writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1617 Commits
42 Branches
138 MiB
 
 
 
 
 
Branch: develop
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
writefreely/handle.go

1014 lines
28 KiB
Raw Permalink Blame History 

  1. /*

  2.  * Copyright © 2018-2021 Musing Studio LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"fmt"

  15. 	"html/template"

  16. 	"net/http"

  17. 	"net/url"

  18. 	"runtime/debug"

  19. 	"strconv"

  20. 	"strings"

  21. 	"time"

  22. 

  23. 	"github.com/gorilla/sessions"

  24. 	"github.com/writeas/impart"

  25. 	"github.com/writeas/web-core/log"

  26. 	"github.com/writefreely/go-gopher"

  27. 	"github.com/writefreely/writefreely/config"

  28. 	"github.com/writefreely/writefreely/page"

  29. )

  30. 

  31. // UserLevel represents the required user level for accessing an endpoint

  32. type UserLevel int

  33. 

  34. const (

  35. 	UserLevelNoneType         UserLevel = iota // user or not -- ignored

  36. 	UserLevelOptionalType                      // user or not -- object fetched if user

  37. 	UserLevelNoneRequiredType                  // non-user (required)

  38. 	UserLevelUserType                          // user (required)

  39. )

  40. 

  41. func UserLevelNone(cfg *config.Config) UserLevel {

  42. 	return UserLevelNoneType

  43. }

  44. 

  45. func UserLevelOptional(cfg *config.Config) UserLevel {

  46. 	return UserLevelOptionalType

  47. }

  48. 

  49. func UserLevelNoneRequired(cfg *config.Config) UserLevel {

  50. 	return UserLevelNoneRequiredType

  51. }

  52. 

  53. func UserLevelUser(cfg *config.Config) UserLevel {

  54. 	return UserLevelUserType

  55. }

  56. 

  57. // UserLevelReader returns the permission level required for any route where

  58. // users can read published content.

  59. func UserLevelReader(cfg *config.Config) UserLevel {

  60. 	if cfg.App.Private {

  61. 		return UserLevelUserType

  62. 	}

  63. 	return UserLevelOptionalType

  64. }

  65. 

  66. type (

  67. 	handlerFunc          func(app *App, w http.ResponseWriter, r *http.Request) error

  68. 	gopherFunc           func(app *App, w gopher.ResponseWriter, r *gopher.Request) error

  69. 	userHandlerFunc      func(app *App, u *User, w http.ResponseWriter, r *http.Request) error

  70. 	userApperHandlerFunc func(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error

  71. 	dataHandlerFunc      func(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error)

  72. 	authFunc             func(app *App, r *http.Request) (*User, error)

  73. 	UserLevelFunc        func(cfg *config.Config) UserLevel

  74. )

  75. 

  76. type Handler struct {

  77. 	errors       *ErrorPages

  78. 	sessionStore sessions.Store

  79. 	app          Apper

  80. }

  81. 

  82. // ErrorPages hold template HTML error pages for displaying errors to the user.

  83. // In each, there should be a defined template named "base".

  84. type ErrorPages struct {

  85. 	NotFound            *template.Template

  86. 	Gone                *template.Template

  87. 	InternalServerError *template.Template

  88. 	UnavailableError    *template.Template

  89. 	Blank               *template.Template

  90. }

  91. 

  92. // NewHandler returns a new Handler instance, using the given StaticPage data,

  93. // and saving alias to the application's CookieStore.

  94. func NewHandler(apper Apper) *Handler {

  95. 	h := &Handler{

  96. 		errors: &ErrorPages{

  97. 			NotFound:            template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>404</title></head><body><p>Not found.</p></body></html>{{end}}")),

  98. 			Gone:                template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>410</title></head><body><p>Gone.</p></body></html>{{end}}")),

  99. 			InternalServerError: template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>500</title></head><body><p>Internal server error.</p></body></html>{{end}}")),

  100. 			UnavailableError:    template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>503</title></head><body><p>Service is temporarily unavailable.</p></body></html>{{end}}")),

  101. 			Blank:               template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>{{.Title}}</title></head><body><p>{{.Content}}</p></body></html>{{end}}")),

  102. 		},

  103. 		sessionStore: apper.App().SessionStore(),

  104. 		app:          apper,

  105. 	}

  106. 

  107. 	return h

  108. }

  109. 

  110. // NewWFHandler returns a new Handler instance, using WriteFreely template files.

  111. // You MUST call writefreely.InitTemplates() before this.

  112. func NewWFHandler(apper Apper) *Handler {

  113. 	h := NewHandler(apper)

  114. 	h.SetErrorPages(&ErrorPages{

  115. 		NotFound:            pages["404-general.tmpl"],

  116. 		Gone:                pages["410.tmpl"],

  117. 		InternalServerError: pages["500.tmpl"],

  118. 		UnavailableError:    pages["503.tmpl"],

  119. 		Blank:               pages["blank.tmpl"],

  120. 	})

  121. 	return h

  122. }

  123. 

  124. // SetErrorPages sets the given set of ErrorPages as templates for any errors

  125. // that come up.

  126. func (h *Handler) SetErrorPages(e *ErrorPages) {

  127. 	h.errors = e

  128. }

  129. 

  130. // User handles requests made in the web application by the authenticated user.

  131. // This provides user-friendly HTML pages and actions that work in the browser.

  132. func (h *Handler) User(f userHandlerFunc) http.HandlerFunc {

  133. 	return func(w http.ResponseWriter, r *http.Request) {

  134. 		h.handleHTTPError(w, r, func() error {

  135. 			var status int

  136. 			start := time.Now()

  137. 

  138. 			defer func() {

  139. 				if e := recover(); e != nil {

  140. 					log.Error("%s: %s", e, debug.Stack())

  141. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  142. 					status = http.StatusInternalServerError

  143. 				}

  144. 

  145. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  146. 			}()

  147. 

  148. 			u := getUserSession(h.app.App(), r)

  149. 			if u == nil {

  150. 				err := ErrNotLoggedIn

  151. 				status = err.Status

  152. 				return err

  153. 			}

  154. 

  155. 			err := f(h.app.App(), u, w, r)

  156. 			if err == nil {

  157. 				status = http.StatusOK

  158. 			} else if impErr, ok := err.(impart.HTTPError); ok {

  159. 				status = impErr.Status

  160. 				if impErr == ErrUserNotFound {

  161. 					log.Info("Logged-in user not found. Logging out.")

  162. 					sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath())

  163. 					// Reset err so handleHTTPError does nothing

  164. 					err = nil

  165. 				}

  166. 			} else {

  167. 				status = http.StatusInternalServerError

  168. 			}

  169. 

  170. 			return err

  171. 		}())

  172. 	}

  173. }

  174. 

  175. // Admin handles requests on /admin routes

  176. func (h *Handler) Admin(f userHandlerFunc) http.HandlerFunc {

  177. 	return func(w http.ResponseWriter, r *http.Request) {

  178. 		h.handleHTTPError(w, r, func() error {

  179. 			var status int

  180. 			start := time.Now()

  181. 

  182. 			defer func() {

  183. 				if e := recover(); e != nil {

  184. 					log.Error("%s: %s", e, debug.Stack())

  185. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  186. 					status = http.StatusInternalServerError

  187. 				}

  188. 

  189. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  190. 			}()

  191. 

  192. 			u := getUserSession(h.app.App(), r)

  193. 			if u == nil || !u.IsAdmin() {

  194. 				err := impart.HTTPError{http.StatusNotFound, ""}

  195. 				status = err.Status

  196. 				return err

  197. 			}

  198. 

  199. 			err := f(h.app.App(), u, w, r)

  200. 			if err == nil {

  201. 				status = http.StatusOK

  202. 			} else if err, ok := err.(impart.HTTPError); ok {

  203. 				status = err.Status

  204. 			} else {

  205. 				status = http.StatusInternalServerError

  206. 			}

  207. 

