src-d#203 src-d#210 Support different root path

Author: Charles-Antoine Mathieu

server/common/config.go

@@ -41,11 +41,14 @@ import (
 
 // Configuration object
 type Configuration struct {
-	LogLevel         string `json:"-"`
-	ListenAddress    string `json:"-"`
-	ListenPort       int    `json:"-"`
-	MaxFileSize      int64  `json:"maxFileSize"`
-	MaxFilePerUpload int    `json:"maxFilePerUpload"`
+	LogLevel string `json:"-"`
+
+	ListenAddress string `json:"-"`
+	ListenPort    int    `json:"-"`
+	Path          string `json:"-"`
+
+	MaxFileSize      int64 `json:"maxFileSize"`
+	MaxFilePerUpload int   `json:"maxFilePerUpload"`
 
 	DefaultTTL int `json:"defaultTTL"`
 	MaxTTL     int `json:"maxTTL"`
@@ -103,8 +106,6 @@ func NewConfiguration() (config *Configuration) {
 	config.DefaultTTL = 2592000 // 30 days
 	config.MaxTTL = 0
 	config.SslEnabled = false
-	config.SslCert = ""
-	config.SslKey = ""
 	config.StreamMode = true
 	return
 }
@@ -114,6 +115,7 @@ func NewConfiguration() (config *Configuration) {
 // override default params
 func LoadConfiguration(file string) {
 	Config = NewConfiguration()
+
 	if _, err := toml.DecodeFile(file, Config); err != nil {
 		Logger().Fatalf("Unable to load config file %s : %s", file, err)
 	}
@@ -125,6 +127,8 @@ func LoadConfiguration(file string) {
 		Logger().SetFlags(logger.Fdate | logger.Flevel | logger.FfixedSizeLevel)
 	}
 
+	Config.Path = strings.TrimSuffix(Config.Path, "/")
+
 	// Do user specified a ApiKey and ApiSecret for Yubikey
 	if Config.YubikeyEnabled {
 		yubiAuth, err := yubigo.NewYubiAuth(Config.YubikeyAPIKey, Config.YubikeyAPISecret)

server/common/context.go

@@ -145,10 +145,36 @@ func Fail(ctx *juliet.Context, req *http.Request, resp http.ResponseWriter, mess
 			}
 		}
 		if redirect {
-			http.Redirect(resp, req, fmt.Sprintf("/#!/?err=%s&errcode=%d&uri=%s", message, status, req.RequestURI), 301)
+			http.Redirect(resp, req, fmt.Sprintf("%s/#!/?err=%s&errcode=%d&uri=%s", Config.Path, message, status, req.RequestURI), 301)
 			return
 		}
 	}
 
 	http.Error(resp, NewResult(message, nil).ToJSONString(), status)
 }
+
+// StripPrefix returns a handler that serves HTTP requests
+// removing the given prefix from the request URL's Path
+// It differs from http.StripPrefix by defaulting to "/" and not ""
+func StripPrefix(prefix string, handler http.Handler) http.Handler {
+	if prefix == "" || prefix == "/" {
+		return handler
+	}
+	return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+		// Relative paths to javascript, css, ... imports won't work without a tailing slash
+		if req.URL.Path == prefix {
+			http.Redirect(resp, req, prefix+"/", 301)
+			return
+		}
+		if p := strings.TrimPrefix(req.URL.Path, prefix); len(p) < len(req.URL.Path) {
+			req.URL.Path = p
+		} else {
+			http.NotFound(resp, req)
+			return
+		}
+		if !strings.HasPrefix(req.URL.Path, "/") {
+			req.URL.Path = "/" + req.URL.Path
+		}
+		handler.ServeHTTP(resp, req)
+	})
+}

server/handlers/google.go

@@ -63,7 +63,7 @@ func GoogleLogin(ctx *juliet.Context, resp http.ResponseWriter, req *http.Reques
 	origin := req.Header.Get("referer")
 	if origin == "" {
 		log.Warning("Missing referer header")
-		common.Fail(ctx, req, resp, "Missing referer herader", 400)
+		common.Fail(ctx, req, resp, "Missing referer header", 400)
 		return
 	}
 
@@ -263,5 +263,5 @@ func GoogleCallback(ctx *juliet.Context, resp http.ResponseWriter, req *http.Req
 	xsrfCookie.Path = "/"
 	http.SetCookie(resp, xsrfCookie)
 
-	http.Redirect(resp, req, "/#!/login", 301)
+	http.Redirect(resp, req, common.Config.Path+"/#!/login", 301)
 }

server/handlers/ovh.go

@@ -107,7 +107,7 @@ func OvhLogin(ctx *juliet.Context, resp http.ResponseWriter, req *http.Request)
 	origin := req.Header.Get("referer")
 	if origin == "" {
 		log.Warning("Missing referer header")
-		common.Fail(ctx, req, resp, "Missing referer herader", 400)
+		common.Fail(ctx, req, resp, "Missing referer header", 400)
 		return
 	}
 
@@ -377,5 +377,5 @@ func OvhCallback(ctx *juliet.Context, resp http.ResponseWriter, req *http.Reques
 	xsrfCookie.Path = "/"
 	http.SetCookie(resp, xsrfCookie)
 
-	http.Redirect(resp, req, "/#!/login", 301)
+	http.Redirect(resp, req, common.Config.Path+"/#!/login", 301)
 }

server/plik.go

@@ -97,39 +97,42 @@ func main() {
 	getFileChain := juliet.NewChain(middleware.Upload, middleware.Yubikey, middleware.File)
 
 	// HTTP Api routes configuration
-	r := mux.NewRouter()
-	r.Handle("/config", stdChain.Then(handlers.GetConfiguration)).Methods("GET")
-	r.Handle("/version", stdChain.Then(handlers.GetVersion)).Methods("GET")
-	r.Handle("/upload", tokenChain.Then(handlers.CreateUpload)).Methods("POST")
-	r.Handle("/upload/{uploadID}", authChain.Append(middleware.Upload).Then(handlers.GetUpload)).Methods("GET")
-	r.Handle("/upload/{uploadID}", authChain.Append(middleware.Upload).Then(handlers.RemoveUpload)).Methods("DELETE")
-	r.Handle("/file/{uploadID}", tokenChain.Append(middleware.Upload).Then(handlers.AddFile)).Methods("POST")
-	r.Handle("/file/{uploadID}/{fileID}/{filename}", tokenChain.Append(middleware.Upload, middleware.File).Then(handlers.AddFile)).Methods("POST")
-	r.Handle("/file/{uploadID}/{fileID}/{filename}", authChain.Append(middleware.Upload, middleware.File).Then(handlers.RemoveFile)).Methods("DELETE")
-	r.Handle("/file/{uploadID}/{fileID}/{filename}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
-	r.Handle("/file/{uploadID}/{fileID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
-	r.Handle("/stream/{uploadID}/{fileID}/{filename}", tokenChain.Append(middleware.Upload, middleware.File).Then(handlers.AddFile)).Methods("POST")
-	r.Handle("/stream/{uploadID}/{fileID}/{filename}", authChain.Append(middleware.Upload, middleware.File).Then(handlers.RemoveFile)).Methods("DELETE")
-	r.Handle("/stream/{uploadID}/{fileID}/{filename}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
-	r.Handle("/stream/{uploadID}/{fileID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
-	r.Handle("/archive/{uploadID}/{filename}", authChainWithRedirect.Append(middleware.Upload, middleware.Yubikey).Then(handlers.GetArchive)).Methods("HEAD", "GET")
-	r.Handle("/archive/{uploadID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.Append(middleware.Upload, middleware.Yubikey).Then(handlers.GetArchive)).Methods("HEAD", "GET")
-	r.Handle("/auth/google/login", authChain.Then(handlers.GoogleLogin)).Methods("GET")
-	r.Handle("/auth/google/callback", stdChainWithRedirect.Then(handlers.GoogleCallback)).Methods("GET")
-	r.Handle("/auth/ovh/login", authChain.Then(handlers.OvhLogin)).Methods("GET")
-	r.Handle("/auth/ovh/callback", stdChainWithRedirect.Then(handlers.OvhCallback)).Methods("GET")
-	r.Handle("/auth/logout", authChain.Then(handlers.Logout)).Methods("GET")
-	r.Handle("/me", authChain.Then(handlers.UserInfo)).Methods("GET")
-	r.Handle("/me", authChain.Then(handlers.DeleteAccount)).Methods("DELETE")
-	r.Handle("/me/token", authChain.Then(handlers.CreateToken)).Methods("POST")
-	r.Handle("/me/token/{token}", authChain.Then(handlers.RevokeToken)).Methods("DELETE")
-	r.Handle("/me/uploads", authChain.Then(handlers.GetUserUploads)).Methods("GET")
-	r.Handle("/me/uploads", authChain.Then(handlers.RemoveUserUploads)).Methods("DELETE")
-	r.Handle("/qrcode", stdChain.Then(handlers.GetQrCode)).Methods("GET")
-	r.PathPrefix("/clients/").Handler(http.StripPrefix("/clients/", http.FileServer(http.Dir("../clients"))))
-	r.PathPrefix("/changelog/").Handler(http.StripPrefix("/changelog/", http.FileServer(http.Dir("../changelog"))))
-	r.PathPrefix("/").Handler(http.FileServer(http.Dir("./public/")))
-	http.Handle("/", r)
+	router := mux.NewRouter()
+	router.Handle("/config", stdChain.Then(handlers.GetConfiguration)).Methods("GET")
+	router.Handle("/version", stdChain.Then(handlers.GetVersion)).Methods("GET")
+	router.Handle("/upload", tokenChain.Then(handlers.CreateUpload)).Methods("POST")
+	router.Handle("/upload/{uploadID}", authChain.Append(middleware.Upload).Then(handlers.GetUpload)).Methods("GET")
+	router.Handle("/upload/{uploadID}", authChain.Append(middleware.Upload).Then(handlers.RemoveUpload)).Methods("DELETE")
+	router.Handle("/file/{uploadID}", tokenChain.Append(middleware.Upload).Then(handlers.AddFile)).Methods("POST")
+	router.Handle("/file/{uploadID}/{fileID}/{filename}", tokenChain.Append(middleware.Upload, middleware.File).Then(handlers.AddFile)).Methods("POST")
+	router.Handle("/file/{uploadID}/{fileID}/{filename}", authChain.Append(middleware.Upload, middleware.File).Then(handlers.RemoveFile)).Methods("DELETE")
+	router.Handle("/file/{uploadID}/{fileID}/{filename}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
+	router.Handle("/file/{uploadID}/{fileID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
+	router.Handle("/stream/{uploadID}/{fileID}/{filename}", tokenChain.Append(middleware.Upload, middleware.File).Then(handlers.AddFile)).Methods("POST")
+	router.Handle("/stream/{uploadID}/{fileID}/{filename}", authChain.Append(middleware.Upload, middleware.File).Then(handlers.RemoveFile)).Methods("DELETE")
+	router.Handle("/stream/{uploadID}/{fileID}/{filename}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
+	router.Handle("/stream/{uploadID}/{fileID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.AppendChain(getFileChain).Then(handlers.GetFile)).Methods("HEAD", "GET")
+	router.Handle("/archive/{uploadID}/{filename}", authChainWithRedirect.Append(middleware.Upload, middleware.Yubikey).Then(handlers.GetArchive)).Methods("HEAD", "GET")
+	router.Handle("/archive/{uploadID}/{filename}/yubikey/{yubikey}", authChainWithRedirect.Append(middleware.Upload, middleware.Yubikey).Then(handlers.GetArchive)).Methods("HEAD", "GET")
+	router.Handle("/auth/google/login", authChain.Then(handlers.GoogleLogin)).Methods("GET")
+	router.Handle("/auth/google/callback", stdChainWithRedirect.Then(handlers.GoogleCallback)).Methods("GET")
+	router.Handle("/auth/ovh/login", authChain.Then(handlers.OvhLogin)).Methods("GET")
+	router.Handle("/auth/ovh/callback", stdChainWithRedirect.Then(handlers.OvhCallback)).Methods("GET")
+	router.Handle("/auth/logout", authChain.Then(handlers.Logout)).Methods("GET")
+	router.Handle("/me", authChain.Then(handlers.UserInfo)).Methods("GET")
+	router.Handle("/me", authChain.Then(handlers.DeleteAccount)).Methods("DELETE")
+	router.Handle("/me/token", authChain.Then(handlers.CreateToken)).Methods("POST")
+	router.Handle("/me/token/{token}", authChain.Then(handlers.RevokeToken)).Methods("DELETE")
+	router.Handle("/me/uploads", authChain.Then(handlers.GetUserUploads)).Methods("GET")
+	router.Handle("/me/uploads", authChain.Then(handlers.RemoveUserUploads)).Methods("DELETE")
+	router.Handle("/qrcode", stdChain.Then(handlers.GetQrCode)).Methods("GET")
+	router.PathPrefix("/clients/").Handler(http.StripPrefix("/clients/", http.FileServer(http.Dir("../clients"))))
+	router.PathPrefix("/changelog/").Handler(http.StripPrefix("/changelog/", http.FileServer(http.Dir("../changelog"))))
+	router.PathPrefix("/").Handler(http.FileServer(http.Dir("./public/")))
+
+	handler := common.StripPrefix(common.Config.Path, router)
+
+	http.Handle("/", handler)
 
