feat(serverHandler): respond 403 status for permission error

Author: marjune163

src/serverHandler/content.go

@@ -43,6 +43,9 @@ func (h *handler) content(w http.ResponseWriter, r *http.Request, data *response
 		header.Set("Date", time.Now().UTC().Format(http.TimeFormat))
 		header.Set("Last-Modified", item.ModTime().UTC().Format(http.TimeFormat))
 	} else {
-		w.WriteHeader(http.StatusInternalServerError)
+		// take effect only if (!HasForbiddenError && !HasNotFoundError)
+		data.HasInternalError = true
 	}
+
+	writeHeader(w, r, data)
 }

src/serverHandler/json.go

@@ -15,6 +15,10 @@ type jsonItem struct {
 }
 
 type jsonResponseData struct {
+	ForbiddenError bool `json:"forbiddenError"`
+	NotFoundError  bool `json:"notFoundError"`
+	InternalError  bool `json:"internalError"`
+
 	Item     *jsonItem   `json:"item"`
 	SubItems []*jsonItem `json:"subItems"`
 }
@@ -44,8 +48,11 @@ func getJsonData(data *responseData) *jsonResponseData {
 	}
 
 	return &jsonResponseData{
-		Item:     item,
-		SubItems: subItems,
+		ForbiddenError: data.HasForbiddenError,
+		NotFoundError:  data.HasNotFoundError,
+		InternalError:  data.HasInternalError,
+		Item:           item,
+		SubItems:       subItems,
 	}
 }
 
@@ -54,13 +61,7 @@ func (h *handler) json(w http.ResponseWriter, r *http.Request, data *responseDat
 	header.Set("Content-Type", "application/json; charset=utf-8")
 	header.Set("Cache-Control", "public, max-age=0")
 
-	if data.HasInternalError {
-		w.WriteHeader(http.StatusInternalServerError)
-	} else if data.HasNotFoundError {
-		w.WriteHeader(http.StatusNotFound)
-	} else {
-		w.WriteHeader(http.StatusOK)
-	}
+	writeHeader(w, r, data)
 
 	if needResponseBody(r.Method) {
 		jsonData := getJsonData(data)

src/serverHandler/page.go

@@ -7,13 +7,7 @@ func (h *handler) page(w http.ResponseWriter, r *http.Request, data *responseDat
 	header.Set("Content-Type", "text/html; charset=utf-8")
 	header.Set("Cache-Control", "public, max-age=0")
 
-	if data.HasInternalError {
-		w.WriteHeader(http.StatusInternalServerError)
-	} else if data.HasNotFoundError {
-		w.WriteHeader(http.StatusNotFound)
-	} else {
-		w.WriteHeader(http.StatusOK)
-	}
+	writeHeader(w, r, data)
 
 	if needResponseBody(r.Method) {
 		updateSubsItemHtml(data.SubItems)

src/serverHandler/responseData.go

@@ -40,9 +40,10 @@ type responseData struct {
 	rawReqPath     string
 	handlerReqPath string
 
-	errors           []error
-	HasNotFoundError bool
-	HasInternalError bool
+	errors            []error
+	HasForbiddenError bool
+	HasNotFoundError  bool
+	HasInternalError  bool
 
 	IsRoot        bool
 	Path          string
@@ -266,6 +267,7 @@ func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 	rawReqPath := util.CleanUrlPath(requestUri)
 	reqPath := util.CleanUrlPath(rawReqPath[len(h.urlPrefix):]) // strip url prefix path
 	errs := []error{}
+	forbidden := false
 	notFound := false
 	internalError := false
 
@@ -287,8 +289,14 @@ func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 	file, item, _statErr := stat(reqFsPath, !h.emptyRoot)
 	if _statErr != nil {
 		errs = append(errs, _statErr)
-		notFound = os.IsNotExist(_statErr)
-		internalError = !notFound
+		switch {
+		case os.IsPermission(_statErr):
+			forbidden = true
+		case os.IsNotExist(_statErr):
+			notFound = true
+		default:
+			internalError = true
+		}
 	}
 
 	itemName := getItemName(item, r)
@@ -321,9 +329,10 @@ func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 		rawReqPath:     rawReqPath,
 		handlerReqPath: reqPath,
 
-		errors:           errs,
-		HasNotFoundError: notFound,
-		HasInternalError: internalError,
+		errors:            errs,
+		HasForbiddenError: forbidden,
+		HasNotFoundError:  notFound,
+		HasInternalError:  internalError,
 
 		IsRoot:        isRoot,
 		Path:          rawReqPath,

src/serverHandler/writeHeader.go

@@ -0,0 +1,16 @@
+package serverHandler
+
+import "net/http"
+
+func writeHeader(w http.ResponseWriter, r *http.Request, data *responseData) {
+	switch {
+	case data.HasForbiddenError:
+		w.WriteHeader(http.StatusForbidden)
+	case data.HasNotFoundError:
+		w.WriteHeader(http.StatusNotFound)
+	case data.HasInternalError:
+		w.WriteHeader(http.StatusInternalServerError)
+	default:
+		w.WriteHeader(http.StatusOK)
+	}
+}

src/tpl/page.html

@@ -56,8 +56,13 @@
 	{{end}}{{end}}
 </ul>
 
-{{if .HasNotFoundError}}<div class="error">resource not found</div>{{end}}
-{{if .HasInternalError}}<div class="error">potential issue occurred</div>{{end}}
+{{if .HasForbiddenError}}
+	<div class="error">403 resource is forbidden</div>
+{{else if .HasNotFoundError}}
+	<div class="error">404 resource not found</div>
+{{else if .HasInternalError}}
+	<div class="error">500 potential issue occurred</div>
+{{end}}
 
 <script type="text/javascript" src="{{.RootRelPath}}/../assert/main.js"></script>
 </body>

src/tpl/page.html.go

@@ -60,8 +60,13 @@ const pageTplStr = `
 </li>
 {{end}}{{end}}
 </ul>
-{{if .HasNotFoundError}}<div class="error">resource not found</div>{{end}}
-{{if .HasInternalError}}<div class="error">potential issue occurred</div>{{end}}
+{{if .HasForbiddenError}}
+<div class="error">403 resource is forbidden</div>
+{{else if .HasNotFoundError}}
+<div class="error">404 resource not found</div>
+{{else if .HasInternalError}}
+<div class="error">500 potential issue occurred</div>
+{{end}}
 <script type="text/javascript" src="{{.RootRelPath}}?assert=main.js"></script>
 </body>
 </html>