testing restricted file server to limit public access from listing directory contents

author: Steve Manuel <nilslice@gmail.com> 2016-11-16 02:17:09 -0800
committer: Steve Manuel <nilslice@gmail.com> 2016-11-16 02:17:09 -0800
commit: cffc8906b5cff73d25aef71e83a79e361ecad917 (patch)
tree: a9e339a371d96f5f09080536d146f9d8e3324796 /system/admin/server.go
parent: cfc71f914e0b683dceca4e55edfa46c5a315ec2c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/system/admin/server.go b/system/admin/server.go
index ef2ae4b..75b48f6 100644
--- a/system/admin/server.go
+++ b/system/admin/server.go
@@ -41,11 +41,11 @@ func Run() {
 	}
 
 	staticDir := filepath.Join(pwd, "cmd", "ponzu", "vendor", "github.com", "bosssauce", "ponzu", "system")
-	http.Handle("/admin/static/", CacheControl(http.FileServer(http.Dir(staticDir))))
+	http.Handle("/admin/static/", CacheControl(http.FileServer(restrict(http.Dir(staticDir)))))
 
 	// API path needs to be registered within server package so that it is handled
 	// even if the API server is not running. Otherwise, images/files uploaded
 	// through the editor will not load within the admin system.
 	uploadsDir := filepath.Join(pwd, "uploads")
-	http.Handle("/api/uploads/", CacheControl(http.StripPrefix("/api/uploads/", http.FileServer(http.Dir(uploadsDir)))))
+	http.Handle("/api/uploads/", CacheControl(http.StripPrefix("/api/uploads/", http.FileServer(restrict(http.Dir(uploadsDir))))))
 }
author	Steve Manuel <nilslice@gmail.com>	2016-11-16 02:17:09 -0800
committer	Steve Manuel <nilslice@gmail.com>	2016-11-16 02:17:09 -0800
commit	cffc8906b5cff73d25aef71e83a79e361ecad917 (patch)
tree	a9e339a371d96f5f09080536d146f9d8e3324796 /system/admin/server.go
parent	cfc71f914e0b683dceca4e55edfa46c5a315ec2c (diff)