| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307 | package webdav/*	WebDAV File Server	author: tobychui	This module handles file sharing via WebDAV protocol.	In theory, this should be compatible with Windows 10 and possibily	replacing the need for samba*/import (	"encoding/json"	"log"	"net/http"	"os"	"path/filepath"	"sort"	"strings"	"sync"	"time"	"imuslab.com/arozos/mod/network/webdav"	"imuslab.com/arozos/mod/user")type Server struct {	hostname    string            //The hostname of this devices	userHandler *user.UserHandler //The central userHandler	filesystems sync.Map          //The syncmap for storing opened file server	prefix      string            //The prefix to strip away from filepath	tlsMode     bool              //Bypass tls windows mode if enabled	Enabled     bool              //If the server is enabled. Set this to false for disable this service	//Windows related authentication using Web interface	readOnlyFileSystemHandler *webdav.Handler	windowsClientNotLoggedIn  sync.Map //Map to store not logged in windows WebDAV Client	windowsClientLoggedIn     sync.Map //Map to store logged in Windows WebDAV Client}type WindowClientInfo struct {	Agent                   string	LastConnectionTimestamp int64	UUID                    string	Username                string	ClientIP                string}//NewServer create a new WebDAV server object required by arozosfunc NewServer(hostname string, prefix string, tmpdir string, tlsMode bool, userHandler *user.UserHandler) *Server {	//Generate a default handler	os.MkdirAll(filepath.Join(tmpdir, "webdav"), 0777)	rofs := &webdav.Handler{		Prefix:     prefix,		FileSystem: webdav.Dir(filepath.Join(tmpdir, "webdav")),		LockSystem: webdav.NewMemLS(),	}	return &Server{		hostname:                  hostname,		userHandler:               userHandler,		filesystems:               sync.Map{},		prefix:                    prefix,		tlsMode:                   tlsMode,		Enabled:                   true,		readOnlyFileSystemHandler: rofs,	}}func (s *Server) HandleClearAllPending(w http.ResponseWriter, r *http.Request) {	//Clear all pending client requests	keys := []string{}	s.windowsClientNotLoggedIn.Range(func(key, value interface{}) bool {		keys = append(keys, key.(string))		return true	})	//Clear all pending requests	for _, key := range keys {		s.windowsClientNotLoggedIn.Delete(key)	}	sendOK(w)}//Handle allow and remove permission of a windows WebDAV Clientfunc (s *Server) HandlePermissionEdit(w http.ResponseWriter, r *http.Request) {	opr, err := mv(r, "opr", true)	if err != nil {		sendErrorResponse(w, "Invalid operations")		return	}	uuid, err := mv(r, "uuid", true)	if err != nil {		sendErrorResponse(w, "Invalid uuid")		return	}	userinfo, err := s.userHandler.GetUserInfoFromRequest(w, r)	if err != nil {		sendErrorResponse(w, "User not logged in")		return	}	if opr == "set" {		//Set the given uuid into the user permission folder		value, ok := s.windowsClientNotLoggedIn.Load(uuid)		if !ok {			sendErrorResponse(w, "Client registry not exists!")			return		}		//Add the value into the logged in list with this username		ConnectionObject := value.(*WindowClientInfo)		ConnectionObject.Username = userinfo.Username		s.windowsClientLoggedIn.Store(uuid, ConnectionObject)		//Remove the value from the not logged in list		s.windowsClientNotLoggedIn.Delete(uuid)		sendOK(w)	} else if opr == "remove" {		value, ok := s.windowsClientLoggedIn.Load(uuid)		if !ok {			sendErrorResponse(w, "Client registry not exists!")			return		}		//Move the object back to the not logged in one and remove username		ConnectionObject := value.(*WindowClientInfo)		ConnectionObject.Username = ""		s.windowsClientNotLoggedIn.Store(uuid, ConnectionObject)		//Remove the object from logged in list		s.windowsClientLoggedIn.Delete(uuid)		sendOK(w)	} else {		sendErrorResponse(w, "Unsupported operation")		return	}}func (s *Server) HandleConnectionList(w http.ResponseWriter, r *http.Request) {	target, _ := mv(r, "target", false)	results := []*WindowClientInfo{}	if target == "" {		//List not logged in clients		s.windowsClientNotLoggedIn.Range(func(key, value interface{}) bool {			targetWindowClientInfo := value.