From 4765adc1a3cc3da8f79682d6d12a996bb9ecb95a Mon Sep 17 00:00:00 2001 From: Conrad Hoffmann Date: Tue, 3 May 2022 17:00:07 +0200 Subject: [PATCH] Use NewHTTPError to return better errors That function is merged upstream, but the current version still depends on some stuff not yet merged into upstream go-webdav. --- cmd/tokidoki/main.go | 13 ++++++++----- go.mod | 3 ++- go.sum | 6 ++---- storage/filesystem.go | 19 +++++++++++++++---- 4 files changed, 27 insertions(+), 14 deletions(-) diff --git a/cmd/tokidoki/main.go b/cmd/tokidoki/main.go index 8aef588..4774131 100644 --- a/cmd/tokidoki/main.go +++ b/cmd/tokidoki/main.go @@ -66,15 +66,18 @@ func (u *tokidokiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } - opts := webdav.ServeUserPrincipalOptions{ - UserPrincipalPath: userPrincipalPath, - HomeSets: homeSets, - } + if r.URL.Path == userPrincipalPath { + opts := webdav.ServeUserPrincipalOptions{ + UserPrincipalPath: userPrincipalPath, + HomeSets: homeSets, + } - if webdav.ServeUserPrincipal(w, r, opts) { + webdav.ServeUserPrincipal(w, r, &opts) return } + // TODO serve something on / that signals this being a DAV server? + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) } diff --git a/go.mod b/go.mod index 40355ea..024c226 100644 --- a/go.mod +++ b/go.mod @@ -13,4 +13,5 @@ require ( require golang.org/x/text v0.3.7 // indirect -replace github.com/emersion/go-webdav v0.3.2-0.20220310154811-85d2b222bbcd => github.com/bitfehler/go-webdav v0.3.2-0.20220503133151-e5312775c02f +// This needs to be removed once everything is merged upstream +replace github.com/emersion/go-webdav v0.3.2-0.20220310154811-85d2b222bbcd => github.com/bitfehler/go-webdav v0.3.2-0.20220505121709-bb7224b67200 diff --git a/go.sum b/go.sum index c7e6754..c9c079c 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/bitfehler/go-webdav v0.3.2-0.20220503133151-e5312775c02f h1:gRchuZEVTYh+ymMqejZKbD67ZLLm59Q9lTG49e0Qu20= -github.com/bitfehler/go-webdav v0.3.2-0.20220503133151-e5312775c02f/go.mod h1:uSM1VveeKtogBVWaYccTksToczooJ0rrVGNsgnDsr4Q= +github.com/bitfehler/go-webdav v0.3.2-0.20220505121709-bb7224b67200 h1:A0Pp7tuJDHbsfHbjrc+lDtOI976K2us7WEhvlEy1BnY= +github.com/bitfehler/go-webdav v0.3.2-0.20220505121709-bb7224b67200/go.mod h1:uSM1VveeKtogBVWaYccTksToczooJ0rrVGNsgnDsr4Q= github.com/emersion/go-ical v0.0.0-20200224201310-cd514449c39e h1:YGM1sI7edZOt8KAfX9Miq/X99d2QXdgjkJ7vN4HjxAA= github.com/emersion/go-ical v0.0.0-20200224201310-cd514449c39e/go.mod h1:4xVTBPcT43a1pp3vdaa+FuRdX5XhKCZPpWv7m0z9ByM= github.com/emersion/go-imap v1.2.0 h1:lyUQ3+EVM21/qbWE/4Ya5UG9r5+usDxlg4yfp3TgHFA= @@ -12,8 +12,6 @@ github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1: github.com/emersion/go-vcard v0.0.0-20191221110513-5f81fa0d3cc7/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM= github.com/emersion/go-vcard v0.0.0-20210521075357-3445b9171995 h1:DpVfmcoBs6o9VYcccNWbuKFQxuHCgt25/y4q9H8AUvc= github.com/emersion/go-vcard v0.0.0-20210521075357-3445b9171995/go.mod h1:HMJKR5wlh/ziNp+sHEDV2ltblO4JD2+IdDOWtGcQBTM= -github.com/emersion/go-webdav v0.3.2-0.20220310154811-85d2b222bbcd h1:vH42Jil4OOfgPQMt69lXsaOdAa2TumtxEvbBzhXeOjI= -github.com/emersion/go-webdav v0.3.2-0.20220310154811-85d2b222bbcd/go.mod h1:uSM1VveeKtogBVWaYccTksToczooJ0rrVGNsgnDsr4Q= github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8= github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/storage/filesystem.go b/storage/filesystem.go index a2d9fb3..a015720 100644 --- a/storage/filesystem.go +++ b/storage/filesystem.go @@ -14,6 +14,7 @@ import ( "path" "path/filepath" "regexp" + "strings" "github.com/emersion/go-ical" "github.com/emersion/go-vcard" @@ -100,12 +101,19 @@ func (b *filesystemBackend) safeLocalPath(homeSetPath string, urlPath string) (s dir, file := path.Split(urlPath) // only accept resources in prefix, no subdirs for now if dir != homeSetPath { - return "", fmt.Errorf("invalid request path %s", urlPath) + if strings.HasPrefix(dir, homeSetPath+"/") { + err := fmt.Errorf("invalid request path: %s", urlPath) + return "", webdav.NewHTTPError(400, err) + } else { + err := fmt.Errorf("Access to resource outside of home set: %s", urlPath) + return "", webdav.NewHTTPError(403, err) + } } // only accept simple file names for now if !validFilenameRegex.MatchString(file) { - fmt.Printf("%s does not match regex!\n", file) - return "", fmt.Errorf("invalid file name") + debug.Printf("%s does not match regex!\n", file) + err := fmt.Errorf("invalid file name: %s", file) + return "", webdav.NewHTTPError(400, err) } // dir (= homeSetPath) is already included in path, so only file here @@ -264,6 +272,9 @@ func (b *filesystemBackend) GetAddressObject(ctx context.Context, objPath string info, err := os.Stat(localPath) if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return nil, webdav.NewHTTPError(404, err) + } return nil, err } @@ -514,7 +525,7 @@ func (b *filesystemBackend) GetCalendarObject(ctx context.Context, objPath strin if err != nil { if errors.Is(err, fs.ErrNotExist) { debug.Printf("not found: %s", localPath) - return nil, nil + return nil, webdav.NewHTTPError(404, err) } return nil, err }