Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-06 16:32:31 +01:00
Code Issues Projects Releases Wiki Activity

chore (refactoring): cleanup plugin

Browse source
This commit is contained in:
MickaelK 2025-06-30 12:11:42 +10:00
parent e3f910814a
commit 72312435cf
5 changed files with 39 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
server/plugin/plg_authenticate_admin/index.go
View file

@ -2,9 +2,12 @@ package plg_authenticate_admin
import ( import (
"fmt" "fmt"
. "github.com/mickael-kerjean/filestash/server/common" "html"
"golang.org/x/crypto/bcrypt"
"net/http" "net/http"
. "github.com/mickael-kerjean/filestash/server/common"
"golang.org/x/crypto/bcrypt"
) )
func init() { func init() {
@ -45,7 +48,7 @@ func (this Admin) EntryPoint(idpParams map[string]string, req *http.Request, res
MaxAge: -1, MaxAge: -1,
Path: "/", Path: "/",
}) })
return fmt.Sprintf(`<p class="flash">%s</p>`, c.Value) return fmt.Sprintf(`<p class="flash">%s</p>`, html.EscapeString(c.Value))
} }
res.Header().Set("Content-Type", "text/html; charset=utf-8") res.Header().Set("Content-Type", "text/html; charset=utf-8")
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)

9
server/plugin/plg_authenticate_htpasswd/index.go
View file

@ -5,15 +5,16 @@ import (
"crypto/subtle" "crypto/subtle"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
. "github.com/mickael-kerjean/filestash/server/common" "html"
"net/http"
"strings"
. "github.com/mickael-kerjean/filestash/server/common"
"github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt" "github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt"
"github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/apr1_crypt" "github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/apr1_crypt"
"github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/md5_crypt" "github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/md5_crypt"
"github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/sha256_crypt" "github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/sha256_crypt"
"github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/sha512_crypt" "github.com/mickael-kerjean/filestash/server/plugin/plg_authenticate_htpasswd/deps/crypt/sha512_crypt"
"net/http"
"strings"
) )
func init() { func init() {
@ -65,7 +66,7 @@ func (this Htpasswd) EntryPoint(idpParams map[string]string, req *http.Request,
MaxAge: -1, MaxAge: -1,
Path: "/", Path: "/",
}) })
return fmt.Sprintf(`<p class="flash">%s</p>`, c.Value) return fmt.Sprintf(`<p class="flash">%s</p>`, html.EscapeString(c.Value))
} }
res.Header().Set("Content-Type", "text/html; charset=utf-8") res.Header().Set("Content-Type", "text/html; charset=utf-8")
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)

3
server/plugin/plg_authenticate_local/auth.go
View file

@ -5,6 +5,7 @@ import (
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"html"
"image/png" "image/png"
"net/http" "net/http"
"text/template" "text/template"
@ -93,7 +94,7 @@ func (this SimpleAuth) EntryPoint(idpParams map[string]string, req *http.Request
MaxAge: -1, MaxAge: -1,
Path: "/", Path: "/",
}) })
return fmt.Sprintf(`<p class="flash">%s</p>`, c.Value) return fmt.Sprintf(`<p class="flash">%s</p>`, html.EscapeString(c.Value))
} }
res.Header().Set("Content-Type", "text/html; charset=utf-8") res.Header().Set("Content-Type", "text/html; charset=utf-8")
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)

2
server/plugin/plg_authenticate_local/handler.go
View file

@ -2,9 +2,9 @@ package plg_authenticate_local
import ( import (
_ "embed" _ "embed"
"html/template"
"net/http" "net/http"
"net/url" "net/url"
"text/template"
. "github.com/mickael-kerjean/filestash/server/common" . "github.com/mickael-kerjean/filestash/server/common"
) )

43
server/plugin/plg_authenticate_passthrough/index.go
View file

@ -2,8 +2,10 @@ package plg_authenticate_passthrough
import ( import (
"fmt" "fmt"
. "github.com/mickael-kerjean/filestash/server/common" "html"
"net/http" "net/http"
. "github.com/mickael-kerjean/filestash/server/common"
) )
func init() { func init() {
@ -36,32 +38,37 @@ func (this Admin) Setup() Form {
func (this Admin) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error { func (this Admin) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error {
res.Header().Set("Content-Type", "text/html; charset=utf-8") res.Header().Set("Content-Type", "text/html; charset=utf-8")
getParams := "?label=" + req.URL.Query().Get("label") + "&state=" + req.URL.Query().Get("state") getParams := "?label=" + html.EscapeString(req.URL.Query().Get("label")) + "&state=" + html.EscapeString(req.URL.Query().Get("state"))
switch idpParams["strategy"] { switch idpParams["strategy"] {
case "direct": case "direct":
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)
res.Write([]byte(Page(`<h2 style="display:none;">PASSTHROUGH</h2><script>location.href = "` + WithBase("/api/session/auth/") + getParams + `"</script>`))) res.Write([]byte(Page(`
<form action="` + WithBase("/api/session/auth/"+getParams) + `" method="post"></form>
<script>document.querySelector("form").submit();</script>
`)))
case "password_only": case "password_only":
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)
res.Write([]byte(Page(` res.Write([]byte(Page(`
<form action="` + WithBase("/api/session/auth/"+getParams) + `" method="post"> <form action="` + WithBase("/api/session/auth/"+getParams) + `" method="post">
<label> <label>
<input type="password" name="password" value="" placeholder="Password" /> <input type="password" name="password" value="" placeholder="Password" />
</label> </label>
<button>CONNECT</button> <button>CONNECT</button>
</form>`))) </form>
`)))
case "username_and_password": case "username_and_password":
res.WriteHeader(http.StatusOK) res.WriteHeader(http.StatusOK)
res.Write([]byte(Page(` res.Write([]byte(Page(`
<form action="` + WithBase("/api/session/auth/"+getParams) + `" method="post"> <form action="` + WithBase("/api/session/auth/"+getParams) + `" method="post">
<label> <label>
<input type="text" name="user" value="" placeholder="User" /> <input type="text" name="user" value="" placeholder="User" />
</label> </label>
<label> <label>
<input type="password" name="password" value="" placeholder="Password" /> <input type="password" name="password" value="" placeholder="Password" />
</label> </label>
<button>CONNECT</button> <button>CONNECT</button>
</form>`))) </form>
`)))
default: default:
res.WriteHeader(http.StatusNotFound) res.WriteHeader(http.StatusNotFound)
res.Write([]byte(Page(fmt.Sprintf("Unknown strategy: '%s'", idpParams["strategy"])))) res.Write([]byte(Page(fmt.Sprintf("Unknown strategy: '%s'", idpParams["strategy"]))))