  208. 			return err

  209. 		}())

  210. 	}

  211. }

  212. 

  213. // AdminApper handles requests on /admin routes that require an Apper.

  214. func (h *Handler) AdminApper(f userApperHandlerFunc) http.HandlerFunc {

  215. 	return func(w http.ResponseWriter, r *http.Request) {

  216. 		h.handleHTTPError(w, r, func() error {

  217. 			var status int

  218. 			start := time.Now()

  219. 

  220. 			defer func() {

  221. 				if e := recover(); e != nil {

  222. 					log.Error("%s: %s", e, debug.Stack())

  223. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  224. 					status = http.StatusInternalServerError

  225. 				}

  226. 

  227. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  228. 			}()

  229. 

  230. 			u := getUserSession(h.app.App(), r)

  231. 			if u == nil || !u.IsAdmin() {

  232. 				err := impart.HTTPError{http.StatusNotFound, ""}

  233. 				status = err.Status

  234. 				return err

  235. 			}

  236. 

  237. 			err := f(h.app, u, w, r)

  238. 			if err == nil {

  239. 				status = http.StatusOK

  240. 			} else if err, ok := err.(impart.HTTPError); ok {

  241. 				status = err.Status

  242. 			} else {

  243. 				status = http.StatusInternalServerError

  244. 			}

  245. 

  246. 			return err

  247. 		}())

  248. 	}

  249. }

  250. 

  251. func apiAuth(app *App, r *http.Request) (*User, error) {

  252. 	// Authorize user from Authorization header

  253. 	t := r.Header.Get("Authorization")

  254. 	if t == "" {

  255. 		return nil, ErrNoAccessToken

  256. 	}

  257. 	u := &User{ID: app.db.GetUserID(t)}

  258. 	if u.ID == -1 {

  259. 		return nil, ErrBadAccessToken

  260. 	}

  261. 

  262. 	return u, nil

  263. }

  264. 

  265. // optionalAPIAuth is used for endpoints that accept authenticated requests via

  266. // Authorization header or cookie, unlike apiAuth. It returns a different err

  267. // in the case where no Authorization header is present.

  268. func optionalAPIAuth(app *App, r *http.Request) (*User, error) {

  269. 	// Authorize user from Authorization header

  270. 	t := r.Header.Get("Authorization")

  271. 	if t == "" {

  272. 		return nil, ErrNotLoggedIn

  273. 	}

  274. 	u := &User{ID: app.db.GetUserID(t)}

  275. 	if u.ID == -1 {

  276. 		return nil, ErrBadAccessToken

  277. 	}

  278. 

  279. 	return u, nil

  280. }

  281. 

  282. func webAuth(app *App, r *http.Request) (*User, error) {

  283. 	u := getUserSession(app, r)

  284. 	if u == nil {

  285. 		return nil, ErrNotLoggedIn

  286. 	}

  287. 	return u, nil

  288. }

  289. 

  290. // UserAPI handles requests made in the API by the authenticated user.

  291. // This provides user-friendly HTML pages and actions that work in the browser.

  292. func (h *Handler) UserAPI(f userHandlerFunc) http.HandlerFunc {

  293. 	return h.UserAll(false, f, apiAuth)

  294. }

  295. 

  296. // UserWebAPI handles endpoints that accept a user authorized either via the web (cookies) or an Authorization header.

  297. func (h *Handler) UserWebAPI(f userHandlerFunc) http.HandlerFunc {

  298. 	return h.UserAll(false, f, func(app *App, r *http.Request) (*User, error) {

  299. 		// Authorize user via cookies

  300. 		u := getUserSession(app, r)

  301. 		if u != nil {

  302. 			return u, nil

  303. 		}

  304. 

  305. 		// Fall back to access token, since user isn't logged in via web

  306. 		var err error

  307. 		u, err = apiAuth(app, r)

  308. 		if err != nil {

  309. 			return nil, err

  310. 		}

  311. 

  312. 		return u, nil

  313. 	})

  314. }

  315. 

  316. func (h *Handler) UserAll(web bool, f userHandlerFunc, a authFunc) http.HandlerFunc {

  317. 	return func(w http.ResponseWriter, r *http.Request) {

  318. 		handleFunc := func() error {

  319. 			var status int

  320. 			start := time.Now()

  321. 

  322. 			defer func() {

  323. 				if e := recover(); e != nil {

  324. 					log.Error("%s: %s", e, debug.Stack())

  325. 					impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."})

  326. 					status = 500

  327. 				}

  328. 

  329. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  330. 			}()

  331. 

  332. 			u, err := a(h.app.App(), r)

  333. 			if err != nil {

  334. 				if err, ok := err.(impart.HTTPError); ok {

  335. 					status = err.Status

  336. 				} else {

  337. 					status = 500

  338. 				}

  339. 				return err

  340. 			}

  341. 

  342. 			err = f(h.app.App(), u, w, r)

  343. 			if err == nil {

  344. 				status = 200

  345. 			} else if err, ok := err.(impart.HTTPError); ok {

  346. 				status = err.Status

  347. 			} else {

  348. 				status = 500

  349. 			}

  350. 

  351. 			return err

  352. 		}

  353. 

  354. 		if web {

  355. 			h.handleHTTPError(w, r, handleFunc())

  356. 		} else {

  357. 			h.handleError(w, r, handleFunc())

  358. 		}

  359. 	}

  360. }

  361. 

  362. func (h *Handler) RedirectOnErr(f handlerFunc, loc string) handlerFunc {

  363. 	return func(app *App, w http.ResponseWriter, r *http.Request) error {

  364. 		err := f(app, w, r)

  365. 		if err != nil {

  366. 			if ie, ok := err.(impart.HTTPError); ok {

  367. 				// Override default redirect with returned error's, if it's a

  368. 				// redirect error.

  369. 				if ie.Status == http.StatusFound {

  370. 					return ie

  371. 				}

  372. 			}

  373. 			return impart.HTTPError{http.StatusFound, loc}

  374. 		}

  375. 		return nil

  376. 	}

  377. }

  378. 

  379. func (h *Handler) Page(n string) http.HandlerFunc {

  380. 	return h.Web(func(app *App, w http.ResponseWriter, r *http.Request) error {

  381. 		t, ok := pages[n]

  382. 		if !ok {

  383. 			return impart.HTTPError{http.StatusNotFound, "Page not found."}

  384. 		}

  385. 

  386. 		sp := pageForReq(app, r)

  387. 

  388. 		err := t.ExecuteTemplate(w, "base", sp)

  389. 		if err != nil {

  390. 			log.Error("Unable to render page: %v", err)

  391. 		}

  392. 		return err

  393. 	}, UserLevelOptional)

  394. }

  395. 

  396. func (h *Handler) WebErrors(f handlerFunc, ul UserLevelFunc) http.HandlerFunc {

  397. 	return func(w http.ResponseWriter, r *http.Request) {

  398. 		// TODO: factor out this logic shared with Web()

  399. 		h.handleHTTPError(w, r, func() error {

  400. 			var status int

  401. 			start := time.Now()

  402. 

  403. 			defer func() {

  404. 				if e := recover(); e != nil {

  405. 					u := getUserSession(h.app.App(), r)

  406. 					username := "None"

  407. 					if u != nil {

  408. 						username = u.Username

  409. 					}

  410. 					log.Error("User: %s\n\n%s: %s", username, e, debug.Stack())

  411. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  412. 					status = 500

  413. 				}

  414. 

  415. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  416. 			}()

  417. 

  418. 			var session *sessions.Session

  419. 			var err error

  420. 			if ul(h.app.App().cfg) != UserLevelNoneType {

  421. 				session, err = h.sessionStore.Get(r, cookieName)

  422. 				if err != nil && (ul(h.app.App().cfg) == UserLevelNoneRequiredType || ul(h.app.App().cfg) == UserLevelUserType) {

  423. 					// Cookie is required, but we can ignore this error

  424. 					log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul(h.app.App().cfg), err)

  425. 				}

  426. 

  427. 				_, gotUser := session.Values[cookieUserVal].(*User)

  428. 				if ul(h.app.App().cfg) == UserLevelNoneRequiredType && gotUser {

  429. 					to := correctPageFromLoginAttempt(r)

  430. 					log.Info("Handler: Required NO user, but got one. Redirecting to %s", to)

  431. 					err := impart.HTTPError{http.StatusFound, to}

  432. 					status = err.Status

  433. 					return err

  434. 				} else if ul(h.app.App().cfg) == UserLevelUserType && !gotUser {

  435. 					log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.")

  436. 					err := ErrNotLoggedIn

  437. 					status = err.Status

  438. 					return err

  439. 				}

  440. 			}

  441. 

  442. 			// TODO: pass User object to function

  443. 			err = f(h.app.App(), w, r)

  444. 			if err == nil {

  445. 				status = 200

  446. 			} else if httpErr, ok := err.(impart.HTTPError); ok {

  447. 				status = httpErr.Status

  448. 				if status < 300 || status > 399 {

  449. 					addSessionFlash(h.app.App(), w, r, httpErr.Message, session)

  450. 					return impart.HTTPError{http.StatusFound, r.Referer()}

  451. 				}

  452. 			} else {

  453. 				e := fmt.Sprintf("[Web handler] 500: %v", err)

  454. 				if !strings.HasSuffix(e, "write: broken pipe") {

  455. 					log.Error(e)

  456. 				} else {

  457. 					log.Error(e)

  458. 				}

  459. 				log.Info("Web handler internal error render")

  460. 				h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  461. 				status = 500

  462. 			}

  463. 

  464. 			return err

  465. 		}())

  466. 	}

  467. }

  468. 

  469. func (h *Handler) CollectionPostOrStatic(w http.ResponseWriter, r *http.Request) {

  470. 	if strings.Contains(r.URL.Path, ".") && !isRaw(r) {

  471. 		start := time.Now()

  472. 		status := 200

  473. 		defer func() {

  474. 			log.Info(h.app.ReqLog(r, status, time.Since(start)))

  475. 		}()

  476. 

  477. 		// Serve static file

  478. 		h.app.App().shttp.ServeHTTP(w, r)

  479. 		return

  480. 	}

  481. 

  482. 	h.Web(viewCollectionPost, UserLevelReader)(w, r)

  483. }

  484. 

  485. // Web handles requests made in the web application. This provides user-

  486. // friendly HTML pages and actions that work in the browser.

  487. func (h *Handler) Web(f handlerFunc, ul UserLevelFunc) http.HandlerFunc {

  488. 	return func(w http.ResponseWriter, r *http.Request) {

  489. 		h.handleHTTPError(w, r, func() error {

  490. 			var status int

  491. 			start := time.Now()

  492. 

  493. 			defer func() {

  494. 				if e := recover(); e != nil {

  495. 					u := getUserSession(h.app.App(), r)

  496. 					username := "None"

  497. 					if u != nil {

  498. 						username = u.Username

  499. 					}

  500. 					log.Error("User: %s\n\n%s: %s", username, e, debug.Stack())

  501. 					log.Info("Web deferred internal error render")

  502. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  503. 					status = 500

  504. 				}

  505. 

  506. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  507. 			}()

  508. 

  509. 			if ul(h.app.App().cfg) != UserLevelNoneType {

  510. 				session, err := h.sessionStore.Get(r, cookieName)

  511. 				if err != nil && (ul(h.app.App().cfg) == UserLevelNoneRequiredType || ul(h.app.App().cfg) == UserLevelUserType) {

  512. 					// Cookie is required, but we can ignore this error

  513. 					log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul(h.app.App().cfg), err)

  514. 				}

  515. 

  516. 				_, gotUser := session.Values[cookieUserVal].(*User)

  517. 				if ul(h.app.App().cfg) == UserLevelNoneRequiredType && gotUser {

  518. 					to := correctPageFromLoginAttempt(r)

  519. 					log.Info("Handler: Required NO user, but got one. Redirecting to %s", to)

  520. 					err := impart.HTTPError{http.StatusFound, to}

  521. 					status = err.Status

  522. 					return err

  523. 				} else if ul(h.app.App().cfg) == UserLevelUserType && !gotUser {

  524. 					log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.")

  525. 					err := ErrNotLoggedIn

  526. 					status = err.Status

  527. 					return err

  528. 				}

  529. 			}

  530. 

  531. 			// TODO: pass User object to function

  532. 			err := f(h.app.App(), w, r)

  533. 			if err == nil {

  534. 				status = 200

  535. 			} else if httpErr, ok := err.(impart.HTTPError); ok {

  536. 				status = httpErr.Status

  537. 			} else {

  538. 				e := fmt.Sprintf("[Web handler] 500: %v", err)

  539. 				log.Error(e)

  540. 				log.Info("Web internal error render")

  541. 				h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  542. 				status = 500

  543. 			}

  544. 

  545. 			return err

  546. 		}())

  547. 	}

  548. }

  549. 

  550. func (h *Handler) All(f handlerFunc) http.HandlerFunc {

  551. 	return func(w http.ResponseWriter, r *http.Request) {

  552. 		h.handleError(w, r, func() error {

  553. 			// TODO: return correct "success" status

  554. 			status := 200

  555. 			start := time.Now()

  556. 

  557. 			defer func() {

  558. 				if e := recover(); e != nil {

  559. 					log.Error("%s:\n%s", e, debug.Stack())

  560. 					impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."})

  561. 					status = 500

  562. 				}

  563. 

  564. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  565. 			}()

  566. 

  567. 			// TODO: do any needed authentication

  568. 

  569. 			err := f(h.app.App(), w, r)

  570. 			if err != nil {

  571. 				if err, ok := err.(impart.HTTPError); ok {

  572. 					status = err.Status

  573. 				} else {

  574. 					status = 500

  575. 				}

  576. 			}

  577. 

  578. 			return err

  579. 		}())

  580. 	}

  581. }

  582. 

  583. func (h *Handler) PlainTextAPI(f handlerFunc) http.HandlerFunc {

  584. 	return func(w http.ResponseWriter, r *http.Request) {

  585. 		h.handleTextError(w, r, func() error {

  586. 			// TODO: return correct "success" status

  587. 			status := 200

  588. 			start := time.Now()

  589. 

  590. 			defer func() {

  591. 				if e := recover(); e != nil {

  592. 					log.Error("%s:\n%s", e, debug.Stack())

  593. 					status = http.StatusInternalServerError

  594. 					w.WriteHeader(status)

  595. 					fmt.Fprintf(w, "Something didn't work quite right. The robots have alerted the humans.")

  596. 				}

  597. 

  598. 				log.Info(fmt.Sprintf("\"%s %s\" %d %s \"%s\" \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent(), r.Host))

  599. 			}()

  600. 

  601. 			err := f(h.app.App(), w, r)

  602. 			if err != nil {

  603. 				if err, ok := err.(impart.HTTPError); ok {

  604. 					status = err.Status

  605. 				} else {

  606. 					status = http.StatusInternalServerError

  607. 				}

  608. 			}

  609. 

  610. 			return err

  611. 		}())

  612. 	}

  613. }

  614. 

  615. func (h *Handler) OAuth(f handlerFunc) http.HandlerFunc {

  616. 	return func(w http.ResponseWriter, r *http.Request) {

  617. 		h.handleOAuthError(w, r, func() error {

  618. 			// TODO: return correct "success" status

  619. 			status := 200

  620. 			start := time.Now()

  621. 

  622. 			defer func() {

  623. 				if e := recover(); e != nil {

  624. 					log.Error("%s:\n%s", e, debug.Stack())

  625. 					impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."})

  626. 					status = 500

  627. 				}

  628. 

  629. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  630. 			}()

  631. 

  632. 			err := f(h.app.App(), w, r)

  633. 			if err != nil {

  634. 				if err, ok := err.(impart.HTTPError); ok {

  635. 					status = err.Status

  636. 				} else {

  637. 					status = 500

  638. 				}

  639. 			}

  640. 

