all: return 403 Forbidden when requesting awwan.key and awwan.pass

When user run "awwan serve", using web-user interface, any request to fetch the content of "awwan.key" and "awwan.pass" should not allowed for security reason, in case user want to serve awwan with others.
author: Shulhan <ms@kilabit.info> 2023-11-18 20:51:16 +0700
committer: Shulhan <ms@kilabit.info> 2023-11-19 20:55:38 +0700
commit: e2f814496450a6e75b5dde9165253a93abf02b38 (patch)
tree: f34d6a0609962e6cdebd4034a601919de141a776 /testdata/http_server
parent: 1c87b8e610a7d5a9d034a99e0d2c9d1417cb8f80 (diff)
download: awwan-e2f814496450a6e75b5dde9165253a93abf02b38.tar.xz
3 files changed, 21 insertions, 0 deletions
diff --git a/testdata/http_server/fsget/.ssh b/testdata/http_server/fsget/.ssh
new file mode 120000
index 0000000..3a90f72
--- /dev/null
+++ b/testdata/http_server/fsget/.ssh
@@ -0,0 +1 @@
+../../encrypt-with-passfile/.ssh
+\ No newline at end of file
diff --git a/testdata/http_server/fsget/myhost/plain.txt b/testdata/http_server/fsget/myhost/plain.txt
new file mode 100644
index 0000000..4d50a3a
--- /dev/null
+++ b/testdata/http_server/fsget/myhost/plain.txt
@@ -0,0 +1 @@
+content of plain text
diff --git a/testdata/http_server/fsget_test.data b/testdata/http_server/fsget_test.data
new file mode 100644
index 0000000..34b322f
--- /dev/null
+++ b/testdata/http_server/fsget_test.data
@@ -0,0 +1,19 @@
+Test on FSGet method.
+
+<<< getSshAwwanKey
+{
+  "message": "Forbidden",
+  "code": 403
+}
+
+<<< getSshAwwanPass
+{
+  "message": "Forbidden",
+  "code": 403
+}
+
+<<< getSshAwwanKeyIndirectly
+{
+  "message": "\"/myhost/../.ssh/awwan.key\" not found",
+  "code": 404
+}
author	Shulhan <ms@kilabit.info>	2023-11-18 20:51:16 +0700
committer	Shulhan <ms@kilabit.info>	2023-11-19 20:55:38 +0700
commit	e2f814496450a6e75b5dde9165253a93abf02b38 (patch)
tree	f34d6a0609962e6cdebd4034a601919de141a776 /testdata/http_server
parent	1c87b8e610a7d5a9d034a99e0d2c9d1417cb8f80 (diff)
download	awwan-e2f814496450a6e75b5dde9165253a93abf02b38.tar.xz