From 51fd59b24f3347a7dd23c6d797c7f9d6e4242f8b Mon Sep 17 00:00:00 2001
From: Trevor Slocum <trevor@rocketnine.space>
Date: Tue, 10 Nov 2020 09:42:32 -0800
Subject: [PATCH] Do not serve hidden files and directories by default

---
 CONFIGURATION.md | 12 +++++++++---
 config.go        |  3 +++
 server.go        |  9 +++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/CONFIGURATION.md b/CONFIGURATION.md
index 5369451..af4ef1e 100644
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@@ -102,9 +102,15 @@ Cache duration (in seconds). Set to `0` to disable caching entirely. This is an
 out-of-spec feature. See [PROPOSALS.md](https://gitlab.com/tslocum/twins/blob/master/PROPOSALS.md)
 for more information.
 
+##### HiddenFiles
+
+When enabled, hidden files and directories may be accessed. This attribute is
+disabled by default.
+
 ##### ListDirectory
 
-Directory listing may be enabled by adding `listdirectory: true`.
+When enabled, directories without an index file will serve a list their
+contents.  This attribute is disabled by default.
 
 ##### Input
 
@@ -116,8 +122,8 @@ Request sensitive text input from the user. Text will not be shown as it is ente
 
 ##### Type
 
-Content type is normally detected automatically, defaulting to
-`text/gemini; charset=utf-8`. This option forces a specific content type.
+Content type is normally detected automatically. This attribute forces a
+specific content type for a path.
 
 ##### FastCGI
 
diff --git a/config.go b/config.go
index 54154e6..3c6dfca 100644
--- a/config.go
+++ b/config.go
@@ -31,6 +31,9 @@ type pathConfig struct {
 	// Request sensitive input
 	SensitiveInput string
 
+	// Serve hidden files and directories
+	HiddenFiles bool
+
 	// List directory entries
 	ListDirectory bool
 
diff --git a/server.go b/server.go
index 6c87bda..6402703 100644
--- a/server.go
+++ b/server.go
@@ -139,6 +139,15 @@ func servePath(c *tls.Conn, request *url.URL, serve *pathConfig) {
 		resolvedPath = strings.Join(requestSplit[pathSlashes:], "/")
 	}
 
+	if !serve.HiddenFiles {
+		for _, piece := range requestSplit {
+			if len(piece) > 0 && piece[0] == '.' {
+				writeStatus(c, statusTemporaryFailure)
+				return
+			}
+		}
+	}
+
 	var filePath string
 	if serve.Root != "" {
 		root := serve.Root