shithub: mycel

Download patch

ref: 90df0ec3e9f20610f08332bc08f8df9d1cfdf090
parent: 2943c008d441d85701adc3e7c17b3b2ade061711
author: Philip Silva <[email protected]>
date: Sat Sep 10 08:28:28 EDT 2022

url file, check cors header in response

--- a/browser/experimental_test.go
+++ b/browser/experimental_test.go
@@ -71,7 +71,7 @@
 		`throw 'fail';`,
 	}
 	fs.SetDOM(nt)
-	fs.Update(h, nil, scripts)
+	fs.Update("", h, nil, scripts)
 	js.Start()
 	h, _, err = processJS2()
 	if err != nil {
--- a/browser/fs/fs.go
+++ b/browser/fs/fs.go
@@ -23,9 +23,10 @@
 	oFS     *fs.FS
 	un      string
 	gn      string
+	url     string
+	htm     string
 	cssDir  *fs.StaticDir
 	jsDir   *fs.StaticDir
-	htm     string
 	rt      *Node
 	Client  *http.Client
 	Fetcher opossum.Fetcher
@@ -46,24 +47,40 @@
 	rt.nt = d
 }
 
+func userGroup() (un, gn string, err error) {
+	u, err := user.Current()
+	if err != nil {
+		return "", "", fmt.Errorf("current user: %w", err)
+	}
+	un = u.Username
+	gn, err = opossum.Group(u)
+	if err != nil {
+		return "", "", fmt.Errorf("group: %v", err)
+	}
+	return
+}
+
 func Srv9p() {
 	c.L.Lock()
 	var root *fs.StaticDir
 
-	u, err := user.Current()
+	un, gn, err := userGroup()
 	if err != nil {
 		log.Errorf("get user: %v", err)
 		c.L.Unlock()
 		return
 	}
-	un = u.Username
-	gn, err = opossum.Group(u)
-	if err != nil {
-		log.Errorf("get group: %v", err)
-		c.L.Unlock()
-		return
-	}
 	oFS, root = fs.NewFS(un, gn, 0500)
+	u := fs.NewDynamicFile(
+		oFS.NewStat("url", un, gn, 0400),
+		func() []byte {
+			mu.RLock()
+			defer mu.RUnlock()
+
+			return []byte(url)
+		},
+	)
+	root.AddChild(u)
 	h := fs.NewDynamicFile(
 		oFS.NewStat("html", un, gn, 0400),
 		func() []byte {
@@ -179,9 +196,6 @@
 	url.Host = req.Host
 	if h := url.Host; h == "" {
 		url.Host = Fetcher.Origin().Host
-	} else if !allowed(req.Header, h, Fetcher.Origin().Host) {
-		log.Errorf("no cross-origin request: %v", h)
-		return
 	}
 	url.Scheme = "https"
 	proxyReq, err := http.NewRequest(req.Method, url.String(), req.Body)
@@ -200,6 +214,10 @@
 		log.Errorf("do request: %v", err)
 		return
 	}
+	if h := url.Host; !allowed(resp.Header, h, Fetcher.Origin().Host) {
+		log.Errorf("no cross-origin request: %v", h)
+		return
+	}
 	if err := resp.Write(conn); err != nil {
 		log.Errorf("write response: %v", err)
 		return
@@ -206,7 +224,7 @@
 	}
 }
 
-func Update(html string, css []string, js []string) {
+func Update(uri, html string, css []string, js []string) {
 	c.L.Lock()
 	defer c.L.Unlock()
 
@@ -214,6 +232,7 @@
 		c.Wait()
 	}
 
+	url = uri
 	htm = html
 	if cssDir != nil {
 		for name := range cssDir.Children() {
--- a/browser/website.go
+++ b/browser/website.go
@@ -100,7 +100,7 @@
 			downloads[src] = string(buf)
 		}
 		scripts = js.Scripts(nt, downloads)
-		fs.Update(htm, csss, scripts)
+		fs.Update(f.Origin().String(), htm, csss, scripts)
 		fs.SetDOM(nt)
 		log.Infof("JS pipeline start")
 		js.Stop()
@@ -157,7 +157,7 @@
 		w.UI = scroller
 	}
 
-	fs.Update(htm, csss, scripts)
+	fs.Update(f.Origin().String(), htm, csss, scripts)
 	fs.SetDOM(nt)
 }
 
--- a/js/js_test.go
+++ b/js/js_test.go
@@ -71,7 +71,7 @@
 	}
 	nt := nodes.NewNodeTree(doc, style.Map{}, make(map[*html.Node]style.Map), nil)
 	fs.SetDOM(nt)
-	fs.Update(simpleHTML, nil, []string{string(buf), script})
+	fs.Update("", simpleHTML, nil, []string{string(buf), script})
 
 	resHtm, changed, err := Start(string(buf), script)
 	if err != nil {