Add allowlist checking for opt-in

2023-09-26 17:46:47 -04:00
parent 760646efd7
commit 93d2f304d2
1 changed files with 11 additions and 5 deletions
--- a/lib/skeksis.rb
+++ b/lib/skeksis.rb
@@ -72,11 +72,18 @@ module Skeksis
    def query(path, env)
      query_path = Pathname.new(path).each_filename.to_a

-      @allowlist.children do |child|
-        if child.name == query_path[0] and child.content == false
-          return nil
+      # Just do a directory listing if we're serving the root path
+      if path == "/"
+        return create_dir_listing(@serve_dir, env)
      end
+
+      # Otherwise check if user's site has opted in to bridging
+      is_allowed = @allowlist.children.any? {|child| child.name == query_path[0] and child.content == true }
+
+      unless is_allowed
+        return [Header, "Error.", Footer]
      end
+      # End allowlist checking

      # Chomps the first / and builds path
      full_path = Pathname.new(@serve_dir) + path[1..-1] 
@@ -110,7 +117,6 @@ module Skeksis
      "</script>"
    end

-
    def create_dir_listing(path, env)
      http = URI.parse(env['REQUEST_URI'])