-
Notifications
You must be signed in to change notification settings - Fork 108
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* static assets endpoint * static assets endpoint - cache * static assets endpoint - thread safety * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - admin repo * static assets endpoint - removing cache * static assets endpoint - removing cache * static assets endpoint - removing cache * static assets endpoint - removing cache * static assets endpoint - migration * static assets endpoint - migration * static assets: obscure root dir * static assets: obscure root dir * static assets: obscure root dir * static assets: obscure root dir --------- Co-authored-by: Egor Ryashin <[email protected]>
- Loading branch information
1 parent
c993f23
commit 349403e
Showing
10 changed files
with
129 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
ALTER TABLE instances ADD COLUMN public_paths TEXT NOT NULL DEFAULT '[]'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package server | ||
|
||
import ( | ||
"fmt" | ||
"net/http" | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/rilldata/rill/runtime/pkg/httputil" | ||
"github.com/rilldata/rill/runtime/pkg/observability" | ||
"github.com/rilldata/rill/runtime/server/auth" | ||
"go.opentelemetry.io/otel/attribute" | ||
) | ||
|
||
func (s *Server) assetsHandler(w http.ResponseWriter, req *http.Request) error { | ||
ctx := req.Context() | ||
instanceID := req.PathValue("instance_id") | ||
path := req.PathValue("path") | ||
|
||
observability.AddRequestAttributes(ctx, | ||
attribute.String("args.instance_id", instanceID), | ||
attribute.String("args.path", path), | ||
) | ||
|
||
if !auth.GetClaims(req.Context()).CanInstance(instanceID, auth.ReadObjects) { | ||
return httputil.Errorf(http.StatusForbidden, "does not have access to assets") | ||
} | ||
|
||
inst, err := s.runtime.Instance(ctx, instanceID) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
allowed := false | ||
for _, p := range inst.PublicPaths { | ||
// 'p' can be `/public`, `/public/`, `public/`, `public` (with os-based separators) | ||
// match pattern `public/*` or `/public/*` | ||
ok, err := filepath.Match(fmt.Sprintf("%s%c*", filepath.Clean(p), os.PathSeparator), path) | ||
if err != nil { | ||
return httputil.Error(http.StatusBadRequest, err) | ||
} | ||
if ok { | ||
allowed = true | ||
break | ||
} | ||
} | ||
if !allowed { | ||
return httputil.Error(http.StatusForbidden, fmt.Errorf("path is not allowed")) | ||
} | ||
|
||
repo, release, err := s.runtime.Repo(ctx, instanceID) | ||
if err != nil { | ||
return err | ||
} | ||
defer release() | ||
|
||
str, err := repo.Get(ctx, path) | ||
if err != nil { | ||
return err | ||
} | ||
_, err = w.Write([]byte(str)) | ||
return err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters