wompmacho/hugo-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update to allow security on hugo to build in config in another dir

Browse Source
This commit is contained in:
Michael
2026-03-28 23:31:46 +00:00
parent 98a0e1eda9
commit 76a74bfd04
2 changed files with 38 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/_default/hugo.toml
View File

@@ -52,3 +52,6 @@ enableGitInfo = true
[[module.mounts]] [[module.mounts]]
source = "/srv/configs" source = "/srv/configs"
target = "configs" target = "configs"
[security]
[security.funcs]
readFile = ["^/srv/configs/.*", "^/srv/docs/private/.*"]

41
layouts/partials/include.html
View File

@@ -5,39 +5,48 @@
{{- $path := .path -}} {{- $path := .path -}}
{{- $context := .context -}} {{- $context := .context -}}
{{/* Map absolute paths to relative mount points */}}
{{- $originalPath := $path -}} {{- $originalPath := $path -}}
{{- $path = replace $path "/srv/docs/private/" "content/private/" -}}
{{- $path = replace $path "/srv/configs/" "configs/" -}}
{{- $path = strings.TrimLeft "/" $path -}}
{{- $isMarkdown := strings.HasSuffix (lower $path) ".md" -}}
{{- $p := "" -}}
{{- $content := "" -}}
{{- $found := false -}} {{- $found := false -}}
{{- $content := "" -}}
{{- $isMarkdown := strings.HasSuffix (lower $path) ".md" -}}
{{/* 1. Try to find a Hugo Page if it's Markdown */}} {{/* 1. Try absolute path directly (enabled by security settings in hugo.toml) */}}
{{- if $isMarkdown -}} {{- if fileExists $path -}}
{{- $variations := slice $path (replace $path "content/" "") (replace $path "private/" "") -}} {{- $content = readFile $path -}}
{{- $found = true -}}
{{- end -}}
{{/* 2. Map absolute paths to relative mount points if not found directly */}}
{{- if not $found -}}
{{- $mappedPath := replace $path "/srv/docs/private/" "content/private/" -}}
{{- $mappedPath = replace $mappedPath "/srv/configs/" "configs/" -}}
{{- $mappedPath = strings.TrimLeft "/" $mappedPath -}}
{{- $p := "" -}}
{{/* Try to find a Hugo Page if it's Markdown */}}
{{- if $isMarkdown -}}
{{- $variations := slice $mappedPath (replace $mappedPath "content/" "") (replace $mappedPath "private/" "") -}}
{{- range $v := $variations -}} {{- range $v := $variations -}}
{{- if not $p }}{{ $p = $context.Site.GetPage $v }}{{ end -}} {{- if not $p }}{{ $p = $context.Site.GetPage $v }}{{ end -}}
{{- if not $p }}{{ $p = $context.Site.GetPage (printf "/%s" $v) }}{{ end -}} {{- if not $p }}{{ $p = $context.Site.GetPage (printf "/%s" $v) }}{{ end -}}
{{- if not $p }}{{ $p = $context.Site.GetPage (strings.TrimSuffix ".md" $v) }}{{ end -}} {{- if not $p }}{{ $p = $context.Site.GetPage (strings.TrimSuffix ".md" $v) }}{{ end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- if $p -}} {{- if $p -}}
{{- $content = $p.Content -}} {{- $content = $p.Content -}}
{{- $found = true -}} {{- $found = true -}}
{{- else -}} {{- else -}}
{{/* 2. Fallback to readFile - check multiple path variations */}} {{/* Fallback to readFile - check multiple path variations */}}
{{- $pathsToTry := slice $path (printf "content/%s" $path) (printf "configs/%s" $path) -}} {{- $pathsToTry := slice $mappedPath (printf "content/%s" $mappedPath) (printf "configs/%s" $mappedPath) -}}
{{- range $v := $pathsToTry -}} {{- range $v := $pathsToTry -}}
{{- if and (not $found) (fileExists $v) -}} {{- if and (not $found) (fileExists $v) -}}
{{- $content = readFile $v -}} {{- $content = readFile $v -}}
{{- $found = true -}} {{- $found = true -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}}
{{- end -}} {{- end -}}
{{- if $found -}} {{- if $found -}}