-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.go
126 lines (110 loc) · 3.24 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package main
import (
"errors"
"flag"
"fmt"
"log"
"net/http"
"os"
"strings"
"time"
)
var (
dir = flag.String("dir", "./", "the directory to serve, defaults to current directory")
port = flag.Int("port", 9011, "the port to serve at, defaults 9011")
local = flag.Bool("local", false, "whether to serve on all address or on localhost, default all addresses")
basicauth = flag.String("basicauth", "", "basicauth creds, enables basic authentication")
timeout = flag.Duration("timeout", time.Minute*3, "http server read timeout, write timeout will be double this")
)
func main() {
flag.Parse()
log.SetPrefix("dserve: ")
if err := os.Chdir(*dir); err != nil {
log.Fatal(err)
}
var addr string
if *local {
addr = "localhost"
}
if err := authInit(*basicauth); err != nil {
fmt.Println(err)
os.Exit(1)
}
listenAddr := fmt.Sprintf("%s:%d", addr, *port)
fmt.Printf("Launching dserve http server %s on %s\n", *dir, listenAddr)
if err := Serve(listenAddr, *timeout); err != nil {
log.Fatalf("Server crashed: %v", err)
}
}
// Serve launches HTTP server serving on listenAddr and servers a basic_auth secured directory at secure/static
func Serve(listenAddr string, timeout time.Duration) error {
mux := http.NewServeMux()
fs := hideRootDotfiles(http.FileServer(http.Dir(".")))
if creds != nil {
fs = BASICAUTH(fs)
}
mux.Handle("/", fs)
svr := &http.Server{
Addr: listenAddr,
Handler: mux,
ReadTimeout: timeout,
WriteTimeout: timeout * 2,
IdleTimeout: timeout * 10,
MaxHeaderBytes: 1 << 20,
}
return svr.ListenAndServe()
}
// BASICAUTH is the basic auth middleware
func BASICAUTH(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !validBasicAuth(r) {
w.Header().Set("WWW-Authenticate", `Basic realm="dserve Basic Authentication"`)
http.Error(w, "Not Authorized", http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
})
}
// hideRootDotfiles middleware hides any dotfiles in the root of the directory being served
func hideRootDotfiles(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, "/.") {
http.Error(w, "access to dotfiles in root directory is forbidden 😞", http.StatusForbidden)
return
}
next.ServeHTTP(w, r)
})
}
// AuthCreds defines the http basic authentication credentials
// Note: Though the password is not served, it is stored in plaintext
type AuthCreds struct {
Username string `json:"username"`
Password string `json:"password"`
}
var creds *AuthCreds // written during initialization
// authInit initializes basicauth
func authInit(bAuth string) error {
if bAuth == "" {
return nil
}
i := strings.Index(bAuth, ":")
if i < 3 || i < len(bAuth)-1 {
return errors.New("invalid basicauth flag value: value should be USERNAME:PASSWORD, e.g. dserve -basicauth admin:passw0rd")
}
creds = &AuthCreds{
Username: bAuth[:i],
Password: bAuth[i+1:],
}
return nil
}
// validBasicAuth checks the basicauth authentication credentials
func validBasicAuth(r *http.Request) bool {
if creds == nil {
return false
}
u, p, ok := r.BasicAuth()
if !ok {
return ok
}
return u == creds.Username && p == creds.Password
}