maddiefuzz/skeksis
1
0
Fork 0
Code Issues 10 Pull Requests Packages Projects Releases Wiki Activity

Add allowlist checking for opt-in

Browse Source
This commit is contained in:
maddiebaka
2023-09-26 17:46:47 -04:00
parent 760646efd7
commit 93d2f304d2
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/skeksis.rb
View File

@@ -72,12 +72,19 @@ module Skeksis
def query(path, env) def query(path, env)
query_path = Pathname.new(path).each_filename.to_a query_path = Pathname.new(path).each_filename.to_a
@allowlist.children do |child| # Just do a directory listing if we're serving the root path
if child.name == query_path[0] and child.content == false if path == "/"
return nil return create_dir_listing(@serve_dir, env)
end
end end
# Otherwise check if user's site has opted in to bridging
is_allowed = @allowlist.children.any? {|child| child.name == query_path[0] and child.content == true }
unless is_allowed
return [Header, "Error.", Footer]
end
# End allowlist checking
# Chomps the first / and builds path # Chomps the first / and builds path
full_path = Pathname.new(@serve_dir) + path[1..-1] full_path = Pathname.new(@serve_dir) + path[1..-1]
puts full_path.to_s puts full_path.to_s
@@ -110,7 +117,6 @@ module Skeksis
"</script>" "</script>"
end end
def create_dir_listing(path, env) def create_dir_listing(path, env)
http = URI.parse(env['REQUEST_URI']) http = URI.parse(env['REQUEST_URI'])