aboutsummaryrefslogtreecommitdiff
path: root/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/main.rs')
-rw-r--r--src/main.rs95
1 files changed, 50 insertions, 45 deletions
diff --git a/src/main.rs b/src/main.rs
index f1f9caa..8f756ef 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -312,6 +312,7 @@ async fn build_response<C: Controller>(
.ok_or_else(|| Error::BadRequest("Host header required".into()))?
.to_str()
.unwrap();
+
if host != origin.host() {
// We enforce an exact Host header to prevent DNS rebinding attacks.
return Err(Error::BadRequest(format!("<h1>Bad Request: Unknown Host header</h1>\
@@ -366,62 +367,66 @@ async fn build_response<C: Controller>(
return post_routes::build_response(origin, &params, controller, ctx, body, parts).await;
}
- let mut tree = ctx.branch_head()?.tree();
+ let tree = ctx.branch_head()?.tree();
- if ctx.path.components().next().is_some() {
- let entr = match tree.and_then(|t| t.get_path(ctx.path.as_ref())) {
- Ok(entr) => entr,
- Err(_) => {
- if unsanitized_path.ends_with('/') {
- return Err(Error::NotFound("directory not found".into()));
- }
+ if ctx.path.components().next().is_none() {
+ return get_routes::view_tree(tree, controller, &ctx, parts);
+ }
- if controller.may_write_path(&ctx, parts) {
- if params.action == "edit" {
- return Ok(forms::edit_text_form(
- &forms::EditForm::default(),
- None,
- controller,
- &ctx,
- parts,
+ match tree.and_then(|t| t.get_path(ctx.path.as_ref())) {
+ Ok(entr) => match entr.kind().unwrap() {
+ ObjectType::Blob => {
+ if unsanitized_path.ends_with('/') {
+ return Ok(Builder::new()
+ .status(StatusCode::FOUND)
+ .header(
+ "location",
+ controller.build_url_path(
+ &ctx.branch,
+ unsanitized_path.trim_end_matches('/'),
+ ),
)
+ .body("redirecting".into())
+ .unwrap()
.into());
- } else if params.action == "upload" {
- return Ok(forms::upload_form(false, controller, &ctx, parts).into());
- } else {
- return Err(Error::NotFound(
- "file not found, but <a href=?action=edit>you can write it</a> or <a href=?action=upload>upload it</a>".into(),
- ));
- }
- } else {
- return Err(Error::NotFound("file not found".into()));
}
+ get_routes::get_blob(entr, params, controller, ctx, parts)
}
- };
-
- if entr.kind().unwrap() == ObjectType::Blob {
+ ObjectType::Tree => {
+ if !unsanitized_path.ends_with('/') {
+ return Err(Error::MissingTrailingSlash(parts.uri.path().to_owned()));
+ }
+ get_routes::view_tree(ctx.repo.find_tree(entr.id()), controller, &ctx, parts)
+ }
+ _other => panic!("unexpected object type"),
+ },
+ Err(_) => {
if unsanitized_path.ends_with('/') {
- return Ok(Builder::new()
- .status(StatusCode::FOUND)
- .header(
- "location",
- controller
- .build_url_path(&ctx.branch, unsanitized_path.trim_end_matches('/')),
- )
- .body("redirecting".into())
- .unwrap()
- .into());
+ return Err(Error::NotFound("directory not found".into()));
}
- return get_routes::get_blob(entr, params, controller, ctx, parts);
- }
- tree = ctx.repo.find_tree(entr.id());
- if !unsanitized_path.ends_with('/') {
- return Err(Error::MissingTrailingSlash(parts.uri.path().to_owned()));
+ if controller.may_write_path(&ctx, parts) {
+ if params.action == "edit" {
+ Ok(forms::edit_text_form(
+ &forms::EditForm::default(),
+ None,
+ controller,
+ &ctx,
+ parts,
+ )
+ .into())
+ } else if params.action == "upload" {
+ Ok(forms::upload_form(false, controller, &ctx, parts).into())
+ } else {
+ Err(Error::NotFound(
+ "file not found, but <a href=?action=edit>you can write it</a> or <a href=?action=upload>upload it</a>".into(),
+ ))
+ }
+ } else {
+ Err(Error::NotFound("file not found".into()))
+ }
}
}
-
- get_routes::view_tree(tree, controller, &ctx, parts)
}
fn render_link(name: &str, label: &str, active_action: &str) -> String {