From 25368be8e9fec9ab91d45c677c62eb252670b359 Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Tue, 12 Dec 2023 21:53:15 +0100
Subject: Share more path handling for GET and DELETE.

---
 fshare.py | 54 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 29 insertions(+), 25 deletions(-)

diff --git a/fshare.py b/fshare.py
index f6e6304..c54ae7a 100755
--- a/fshare.py
+++ b/fshare.py
@@ -356,8 +356,24 @@ class FShareRequestHandler(hs.BaseHTTPRequestHandler):
         if not path.startswith('/'):
             raise PermissionError('Invalid path')
 
-        # drop the leading '/'
-        return path[1:]
+        # drop the leading '/', take the first path component
+        path = path[1:].partition('/')[0]
+        # discard any extension
+        path = os.path.splitext(path)[0]
+
+        if not path:
+            raise PermissionError('Empty path')
+
+        if self.server.state.urlmap:
+            short = path
+            try:
+                path = self.server.state.urlmap.short_to_full(short)
+            except KeyError:
+                raise PermissionError('No such short URL: ', short)
+
+            self._logger.info('%s->%s', path, short)
+
+        return '/'.join((self.server.data_dir, path))
 
     def _log_request(self):
         self._logger.info('%s: %s', str(self.client_address), self.requestline)
@@ -366,19 +382,13 @@ class FShareRequestHandler(hs.BaseHTTPRequestHandler):
     def do_GET(self):
         self._log_request()
 
-        # take the first path component, discard any extension
-        fname = self._process_path(self.path).partition('/')[0]
-        fname = os.path.splitext(fname)[0]
-        if self.server.state.urlmap:
-            try:
-                short = self.server.state.urlmap.short_to_full(fname)
-                self._logger.info('%s->%s', fname, short)
-                fname = short
-            except KeyError:
-                return self.send_error(HTTPStatus.NOT_FOUND)
+        try:
+            path = self._process_path(self.path)
+        except PermissionError as e:
+            self._logger.error('Invalid request: %s', str(e))
+            return self.send_error(HTTPStatus.NOT_FOUND)
 
-        path = '/'.join((self.server.data_dir, fname))
-        self._logger.info('serve file: %s', fname)
+        self._logger.info('serve file: %s', path)
 
         try:
             infile = open(path, 'rb')
@@ -480,18 +490,12 @@ class FShareRequestHandler(hs.BaseHTTPRequestHandler):
     def do_DELETE(self):
         self._log_request()
 
-        fname = self._process_path(self.path)
-
-        if self.server.state.urlmap:
-            try:
-                short = self.server.state.urlmap.short_to_full(fname)
-                self._logger.info('%s->%s', fname, short)
-                fname = short
-            except KeyError:
-                self._logger.error('DELETE request for non-existing file: %s', fname)
-                return self.send_error(HTTPStatus.NOT_FOUND)
+        try:
+            local_path = self._process_path(self.path)
+        except PermissionError as e:
+            self._logger.error('Invalid request: %s', str(e))
+            return self.send_error(HTTPStatus.NOT_FOUND)
 
-        local_path = '/'.join((self.server.data_dir, fname))
         try:
             os.remove(local_path)
         except FileNotFoundError:
-- 
cgit v1.2.3