mirror of
https://github.com/Luzifer/twitch-manager.git
synced 2024-12-20 20:01:18 +00:00
Fix: Do not allow git dir to be exposed
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
f2082d4928
commit
42749b2501
2 changed files with 13 additions and 0 deletions
|
@ -7,6 +7,7 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
@ -62,6 +63,11 @@ func (a *assetVersionStore) UpdateAssetHashes(dir string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if strings.Contains(path, ".git/") {
|
||||
// We shouldn't include .git dir in hashes
|
||||
return nil
|
||||
}
|
||||
|
||||
hash := sha256.New()
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
|
|
7
main.go
7
main.go
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gofrs/uuid"
|
||||
|
@ -73,6 +74,12 @@ func main() {
|
|||
registerAPI(router)
|
||||
|
||||
router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if strings.Contains(r.RequestURI, "/.git/") {
|
||||
// Prevent git dir to be exposed
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Cache-Control", "no-cache")
|
||||
assetServer.ServeHTTP(w, r)
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue