The file server allows anonymous access if there is no effective acco…

…unt from server_users flag.
no-src · Nov 30, 2021 · e2c746a · e2c746a
1 parent c55a7f9
commit e2c746a
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 8 deletions.
diff --git a/cmd/gofs/flag.go b/cmd/gofs/flag.go
@@ -69,7 +69,7 @@ func parseFlags() {
 	flag.BoolVar(&fileServer, "server", false, "start a file server to browse source directory and target directory")
 	flag.StringVar(&fileServerAddr, "server_addr", server.DefaultAddrHttps, "a file server binding address")
 	flag.BoolVar(&fileServerTLS, "server_tls", true, fmt.Sprintf("enable https for file server, if disable it, server_addr is \"%s\" default", server.DefaultAddrHttp))
-	flag.StringVar(&fileServerUsers, "server_users", "", "the file server users, format like this, user1|password1,user2|password2")
+	flag.StringVar(&fileServerUsers, "server_users", "", "the file server accounts, the file server allows anonymous access if there is no effective account, format like this, user1|password1,user2|password2")
 	flag.StringVar(&fileServerTemplate, "server_tmpl", "./template/*.html", "the file server template pattern")
 	flag.StringVar(&certFile, "tls_cert_file", "gofs.pem", "cert file for https connections")
 	flag.StringVar(&keyFile, "tls_key_file", "gofs.key", "key file for https connections")

diff --git a/server/fs/file_server.go b/server/fs/file_server.go
@@ -31,7 +31,13 @@ func StartFileServer(src core.VFS, target core.VFS, addr string, init retry.Wait
 		return err
 	}
 
-	http.Handle("/", auth.Auth(handler.NewDefaultHandler(serverTemplate), store))
+	authFunc := auth.Auth
+	if len(users) == 0 {
+		server.PrintAnonymousAccessWarning()
+		authFunc = auth.NoAuth
+	}
+
+	http.Handle("/", authFunc(handler.NewDefaultHandler(serverTemplate), store))
 
 	http.HandleFunc(server.LoginIndexFullRoute, func(writer http.ResponseWriter, request *http.Request) {
 		t.ExecuteTemplate(writer, "login.html", nil)
@@ -40,17 +46,17 @@ func StartFileServer(src core.VFS, target core.VFS, addr string, init retry.Wait
 	http.Handle(server.LoginRoute+server.LoginSignInRoute, auth.NewLoginHandler(store, users))
 
 	if src.IsDisk() || src.Is(core.RemoteDisk) {
-		http.Handle(server.SrcRoutePrefix, auth.Auth(http.StripPrefix(server.SrcRoutePrefix, http.FileServer(http.Dir(src.Path()))), store))
+		http.Handle(server.SrcRoutePrefix, authFunc(http.StripPrefix(server.SrcRoutePrefix, http.FileServer(http.Dir(src.Path()))), store))
 		enableFileApi = true
 	}
 
 	if target.IsDisk() {
-		http.Handle(server.TargetRoutePrefix, auth.Auth(http.StripPrefix(server.TargetRoutePrefix, http.FileServer(http.Dir(target.Path()))), store))
+		http.Handle(server.TargetRoutePrefix, authFunc(http.StripPrefix(server.TargetRoutePrefix, http.FileServer(http.Dir(target.Path()))), store))
 		enableFileApi = true
 	}
 
 	if enableFileApi {
-		http.Handle(server.QueryRoute, auth.Auth(handler.NewFileApiHandler(http.Dir(src.Path())), store))
+		http.Handle(server.QueryRoute, authFunc(handler.NewFileApiHandler(http.Dir(src.Path())), store))
 	}
 
 	log.Log("file server [%s] starting...", addr)

diff --git a/server/fs/gin_file_server.go b/server/fs/gin_file_server.go
@@ -55,9 +55,15 @@ func StartFileServer(src core.VFS, target core.VFS, addr string, init retry.Wait
 		auth.NewLoginHandler(store, users).ServeHTTP(context.Writer, context.Request)
 	})
 
-	rootGroup := engine.Group("/").Use(func(context *gin.Context) {
-		auth.Auth(nil, store).ServeHTTP(context.Writer, context.Request)
-	})
+	rootGroup := engine.Group("/")
+
+	if len(users) > 0 {
+		rootGroup.Use(func(context *gin.Context) {
+			auth.Auth(nil, store).ServeHTTP(context.Writer, context.Request)
+		})
+	} else {
+		server.PrintAnonymousAccessWarning()
+	}
 
 	rootGroup.GET("/", func(context *gin.Context) {
 		handler.NewDefaultHandler(serverTemplate).ServeHTTP(context.Writer, context.Request)

diff --git a/server/middleware/auth/auth.go b/server/middleware/auth/auth.go
@@ -19,3 +19,11 @@ func Auth(h http.Handler, store sessions.Store) http.HandlerFunc {
 		}
 	}
 }
+
+func NoAuth(h http.Handler, store sessions.Store) http.HandlerFunc {
+	return func(writer http.ResponseWriter, request *http.Request) {
+		if h != nil {
+			h.ServeHTTP(writer, request)
+		}
+	}
+}
diff --git a/server/server.go b/server/server.go
@@ -76,3 +76,7 @@ func GenerateAddr(scheme, host string, port int) string {
 	}
 	return addr
 }
+
+func PrintAnonymousAccessWarning() {
+	log.Warn("the file server allows anonymous access, you should set some server users for security reasons")
+}