(*WindowClientInfo)			results = append(results, targetWindowClientInfo)			return true		})	} else if target == "loggedin" {		userinfo, err := s.userHandler.GetUserInfoFromRequest(w, r)		if err != nil {			sendErrorResponse(w, "User not logged in")			return		}		userIsAdmin := userinfo.IsAdmin()		//List logged in clients		s.windowsClientLoggedIn.Range(func(key, value interface{}) bool {			targetWindowClientInfo := value.(*WindowClientInfo)			if userIsAdmin {				//Allow access to all user's permission				results = append(results, targetWindowClientInfo)			} else {				//Check if username match before append				if targetWindowClientInfo.Username == userinfo.Username {					results = append(results, targetWindowClientInfo)				}			}			return true		})	}	//Sort the results	sort.Slice(results, func(i, j int) bool {		return results[i].LastConnectionTimestamp > results[j].LastConnectionTimestamp	})	js, _ := json.Marshal(results)	sendJSONResponse(w, string(js))}func (s *Server) HandleRequest(w http.ResponseWriter, r *http.Request) {	//log.Println(r.Header)	//log.Println("Request Method: ", r.Method)	//Check if this is enabled	if !s.Enabled {		http.NotFound(w, r)		return	}	if r.URL.Path == "/webdav" {		//No vRoot defined. Reject connection		http.NotFound(w, r)		return	}	reqInfo := strings.Split(r.URL.RequestURI()[1:], "/")	reqRoot := "user"	if len(reqInfo) > 1 {		reqRoot = reqInfo[1]	}	//Windows File Explorer. Handle with special case	if r.Header["User-Agent"] != nil && strings.Contains(r.Header["User-Agent"][0], "Microsoft-WebDAV-MiniRedir") && r.TLS == nil {		log.Println("Windows File Explorer Connection. Routing using alternative handler")		s.HandleWindowClientAccess(w, r, reqRoot)		return	}	username, password, ok := r.BasicAuth()	if !ok {		//User not logged in.		log.Println("Not logged in!")		w.Header().Set("WWW-Authenticate", `Basic realm="Login with your `+s.hostname+` account"`)		w.WriteHeader(http.StatusUnauthorized)		return	}	//validate username and password	authAgent := s.userHandler.GetAuthAgent()	//Validate request origin	allowAccess, err := authAgent.ValidateLoginRequest(w, r)	if !allowAccess {		log.Println("Someone from " + r.RemoteAddr + " try to log into " + username + " WebDAV endpoint but got rejected: " + err.Error())		http.Error(w, err.Error(), http.StatusUnauthorized)		return	}	passwordValid, rejectionReason := authAgent.ValidateUsernameAndPasswordWithReason(username, password)	if !passwordValid {		authAgent.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "webdav")		log.Println("Someone from " + r.RemoteAddr + " try to log into " + username + " WebDAV endpoint but got rejected: " + rejectionReason)		http.Error(w, rejectionReason, http.StatusUnauthorized)		return	}	//Resolve the vroot to realpath	userinfo, err := s.userHandler.GetUserInfoFromUsername(username)	if err != nil {		log.Println(err.Error())		http.Error(w, "Invalid username or password", http.StatusUnauthorized)		return	}	//Try to resolve the realpath of the vroot	realRoot, err := userinfo.VirtualPathToRealPath(reqRoot + ":/")	if err != nil {		log.Println(err.Error())		http.Error(w, "Invalid ", http.StatusUnauthorized)		return	}	//Ok. Check if the file server of this root already exists	fs := s.getFsFromRealRoot(realRoot, filepath.ToSlash(filepath.Join(s.prefix, reqRoot)))	//Serve the content	fs.ServeHTTP(w, r)}/*	Serve ReadOnly WebDAV Server	This section exists because Windows WebDAV Services require a	success connection in order to store the cookie. If nothing is served,	File Explorer will not cache the cookie in its cache*/func (s *Server) serveReadOnlyWebDav(w http.ResponseWriter, r *http.Request) {	if r.Method == "PUT" || r.Method == "POST" || r.Method == "MKCOL" ||		r.Method == "DELETE" || r.Method == "COPY" || r.Method == "MOVE" {		//Not allowed		w.WriteHeader(http.StatusForbidden)	} else {		r.URL.Path = "/webdav/"		s.readOnlyFileSystemHandler.ServeHTTP(w, r)	}}func (s *Server) getFsFromRealRoot(realRoot string, prefix string) *webdav.Handler {	tfs, ok := s.filesystems.Load(realRoot)	if !ok {		//This file system handle hasn't been created. Create it now		fs := &webdav.Handler{			Prefix:     prefix,			FileSystem: webdav.Dir(realRoot),			LockSystem: webdav.NewMemLS(),		}		//Store the file system handler		s.filesystems.Store(realRoot, fs)		return fs	} else {		return tfs.(*webdav.Handler)	}}
 |