// Copyright (c) 2018, Andreas Schneider // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are met: // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // * Neither the name of the nor the // names of its contributors may be used to endorse or promote products // derived from this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE // DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND // ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. package main import ( "context" "flag" "fmt" "github.com/go-chi/chi" pwgen "github.com/sethvargo/go-password/password" "golang.org/x/crypto/bcrypt" "golang.org/x/net/webdav" "math/rand" "net/http" "time" ) var configFile = flag.String("config", "sharedav.yaml", "Config file to be used.") var genPassword = flag.Bool("genpass", false, "If set, a password will be generated and hashed.") var hashPassword = flag.String("hashpass", "", "If set, the given password will be hashed.") func main() { flag.Parse() if *genPassword { // math.rand is not secure. For determining the number of digits in a password // it should suffice, though. rand.Seed(time.Now().UnixNano()) pwLen := 32 pw, err := pwgen.Generate(pwLen, rand.Intn(pwLen/2), 0, false, true) if err != nil { panic(err) } hash, err := bcrypt.GenerateFromPassword([]byte(pw), 0) if err != nil { panic(err) } fmt.Printf("Password: %s\n", pw) fmt.Printf(" Hash: %s\n", hash) return } else if *hashPassword != "" { hash, err := bcrypt.GenerateFromPassword([]byte(*hashPassword), 0) if err != nil { panic(err) } fmt.Println(string(hash)) return } c := LoadConfig(*configFile) h := &webdav.Handler{} h.Prefix = "/share/" h.LockSystem = webdav.NewMemLS() h.FileSystem = BaseDir(c.BaseDirectory) authenticatedWebdavHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { username, password, ok := r.BasicAuth() directory := "" if ok { ok, directory = c.ValidateDAVUser(username, password) } if !ok { w.Header().Set("WWW-Authenticate", `Basic realm="ShareDAV"`) http.Error(w, "unauthorized", http.StatusUnauthorized) return } shareName := chi.URLParam(r, "share") directoryMapping := DirectoryMapping{ VirtualName: shareName, RealName: directory, } // Use the WebDAV handler to actually serve the request. Also enhance the context // to contain the subdirectory (of the base directory) which contains the data for // the authenticated user. h.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), "mapping", &directoryMapping))) }) r := chi.NewRouter() r.Handle("/share/{share}/*", authenticatedWebdavHandler) http.ListenAndServe(c.ListenAddress, r) }