drgdn82648 2017-02-22 17:34
浏览 33
已采纳

如何避免通过Go提供模板文件

I'm writting small website on Go, and i found some problems, that i dont know how to solve. So... The basic idea is to have one single folder for themes, called /themes/ where we will put all our themes, f.e. classic, modern, etc. The directory tree will looks like:

/themes/
    classic/
        index.html
        header.html
        footer.html
        css/
            style.css
        js/
            lib.js
    modern/
        index.html
        header.html
        footer.html
        css/
            style.css
        js/
            lib.js

So, my http handlers: 

func main() {
    reloadConfig()

    http.HandleFunc("/", homeHandler)

    http.HandleFunc("/reloadConfigHandler/", reloadConfigHandler)

    // TODO: Theme loads html files also
    http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("themes/"+config.Theme+"/"))))
    http.ListenAndServe(":80", nil)
}

The Problem

The problem is that my templates files can be opened from the outside, if i open path http://localhost/static/index.html, so i need solution to:

  1. Deny /static/, show 404.
  2. Deny /static/*.html, show 404.
  3. Allow /static/{folder_name}/{file_name} so in future i can add img folder or fonts folder, and content inside of them will be served by server to client.

Thanks in advice.

  • 写回答

1条回答 默认 最新

  • douping5226 2017-02-22 17:54
    关注

    Easy way is to implement your own http.FileSystem:

    type fileSystem struct {
    http.FileSystem
}

func (fs fileSystem) Open(name string) (http.File, error) {
    f, err := fs.FileSystem.Open(name)
    if err != nil {
        return nil, err
    }

    stat, err := f.Stat()
    if err != nil {
        return nil, err
    }

    // This denies access to the directory listing
    if stat.IsDir() {
        return nil, os.ErrNotExist
    }

    // This denies access to anything but <prefix>/css/...
    if !strings.HasPrefix(name, "/css/") {
        return nil, os.ErrNotExist
    }

    return f, nil
}

    Now you can use it in your main like so:

    fs := http.FileServer(fileSystem{http.Dir("themes/"+config.Theme+"/")})    
http.Handle("/static/", http.StripPrefix("/static/", fs))
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算