  641. 			return err

  642. 		}())

  643. 	}

  644. }

  645. 

  646. func (h *Handler) AllReader(f handlerFunc) http.HandlerFunc {

  647. 	return func(w http.ResponseWriter, r *http.Request) {

  648. 		h.handleError(w, r, func() error {

  649. 			status := 200

  650. 			start := time.Now()

  651. 

  652. 			defer func() {

  653. 				if e := recover(); e != nil {

  654. 					log.Error("%s:\n%s", e, debug.Stack())

  655. 					impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."})

  656. 					status = 500

  657. 				}

  658. 

  659. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  660. 			}()

  661. 

  662. 			// Allow any origin, as public endpoints are handled in here

  663. 			w.Header().Set("Access-Control-Allow-Origin", "*")

  664. 

  665. 			if h.app.App().cfg.App.Private {

  666. 				// This instance is private, so ensure it's being accessed by a valid user

  667. 				// Check if authenticated with an access token

  668. 				_, apiErr := optionalAPIAuth(h.app.App(), r)

  669. 				if apiErr != nil {

  670. 					if err, ok := apiErr.(impart.HTTPError); ok {

  671. 						status = err.Status

  672. 					} else {

  673. 						status = 500

  674. 					}

  675. 

  676. 					if apiErr == ErrNotLoggedIn {

  677. 						// Fall back to web auth since there was no access token given

  678. 						_, err := webAuth(h.app.App(), r)

  679. 						if err != nil {

  680. 							if err, ok := apiErr.(impart.HTTPError); ok {

  681. 								status = err.Status

  682. 							} else {

  683. 								status = 500

  684. 							}

  685. 							return err

  686. 						}

  687. 					} else {

  688. 						return apiErr

  689. 					}

  690. 				}

  691. 			}

  692. 

  693. 			err := f(h.app.App(), w, r)

  694. 			if err != nil {

  695. 				if err, ok := err.(impart.HTTPError); ok {

  696. 					status = err.Status

  697. 				} else {

  698. 					status = 500

  699. 				}

  700. 			}

  701. 

  702. 			return err

  703. 		}())

  704. 	}

  705. }

  706. 

  707. func (h *Handler) Download(f dataHandlerFunc, ul UserLevelFunc) http.HandlerFunc {

  708. 	return func(w http.ResponseWriter, r *http.Request) {

  709. 		h.handleHTTPError(w, r, func() error {

  710. 			var status int

  711. 			start := time.Now()

  712. 			defer func() {

  713. 				if e := recover(); e != nil {

  714. 					log.Error("%s: %s", e, debug.Stack())

  715. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  716. 					status = 500

  717. 				}

  718. 

  719. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  720. 			}()

  721. 

  722. 			data, filename, err := f(h.app.App(), w, r)

  723. 			if err != nil {

  724. 				if err, ok := err.(impart.HTTPError); ok {

  725. 					status = err.Status

  726. 				} else {

  727. 					status = 500

  728. 				}

  729. 				return err

  730. 			}

  731. 

  732. 			ext := ".json"

  733. 			ct := "application/json"

  734. 			if strings.HasSuffix(r.URL.Path, ".csv") {

  735. 				ext = ".csv"

  736. 				ct = "text/csv"

  737. 			} else if strings.HasSuffix(r.URL.Path, ".zip") {

  738. 				ext = ".zip"

  739. 				ct = "application/zip"

  740. 			}

  741. 			w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s%s", filename, ext))

  742. 			w.Header().Set("Content-Type", ct)

  743. 			w.Header().Set("Content-Length", strconv.Itoa(len(data)))

  744. 			fmt.Fprint(w, string(data))

  745. 

  746. 			status = 200

  747. 			return nil

  748. 		}())

  749. 	}

  750. }

  751. 

