Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
K
koko
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
koko
Commits
d0792ee3
Commit
d0792ee3
authored
Jun 11, 2019
by
Eric
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[update] add download\upload\connect action pem validate
parent
04326cc4
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
80 additions
and
0 deletions
+80
-0
sftp.go
pkg/handler/sftp.go
+24
-0
sftpvolume.go
pkg/httpd/sftpvolume.go
+50
-0
assets.go
pkg/model/assets.go
+6
-0
No files found.
pkg/handler/sftp.go
View file @
d0792ee3
...
@@ -116,6 +116,11 @@ func (fs *sftpHandler) Filelist(r *sftp.Request) (sftp.ListerAt, error) {
...
@@ -116,6 +116,11 @@ func (fs *sftpHandler) Filelist(r *sftp.Request) (sftp.ListerAt, error) {
return
nil
,
sftp
.
ErrSshFxNoSuchFile
return
nil
,
sftp
.
ErrSshFxNoSuchFile
}
}
realPath
=
sysUserDir
.
ParsePath
(
r
.
Filepath
)
realPath
=
sysUserDir
.
ParsePath
(
r
.
Filepath
)
if
!
fs
.
validatePermission
(
hostDir
.
asset
.
ID
,
sysUserDir
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
nil
,
sftp
.
ErrSshFxPermissionDenied
}
if
sysUserDir
.
client
==
nil
{
if
sysUserDir
.
client
==
nil
{
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
sysUserDir
.
systemUser
)
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
sysUserDir
.
systemUser
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -155,6 +160,11 @@ func (fs *sftpHandler) Filecmd(r *sftp.Request) (err error) {
...
@@ -155,6 +160,11 @@ func (fs *sftpHandler) Filecmd(r *sftp.Request) (err error) {
}
}
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
if
!
fs
.
validatePermission
(
hostDir
.
asset
.
ID
,
suDir
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
sftp
.
ErrSshFxPermissionDenied
}
if
suDir
.
client
==
nil
{
if
suDir
.
client
==
nil
{
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -210,6 +220,11 @@ func (fs *sftpHandler) Filewrite(r *sftp.Request) (io.WriterAt, error) {
...
@@ -210,6 +220,11 @@ func (fs *sftpHandler) Filewrite(r *sftp.Request) (io.WriterAt, error) {
}
}
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
if
!
fs
.
validatePermission
(
hostDir
.
asset
.
ID
,
suDir
.
systemUser
.
ID
,
model
.
UploadAction
)
{
return
nil
,
sftp
.
ErrSshFxPermissionDenied
}
if
suDir
.
client
==
nil
{
if
suDir
.
client
==
nil
{
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
client
,
conn
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -246,6 +261,9 @@ func (fs *sftpHandler) Fileread(r *sftp.Request) (io.ReaderAt, error) {
...
@@ -246,6 +261,9 @@ func (fs *sftpHandler) Fileread(r *sftp.Request) (io.ReaderAt, error) {
}
}
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
hostDir
:=
fs
.
hosts
[
pathNames
[
0
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
suDir
:=
hostDir
.
suMaps
[
pathNames
[
1
]]
if
!
fs
.
validatePermission
(
hostDir
.
asset
.
ID
,
suDir
.
systemUser
.
ID
,
model
.
DownloadAction
)
{
return
nil
,
sftp
.
ErrSshFxPermissionDenied
}
if
suDir
.
client
==
nil
{
if
suDir
.
client
==
nil
{
ftpClient
,
client
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
ftpClient
,
client
,
err
:=
fs
.
GetSftpClient
(
hostDir
.
asset
,
suDir
.
systemUser
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -312,6 +330,12 @@ func (fs *sftpHandler) Close() {
...
@@ -312,6 +330,12 @@ func (fs *sftpHandler) Close() {
}
}
}
}
func
(
fs
*
sftpHandler
)
validatePermission
(
aid
,
suid
,
operate
string
)
bool
{
return
service
.
ValidateUserAssetPermission
(
fs
.
user
.
ID
,
aid
,
suid
,
operate
,
)
}
type
HostNameDir
struct
{
type
HostNameDir
struct
{
rootPath
string
rootPath
string
hostname
string
hostname
string
...
...
pkg/httpd/sftpvolume.go
View file @
d0792ee3
...
@@ -117,6 +117,9 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) {
...
@@ -117,6 +117,9 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) {
if
path
==
sysUserVol
.
suPath
{
if
path
==
sysUserVol
.
suPath
{
return
sysUserVol
.
info
(),
nil
return
sysUserVol
.
info
(),
nil
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
rest
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
path
)
realPath
:=
sysUserVol
.
ParsePath
(
path
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
...
@@ -261,6 +264,11 @@ func (u *UserVolume) GetFile(path string) (reader io.ReadCloser, err error) {
...
@@ -261,6 +264,11 @@ func (u *UserVolume) GetFile(path string) (reader io.ReadCloser, err error) {
if
!
ok
{
if
!
ok
{
return
nil
,
os
.
ErrNotExist
return
nil
,
os
.
ErrNotExist
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
DownloadAction
)
{
return
nil
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
path
)
realPath
:=
sysUserVol
.
ParsePath
(
path
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -337,6 +345,9 @@ func (u *UserVolume) UploadFile(dir, filename string, reader io.Reader) (elfinde
...
@@ -337,6 +345,9 @@ func (u *UserVolume) UploadFile(dir, filename string, reader io.Reader) (elfinde
}
}
realFilenamePath
:=
filepath
.
Join
(
realPath
,
filename
)
realFilenamePath
:=
filepath
.
Join
(
realPath
,
filename
)
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
UploadAction
)
{
return
rest
,
os
.
ErrPermission
}
fd
,
err
:=
sysUserVol
.
client
.
Create
(
realFilenamePath
)
fd
,
err
:=
sysUserVol
.
client
.
Create
(
realFilenamePath
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -416,6 +427,16 @@ func (u *UserVolume) MergeChunk(cid, total int, dirPath, filename string) (elfin
...
@@ -416,6 +427,16 @@ func (u *UserVolume) MergeChunk(cid, total int, dirPath, filename string) (elfin
if
!
ok
{
if
!
ok
{
return
rest
,
os
.
ErrNotExist
return
rest
,
os
.
ErrNotExist
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
UploadAction
)
{
for
i
:=
0
;
i
<=
total
;
i
++
{
partPath
:=
fmt
.
Sprintf
(
"%s.%d_%d.part_%d"
,
filepath
.
Join
(
u
.
localTmpPath
,
dirPath
,
filename
),
i
,
total
,
cid
)
_
=
os
.
Remove
(
partPath
)
}
return
rest
,
os
.
ErrPermission
}
realDirPath
:=
sysUserVol
.
ParsePath
(
dirPath
)
realDirPath
:=
sysUserVol
.
ParsePath
(
dirPath
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -511,6 +532,11 @@ func (u *UserVolume) MakeDir(dir, newDirname string) (elfinder.FileDir, error) {
...
@@ -511,6 +532,11 @@ func (u *UserVolume) MakeDir(dir, newDirname string) (elfinder.FileDir, error) {
if
!
ok
{
if
!
ok
{
return
rest
,
os
.
ErrNotExist
return
rest
,
os
.
ErrNotExist
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
rest
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -574,6 +600,11 @@ func (u *UserVolume) MakeFile(dir, newFilename string) (elfinder.FileDir, error)
...
@@ -574,6 +600,11 @@ func (u *UserVolume) MakeFile(dir, newFilename string) (elfinder.FileDir, error)
if
!
ok
{
if
!
ok
{
return
rest
,
os
.
ErrNotExist
return
rest
,
os
.
ErrNotExist
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
rest
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -633,6 +664,10 @@ func (u *UserVolume) Rename(oldNamePath, newName string) (elfinder.FileDir, erro
...
@@ -633,6 +664,10 @@ func (u *UserVolume) Rename(oldNamePath, newName string) (elfinder.FileDir, erro
return
rest
,
os
.
ErrPermission
return
rest
,
os
.
ErrPermission
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
rest
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
oldNamePath
)
realPath
:=
sysUserVol
.
ParsePath
(
oldNamePath
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -698,6 +733,11 @@ func (u *UserVolume) Remove(path string) error {
...
@@ -698,6 +733,11 @@ func (u *UserVolume) Remove(path string) error {
if
sysUserVol
.
suPath
==
path
{
if
sysUserVol
.
suPath
==
path
{
return
os
.
ErrPermission
return
os
.
ErrPermission
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
ConnectAction
)
{
return
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
path
)
realPath
:=
sysUserVol
.
ParsePath
(
path
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -760,6 +800,10 @@ func (u *UserVolume) Paste(dir, filename, suffix string, reader io.ReadCloser) (
...
@@ -760,6 +800,10 @@ func (u *UserVolume) Paste(dir, filename, suffix string, reader io.ReadCloser) (
if
!
ok
{
if
!
ok
{
return
rest
,
os
.
ErrNotExist
return
rest
,
os
.
ErrNotExist
}
}
if
!
u
.
validatePermission
(
hostVol
.
asset
.
ID
,
sysUserVol
.
systemUser
.
ID
,
model
.
UploadAction
)
{
return
rest
,
os
.
ErrPermission
}
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
realPath
:=
sysUserVol
.
ParsePath
(
dir
)
if
sysUserVol
.
client
==
nil
{
if
sysUserVol
.
client
==
nil
{
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
sftClient
,
conn
,
err
:=
u
.
GetSftpClient
(
hostVol
.
asset
,
sysUserVol
.
systemUser
)
...
@@ -846,6 +890,12 @@ func (u *UserVolume) CreateFTPLog(data *model.FTPLog) {
...
@@ -846,6 +890,12 @@ func (u *UserVolume) CreateFTPLog(data *model.FTPLog) {
}
}
}
}
func
(
u
*
UserVolume
)
validatePermission
(
aid
,
suid
,
operate
string
)
bool
{
return
service
.
ValidateUserAssetPermission
(
u
.
user
.
ID
,
aid
,
suid
,
operate
,
)
}
type
hostnameVolume
struct
{
type
hostnameVolume
struct
{
VID
string
VID
string
homePath
string
homePath
string
...
...
pkg/model/assets.go
View file @
d0792ee3
...
@@ -178,6 +178,12 @@ func SortAssetNodesByKey(assetNodes []Node) {
...
@@ -178,6 +178,12 @@ func SortAssetNodesByKey(assetNodes []Node) {
const
LoginModeManual
=
"manual"
const
LoginModeManual
=
"manual"
const
(
ConnectAction
=
"connect"
UploadAction
=
"upload_file"
DownloadAction
=
"download_file"
)
type
SystemUser
struct
{
type
SystemUser
struct
{
ID
string
`json:"id"`
ID
string
`json:"id"`
Name
string
`json:"name"`
Name
string
`json:"name"`
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment