klemek/stapler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

fix(handlers): check certbot challenge

Browse Source
This commit is contained in:
klemek
2026-06-02 22:25:17 +02:00
parent 66f7879c0f
commit b234504b49
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
stapler/handlers.py
+8 -3
View File
@@ -536,7 +536,7 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler, BaseHandler):
return True
def _proxy_or_redirect(self) -> bool:
if self.has_token or self.path.startswith(self.CERTBOT_CHALLENGE_PATH):
if self.has_token or self._is_certbot_challenge(self.path):
return False
if (page := self.__get_page(self.path)) is None:
return False
@@ -556,9 +556,14 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler, BaseHandler):
"""Disable default directory listing."""
self.send_error(http.HTTPStatus.NOT_FOUND, "File not found")
def _is_certbot_challenge(self, path: str) -> bool:
return path.startswith(self.CERTBOT_CHALLENGE_PATH) and pathlib.Path(
self.certbot_www + path
).resolve().is_relative_to(self.certbot_www)
@typing.override
def translate_path(self, path: str) -> str:
if path.startswith(self.CERTBOT_CHALLENGE_PATH):
if self._is_certbot_challenge(path):
return self.certbot_www + path
page = self.__get_page(path)
if page is None:
@@ -655,7 +660,7 @@ class UpgradeHandler(RequestHandler):
def do_GET(self) -> None:
with self.handle_errors():
if self.path.startswith(self.CERTBOT_CHALLENGE_PATH):
if self._is_certbot_challenge(self.path):
super().do_GET()
self.close_connection = True
else: