From ad9d712a3aae2d4c96841042564fa5d852021d2f Mon Sep 17 00:00:00 2001 From: mutantmonkey Date: Sun, 4 Oct 2015 18:12:19 -0700 Subject: [PATCH] add a file blacklist and add robots.txt Fixes #26 --- server.go | 1 + static/robots.txt | 3 +++ upload.go | 12 ++++++++++++ 3 files changed, 16 insertions(+) create mode 100644 static/robots.txt diff --git a/server.go b/server.go index cf40fd2..9992a88 100644 --- a/server.go +++ b/server.go @@ -108,6 +108,7 @@ func setup() { goji.Get("/static/*", staticHandler) goji.Get("/favicon.ico", staticHandler) + goji.Get("/robots.txt", staticHandler) goji.Get(nameRe, fileDisplayHandler) goji.Get(selifRe, fileServeHandler) goji.Get(selifIndexRe, unauthorizedHandler) diff --git a/static/robots.txt b/static/robots.txt new file mode 100644 index 0000000..44ec3ed --- /dev/null +++ b/static/robots.txt @@ -0,0 +1,3 @@ +User-agent: * +Allow: /$ +Disallow: * diff --git a/upload.go b/upload.go index e849273..861c03b 100644 --- a/upload.go +++ b/upload.go @@ -20,6 +20,14 @@ import ( "github.com/zenazn/goji/web" ) +var fileBlacklist = map[string]bool{ + "favicon.ico": true, + "index.htm": true, + "index.html": true, + "index.php": true, + "robots.txt": true, +} + // Describes metadata directly from the user request type UploadRequest struct { src io.Reader @@ -227,6 +235,10 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) { fileexists = err == nil } + if fileBlacklist[strings.ToLower(upload.Filename)] { + return upload, errors.New("Prohibited filename") + } + dst, err := os.Create(path.Join(Config.filesDir, upload.Filename)) if err != nil { return