initial
This commit is contained in:
Aaron Bieber
commit
9b0efdda00
|
|
@ -0,0 +1 @@
|
|||
widdler
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
/*
|
||||
* Copyright (c) 2021 Aaron Bieber <aaron@bolddaemon.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
module suah.dev/widdler
|
||||
|
||||
go 1.16
|
||||
|
||||
require (
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
|
||||
golang.org/x/net v0.0.0-20210510120150-4163338589ed
|
||||
suah.dev/protect v1.0.0
|
||||
)
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I=
|
||||
golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
suah.dev/protect v1.0.0 h1:X8pzDvDIZIiugmkmr6DES6JFO1XUdJWi34Ffmk6CMZY=
|
||||
suah.dev/protect v1.0.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
|
||||
|
|
@ -0,0 +1,162 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"embed"
|
||||
"encoding/csv"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"golang.org/x/net/webdav"
|
||||
"suah.dev/protect"
|
||||
)
|
||||
|
||||
var twFile = "empty-5.1.23.html"
|
||||
|
||||
//go:embed empty-5.1.23.html
|
||||
var tiddly embed.FS
|
||||
|
||||
var (
|
||||
test bool
|
||||
cacheDir string
|
||||
davDir string
|
||||
listen string
|
||||
passPath string
|
||||
users map[string]string
|
||||
)
|
||||
|
||||
func init() {
|
||||
users = make(map[string]string)
|
||||
dir, err := filepath.Abs(filepath.Dir(os.Args[0]))
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
flag.StringVar(&cacheDir, "cache", fmt.Sprintf("%s/.cache", dir), "Directory in which to store ACME certificates.")
|
||||
flag.StringVar(&davDir, "davdir", dir, "Directory to serve over WebDAV.")
|
||||
flag.StringVar(&listen, "http", "127.0.0.1:8080", "Listen on")
|
||||
flag.StringVar(&passPath, "htpass", fmt.Sprintf("%s/.htpasswd", dir), "Path to .htpasswd file..")
|
||||
flag.BoolVar(&test, "test", false, "Enable testing mode (uses staging LetsEncrypt).")
|
||||
flag.Parse()
|
||||
|
||||
// These are OpenBSD specific protections used to prevent unnecessary file access.
|
||||
_ = protect.Unveil(passPath, "r")
|
||||
_ = protect.Unveil(davDir, "rwc")
|
||||
_ = protect.Unveil(cacheDir, "rwc")
|
||||
_ = protect.Unveil("/etc/ssl/cert.pem", "r")
|
||||
_ = protect.Unveil("/etc/resolv.conf", "r")
|
||||
_ = protect.Pledge("stdio wpath rpath cpath inet dns")
|
||||
|
||||
p, err := os.Open(passPath)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer p.Close()
|
||||
|
||||
ht := csv.NewReader(p)
|
||||
ht.Comma = ':'
|
||||
ht.Comment = '#'
|
||||
ht.TrimLeadingSpace = true
|
||||
|
||||
entries, err := ht.ReadAll()
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
for _, parts := range entries {
|
||||
users[parts[0]] = parts[1]
|
||||
}
|
||||
}
|
||||
|
||||
func authenticate(user string, pass string) bool {
|
||||
htpass, exists := users[user]
|
||||
|
||||
if !exists {
|
||||
return false
|
||||
}
|
||||
|
||||
err := bcrypt.CompareHashAndPassword([]byte(htpass), []byte(pass))
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func logger(f http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
n := time.Now()
|
||||
fmt.Printf("%s (%s) [%s] \"%s %s\" %03d\n",
|
||||
r.RemoteAddr,
|
||||
n.Format(time.RFC822Z),
|
||||
r.Method,
|
||||
r.URL.Path,
|
||||
r.Proto,
|
||||
r.ContentLength,
|
||||
)
|
||||
f(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func createEmpty(path string) error {
|
||||
_, fErr := os.Stat(path)
|
||||
if os.IsNotExist(fErr) {
|
||||
log.Printf("creating %q\n", path)
|
||||
twData, _ := tiddly.ReadFile(twFile)
|
||||
wErr := ioutil.WriteFile(path, []byte(twData), 0600)
|
||||
if wErr != nil {
|
||||
return wErr
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
wdav := &webdav.Handler{
|
||||
LockSystem: webdav.NewMemLS(),
|
||||
FileSystem: webdav.Dir(davDir),
|
||||
}
|
||||
|
||||
idxHandler := http.FileServer(http.Dir(davDir))
|
||||
|
||||
mux := http.NewServeMux()
|
||||
mux.HandleFunc("/", logger(func(w http.ResponseWriter, r *http.Request) {
|
||||
user, pass, ok := r.BasicAuth()
|
||||
if !(ok && authenticate(user, pass)) {
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="davfs"`)
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
fp := path.Join(davDir, r.URL.Path)
|
||||
err := createEmpty(fp)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
fmt.Fprintf(w, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if r.URL.Path == "/" {
|
||||
idxHandler.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
wdav.ServeHTTP(w, r)
|
||||
}))
|
||||
|
||||
s := http.Server{
|
||||
Handler: mux,
|
||||
}
|
||||
|
||||
lis, err := net.Listen("tcp", listen)
|
||||
if err != nil {
|
||||
log.Panic(err)
|
||||
}
|
||||
|
||||
log.Printf("Listening for HTTP on '%s'", listen)
|
||||
log.Panic(s.Serve(lis))
|
||||
}
|
||||
Loading…
Reference in New Issue