bool {		thisUuid := k.(string)		shareObject := v.(*ShareOption)		if thisUuid == uuid {			targetShareOption = shareObject		}		return true	})	return targetShareOption}func (s *Manager) FileIsShared(rpath string) bool {	shareUUID := s.GetShareUUIDFromPath(rpath)	return shareUUID != ""}func ServePermissionDeniedPage(w http.ResponseWriter) {	w.WriteHeader(http.StatusForbidden)	pageContent := []byte("Permissioned Denied")	if fileExists("system/share/permissionDenied.html") {		content, err := ioutil.ReadFile("system/share/permissionDenied.html")		if err == nil {			pageContent = content		}	}	w.Write([]byte(pageContent))}/*	Validate Share Mode string	will return	1. bool => Is valid	2. permission type: {basic / groups / users}	3. mode string*/func validateShareModes(mode string) (bool, string, []string) {	// user:a,b,c,d	validModes := []string{"anyone", "signedin", "samegroup"}	if inArray(validModes, mode) {		//Standard modes		return true, mode, []string{}	} else if len(mode) > 7 && mode[:7] == "groups:" {		//Handle custom group case like groups:a,b,c,d		groupList := mode[7:]		if len(groupList) > 0 {			groups := strings.Split(groupList, ",")			return true, "groups", groups		} else {			//Invalid configuration			return false, "groups", []string{}		}	} else if len(mode) > 6 && mode[:6] == "users:" {		//Handle custom usersname like users:a,b,c,d		userList := mode[6:]		if len(userList) > 0 {			users := strings.Split(userList, ",")			return true, "users", users		} else {			//Invalid configuration			return false, "users", []string{}		}	}	return false, "", []string{}}func (s *Manager) RemoveShareByRealpath(rpath string) error {	_, ok := s.fileToUrlMap.Load(rpath)	if ok {		s.fileToUrlMap.Delete(rpath)	} else {		return errors.New("Share with given realpath not exists")	}	return nil}func (s *Manager) RemoveShareByUUID(uuid string) error {	_, ok := s.urlToFileMap.Load(uuid)	if ok {		s.urlToFileMap.Delete(uuid)	} else {		return errors.New("Share with given uuid not exists")	}	return nil}//Check and clear shares that its pointinf files no longe existsfunc (s *Manager) ValidateAndClearShares() {	//Iterate through all shares within the system	s.fileToUrlMap.Range(func(k, v interface{}) bool {		thisRealPath := k.(string)		if !fileExists(thisRealPath) {			//This share source file don't exists anymore. Remove it			thisFileShareOption := v.(*ShareOption)			//Delete this task from both sync map			s.RemoveShareByRealpath(thisRealPath)			s.RemoveShareByUUID(thisFileShareOption.UUID)			//Remove share from database			s.options.Database.Delete("share", thisFileShareOption.UUID)			log.Println("*Share* Removing share to file: " + thisRealPath + " as it no longer exists")		}		return true	})}
 |