github.com/AESNooper/go/src@v0.0.0-20220218095104-b56a4ab1bbbb/net/http/fs.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // HTTP file system request handler 6 7 package http 8 9 import ( 10 "errors" 11 "fmt" 12 "io" 13 "io/fs" 14 "mime" 15 "mime/multipart" 16 "net/textproto" 17 "net/url" 18 "os" 19 "path" 20 "path/filepath" 21 "sort" 22 "strconv" 23 "strings" 24 "time" 25 ) 26 27 // A Dir implements FileSystem using the native file system restricted to a 28 // specific directory tree. 29 // 30 // While the FileSystem.Open method takes '/'-separated paths, a Dir's string 31 // value is a filename on the native file system, not a URL, so it is separated 32 // by filepath.Separator, which isn't necessarily '/'. 33 // 34 // Note that Dir could expose sensitive files and directories. Dir will follow 35 // symlinks pointing out of the directory tree, which can be especially dangerous 36 // if serving from a directory in which users are able to create arbitrary symlinks. 37 // Dir will also allow access to files and directories starting with a period, 38 // which could expose sensitive directories like .git or sensitive files like 39 // .htpasswd. To exclude files with a leading period, remove the files/directories 40 // from the server or create a custom FileSystem implementation. 41 // 42 // An empty Dir is treated as ".". 43 type Dir string 44 45 // mapDirOpenError maps the provided non-nil error from opening name 46 // to a possibly better non-nil error. In particular, it turns OS-specific errors 47 // about opening files in non-directories into fs.ErrNotExist. See Issue 18984. 48 func mapDirOpenError(originalErr error, name string) error { 49 if errors.Is(originalErr, fs.ErrNotExist) || errors.Is(originalErr, fs.ErrPermission) { 50 return originalErr 51 } 52 53 parts := strings.Split(name, string(filepath.Separator)) 54 for i := range parts { 55 if parts[i] == "" { 56 continue 57 } 58 fi, err := os.Stat(strings.Join(parts[:i+1], string(filepath.Separator))) 59 if err != nil { 60 return originalErr 61 } 62 if !fi.IsDir() { 63 return fs.ErrNotExist 64 } 65 } 66 return originalErr 67 } 68 69 // Open implements FileSystem using os.Open, opening files for reading rooted 70 // and relative to the directory d. 71 func (d Dir) Open(name string) (File, error) { 72 if filepath.Separator != '/' && strings.ContainsRune(name, filepath.Separator) { 73 return nil, errors.New("http: invalid character in file path") 74 } 75 dir := string(d) 76 if dir == "" { 77 dir = "." 78 } 79 fullName := filepath.Join(dir, filepath.FromSlash(path.Clean("/"+name))) 80 f, err := os.Open(fullName) 81 if err != nil { 82 return nil, mapDirOpenError(err, fullName) 83 } 84 return f, nil 85 } 86 87 // A FileSystem implements access to a collection of named files. 88 // The elements in a file path are separated by slash ('/', U+002F) 89 // characters, regardless of host operating system convention. 90 // See the FileServer function to convert a FileSystem to a Handler. 91 // 92 // This interface predates the fs.FS interface, which can be used instead: 93 // the FS adapter function converts an fs.FS to a FileSystem. 94 type FileSystem interface { 95 Open(name string) (File, error) 96 } 97 98 // A File is returned by a FileSystem's Open method and can be 99 // served by the FileServer implementation. 