Normalise recordings URLs.

f1a8f2a3 · Juliusz Chroboczek · cf9c0edb · f1a8f2a3
Commit f1a8f2a3 authored Aug 23, 2021 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 6 deletions

webserver/webserver.go webserver/webserver.go +25 -6

No files found.
--- a/webserver/webserver.go
+++ b/webserver/webserver.go
@@ -439,14 +439,33 @@ func recordingsHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	group := path.Dir(p[1:])
+	var group, filename string
 	if fi.IsDir() {
-		u := r.URL.Path
+		for len(p) > 0 && p[len(p)-1] == '/' {
-		if u[len(u)-1] != '/' {
+			p = p[:len(p)-1]
-			http.Redirect(w, r, u+"/", http.StatusPermanentRedirect)
+		}
+		group = parseGroupName("/", p)
+		if group == "" {
+			http.Error(w, "bad group name", http.StatusBadRequest)
+			return
+		}
+	} else {
+		if p[len(p)-1] == '/' {
+			http.Error(w, "bad group name", http.StatusBadRequest)
 			return
 		}
-		group = p[1:]
+		group, filename = path.Split(p)
+		group = parseGroupName("/", group)
+		if group == "" {
+			http.Error(w, "bad group name", http.StatusBadRequest)
+			return
+		}
+	}
+	u := "/recordings/" + group + "/" + filename
+	if r.URL.Path != u {
+		http.Redirect(w, r, u, http.StatusPermanentRedirect)
+		return
 	}
 	ok := checkGroupPermissions(w, r, group)
@@ -455,7 +474,7 @@ func recordingsHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	if fi.IsDir() {
+	if filename == "" {
 		if r.Method == "POST" {
 			handleGroupAction(w, r, group)
 		} else {