From 10becd3828014d02809af1e2da58688953bd144a Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <jch@irif.fr>
Date: Wed, 18 Aug 2021 18:30:19 +0200
Subject: [PATCH] Minor tweaks to web server.

---
 webserver/webserver.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/webserver/webserver.go b/webserver/webserver.go
index 36348bc..b579893 100644
--- a/webserver/webserver.go
+++ b/webserver/webserver.go
@@ -117,6 +117,7 @@ func httpError(w http.ResponseWriter, err error) {
 		http.Error(w, "403 forbidden", http.StatusForbidden)
 		return
 	}
+	log.Printf("HTTP server error: %v", err)
 	http.Error(w, "500 Internal Server Error",
 		http.StatusInternalServerError)
 	return
@@ -200,6 +201,7 @@ func (fh *fileHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		index := path.Join(p, "index.html")
 		ff, err := fh.root.Open(index)
 		if err != nil {
+			// return 403 if index.html doesn't exist
 			if os.IsNotExist(err) {
 				err = os.ErrPermission
 			}
@@ -253,7 +255,7 @@ func parseGroupName(prefix string, p string) string {
 		return ""
 	}
 
-	name := p[len("/group/"):]
+	name := p[len(prefix):]
 	if name == "" {
 		return ""
 	}
@@ -280,8 +282,7 @@ func groupHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if r.URL.Path != "/group/"+name {
-		http.Redirect(w, r, "/group/"+name,
-			http.StatusPermanentRedirect)
+		http.Redirect(w, r, "/group/"+name, http.StatusPermanentRedirect)
 		return
 	}
 
@@ -298,8 +299,7 @@ func groupHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if redirect := g.Redirect(); redirect != "" {
-		http.Redirect(w, r, redirect,
-			http.StatusPermanentRedirect)
+		http.Redirect(w, r, redirect, http.StatusPermanentRedirect)
 		return
 	}
 
@@ -414,13 +414,13 @@ func recordingsHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	p = path.Clean(p)
+
 	if p == "/" {
 		http.Error(w, "nothing to see", http.StatusForbidden)
 		return
 	}
 
-	p = path.Clean(p)
-
 	f, err := os.Open(filepath.Join(diskwriter.Directory, p))
 	if err != nil {
 		httpError(w, err)
@@ -556,6 +556,7 @@ func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname str
 }
 
 func serveGroupRecordings(w http.ResponseWriter, r *http.Request, f *os.File, group string) {
+	// read early, so we return permission errors to HEAD
 	fis, err := f.Readdir(-1)
 	if err != nil {
 		http.Error(w, "server error", http.StatusInternalServerError)