mirror of
https://github.com/Luzifer/twitch-manager.git
synced 2024-11-09 18:00:05 +00:00
Fix: Do not allow git dir to be exposed
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
f2082d4928
commit
42749b2501
2 changed files with 13 additions and 0 deletions
|
@ -7,6 +7,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"sort"
|
"sort"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
@ -62,6 +63,11 @@ func (a *assetVersionStore) UpdateAssetHashes(dir string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if strings.Contains(path, ".git/") {
|
||||||
|
// We shouldn't include .git dir in hashes
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
hash := sha256.New()
|
hash := sha256.New()
|
||||||
f, err := os.Open(path)
|
f, err := os.Open(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
7
main.go
7
main.go
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gofrs/uuid"
|
"github.com/gofrs/uuid"
|
||||||
|
@ -73,6 +74,12 @@ func main() {
|
||||||
registerAPI(router)
|
registerAPI(router)
|
||||||
|
|
||||||
router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if strings.Contains(r.RequestURI, "/.git/") {
|
||||||
|
// Prevent git dir to be exposed
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
w.Header().Set("Cache-Control", "no-cache")
|
w.Header().Set("Cache-Control", "no-cache")
|
||||||
assetServer.ServeHTTP(w, r)
|
assetServer.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue