package handler import ( "encoding/json" "log/slog" "net/http" "os" "path/filepath" "strings" "codeberg.org/VARASYS/ZDDC/zddc/internal/apps" "codeberg.org/VARASYS/ZDDC/zddc/internal/config" appfs "codeberg.org/VARASYS/ZDDC/zddc/internal/fs" "codeberg.org/VARASYS/ZDDC/zddc/internal/zddc" ) // safeJoin joins fsRoot and relPath, then verifies the result is under fsRoot. // Returns ("", false) if relPath would escape fsRoot. func safeJoin(fsRoot, relPath string) (string, bool) { abs := filepath.Join(fsRoot, filepath.FromSlash(relPath)) if !strings.HasPrefix(abs, fsRoot+string(filepath.Separator)) && abs != fsRoot { return "", false } return abs, true } // ServeDirectory handles a request for a directory path. // If Accept: application/json → return Caddy-compatible JSON listing. // Otherwise → return minimal HTML. func ServeDirectory(cfg config.Config, w http.ResponseWriter, r *http.Request) { urlPath := r.URL.Path if !strings.HasSuffix(urlPath, "/") { http.Redirect(w, r, urlPath+"/", http.StatusMovedPermanently) return } email := EmailFromContext(r) // Compute relative dir path (no leading or trailing slash) dirPath := strings.TrimPrefix(urlPath, "/") dirPath = strings.TrimSuffix(dirPath, "/") // ACL check on this directory itself absDir, ok := safeJoin(cfg.Root, dirPath) if !ok { http.Error(w, "Not Found", http.StatusNotFound) return } chain, err := zddc.EffectivePolicy(cfg.Root, absDir) if err != nil { slog.Warn("ACL policy error", "path", absDir, "err", err) } if !zddc.AllowedWithChain(chain, email) { http.Error(w, "Forbidden", http.StatusForbidden) return } accept := r.Header.Get("Accept") // For HTML requests, serve index.html if present (landing page convention) if !strings.Contains(accept, "application/json") { indexPath := filepath.Join(absDir, "index.html") if info, err := os.Stat(indexPath); err == nil && !info.IsDir() { ServeFile(w, r, indexPath) return } } // Build base URL for listing entries baseURL := urlPath // relative URLs suffice for JSON listings entries, err := appfs.ListDirectory(cfg.Root, dirPath, email, baseURL) if err != nil { if os.IsNotExist(err) { http.Error(w, "Not Found", http.StatusNotFound) } else { slog.Error("listing directory", "path", dirPath, "err", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) } return } // Vary: Accept is critical — the same URL serves either the JSON // listing or the embedded browse.html depending on the Accept // header. Without Vary, browsers/CDNs cache one response and // serve it for the other Accept value, breaking browse.html's // auto-detect (which fetches the same URL with Accept: JSON). w.Header().Set("Vary", "Accept") if strings.Contains(accept, "application/json") { w.Header().Set("Content-Type", "application/json") w.Header().Set("Cache-Control", "no-cache") if err := json.NewEncoder(w).Encode(entries); err != nil { slog.Error("encoding directory listing", "err", err) } return } // Browser HTML fallback: serve the embedded `browse` tool. It's a // single-file SPA whose autoDetectServerMode loads the JSON listing // for the current directory and renders it as a sortable, filterable // tree. Same bytes that get served at //browse.html — but at // the bare directory URL too, so any zddc-served folder presents a // usable file browser to anyone who navigates to it. body := apps.EmbeddedBytes("browse") if len(body) == 0 { // Bootstrap state: a fresh build hasn't populated browse.html // into the embed yet. Fall through to JSON for clients that // will still parse it. w.Header().Set("Content-Type", "application/json") w.Header().Set("Cache-Control", "no-cache") if err := json.NewEncoder(w).Encode(entries); err != nil { slog.Error("encoding directory listing (no-embed fallback)", "err", err) } return } w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("X-ZDDC-Source", "embedded:browse") // no-cache here too — browse.html has session-tied content (the // directory listing it loads via fetch), and we want browser to // always re-validate so deployed-binary updates appear immediately // rather than after a 5-minute cache window. w.Header().Set("Cache-Control", "no-cache") _, _ = w.Write(body) }