From 345fa64ad04587e290c7343f8159512a589c3b5b Mon Sep 17 00:00:00 2001 From: _ <> Date: Sun, 8 Nov 2020 15:01:15 +0000 Subject: [PATCH] Hide ptth_server.toml with 403 Forbidden --- src/bin/ptth_file_server.rs | 3 ++- src/bin/ptth_server.rs | 6 ++++-- src/lib.rs | 2 +- src/server/file_server.rs | 11 ++++++++++- src/server/mod.rs | 8 ++++++-- todo.md | 10 +++++++--- 6 files changed, 30 insertions(+), 10 deletions(-) diff --git a/src/bin/ptth_file_server.rs b/src/bin/ptth_file_server.rs index d765e9e..18b1865 100644 --- a/src/bin/ptth_file_server.rs +++ b/src/bin/ptth_file_server.rs @@ -69,7 +69,8 @@ async fn handle_all (req: Request , state: Arc >) file_server_root, ptth_req.method, &ptth_req.uri, - &ptth_req.headers + &ptth_req.headers, + None ).await; let mut resp = Response::builder () diff --git a/src/bin/ptth_server.rs b/src/bin/ptth_server.rs index aad61c7..d335867 100644 --- a/src/bin/ptth_server.rs +++ b/src/bin/ptth_server.rs @@ -14,10 +14,12 @@ struct Opt { #[tokio::main] async fn main () -> Result <(), Box > { tracing_subscriber::fmt::init (); - let config_file = ptth::load_toml::load ("config/ptth_server.toml"); + let path = PathBuf::from ("./config/ptth_server.toml"); + let config_file = ptth::load_toml::load (&path); ptth::server::run_server ( config_file, - ptth::graceful_shutdown::init () + ptth::graceful_shutdown::init (), + Some (path) ).await } diff --git a/src/lib.rs b/src/lib.rs index 16d239c..12fc7b4 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -132,7 +132,7 @@ mod tests { let (stop_server_tx, stop_server_rx) = oneshot::channel (); let task_server = { spawn (async move { - server::run_server (config_file, stop_server_rx).await.unwrap (); + server::run_server (config_file, stop_server_rx, None).await.unwrap (); }) }; diff --git a/src/server/file_server.rs b/src/server/file_server.rs index 76511ed..e25b7e3 100644 --- a/src/server/file_server.rs +++ b/src/server/file_server.rs @@ -248,7 +248,8 @@ pub async fn serve_all ( root: &Path, method: http_serde::Method, uri: &str, - headers: &HashMap > + headers: &HashMap >, + hidden_path: Option <&Path> ) -> http_serde::Response { @@ -285,6 +286,14 @@ pub async fn serve_all ( let mut full_path = PathBuf::from (root); full_path.push (path); + debug! ("full_path = {:?}", full_path); + + if let Some (hidden_path) = hidden_path { + if full_path == hidden_path { + return serve_error (http_serde::StatusCode::Forbidden, "403 Forbidden".into ()).await; + } + } + if let Ok (dir) = read_dir (&full_path).await { serve_dir ( handlebars, diff --git a/src/server/mod.rs b/src/server/mod.rs index 0d23170..aa3e041 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -29,6 +29,7 @@ struct ServerState { config: Config, handlebars: Handlebars <'static>, client: Client, + hidden_path: Option , } fn status_reply (c: http_serde::StatusCode, body: &str) -> http_serde::Response @@ -76,7 +77,8 @@ async fn handle_req_resp <'a> ( file_server_root, parts.method, uri, - &parts.headers + &parts.headers, + state.hidden_path.as_ref ().map (|p| p.as_path ()) ).await } else { @@ -138,7 +140,8 @@ pub struct Config { pub async fn run_server ( config_file: ConfigFile, - shutdown_oneshot: oneshot::Receiver <()> + shutdown_oneshot: oneshot::Receiver <()>, + hidden_path: Option ) -> Result <(), Box > { @@ -168,6 +171,7 @@ pub async fn run_server ( }, handlebars, client, + hidden_path, }); let mut backoff_delay = 0; diff --git a/todo.md b/todo.md index e91173c..b62398a 100644 --- a/todo.md +++ b/todo.md @@ -1,16 +1,16 @@ - Not working behind Nginx (Works okay behind Caddy) -- Still getting the slow request turtle in FF - 500-900 ms wait time +- Reduce idle memory use? +- Folder icons in dir list - ".." from server to server list is broken - Redirect to add trailing slashes - Add file size in directory listing - Allow spaces in server names -- Make file_server_root mandatory - Deny unused HTTP methods for endpoints -- Hide ptth_server.toml from file server - ETag cache based on mtime - Server-side hash? - Log / audit log? +- Add "Last check-in time" to server list - Prevent directory traversal attacks in file_server.rs - Error handling @@ -27,3 +27,7 @@ Relay can't shut down gracefully if Firefox is connected to it, e.g. if Firefox kept a connection open while watching a video. I'm pretty sure this is a bug in Hyper, so for now I've worked around it with a forced shutdown timer. + +Sometimes I get the turtle icon in Firefox's network debugger. But this happens +even with Caddy running a static file server, so I can't prove that it's on my +side. The VPS is cheap, and the datacenter is far away.