mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

show login prompt on 404

Browse source
This commit is contained in:
ed 2021-09-15 21:53:30 +02:00
parent 44e5c82e6d
commit abc0424c26
5 changed files with 41 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
copyparty/httpcli.py
View file

@ -385,7 +385,7 @@ class HttpCli(object):
if not self.can_read and not self.can_write and not self.can_get: if not self.can_read and not self.can_write and not self.can_get:
if self.vpath: if self.vpath:
self.log("inaccessible: [{}]".format(self.vpath)) self.log("inaccessible: [{}]".format(self.vpath))
raise Pebkac(404) return self.tx_404()
self.uparam["h"] = False self.uparam["h"] = False
@ -889,8 +889,12 @@ class HttpCli(object):
pwd = self.parser.require("cppwd", 64) pwd = self.parser.require("cppwd", 64)
self.parser.drop() self.parser.drop()
dst = "/?h"
if self.vpath:
dst = "/" + quotep(self.vpath)
ck, msg = self.get_pwd_cookie(pwd) ck, msg = self.get_pwd_cookie(pwd)
html = self.j2("msg", h1=msg, h2='<a href="/?h">ack</a>', redir="/?h") html = self.j2("msg", h1=msg, h2='<a href="' + dst + '">ack</a>', redir=dst)
self.reply(html.encode("utf-8"), headers={"Set-Cookie": ck}) self.reply(html.encode("utf-8"), headers={"Set-Cookie": ck})
return True return True
@ -1279,7 +1283,7 @@ class HttpCli(object):
break break
if not editions: if not editions:
raise Pebkac(404) return self.tx_404()
# #
# if-modified # if-modified
@ -1598,6 +1602,7 @@ class HttpCli(object):
html = self.j2( html = self.j2(
"splash", "splash",
this=self, this=self,
qvpath=quotep(self.vpath),
rvol=rvol, rvol=rvol,
wvol=wvol, wvol=wvol,
avol=avol, avol=avol,
@ -1611,6 +1616,12 @@ class HttpCli(object):
self.reply(html.encode("utf-8")) self.reply(html.encode("utf-8"))
return True return True
def tx_404(self):
m = '<h1>404 not found</h1><p>or maybe you don\'t have access -- try logging in or <a href="/?h">go home</a></p>'
html = self.j2("splash", this=self, qvpath=quotep(self.vpath), msg=m)
self.reply(html.encode("utf-8"), status=404)
return True
def scanvol(self): def scanvol(self):
if not self.can_read or not self.can_write: if not self.can_read or not self.can_write:
raise Pebkac(403, "not allowed for user " + self.uname) raise Pebkac(403, "not allowed for user " + self.uname)
@ -1784,7 +1795,7 @@ class HttpCli(object):
try: try:
st = bos.stat(abspath) st = bos.stat(abspath)
except: except:
raise Pebkac(404) return self.tx_404()
if rem.startswith(".hist/up2k.") or ( if rem.startswith(".hist/up2k.") or (
rem.endswith("/dir.txt") and rem.startswith(".hist/th/") rem.endswith("/dir.txt") and rem.startswith(".hist/th/")
@ -1926,7 +1937,7 @@ class HttpCli(object):
return True return True
if not stat.S_ISDIR(st.st_mode): if not stat.S_ISDIR(st.st_mode):
raise Pebkac(404) return self.tx_404()
if "zip" in self.uparam or "tar" in self.uparam: if "zip" in self.uparam or "tar" in self.uparam:
raise Pebkac(403) raise Pebkac(403)

2
copyparty/web/browser.css
View file

@ -571,7 +571,7 @@ html.light #wfm a:not(.en) {
padding: .5em; padding: .5em;
border-radius: 0 1em 1em 0; border-radius: 0 1em 1em 0;
border-width: .15em .3em .3em 0; border-width: .15em .3em .3em 0;
max-width: 40em; max-width: 41em;
} }
.opbox input { .opbox input {
margin: .5em; margin: .5em;

10
copyparty/web/splash.css
View file

@ -55,6 +55,16 @@ table {
.btns { .btns {
margin: 1em 0; margin: 1em 0;
} }
#msg {
margin: 3em 0;
}
#msg h1 {
margin-bottom: 0;
}
#msg h1 + p {
margin-top: .3em;
text-align: right;
}
html.dark, html.dark,

14
copyparty/web/splash.html
View file

@ -12,7 +12,17 @@
<body> <body>
<div id="wrap"> <div id="wrap">
<p>hello {{ this.uname }}</p> {%- if this.uname == '*' %}
<p>howdy stranger &nbsp; <small>(you're not logged in)</small></p>
{%- else %}
<p>welcome back, <strong>{{ this.uname }}</strong></p>
{%- endif %}
{%- if msg %}
<div id="msg">
{{ msg }}
</div>
{%- endif %}
{%- if avol %} {%- if avol %}
<h1>admin panel:</h1> <h1>admin panel:</h1>
@ -60,7 +70,7 @@
<h1>login for more:</h1> <h1>login for more:</h1>
<ul> <ul>
<form method="post" enctype="multipart/form-data" action="/"> <form method="post" enctype="multipart/form-data" action="/{{ qvpath }}">
<input type="hidden" name="act" value="login" /> <input type="hidden" name="act" value="login" />
<input type="password" name="cppwd" /> <input type="password" name="cppwd" />
<input type="submit" value="Login" /> <input type="submit" value="Login" />

4
docs/notes.sh
View file

@ -41,9 +41,9 @@ avg() { awk 'function pr(ncsz) {if (nsmp>0) {printf "%3s %s\n", csz, sum/nsmp} c
## ##
## bad filenames ## bad filenames
dirs=("$HOME/vfs/ほげ" "$HOME/vfs/ほげ/ぴよ" "$HOME/vfs/$(printf \\xed\\x91)" "$HOME/vfs/$(printf \\xed\\x91/\\xed\\x92)") dirs=("./ほげ" "./ほげ/ぴよ" "./$(printf \\xed\\x91)" "./$(printf \\xed\\x91/\\xed\\x92)" './qw,er;ty%20as df?gh+jkl%zxc&vbn <qwe>"rty'"'"'uio&asd&nbsp;fgh')
mkdir -p "${dirs[@]}" mkdir -p "${dirs[@]}"
for dir in "${dirs[@]}"; do for fn in ふが "$(printf \\xed\\x93)" 'qwe,rty;asd fgh+jkl%zxc&vbn <qwe>"rty'"'"'uio&asd&nbsp;fgh'; do echo "$dir" > "$dir/$fn.html"; done; done for dir in "${dirs[@]}"; do for fn in ふが "$(printf \\xed\\x93)" 'qw,er;ty%20as df?gh+jkl%zxc&vbn <qwe>"rty'"'"'uio&asd&nbsp;fgh'; do echo "$dir" > "$dir/$fn.html"; done; done
# qw er+ty%20ui%%20op<as>df&gh&amp;jk#zx'cv"bn`m=qw*er^ty?ui@op,as.df-gh_jk # qw er+ty%20ui%%20op<as>df&gh&amp;jk#zx'cv"bn`m=qw*er^ty?ui@op,as.df-gh_jk
## ##