100 // 101 // The methods should behave the same as those on an *os.File. 102 type File interface { 103 io.Closer 104 io.Reader 105 io.Seeker 106 Readdir(count int) ([]fs.FileInfo, error) 107 Stat() (fs.FileInfo, error) 108 } 109 110 type anyDirs interface { 111 len() int 112 name(i int) string 113 isDir(i int) bool 114 } 115 116 type fileInfoDirs []fs.FileInfo 117 118 func (d fileInfoDirs) len() int { return len(d) } 119 func (d fileInfoDirs) isDir(i int) bool { return d[i].IsDir() } 120 func (d fileInfoDirs) name(i int) string { return d[i].Name() } 121 122 type dirEntryDirs []fs.DirEntry 123 124 func (d dirEntryDirs) len() int { return len(d) } 125 func (d dirEntryDirs) isDir(i int) bool { return d[i].IsDir() } 126 func (d dirEntryDirs) name(i int) string { return d[i].Name() } 127 128 func dirList(w ResponseWriter, r *Request, f File) { 129 // Prefer to use ReadDir instead of Readdir, 130 // because the former doesn't require calling 131 // Stat on every entry of a directory on Unix. 132 var dirs anyDirs 133 var err error 134 if d, ok := f.(fs.ReadDirFile); ok { 135 var list dirEntryDirs 136 list, err = d.ReadDir(-1) 137 dirs = list 138 } else { 139 var list fileInfoDirs 140 list, err = f.Readdir(-1) 141 dirs = list 142 } 143 144 if err != nil { 145 logf(r, "http: error reading directory: %v", err) 146 Error(w, "Error reading directory", StatusInternalServerError) 147 return 148 } 149 sort.Slice(dirs, func(i, j int) bool { return dirs.name(i) < dirs.name(j) }) 150 151 w.Header().Set("Content-Type", "text/html; charset=utf-8") 152 fmt.Fprintf(w, "<pre>\n") 153 for i, n := 0, dirs.len(); i < n; i++ { 154 name := dirs.name(i) 155 if dirs.isDir(i) { 156 name += "/" 157 } 158 // name may contain '?' or '#', which must be escaped to remain 159 // part of the URL path, and not indicate the start of a query 160 // string or fragment. 161 url := url.URL{Path: name} 162 fmt.Fprintf(w, "<a href=\"%s\">%s</a>\n", url.String(), htmlReplacer.Replace(name)) 163 } 164 fmt.Fprintf(w, "</pre>\n") 165 } 166 167 // ServeContent replies to the request using the content in the 168 // provided ReadSeeker. The main benefit of ServeContent over io.Copy 169 // is that it handles Range requests properly, sets the MIME type, and 170 // handles If-Match, If-Unmodified-Since, If-None-Match, If-Modified-Since, 171 // and If-Range requests. 172 // 173 // If the response's Content-Type header is not set, ServeContent 174 // first tries to deduce the type from name's file extension and, 175 // if that fails, falls back to reading the first block of the content 176 // and passing it to DetectContentType. 177 // The name is otherwise unused; in particular it can be empty and is 178 // never sent in the response. 179 // 180 // If modtime is not the zero time or Unix epoch, ServeContent 181 // includes it in a Last-Modified header in the response. If the 182 // request includes an If-Modified-Since header, ServeContent uses 183 // modtime to decide whether the content needs to be sent at all. 184 // 185 // The content's Seek method must work: ServeContent uses 186 // a seek to the end of the content to determine its size. 187 // 188 // If the caller has set w's ETag header formatted per RFC 7232, section 2.3, 189 // ServeContent uses it to handle requests using If-Match, If-None-Match, or If-Range. 190 // 191 // Note that *os.File implements the io.ReadSeeker interface. 192 func ServeContent(w ResponseWriter, req *Request, name string, modtime time.Time, content io.ReadSeeker) { 193 sizeFunc := func() (int64, error) { 194 size, err := content.Seek(0, io.SeekEnd) 195 if err != nil { 196 return 0, errSeeker 197 } 198 _, err = content.Seek(0, io.SeekStart) 199 if err != nil { 200 return 0, errSeeker 201 } 202 return size, nil 203 } 204 serveContent(w, req, name, modtime, sizeFunc, content) 205 } 206 207 // errSeeker is returned by ServeContent's sizeFunc when the content 208 // doesn't seek properly. The underlying Seeker's error text isn't 209 // included in the sizeFunc reply so it's not sent over HTTP to end 210 // users. 211 var errSeeker = errors.New("seeker can't seek") 212 213 // errNoOverlap is returned by serveContent's parseRange if first-byte-pos of 214 // all of the byte-range-spec values is greater than the content size. 215 var errNoOverlap = errors.New("invalid range: failed to overlap") 216 217 // if name is empty, filename is unknown. (used for mime type, before sniffing) 218 // if modtime.IsZero(), modtime is unknown. 219 // content must be seeked to the beginning of the file. 220 // The sizeFunc is called at most once. Its error, if any, is sent in the HTTP response. 221 func serveContent(w ResponseWriter, r *Request, name string, modtime time.Time, sizeFunc func() (int64, error), content io.ReadSeeker) { 222 setLastModified(w, modtime) 223 done, rangeReq := checkPreconditions(w, r, modtime) 224 if done { 225 return 226 } 227 228 code := StatusOK 229 230 // If Content-Type isn't set, use the file's extension to find it, but 231 // if the Content-Type is unset explicitly, do not sniff the type. 232 ctypes, haveType := w.Header()["Content-Type"] 233 var ctype string 234 if !haveType { 235 ctype = mime.TypeByExtension(filepath.Ext(name)) 236 if ctype == "" { 237 // read a chunk to decide between utf-8 text and binary 238 var buf [sniffLen]byte 239 n, _ := io.ReadFull(content, buf[:]) 240 ctype = DetectContentType(buf[:n]) 241 _, err := content.Seek(0, io.SeekStart) // rewind to output whole file 242 if err != nil { 243 Error(w, "seeker can't seek", StatusInternalServerError) 244 return 245 } 246 } 247 w.Header().Set("Content-Type", ctype) 248 } else if len(ctypes) > 0 { 249 ctype = ctypes[0] 250 } 251 252 size, err := sizeFunc() 253 if err != nil { 254 Error(w, err.Error(), StatusInternalServerError) 255 return 256 } 257 258 // handle Content-Range header. 259 sendSize := size 260 var sendContent io.Reader = content 261 if size >= 0 { 262 ranges, err := parseRange(rangeReq, size) 263 if err != nil { 264 if err == errNoOverlap { 265 w.Header().Set("Content-Range", fmt.Sprintf("bytes */%d", size)) 266 } 267 Error(w, err.Error(), StatusRequestedRangeNotSatisfiable) 268 return 269 } 270 if sumRangesSize(ranges) > size { 271 // The total number of bytes in all the ranges 272 // is larger than the size of the file by 273 // itself, so this is probably an attack, or a 274 // dumb client. Ignore the range request. 275 ranges = nil 276 } 277 switch { 278 case len(ranges) == 1: 279 // RFC 7233, Section 4.1: 280 // "If a single part is being transferred, the server 281 // generating the 206 response MUST generate a 282 // Content-Range header field, describing what range 283 // of the selected representation is enclosed, and a 284 // payload consisting of the range. 285 // ... 286 // A server MUST NOT generate a multipart response to 287 // a request for a single range, since a client that 288 // does not request multiple parts might not support 289 // multipart responses." 290 ra := ranges[0] 291 if _, err := content.Seek(ra.start, io.SeekStart); err != nil { 292 Error(w, err.Error(), StatusRequestedRangeNotSatisfiable) 293 return 294 } 295 sendSize = ra.length 296 code = StatusPartialContent 297 w.Header().Set("Content-Range", ra.contentRange(size)) 298 case len(ranges) > 1: 299 sendSize = rangesMIMESize(ranges, ctype, size) 300 code = StatusPartialContent 301 302 pr, pw := io.Pipe() 303 mw := multipart.NewWriter(pw) 304 w.Header().Set("Content-Type", "multipart/byteranges; boundary="+mw.Boundary()) 305 sendContent = pr 306 defer pr.Close() // cause writing goroutine to fail and exit if CopyN doesn't finish. 307 go func() { 308 for _, ra := range ranges { 309 part, err := mw.CreatePart(ra.mimeHeader(ctype, size)) 310 if err != nil { 311 pw.CloseWithError(err) 312 return 313 } 314 if _, err := content.Seek(ra.start, io.SeekStart); err != nil { 315 pw.CloseWithError(err) 316 return 317 } 318 if _, err := io.CopyN(part, content, ra.length); err != nil { 319 pw.CloseWithError(err) 320 return 321 } 322 } 323 mw.Close() 324 pw.Close() 325 }() 326 } 327 328 w.Header().Set("Accept-Ranges", "bytes") 329 if w.Header().Get("Content-Encoding") == "" { 330 w.Header().Set("Content-Length", strconv.FormatInt(sendSize, 10)) 331 } 332 } 333 334 w.WriteHeader(code) 335 336 if r.Method != "HEAD" { 337 if sendSize != 0 { 338 io.Copy(w, io.LimitReader(sendContent, sendSize)) 339 return 340 } 341 342 io.Copy(w, sendContent) 343 } 344 } 345 346 // scanETag determines if a syntactically valid ETag is present at s. If so, 347 // the ETag and remaining text after consuming ETag is returned. Otherwise, 348 // it returns "", "". 349 func scanETag(s string) (etag string, remain string) { 350 s = textproto.TrimString(s) 351 start := 0 352 if strings.HasPrefix(s, "W/") { 353 start = 2 354 } 355 if len(s[start:]) < 2 || s[start] != '"' { 356 return "", "" 357 } 358 // ETag is either W/"text" or "text". 359 // See RFC 7232 2.3. 360 for i := start + 1; i < len(s); i++ { 361 c := s[i] 362 switch { 363 // Character values allowed in ETags. 364 case c == 0x21 || c >= 0x23 && c <= 0x7E || c >= 0x80: 365 case c == '"': 366 return s[:i+1], s[i+1:] 367 default: 368 return "", "" 369 } 370 } 371 return "", "" 372 } 373 374 // etagStrongMatch reports whether a and b match using strong ETag comparison. 375 // Assumes a and b are valid ETags. 376 func etagStrongMatch(a, b string) bool { 377 return a == b && a != "" && a[0] == '"' 378 } 379 380 // etagWeakMatch reports whether a and b match using weak ETag comparison. 381 // Assumes a and b are valid ETags. 382 func etagWeakMatch(a, b string) bool { 383 return strings.TrimPrefix(a, "W/") == strings.TrimPrefix(b, "W/") 384 } 385 386 // condResult is the result of an HTTP request precondition check. 387 // See https://tools.ietf.org/html/rfc7232 section 3. 388 type condResult int 389 390 const ( 391 condNone condResult = iota 392 condTrue 393 condFalse 394 ) 395 396 func checkIfMatch(w ResponseWriter, r *Request) condResult { 397 im := r.Header.Get("If-Match") 398 if im == "" { 399 return condNone 400 } 401 for { 402 im = textproto.TrimString(im) 403 if len(im) == 0 { 404 break 405 } 406 if im[0] == ',' { 407 im = im[1:] 408 continue 409 } 410 if im[0] == '*' { 411 return condTrue 412 } 413 etag, remain := scanETag(im) 414 if etag == "" { 415 break 416 } 417 if etagStrongMatch(etag, w.Header().get("Etag")) { 418 return condTrue 419 } 420 im = remain 421 } 422 423 return condFalse 424 } 425 426 func checkIfUnmodifiedSince(r *Request, modtime time.Time) condResult { 427 ius := r.Header.Get("If-Unmodified-Since") 428 if ius == "" || isZeroTime(modtime) { 429 return condNone 430 } 431 t, err := ParseTime(ius) 432 if err != nil { 433 return condNone 434 } 435 436 // The Last-Modified header truncates sub-second precision so 437 // the modtime needs to be truncated too. 438 modtime = modtime.Truncate(time.Second) 439 if modtime.Before(t) || modtime.Equal(t) { 440 return condTrue 441 } 442 return condFalse 443 } 444 445 func checkIfNoneMatch(w ResponseWriter, r *Request) condResult { 446 inm := r.Header.get("If-None-Match") 447 if inm == "" { 448 return condNone 449 } 450 buf := inm 451 for { 452 buf = textproto.TrimString(buf) 453 if len(buf) == 0 { 454 break 455 } 456 if buf[0] == ',' { 457 buf = buf[1:] 458 continue 459 } 460 if buf[0] == '*' { 461 return condFalse 462 } 463 etag, remain := scanETag(buf) 464 if etag == "" { 465 break 466 } 467 if etagWeakMatch(etag, w.Header().get("Etag")) { 468 return condFalse 469 } 470 buf = remain 471 } 472 return condTrue 473 } 474 