From 4f4e2a8cbee5248d535aca95574e0680f4e5e5d3 Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Tue, 10 Nov 2020 09:59:35 -0800
Subject: [PATCH] Do not follow symbolic links by default

Resolves #4.
---
 CONFIGURATION.md |  4 ++++
 config.go        |  3 +++
 server.go        | 11 +++++++++++
 3 files changed, 18 insertions(+)

diff --git a/CONFIGURATION.md b/CONFIGURATION.md
index af4ef1e..6d76186 100644
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@@ -102,6 +102,10 @@ Cache duration (in seconds). Set to `0` to disable caching entirely. This is an
 out-of-spec feature. See [PROPOSALS.md](https://gitlab.com/tslocum/twins/blob/master/PROPOSALS.md)
 for more information.
 
+##### SymLinks
+
+When enabled, symbolic links may be accessed. This attribute is disabled by default.
+
 ##### HiddenFiles
 
 When enabled, hidden files and directories may be accessed. This attribute is
diff --git a/config.go b/config.go
index 3c6dfca..2f07a13 100644
--- a/config.go
+++ b/config.go
@@ -31,6 +31,9 @@ type pathConfig struct {
 	// Request sensitive input
 	SensitiveInput string
 
+	// Follow symbolic links
+	SymLinks bool
+
 	// Serve hidden files and directories
 	HiddenFiles bool
 
diff --git a/server.go b/server.go
index 6402703..7df7312 100644
--- a/server.go
+++ b/server.go
@@ -154,6 +154,17 @@ func servePath(c *tls.Conn, request *url.URL, serve *pathConfig) {
 		if root[len(root)-1] != '/' {
 			root += "/"
 		}
+
+		if !serve.SymLinks {
+			for i := range requestSplit[pathSlashes:] {
+				info, err := os.Lstat(path.Join(root, strings.Join(requestSplit[pathSlashes:pathSlashes+i+1], "/")))
+				if err != nil || info.Mode()&os.ModeSymlink == os.ModeSymlink {
+					writeStatus(c, statusTemporaryFailure)
+					return
+				}
+			}
+		}
+
 		filePath = path.Join(root, resolvedPath)
 	}