aeeacc877b
- Remove unnecessary debug print statements in VFS and WebDAV middleware for cleaner code. - Fix a bug in `OurDBVFS.exists` to correctly handle root and current directory paths. - Enhance `OurDBVFS.get_entry` to handle '.' path correctly. - Improve WebDAV authentication middleware to gracefully handle unauthenticated requests.
50 lines
1.4 KiB
V
50 lines
1.4 KiB
V
module webdav
|
|
|
|
import encoding.base64
|
|
|
|
fn (app &App) auth_middleware(mut ctx Context) bool {
|
|
// return true
|
|
auth_header := ctx.get_header(.authorization) or {
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.res.header.add(.www_authenticate, 'Basic realm="WebDAV Server"')
|
|
ctx.send_response_to_client('text', 'unauthorized')
|
|
return false
|
|
}
|
|
|
|
if auth_header == '' {
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.res.header.add(.www_authenticate, 'Basic realm="WebDAV Server"')
|
|
ctx.send_response_to_client('text', 'unauthorized')
|
|
return false
|
|
}
|
|
|
|
if !auth_header.starts_with('Basic ') {
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.res.header.add(.www_authenticate, 'Basic realm="WebDAV Server"')
|
|
ctx.send_response_to_client('text', 'unauthorized')
|
|
return false
|
|
}
|
|
|
|
auth_decoded := base64.decode_str(auth_header[6..])
|
|
split_credentials := auth_decoded.split(':')
|
|
if split_credentials.len != 2 {
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.res.header.add(.www_authenticate, 'Basic realm="WebDAV Server"')
|
|
ctx.send_response_to_client('', '')
|
|
return false
|
|
}
|
|
username := split_credentials[0]
|
|
hashed_pass := split_credentials[1]
|
|
if user := app.user_db[username] {
|
|
if user != hashed_pass {
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.send_response_to_client('text', 'unauthorized')
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
ctx.res.set_status(.unauthorized)
|
|
ctx.send_response_to_client('text', 'unauthorized')
|
|
return false
|
|
}
|