475 func checkIfModifiedSince(r *Request, modtime time.Time) condResult { 476 if r.Method != "GET" && r.Method != "HEAD" { 477 return condNone 478 } 479 ims := r.Header.Get("If-Modified-Since") 480 if ims == "" || isZeroTime(modtime) { 481 return condNone 482 } 483 t, err := ParseTime(ims) 484 if err != nil { 485 return condNone 486 } 487 // The Last-Modified header truncates sub-second precision so 488 // the modtime needs to be truncated too. 489 modtime = modtime.Truncate(time.Second) 490 if modtime.Before(t) || modtime.Equal(t) { 491 return condFalse 492 } 493 return condTrue 494 } 495 496 func checkIfRange(w ResponseWriter, r *Request, modtime time.Time) condResult { 497 if r.Method != "GET" && r.Method != "HEAD" { 498 return condNone 499 } 500 ir := r.Header.get("If-Range") 501 if ir == "" { 502 return condNone 503 } 504 etag, _ := scanETag(ir) 505 if etag != "" { 506 if etagStrongMatch(etag, w.Header().Get("Etag")) { 507 return condTrue 508 } else { 509 return condFalse 510 } 511 } 512 // The If-Range value is typically the ETag value, but it may also be 513 // the modtime date. See golang.org/issue/8367. 514 if modtime.IsZero() { 515 return condFalse 516 } 517 t, err := ParseTime(ir) 518 if err != nil { 519 return condFalse 520 } 521 if t.Unix() == modtime.Unix() { 522 return condTrue 523 } 524 return condFalse 525 } 526 527 var unixEpochTime = time.Unix(0, 0) 528 529 // isZeroTime reports whether t is obviously unspecified (either zero or Unix()=0). 530 func isZeroTime(t time.Time) bool { 531 return t.IsZero() || t.Equal(unixEpochTime) 532 } 533 534 func setLastModified(w ResponseWriter, modtime time.Time) { 535 if !isZeroTime(modtime) { 536 w.Header().Set("Last-Modified", modtime.UTC().Format(TimeFormat)) 537 } 538 } 539 540 func writeNotModified(w ResponseWriter) { 541 // RFC 7232 section 4.1: 542 // a sender SHOULD NOT generate representation metadata other than the 543 // above listed fields unless said metadata exists for the purpose of 544 // guiding cache updates (e.g., Last-Modified might be useful if the 545 // response does not have an ETag field). 546 h := w.Header() 547 delete(h, "Content-Type") 548 delete(h, "Content-Length") 549 if h.Get("Etag") != "" { 550 delete(h, "Last-Modified") 551 } 552 w.WriteHeader(StatusNotModified) 553 } 554 555 // checkPreconditions evaluates request preconditions and reports whether a precondition 556 // resulted in sending StatusNotModified or StatusPreconditionFailed. 557 func checkPreconditions(w ResponseWriter, r *Request, modtime time.Time) (done bool, rangeHeader string) { 558 // This function carefully follows RFC 7232 section 6. 559 ch := checkIfMatch(w, r) 560 if ch == condNone { 561 ch = checkIfUnmodifiedSince(r, modtime) 562 } 563 if ch == condFalse { 564 w.WriteHeader(StatusPreconditionFailed) 565 return true, "" 566 } 567 switch checkIfNoneMatch(w, r) { 568 case condFalse: 569 if r.Method == "GET" || r.Method == "HEAD" { 570 writeNotModified(w) 571 return true, "" 572 } else { 573 w.WriteHeader(StatusPreconditionFailed) 574 return true, "" 575 } 576 case condNone: 577 if checkIfModifiedSince(r, modtime) == condFalse { 578 writeNotModified(w) 579 return true, "" 580 } 581 } 582 583 rangeHeader = r.Header.get("Range") 584 if rangeHeader != "" && checkIfRange(w, r, modtime) == condFalse { 585 rangeHeader = "" 586 } 587 return false, rangeHeader 588 } 589 590 // name is '/'-separated, not filepath.Separator. 591 func serveFile(w ResponseWriter, r *Request, fs FileSystem, name string, redirect bool) { 592 const indexPage = "/index.html" 593 594 // redirect .../index.html to .../ 595 // can't use Redirect() because that would make the path absolute, 596 // which would be a problem running under StripPrefix 597 if strings.HasSuffix(r.URL.Path, indexPage) { 598 localRedirect(w, r, "./") 599 return 600 } 601 602 f, err := fs.Open(name) 603 if err != nil { 604 msg, code := toHTTPError(err) 605 Error(w, msg, code) 606 return 607 } 608 defer f.Close() 609 610 d, err := f.Stat() 611 if err != nil { 612 msg, code := toHTTPError(err) 613 Error(w, msg, code) 614 return 615 } 616 617 if redirect { 618 // redirect to canonical path: / at end of directory url 619 // r.URL.Path always begins with / 620 url := r.URL.Path 621 if d.IsDir() { 622 if url[len(url)-1] != '/' { 623 localRedirect(w, r, path.Base(url)+"/") 624 return 625 } 626 } else { 627 if url[len(url)-1] == '/' { 628 localRedirect(w, r, "../"+path.Base(url)) 629 return 630 } 631 } 632 } 633 634 if d.IsDir() { 635 url := r.URL.Path 636 // redirect if the directory name doesn't end in a slash 637 if url == "" || url[len(url)-1] != '/' { 638 localRedirect(w, r, path.Base(url)+"/") 639 return 640 } 641 642 // use contents of index.html for directory, if present 643 index := strings.TrimSuffix(name, "/") + indexPage 644 ff, err := fs.Open(index) 645 if err == nil { 646 defer ff.Close() 647 dd, err := ff.Stat() 648 if err == nil { 649 name = index 650 d = dd 651 f = ff 652 } 653 } 654 } 655 656 // Still a directory? (we didn't find an index.html file) 657 if d.IsDir() { 658 if checkIfModifiedSince(r, d.ModTime()) == condFalse { 659 writeNotModified(w) 660 return 661 } 662 setLastModified(w, d.ModTime()) 663 dirList(w, r, f) 664 return 665 } 666 667 // serveContent will check modification time 668 sizeFunc := func() (int64, error) { return d.Size(), nil } 669 serveContent(w, r, d.Name(), d.ModTime(), sizeFunc, f) 670 } 671 672 // toHTTPError returns a non-specific HTTP error message and status code 673 // for a given non-nil error value. It's important that toHTTPError does not 674 // actually return err.Error(), since msg and httpStatus are returned to users, 675 // and historically Go's ServeContent always returned just "404 Not Found" for 676 // all errors. We don't want to start leaking information in error messages. 677 func toHTTPError(err error) (msg string, httpStatus int) { 678 if errors.Is(err, fs.ErrNotExist) { 679 return "404 page not found", StatusNotFound 680 } 681 if errors.Is(err, fs.ErrPermission) { 682 return "403 Forbidden", StatusForbidden 683 } 684 // Default: 685 return "500 Internal Server Error", StatusInternalServerError 686 } 687 688 // localRedirect gives a Moved Permanently response. 689 // It does not convert relative paths to absolute paths like Redirect does. 690 func localRedirect(w ResponseWriter, r *Request, newPath string) { 691 if q := r.URL.RawQuery; q != "" { 692 newPath += "?" + q 693 } 694 w.Header().Set("Location", newPath) 695 w.WriteHeader(StatusMovedPermanently) 696 } 697 698 // ServeFile replies to the request with the contents of the named 699 // file or directory. 700 // 701 // If the provided file or directory name is a relative path, it is 702 // interpreted relative to the current directory and may ascend to 703 // parent directories. If the provided name is constructed from user 704 // input, it should be sanitized before calling ServeFile. 705 // 706 // As a precaution, ServeFile will reject requests where r.URL.Path 707 // contains a ".." path element; this protects against callers who 708 // might unsafely use filepath.Join on r.URL.Path without sanitizing 709 // it and then use that filepath.Join result as the name argument. 710 // 711 // As another special case, ServeFile redirects any request where r.URL.Path 712 // ends in "/index.html" to the same path, without the final 713 // "index.html". To avoid such redirects either modify the path or 714 // use ServeContent. 715 // 716 // Outside of those two special cases, ServeFile does not use 717 // r.URL.Path for selecting the file or directory to serve; only the 718 // file or directory provided in the name argument is used. 719 func ServeFile(w ResponseWriter, r *Request, name string) { 720 if containsDotDot(r.URL.Path) { 721 // Too many programs use r.URL.Path to construct the argument to 722 // serveFile. Reject the request under the assumption that happened 723 // here and ".." may not be wanted. 724 // Note that name might not contain "..", for example if code (still 725 // incorrectly) used filepath.Join(myDir, r.URL.Path). 726 Error(w, "invalid URL path", StatusBadRequest) 727 return 728 } 729 dir, file := filepath.Split(name) 730 serveFile(w, r, Dir(dir), file, false) 731 } 732 733 func containsDotDot(v string) bool { 734 if !strings.Contains(v, "..") { 735 return false 736 } 737 for _, ent := range strings.FieldsFunc(v, isSlashRune) { 738 if ent == ".." { 739 return true 740 } 741 } 742 return false 743 } 744 745 func isSlashRune(r rune) bool { return r == '/' || r == '\\' } 746 747 type fileHandler struct { 748 root FileSystem 749 } 750 751 type ioFS struct { 752 fsys fs.FS 753 } 754 755 type ioFile struct { 756 file fs.File 757 } 758 759 func (f ioFS) Open(name string) (File, error) { 760 if name == "/" { 761 name = "." 762 } else { 763 name = strings.TrimPrefix(name, "/") 764 } 765 file, err := f.fsys.Open(name) 766 if err != nil { 767 return nil, err 768 } 769 return ioFile{file}, nil 770 } 771 772 func (f ioFile) Close() error { return f.file.Close() } 773 func (f ioFile) Read(b []byte) (int, error) { return f.file.Read(b) } 774 func (f ioFile) Stat() (fs.FileInfo, error) { return f.file.Stat() } 775 776 var errMissingSeek = errors.New("io.File missing Seek method") 777 var errMissingReadDir = errors.New("io.File directory missing ReadDir method") 778 779 func (f ioFile) Seek(offset int64, whence int) (int64, error) { 780 s, ok := f.file.(io.Seeker) 781 if !ok { 782 return 0, errMissingSeek 783 } 784 return s.Seek(offset, whence) 785 } 786 787 func (f ioFile) ReadDir(count int) ([]fs.DirEntry, error) { 788 d, ok := f.file.(fs.ReadDirFile) 789 if !ok { 790 return nil, errMissingReadDir 791 } 792 return d.ReadDir(count) 793 } 794 795 func (f ioFile) Readdir(count int) ([]fs.FileInfo, error) { 796 d, ok := f.file.(fs.ReadDirFile) 797 if !ok { 798 return nil, errMissingReadDir 799 } 800 var list []fs.FileInfo 801 for { 802 dirs, err := d.ReadDir(count - len(list)) 803 for _, dir := range dirs { 804 info, err := dir.Info() 805 if err != nil { 806 // Pretend it doesn't exist, like (*os.File).Readdir does. 807 continue 808 } 809 list = append(list, info) 810 } 811 if err != nil { 812 return list, err 813 } 814 if count < 0 || len(list) >= count { 815 break 816 } 817 } 818 return list, nil 819 } 820 821 // FS converts fsys to a FileSystem implementation, 822 // for use with FileServer and NewFileTransport. 823 func FS(fsys fs.FS) FileSystem { 824 return ioFS{fsys} 825 } 826 827 // FileServer returns a handler that serves HTTP requests 828 // with the contents of the file system rooted at root. 829 // 830 // As a special case, the returned file server redirects any request 831 // ending in "/index.html" to the same path, without the final 832 // "index.html". 833 // 834 // To use the operating system's file system implementation, 835 // use http.Dir: 836 // 837 // http.Handle("/", http.FileServer(http.Dir("/tmp"))) 838 // 839 // To use an fs.FS implementation, use http.FS to convert it: 840 // 841 // http.Handle("/", http.FileServer(http.FS(fsys))) 842 // 843 func FileServer(root FileSystem) Handler { 844 return &fileHandler{root} 845 } 846 847 func (f *fileHandler) ServeHTTP(w ResponseWriter, r *Request) { 848 upath := r.URL.Path 849 if !strings.HasPrefix(upath, "/") { 850 upath = "/" + upath 851 r.URL.Path = upath 852 } 853 serveFile(w, r, f.root, path.Clean(upath), true) 854 } 855 856 // httpRange specifies the byte range to be sent to the client. 857 type httpRange struct { 858 start, length int64 859 } 860 861 func (r httpRange) contentRange(size int64) string { 862 return fmt.Sprintf("bytes %d-%d/%d", r.start, r.start+r.length-1, size) 863 } 864 865 func (r httpRange) mimeHeader(contentType string, size int64) textproto.MIMEHeader { 866 return textproto.MIMEHeader{ 867 "Content-Range": {r.contentRange(size)}, 868 "Content-Type": {contentType}, 869 } 870 } 871 872 // parseRange parses a Range header string as per RFC 7233. 873 // errNoOverlap is returned if none of the ranges overlap. 874 func parseRange(s string, size int64) ([]httpRange, error) { 875 if s == "" { 876 return nil, nil // header not present 877 } 878 const b = "bytes=" 879 if !strings.HasPrefix(s, b) { 880 return nil, errors.New("invalid range") 881 } 882 var ranges []httpRange 883 noOverlap := false 884 for _, ra := range strings.Split(s[len(b):], ",") { 885 ra = textproto.TrimString(ra) 886 if ra == "" { 887 continue 888 } 889 start, end, ok := strings.Cut(ra, "-") 890 if !ok { 891 return nil, errors.New("invalid range") 892 } 893 start, end = textproto.TrimString(start), textproto.TrimString(end) 894 var r httpRange 895 if start == "" { 896 // If no start is specified, end specifies the 897 // range start relative to the end of the file, 898 // and we are dealing with <suffix-length> 899 // which has to be a non-negative integer as per 900 // RFC 7233 Section 2.1 "Byte-Ranges". 901 if end == "" || end[0] == '-' { 902 return nil, errors.New("invalid range") 903 } 904 i, err := strconv.ParseInt(end, 10, 64) 905 if i < 0 || err != nil { 906 return nil, errors.New("invalid range") 907 } 908 if i > size { 909 i = size 910 } 911 r.start = size - i 912 r.length = size - r.start 913 } else { 914 i, err := strconv.ParseInt(start, 10, 64) 915 if err != nil || i < 0 { 916 return nil, errors.New("invalid range") 917 } 918 if i >= size { 919 // If the range begins after the size of the content, 920 // then it does not overlap. 921 noOverlap = true 922 continue 923 } 924 r.start = i 925 if end == "" { 926 // If no end is specified, range extends to end of the file. 927 r.length = size - r.start 928 } else { 929 i, err := strconv.ParseInt(end, 10, 64) 930 if err != nil || r.start > i { 931 return nil, errors.New("invalid range") 932 } 933 if i >= size { 934 i = size - 1 935 } 936 r.length = i - r.start + 1 937 } 938 } 939 ranges = append(ranges, r) 940 } 941 if noOverlap && len(ranges) == 0 { 942 // The specified ranges did not overlap with the content. 943 return nil, errNoOverlap 944 } 945 return ranges, nil 946 } 947 948 // countingWriter counts how many bytes have been written to it. 949 type countingWriter int64 950 951 func (w *countingWriter) Write(p []byte) (n int, err error) { 952 *w += countingWriter(len(p)) 953 return len(p), nil 954 } 955 956 // rangesMIMESize returns the number of bytes it takes to encode the 957 // provided ranges as a multipart response. 958 func rangesMIMESize(ranges []httpRange, contentType string, contentSize int64) (encSize int64) { 959 var w countingWriter 960 mw := multipart.NewWriter(&w) 961 for _, ra := range ranges { 962 mw.CreatePart(ra.mimeHeader(contentType, contentSize)) 963 encSize += ra.length 964 } 965 mw.Close() 966 encSize += int64(w) 967 return 968 } 969 970 func sumRangesSize(ranges []httpRange) (size int64) { 971 for _, ra := range ranges { 972 size += ra.length 973 } 974 return 975 }