Configure directory listing

cmd/path.go

@@ -5,6 +5,7 @@ package cmd
 import (
 	"errors"
 
+	"github.com/loophole/cli/config"
 	"github.com/loophole/cli/internal/app/loophole"
 	lm "github.com/loophole/cli/internal/app/loophole/models"
 	"github.com/loophole/cli/internal/pkg/communication"
@@ -32,8 +33,9 @@ To expose local directory (e.g. /data/my-data) simply use 'loophole path /data/m
 		quitChannel := make(chan bool)
 
 		exposeConfig := lm.ExposeDirectoryConfig{
-			Local:  dirEndpointSpecs,
-			Remote: remoteEndpointSpecs,
+			Local:                   dirEndpointSpecs,
+			Remote:                  remoteEndpointSpecs,
+			DisableDirectoryListing: config.Config.Display.DisableDirectoryListing,
 		}
 
 		authMethod, err := loophole.RegisterTunnel(&exposeConfig.Remote)
@@ -55,6 +57,7 @@ To expose local directory (e.g. /data/my-data) simply use 'loophole path /data/m
 }
 
 func init() {
+	dirCmd.PersistentFlags().BoolVar(&config.Config.Display.DisableDirectoryListing, "disable-directory-listing", false, "Disable showing all files when navigating to directories without index.html")
 	initServeCommand(dirCmd)
 	rootCmd.AddCommand(dirCmd)
 }

config/config.go

@@ -15,8 +15,9 @@ type OAuthConfig struct {
 
 // DisplayConfig defines the display switches shape
 type DisplayConfig struct {
-	Verbose bool `json:"verbose"`
-	QR      bool `json:"qr"`
+	DisableDirectoryListing bool `json:"disabledirectorylisting"`
+	Verbose                 bool `json:"verbose"`
+	QR                      bool `json:"qr"`
 }
 
 // ApplicationConfig defines the application config shape

internal/app/loophole/models/ExposeDirectoryConfig.go

@@ -2,6 +2,7 @@ package models
 
 // ExposeDirectoryConfig represents loophole configuration when directory is exposed
 type ExposeDirectoryConfig struct {
-	Local  LocalDirectorySpecs `json:"local"`
-	Remote RemoteEndpointSpecs `json:"remote"`
+	Local                   LocalDirectorySpecs `json:"local"`
+	Remote                  RemoteEndpointSpecs `json:"remote"`
+	DisableDirectoryListing bool                `json:"deactivatedirectorylisting"`
 }

internal/pkg/customfilesystem/customfilesystem.go

@@ -0,0 +1,75 @@
+//necessary bits and pieces for being able to serve e.g. the custom notification html
+// without needing to create files in the users folders
+package customfilesystem
+
+import (
+	"bytes"
+	"errors"
+	"io/fs"
+	"net/http"
+	"path/filepath"
+)
+
+var DirectoryListingDisabledPage = []byte("<!DOCTYPE html><html><body><img src=\"https://raw.githubusercontent.com/loophole/website/master/static/img/logo.png\" alt=\"https://raw.githubusercontent.com/loophole/website/master/static/img/logo.png\" class=\"transparent shrinkToFit\" width=\"400\" height=\"88\"><p>Directory index listing has been disabled. Please enter the path of a file.</p></body></html>")
+
+type CustomFileSystem struct {
+	FS http.FileSystem
+}
+
+//the file cannot be reused since it's io.Reader can only be read from once,
+// so we need a reusable way to create it
+func writeDirectoryListingDisabledPageFile(pageFile *MyFile) {
+	*pageFile = MyFile{
+		Reader: bytes.NewReader(DirectoryListingDisabledPage),
+		mif: myFileInfo{
+			name: "customIndex.html",
+			data: DirectoryListingDisabledPage,
+		},
+	}
+}
+
+func (cfs CustomFileSystem) Open(path string) (http.File, error) {
+	f, err := _Open(path, cfs)
+
+	if err != nil {
+		var pathErrorInstance error = &fs.PathError{
+			Err: errors.New(""),
+		}
+		if errors.As(err, &pathErrorInstance) {
+			return nil, err
+		}
+		var pageFile *MyFile = &MyFile{}
+		writeDirectoryListingDisabledPageFile(pageFile)
+		return pageFile, nil
+	}
+	return f, nil
+}
+
+//if there is an elegant way to integrate the following into the function above without
+// using labeled breaks or adding even more control structures let me know
+func _Open(path string, cfs CustomFileSystem) (http.File, error) {
+	f, err := cfs.FS.Open(path)
+	if err != nil {
+		if path == "/" {
+			var pageFile *MyFile = &MyFile{}
+			writeDirectoryListingDisabledPageFile(pageFile)
+			return pageFile, nil
+		}
+		return nil, err
+	}
+
+	s, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+
+	if s.IsDir() {
+		index := filepath.Join(path, "index.html")
+		if _, err := cfs.FS.Open(index); err != nil {
+			var pageFile *MyFile = &MyFile{}
+			writeDirectoryListingDisabledPageFile(pageFile)
+			return pageFile, nil
+		}
+	}
+	return f, nil
+}

internal/pkg/customfilesystem/file.go

@@ -0,0 +1,44 @@
+//taken from https://stackoverflow.com/questions/52697277/simples-way-to-make-a-byte-into-a-virtual-file-object-in-golang
+package customfilesystem
+
+import (
+	"bytes"
+	"io"
+	"os"
+	"time"
+)
+
+type File interface {
+	io.Closer
+	io.Reader
+	io.Seeker
+	Readdir(count int) ([]os.FileInfo, error)
+	Stat() (os.FileInfo, error)
+}
+
+type myFileInfo struct {
+	name string
+	data []byte
+}
+
+func (mif myFileInfo) Name() string       { return mif.name }
+func (mif myFileInfo) Size() int64        { return int64(len(mif.data)) }
+func (mif myFileInfo) Mode() os.FileMode  { return 0444 }        // Read for all
+func (mif myFileInfo) ModTime() time.Time { return time.Time{} } // Return anything
+func (mif myFileInfo) IsDir() bool        { return false }
+func (mif myFileInfo) Sys() interface{}   { return nil }
+
+type MyFile struct {
+	*bytes.Reader
+	mif myFileInfo
+}
+
+func (mf *MyFile) Close() error { return nil } // Noop, nothing to do
+
+func (mf *MyFile) Readdir(count int) ([]os.FileInfo, error) {
+	return nil, nil // We are not a directory but a single file
+}
+
+func (mf *MyFile) Stat() (os.FileInfo, error) {
+	return mf.mif, nil
+}

internal/pkg/httpserver/httpserver.go

@@ -1,15 +1,19 @@
 package httpserver
 
 import (
+	"bytes"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"time"
 
 	auth "github.com/abbot/go-http-auth"
+	"github.com/loophole/cli/config"
 	lm "github.com/loophole/cli/internal/app/loophole/models"
+	cfs "github.com/loophole/cli/internal/pkg/customfilesystem"
 	"github.com/loophole/cli/internal/pkg/urlmaker"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/net/webdav"
@@ -188,13 +192,39 @@ func (ssb *staticServerBuilder) WithBasicAuth(username string, password string)
 	return ssb
 }
 
+func serveDirectoryListingNotification(w http.ResponseWriter, req *http.Request) {
+	customPageSeeker := bytes.NewReader(cfs.DirectoryListingDisabledPage)
+	http.ServeContent(w, req, "name", time.Now(), customPageSeeker)
+}
+
+//this could break desktop but I haven't been able to figure out another way yet
+var fsHandler http.Handler = nil
+var fsHandlerIsCustom = false
+
+//handler functions may only take these arguments, so we need variables outside of it to make it's behaviour conditional
+func conditionalHandler(w http.ResponseWriter, req *http.Request) {
+	if req.URL.Path == "/" && fsHandlerIsCustom {
+		serveDirectoryListingNotification(w, req)
+	} else {
+		fsHandler.ServeHTTP(w, req)
+	}
+}
+
 func (ssb *staticServerBuilder) Build() (*http.Server, error) {
-	fs := http.FileServer(http.Dir(ssb.directory))
+	if config.Config.Display.DisableDirectoryListing {
+		fsHandler = http.FileServer(cfs.CustomFileSystem{
+			FS: http.Dir(ssb.directory),
+		})
+		fsHandlerIsCustom = true
+	} else {
+		fsHandler = http.FileServer(http.Dir(ssb.directory))
+		fsHandlerIsCustom = false
+	}
 
