当前位置: 动力学知识库 > 问答 > 编程问答 >

How to avoid serving template files by Go

问题描述:

I'm writting small website on Go, and i found some problems, that i dont know how to solve. So...

The basic idea is to have one single folder for themes, called /themes/ where we will put all our themes, f.e. classic, modern, etc.

The directory tree will looks like:

/themes/

classic/

index.html

header.html

footer.html

css/

style.css

js/

lib.js

modern/

index.html

header.html

footer.html

css/

style.css

js/

lib.js

So, my http handlers:

func main() {

reloadConfig()

http.HandleFunc("/", homeHandler)

http.HandleFunc("/reloadConfigHandler/", reloadConfigHandler)

// TODO: Theme loads html files also

http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("themes/"+config.Theme+"/"))))

http.ListenAndServe(":80", nil)

}

The Problem

The problem is that my templates files can be opened from the outside, if i open path http://localhost/static/index.html, so i need solution to:

  1. Deny /static/, show 404.
  2. Deny /static/*.html, show 404.
  3. Allow /static/{folder_name}/{file_name} so in future i can add img folder or fonts folder, and content inside of them will be served by server to client.

Thanks in advice.

网友答案:

Easy way is to implement your own http.FileSystem:

type fileSystem struct {
    http.FileSystem
}

func (fs fileSystem) Open(name string) (http.File, error) {
    f, err := fs.FileSystem.Open(name)
    if err != nil {
        return nil, err
    }

    stat, err := f.Stat()
    if err != nil {
        return nil, err
    }

    // This denies access to the directory listing
    if stat.IsDir() {
        return nil, os.ErrNotExist
    }

    // This denies access to anything but <prefix>/css/...
    if !strings.HasPrefix(name, "/css/") {
        return nil, os.ErrNotExist
    }

    return f, nil
}

Now you can use it in your main like so:

fs := http.FileServer(fileSystem{http.Dir("themes/"+config.Theme+"/")})    
http.Handle("/static/", http.StripPrefix("/static/", fs))
分享给朋友:
您可能感兴趣的文章:
随机阅读: