agate

Simple gemini server for static files
git clone https://github.com/mbrubeck/agate.git
Log | Files | Refs | README
commit 7d10fa3c741523b203dc8a6cd61d4a52ac63fb6f
parent d9cc1cfffab99c92cfca4ab107856b356c535861
Author: Johann150 <johann.galle@protonmail.com>
Date:   Tue,  5 Jan 2021 11:37:47 +0100

do not serve hidden files

Diffstat:

MREADME.md | 2+-


Msrc/main.rs | 8++++++++


2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ agate --content path/to/content/ \
 
 All of the command-line arguments are optional.  Run `agate --help` to see the default values used when arguments are omitted.
 
-When a client requests the URL `gemini://example.com/foo/bar`, Agate will respond with the file at `path/to/content/foo/bar`.  If there is a directory at that path, Agate will look for a file named `index.gmi` inside that directory. If there is no such file, but a file named `.directory-listing-ok` exists inside that directory, a basic directory listing is displayed. Files whose name starts with a dot (e.g. `.hidden`) are omitted from the list.
+When a client requests the URL `gemini://example.com/foo/bar`, Agate will respond with the file at `path/to/content/foo/bar`. If the requested file or directory name starts with a dot, agate will respond with a status code 52, even if the file does not exist. If there is a directory at that path, Agate will look for a file named `index.gmi` inside that directory. If there is no such file, but a file named `.directory-listing-ok` exists inside that directory, a basic directory listing is displayed. Files whose name starts with a dot (e.g. `.hidden`) are omitted from the list.
 
 [Gemini]: https://gemini.circumlunar.space/
 [Rust]: https://www.rust-lang.org/
diff --git a/src/main.rs b/src/main.rs
@@ -178,6 +178,14 @@ async fn send_response(url: Url, stream: &mut TlsStream<TcpStream>) -> Result {
             path.push(&*percent_decode_str(segment).decode_utf8()?);
         }
     }
+
+    // Do not serve anything that looks like a hidden file.
+    if path.file_name().map_or(false, |name| {
+        name.to_str().map_or(false, |name| name.starts_with("."))
+    }) {
+        return send_header(stream, 52, &["If I told you, it would not be a secret."]).await;
+    }
+
     if let Ok(metadata) = tokio::fs::metadata(&path).await {
         if metadata.is_dir() {
             if url.path().ends_with('/') || url.path().is_empty() {