 	var server *http.Server
 
 	if ssb.basicAuthEnabled {
-		handler, err := getBasicAuthHandler(ssb.serverBuilder.siteID, ssb.serverBuilder.domain, ssb.basicAuthUsername, ssb.basicAuthPassword, fs.ServeHTTP)
+		handler, err := getBasicAuthHandler(ssb.serverBuilder.siteID, ssb.serverBuilder.domain, ssb.basicAuthUsername, ssb.basicAuthPassword, conditionalHandler)
 		if err != nil {
 			return nil, err
 		}
@@ -205,7 +235,7 @@ func (ssb *staticServerBuilder) Build() (*http.Server, error) {
 		}
 	} else {
 		server = &http.Server{
-			Handler:   fs,
+			Handler:   http.HandlerFunc(conditionalHandler),
 			TLSConfig: getTLSConfig(ssb.serverBuilder.siteID, ssb.serverBuilder.domain, ssb.serverBuilder.disableOldCiphers),
 		}
 	}

ui/desktop/src/components/form/DirectorySettings.tsx

@@ -0,0 +1,31 @@
+import React from "react";
+
+interface DirectorySettingsProps {
+  usingValue: boolean;
+  usingChangeCallback: Function;
+}
+
+const DirectorySettings = (props: DirectorySettingsProps): JSX.Element => {
+  const disableDirectoryListing = props.usingValue;
+  const setDisableDirectoryListing = props.usingChangeCallback;
+
+  return (
+    <div>
+      <div className="field">
+        <div className="control">
+          <label className="checkbox">
+            <input
+              type="checkbox"
+              onChange={(e) => {
+                setDisableDirectoryListing(!disableDirectoryListing);
+              }}
+            />{" "}
+            I want to disable Directory Listing
+          </label>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default DirectorySettings;

ui/desktop/src/interfaces/ExposeDirectoryMessage.ts

@@ -5,4 +5,5 @@ import RemoteEndpointSpecs from './RemoteEndpointSpecs';
 export default interface ExposeDirectoryMessage {
 	local:   LocalDirectorySpecs;
 	remote:  RemoteEndpointSpecs;
+	deactivatedirectorylisting: boolean;
 }

ui/desktop/src/pages/Directory.tsx

@@ -19,6 +19,7 @@ import {
   isLocalPathValid,
   isLoopholeHostnameValid,
 } from "../features/validator/validators";
+import DirectorySettings from "../components/form/DirectorySettings";
 
 const DirectoryPage = () => {
   const dispatch = useDispatch();
@@ -31,6 +32,7 @@ const DirectoryPage = () => {
   const [basicAuthUsername, setBasicAuthUsername] = useState("");
   const [basicAuthPassword, setBasicAuthPassword] = useState("");
   const [disableOldCiphers, setDisableOldCiphers] = useState(false);
+  const [disableDirectoryListing, setDisableDirectoryListing] = useState(false);
 
   const areInputsValid = (): boolean => {
     if (!isLocalPathValid(path)) return false;
@@ -55,6 +57,7 @@ const DirectoryPage = () => {
         disableOldCiphers: false,
         tunnelId: uuidv4(),
       },
+      deactivatedirectorylisting: disableDirectoryListing
     };
     if (usingCustomHostname) {
       options.remote.siteId = customHostname;
@@ -122,6 +125,13 @@ const DirectoryPage = () => {
                 </div>
               </div>
             </div>
+            <div className="column is-12">
+              <h5 className="title is-5">Directory Listing</h5>
+              <DirectorySettings
+                usingValue={disableDirectoryListing}
+                usingChangeCallback={setDisableDirectoryListing}
+              />
+            </div>
             <div className="column is-12">
               <div className="field is-grouped is-pulled-right">
                 <div className="control">

ui/desktop/src/pages/WebDav.tsx

@@ -55,6 +55,7 @@ const WebDav = () => {
         disableOldCiphers: false,
         tunnelId: uuidv4(),
       },
+      deactivatedirectorylisting: false,
     };
     if (usingCustomHostname) {
       options.remote.siteId = customHostname;

ui/ui.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/gorilla/websocket"
 
+	"github.com/loophole/cli/config"
 	"github.com/loophole/cli/internal/app/loophole"
 	lm "github.com/loophole/cli/internal/app/loophole/models"
 	"github.com/loophole/cli/internal/pkg/cache"
@@ -98,6 +99,7 @@ func websocketHandler(w http.ResponseWriter, r *http.Request) {
 				communication.Warn(err.Error())
 			}
 
+			config.Config.Display.DisableDirectoryListing = exposeDirectoryConfig.DisableDirectoryListing
 			tunnelQuitChannel := make(chan bool)
 			go func() {
 				sshDir := cache.GetLocalStorageDir(".ssh") //getting our sshDir and creating it, if it doesn't exist