visionmercer/isosilo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added safety and color

Browse source
This commit is contained in:
visionmercer 2026-04-20 11:56:24 +02:00
commit 25d607e68c
3 changed files with 129 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

41
internal/handlers/handlers.go
View file

@ -205,7 +205,36 @@ func (h *Handler) DownloadFile(w http.ResponseWriter, r *http.Request) {
func (h *Handler) RawFile(w http.ResponseWriter, r *http.Request) { func (h *Handler) RawFile(w http.ResponseWriter, r *http.Request) {
fileName := strings.TrimPrefix(r.URL.Path, "/raw/") fileName := strings.TrimPrefix(r.URL.Path, "/raw/")
http.ServeFile(w, r, filepath.Join(h.dir, fileName))
// Security: Prevent path traversal attacks
if fileName == "" || strings.Contains(fileName, "..") || strings.HasPrefix(fileName, "/") {
http.Error(w, "Invalid path", http.StatusBadRequest)
return
}
// Clean the path to prevent any directory traversal
cleanPath := filepath.Clean(fileName)
if strings.Contains(cleanPath, "..") {
http.Error(w, "Invalid path", http.StatusBadRequest)
return
}
fullPath := filepath.Join(h.dir, cleanPath)
// Verify the file exists and is within the allowed directory
fileInfo, err := os.Stat(fullPath)
if err != nil {
http.Error(w, "File not found", http.StatusNotFound)
return
}
// Ensure it's not a directory
if fileInfo.IsDir() {
http.Error(w, "Not found", http.StatusNotFound)
return
}
http.ServeFile(w, r, fullPath)
} }
func (h *Handler) ServeStatic(w http.ResponseWriter, r *http.Request) { func (h *Handler) ServeStatic(w http.ResponseWriter, r *http.Request) {
@ -318,10 +347,18 @@ func fileIcon(name string) string {
return "💿" return "💿"
case ".pdf": case ".pdf":
return "📄" return "📄"
case ".jpg", ".png", ".jpeg": case ".jpg", ".png", ".jpeg", ".gif", ".pcx", ".bmp":
return "🖼️" return "🖼️"
case ".txt", ".md": case ".txt", ".md":
return "📝" return "📝"
case ".mp3", ".mod", ".ogg", ".wav", ".flac":
return "🎵"
case ".mp4", ".avi", ".mov":
return "🎬"
case ".zip", ".rar", ".7z":
return "📦"
case ".exe", ".msi":
return "📦"
default: default:
return "📄" return "📄"
} }

23
static/css/style.css
View file

@ -12,7 +12,10 @@
body { body {
background: var(--bg); background: var(--bg);
color: var(--text); color: var(--text);
font-family: system-ui, -apple-system, sans-serif; font-family:
system-ui,
-apple-system,
sans-serif;
margin: 0; margin: 0;
} }
@ -26,7 +29,7 @@ header {
} }
.logo { .logo {
color: var(--accent); color: var(--text);
font-weight: bold; font-weight: bold;
text-decoration: none; text-decoration: none;
font-family: monospace; font-family: monospace;
@ -95,7 +98,7 @@ main {
.card-name { .card-name {
font-weight: bold; font-weight: bold;
color: var(--accent); color: var(--text);
margin-bottom: 0.5rem; margin-bottom: 0.5rem;
display: block; display: block;
overflow: hidden; overflow: hidden;
@ -103,6 +106,10 @@ main {
white-space: nowrap; white-space: nowrap;
} }
.card-name:hover {
color: var(--accent);
}
.card-desc { .card-desc {
font-size: 0.8rem; font-size: 0.8rem;
color: var(--muted); color: var(--muted);
@ -120,10 +127,14 @@ main {
} }
.bc a { .bc a {
color: var(--accent); color: var(--text);
text-decoration: none; text-decoration: none;
} }
.bc a:hover {
color: var(--accent);
}
.tbl { .tbl {
width: 100%; width: 100%;
border-collapse: collapse; border-collapse: collapse;
@ -159,7 +170,9 @@ main {
cursor: pointer; cursor: pointer;
display: inline-flex; display: inline-flex;
align-items: center; align-items: center;
transition: background 0.2s, color 0.2s; transition:
background 0.2s,
color 0.2s;
} }
.btn:hover { .btn:hover {

54
templates/browse.html
View file

@ -1,23 +1,61 @@
<!DOCTYPE html> <!doctype html>
<html> <html>
<head><title>{{.Title}}</title><link rel="stylesheet" href="/static/css/style.css"></head> <head>
<title>{{.Title}}</title>
<link rel="stylesheet" href="/static/css/style.css" />
</head>
<body> <body>
<header><a class="logo" href="/">💿 ISOSilo</a></header> <header><a class="logo" href="/">💿 ISOSilo</a></header>
<main> <main>
<nav class="bc"> <nav class="bc">
{{range $i, $c := .Breadcrumbs}}<a href="{{$c.URL}}">{{$c.Name}}</a> {{if lt (add1 $i) (len $.Breadcrumbs)}}/{{end}} {{end}} {{range $i, $c := .Breadcrumbs}}<a href="{{$c.URL}}"
>{{$c.Name}}</a
>
{{if lt (add1 $i) (len $.Breadcrumbs)}}/{{end}} {{end}}
</nav> </nav>
<table class="tbl"> <table class="tbl">
<thead><tr><th>Name</th><th>Size</th><th>Action</th></tr></thead> <thead>
<tr>
<th>Name</th>
<th>Size</th>
<th>Action</th>
</tr>
</thead>
<tbody> <tbody>
{{range .Entries}} {{range .Entries}}
<tr> <tr>
<td> <td>
{{if .IsDir}}📁 <a href="/browse/{{urlenc $.ISOName}}/{{urlenc .Path}}" style="color:var(--text); text-decoration:none;">{{.Name}}</a> {{if .IsDir}}📁
{{else}}{{fileIcon .Name}} <a href="/file/{{urlenc $.ISOName}}/{{urlenc .Path}}" target="_blank" style="color:var(--text); text-decoration:none;">{{.Name}}</a>{{end}} <a
href="/browse/{{urlenc $.ISOName}}/{{urlenc .Path}}"
style="
color: var(--text);
text-decoration: none;
"
>{{.Name}}</a
>
{{else}}{{fileIcon .Name}}
<a
href="/file/{{urlenc $.ISOName}}/{{urlenc .Path}}"
target="_blank"
style="
color: var(--text);
text-decoration: none;
"
>{{.Name}}</a
>{{end}}
</td>
<td>
{{if .IsDir}}—{{else}}{{humanSize .Size}}{{end}}
</td>
<td>
{{if not .IsDir}}<a
href="/file/{{urlenc $.ISOName}}/{{urlenc .Path}}"
class="btn"
download
>Download</a
>{{end}}
</td> </td>
<td>{{if .IsDir}}—{{else}}{{humanSize .Size}}{{end}}</td>
<td>{{if not .IsDir}}<a href="/file/{{urlenc $.ISOName}}/{{urlenc .Path}}" class="dl-btn" download>Download</a>{{end}}</td>
</tr> </tr>
{{end}} {{end}}
</tbody> </tbody>