 	go UploadsCleaningRoutine()
 
@@ -150,10 +153,10 @@ func main() {
 		}
 
 		tlsConfig := &tls.Config{MinVersion: tls.VersionTLS10, Certificates: []tls.Certificate{cert}}
-		server = &http.Server{Addr: address, Handler: r, TLSConfig: tlsConfig}
+		server = &http.Server{Addr: address, Handler: handler, TLSConfig: tlsConfig}
 	} else {
 		proto = "http"
-		server = &http.Server{Addr: address, Handler: r}
+		server = &http.Server{Addr: address, Handler: handler}
 	}
 
 	log.Infof("Starting http server at %s://%s", proto, address)

server/plikd.cfg

@@ -8,8 +8,11 @@
 #
 
 LogLevel            = "INFO"        # Other levels : DEBUG, INFO, WARNING, CRITICAL, FATAL
-ListenPort          = 8080
-ListenAddress       = "0.0.0.0"
+
+ListenPort          = 8080          # Port the HTTP server will listen on
+ListenAddress       = "0.0.0.0"     # Address the HTTP server will bind on
+Path                = "/"           # Root path for the HTTP server
+
 MaxFileSize         = 10737418240   # 10GB
 MaxFilePerUpload    = 1000
 

server/public/js/app.js

@@ -126,7 +126,7 @@ angular.module('dialog', ['ui.bootstrap']).
 // API Service
 angular.module('api', ['ngFileUpload']).
     factory('$api', function ($http, $q, Upload) {
-        var api = {base: ''};
+        var api = {base: window.location.origin + window.location.pathname.replace(/\/$/, '') };
 
         // Make the actual HTTP call and return a promise
         api.call = function (url, method, params, data, uploadToken) {
@@ -427,9 +427,42 @@ plik.controller('MainCtrl', ['$scope', '$api', '$config', '$route', '$location',
             var err = $location.search().err;
             if (!_.isUndefined(err)) {
                 if (err == "Invalid yubikey token" && $location.search().uri) {
-                    var uri = $location.search().uri.split("/");
-                    $scope.load(uri[2]);
-                    $scope.downloadWithYubikey(location.origin + "/file/" + uri[2] + "/" + uri[3] + "/" + uri[4]);
+                    var uri = $location.search().uri;
+                    if ( !uri ) {
+                        $dialog.alert({status: 0, message: "Unable to get uri from yubikey redirect"});
+                        $location.search({});
+                        $location.hash("");
+                        return;
+                    }
+
+                    // Parse URI
+                    var url = new URL(window.location.origin + uri);
+
+                    var regex = /^.*\/(file|stream|archive)\/(.*?)\/(.*?)\/(.*)$/;
+                    var match = regex.exec(url.pathname);
+                    if ( !match && match.length != 5 ) {
+                        $dialog.alert({status: 0, message: "Unable to get uploadId from yubikey redirect"});
+                        $location.search({});
+                        $location.hash("");
+                        return;
+                    }
+
+                    var mode = match[1];
+                    var uploadId = match[2];
+                    var fileId = match[3];
+                    var fileName = match[4];
+
+                    var download = false;
+                    if (url.searchParams.get("dl") == 1) {
+                        download = true;
+                    }
+
+                    // For now there is nothing preventing us to load the upload at this point.
+                    // But I think that upload metadata should be also be protected by the token.
+                    // And I don't want the user to be asked for two tokens.
+                    // https://github.com/root-gg/plik/issues/215.
+
+                    $scope.downloadWithYubikey(mode, uploadId, fileId, fileName, download);
                 } else {
                     var code = $location.search().errcode;
                     $dialog.alert({status: code, message: err});
@@ -742,12 +775,13 @@ plik.controller('MainCtrl', ['$scope', '$api', '$config', '$route', '$location',
             return filesize(size, {base: 2});
         };
 
