OneAuth/oa/builtin/fs/user.go

//
// user.go
// Copyright (C) 2024 veypi <i@veypi.com>
// 2024-10-22 15:49
// Distributed under terms of the GPL license.
//

package fs

import (
	"bufio"
	"encoding/base64"
	"net/http"
	"oa/cfg"
	"oa/errs"
	"oa/libs/auth"
	"oa/libs/webdav"
	"os"
	"strings"

	"github.com/veypi/utils"
	"github.com/veypi/utils/logv"
)

func NewUserFs(prefix string) func(http.ResponseWriter, *http.Request) {
	if strings.HasSuffix(prefix, "/") {
		prefix = prefix[:len(prefix)-1]
	}
	tmp := utils.PathJoin(cfg.Config.FsPath, "u")
	if !utils.FileExists(tmp) {
		logv.AssertError(os.MkdirAll(tmp, 0744))
	}

	client := webdav.NewWebdav(tmp)
	client.Prefix = prefix
	client.Logger = func(r *http.Request, err error) {
	}
	client.GenSubPathFunc = func(r *http.Request) (string, error) {
		dir := strings.TrimPrefix(r.URL.Path, prefix)
		logv.Warn().Msg(dir)
		payload, err := getToken(r)
		if err != nil {
			return "", err
		}
		if !strings.HasPrefix(dir, "/") {
			dir = "/" + dir
		}
		if payload.Access.CheckPrefix("fs", dir, auth.Do) {
			if dir == "/" {
				if !utils.FileExists(tmp + "/" + payload.UID) {
					os.MkdirAll(tmp+"/"+payload.UID, 0744)
				}
			}
			return "/" + payload.UID + dir, nil
		}
		return "", errs.AuthNoPerm
	}
	return client.ServeHTTP
}

func getToken(r *http.Request) (*auth.Claims, error) {
	authHeader := r.Header.Get("Authorization")
	token := ""
	if authHeader != "" {
		typ := ""
		if tags := strings.Split(authHeader, " "); len(tags) > 1 {
			typ = strings.ToLower(tags[0])
		}
		if typ == "basic" {
			decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[6:])
			if err != nil {
				return nil, errs.AuthInvalid
			}
			// 通常认证信息格式为 username:password
			credentials := string(decodedAuth)
			reader := bufio.NewReader(strings.NewReader(credentials))
			username, _ := reader.ReadString(':')
			password := credentials[len(username):]

			username = strings.TrimSuffix(username, "\n")
			username = strings.TrimSuffix(username, ":")
			token = strings.TrimPrefix(password, "\n")
		} else if typ == "bearer" {
			token = authHeader[7:]
		}
	} else {
		acookie, err := r.Cookie("fstoken")
		if err == nil {
			token = acookie.Value
		}
	}
	if token == "" {
		return nil, errs.AuthNotFound
	}
	payload, err := auth.ParseJwt(token)
	if err != nil {
		return nil, err
	}
	return payload, nil
}
feat: update webda 1 month ago			`//`
			`// user.go`
			`// Copyright (C) 2024 veypi <i@veypi.com>`
			`// 2024-10-22 15:49`
			`// Distributed under terms of the GPL license.`
			`//`

			`package fs`

			`import (`
feat: fs auth 3 weeks ago			`"bufio"`
			`"encoding/base64"`
feat: update webda 1 month ago			`"net/http"`
			`"oa/cfg"`
feat: fs auth 3 weeks ago			`"oa/errs"`
			`"oa/libs/auth"`
feat: update webda 1 month ago			`"oa/libs/webdav"`
			`"os"`
feat: fs auth 3 weeks ago			`"strings"`
feat: update webda 1 month ago
			`"github.com/veypi/utils"`
			`"github.com/veypi/utils/logv"`
			`)`

			`func NewUserFs(prefix string) func(http.ResponseWriter, *http.Request) {`
feat: fs auth 3 weeks ago			`if strings.HasSuffix(prefix, "/") {`
			`prefix = prefix[:len(prefix)-1]`
			`}`
feat: update webda 1 month ago			`tmp := utils.PathJoin(cfg.Config.FsPath, "u")`
			`if !utils.FileExists(tmp) {`
			`logv.AssertError(os.MkdirAll(tmp, 0744))`
			`}`

			`client := webdav.NewWebdav(tmp)`
			`client.Prefix = prefix`
feat: fs auth 3 weeks ago			`client.Logger = func(r *http.Request, err error) {`
			`}`
			`client.GenSubPathFunc = func(r *http.Request) (string, error) {`
			`dir := strings.TrimPrefix(r.URL.Path, prefix)`
			`logv.Warn().Msg(dir)`
			`payload, err := getToken(r)`
			`if err != nil {`
			`return "", err`
			`}`
			`if !strings.HasPrefix(dir, "/") {`
			`dir = "/" + dir`
			`}`
			`if payload.Access.CheckPrefix("fs", dir, auth.Do) {`
			`if dir == "/" {`
			`if !utils.FileExists(tmp + "/" + payload.UID) {`
			`os.MkdirAll(tmp+"/"+payload.UID, 0744)`
			`}`
			`}`
			`return "/" + payload.UID + dir, nil`
			`}`
			`return "", errs.AuthNoPerm`
feat: update webda 1 month ago			`}`
			`return client.ServeHTTP`
			`}`
feat: fs auth 3 weeks ago
			`func getToken(r http.Request) (auth.Claims, error) {`
			`authHeader := r.Header.Get("Authorization")`
			`token := ""`
			`if authHeader != "" {`
fix: fs auth bug 3 weeks ago			`typ := ""`
			`if tags := strings.Split(authHeader, " "); len(tags) > 1 {`
			`typ = strings.ToLower(tags[0])`
			`}`
			`if typ == "basic" {`
feat: fs auth 3 weeks ago			`decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[6:])`
			`if err != nil {`
			`return nil, errs.AuthInvalid`
			`}`
			`// 通常认证信息格式为 username:password`
			`credentials := string(decodedAuth)`
			`reader := bufio.NewReader(strings.NewReader(credentials))`
			`username, _ := reader.ReadString(':')`
			`password := credentials[len(username):]`

			`username = strings.TrimSuffix(username, "\n")`
			`username = strings.TrimSuffix(username, ":")`
			`token = strings.TrimPrefix(password, "\n")`
fix: fs auth bug 3 weeks ago			`} else if typ == "bearer" {`
			`token = authHeader[7:]`
feat: fs auth 3 weeks ago			`}`
			`} else {`
			`acookie, err := r.Cookie("fstoken")`
			`if err == nil {`
			`token = acookie.Value`
			`}`
			`}`
			`if token == "" {`
			`return nil, errs.AuthNotFound`
			`}`
			`payload, err := auth.ParseJwt(token)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return payload, nil`
			`}`