-        // Return file download URL
-        $scope.getFileUrl = function (file, dl) {
-            if (!file || !file.metadata) return;
-            var mode = $scope.upload.stream ? "stream" : "file";
-            var domain = $scope.config.downloadDomain ? $scope.config.downloadDomain : location.origin;
-            var url = domain + '/' + mode + '/' + $scope.upload.id + '/' + file.metadata.id + '/' + file.metadata.fileName;
+        // Build file download URL
+        var getFileUrl = function(mode, uploadID, fileID, fileName, yubikeyToken, dl) {
+            var domain = $scope.config.downloadDomain ? $scope.config.downloadDomain : $api.base;
+            var url = domain + '/' + mode + '/' + uploadID + '/' + fileID + '/' + fileName;
+            if (yubikeyToken) {
+                url +=  "/yubikey/" + yubikeyToken
+            }
             if (dl) {
                 // Force file download
                 url += "?dl=1";
@@ -756,22 +790,23 @@ plik.controller('MainCtrl', ['$scope', '$api', '$config', '$route', '$location',
             return encodeURI(url);
         };
 
+        // Return file download URL
+        $scope.getFileUrl = function (file, dl) {
+            if (!file || !file.metadata) return;
+            var mode = $scope.upload.stream ? "stream" : "file";
+            return getFileUrl(mode, $scope.upload.id, file.metadata.id, file.metadata.fileName, null, dl);
+        };
+
         // Return zip archive download URL
         $scope.getZipArchiveUrl = function (dl) {
             if (!$scope.upload.id) return;
-            var domain = $scope.config.downloadDomain ? $scope.config.downloadDomain : location.origin;
-            var url = domain + '/archive/' + $scope.upload.id + '/archive.zip';
-            if (dl) {
-                // Force file download
-                url += "?dl=1";
-            }
-            return encodeURI(url);
+            return getFileUrl("archive", $scope.upload.id, file.metadata.id, "archive.zip", null, dl);
         };
 
         // Return QR Code image url
         $scope.getQrCodeUrl = function (url, size) {
             if (!url) return;
-            return location.origin + "/qrcode?url=" + encodeURIComponent(url) + "&size=" + size;
+            return $api.base + "/qrcode?url=" + encodeURIComponent(url) + "&size=" + size;
         };
 
         // Return QR Code image url for current upload
@@ -852,7 +887,7 @@ plik.controller('MainCtrl', ['$scope', '$api', '$config', '$route', '$location',
         };
 
         // Yubikey OTP download dialog
-        $scope.downloadWithYubikey = function (url) {
+        $scope.downloadWithYubikey = function (mode, uploadID, fileId, fileName, dl) {
             $dialog.openDialog({
                 backdrop: true,
                 backdropClick: true,
@@ -861,7 +896,8 @@ plik.controller('MainCtrl', ['$scope', '$api', '$config', '$route', '$location',
             }).result.then(
                 function (token) {
                     // Redirect to file download URL with yubikey token
-                    window.location.replace(url + '/yubikey/' + token);
+                    var url = getFileUrl(mode, uploadID, fileId, fileName, token, dl);
+                    window.location.replace(url);
                 }, function () {
                     // Avoid "Possibly unhandled rejection"
                 });
@@ -993,6 +1029,10 @@ plik.controller('ClientListCtrl', ['$scope', '$api', '$dialog',
             .then(null, function (error) {
                 $dialog.alert(error);
             });
+
+        $scope.getClientPath = function(client) {
+            return $api.base + client.path;
+        }
     }]);
 
 // Login controller
@@ -1213,12 +1253,12 @@ plik.controller('HomeCtrl', ['$scope', '$api', '$config', '$dialog', '$location'
 
         // Get upload url
         $scope.getUploadUrl = function (upload) {
-            return location.origin + '/#/?id=' + upload.id;
+            return $api.base + '/#/?id=' + upload.id;
         };
 
         // Get file url
         $scope.getFileUrl = function (upload, file) {
-            return location.origin + '/file/' + upload.id + '/' + file.id + '/' + file.fileName;
+            return $api.base + '/file/' + upload.id + '/' + file.id + '/' + file.fileName;
         };
 
         // Compute human readable size