  752. func (h *Handler) Redirect(url string, ul UserLevelFunc) http.HandlerFunc {

  753. 	return func(w http.ResponseWriter, r *http.Request) {

  754. 		h.handleHTTPError(w, r, func() error {

  755. 			start := time.Now()

  756. 

  757. 			var status int

  758. 			if ul(h.app.App().cfg) != UserLevelNoneType {

  759. 				session, err := h.sessionStore.Get(r, cookieName)

  760. 				if err != nil && (ul(h.app.App().cfg) == UserLevelNoneRequiredType || ul(h.app.App().cfg) == UserLevelUserType) {

  761. 					// Cookie is required, but we can ignore this error

  762. 					log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul(h.app.App().cfg), err)

  763. 				}

  764. 

  765. 				_, gotUser := session.Values[cookieUserVal].(*User)

  766. 				if ul(h.app.App().cfg) == UserLevelNoneRequiredType && gotUser {

  767. 					to := correctPageFromLoginAttempt(r)

  768. 					log.Info("Handler: Required NO user, but got one. Redirecting to %s", to)

  769. 					err := impart.HTTPError{http.StatusFound, to}

  770. 					status = err.Status

  771. 					return err

  772. 				} else if ul(h.app.App().cfg) == UserLevelUserType && !gotUser {

  773. 					log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.")

  774. 					err := ErrNotLoggedIn

  775. 					status = err.Status

  776. 					return err

  777. 				}

  778. 			}

  779. 

  780. 			status = sendRedirect(w, http.StatusFound, url)

  781. 

  782. 			log.Info(h.app.ReqLog(r, status, time.Since(start)))

  783. 

  784. 			return nil

  785. 		}())

  786. 	}

  787. }

  788. 

  789. func (h *Handler) handleHTTPError(w http.ResponseWriter, r *http.Request, err error) {

  790. 	if err == nil {

  791. 		return

  792. 	}

  793. 

  794. 	if err, ok := err.(impart.HTTPError); ok {

  795. 		if err.Status >= 300 && err.Status < 400 {

  796. 			sendRedirect(w, err.Status, err.Message)

  797. 			return

  798. 		} else if err.Status == http.StatusUnauthorized {

  799. 			q := ""

  800. 			if r.URL.RawQuery != "" {

  801. 				q = url.QueryEscape("?" + r.URL.RawQuery)

  802. 			}

  803. 			sendRedirect(w, http.StatusFound, "/login?to="+r.URL.Path+q)

  804. 			return

  805. 		} else if err.Status == http.StatusGone {

  806. 			w.WriteHeader(err.Status)

  807. 			p := &struct {

  808. 				page.StaticPage

  809. 				Content *template.HTML

  810. 			}{

  811. 				StaticPage: pageForReq(h.app.App(), r),

  812. 			}

  813. 			if err.Message != "" {

  814. 				co := template.HTML(err.Message)

  815. 				p.Content = &co

  816. 			}

  817. 			h.errors.Gone.ExecuteTemplate(w, "base", p)

  818. 			return

  819. 		} else if err.Status == http.StatusNotFound {

  820. 			w.WriteHeader(err.Status)

  821. 			if IsActivityPubRequest(r) {

  822. 				// This is a fediverse request; simply return the header

  823. 				return

  824. 			}

  825. 			h.errors.NotFound.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  826. 			return

  827. 		} else if err.Status == http.StatusInternalServerError {

  828. 			w.WriteHeader(err.Status)

  829. 			log.Info("handleHTTPErorr internal error render")

  830. 			h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  831. 			return

  832. 		} else if err.Status == http.StatusServiceUnavailable {

  833. 			w.WriteHeader(err.Status)

  834. 			h.errors.UnavailableError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  835. 			return

  836. 		} else if err.Status == http.StatusAccepted {

  837. 			impart.WriteSuccess(w, "", err.Status)

  838. 			return

  839. 		} else {

  840. 			p := &struct {

  841. 				page.StaticPage

  842. 				Title   string

  843. 				Content template.HTML

  844. 			}{

  845. 				pageForReq(h.app.App(), r),

  846. 				fmt.Sprintf("Uh oh (%d)", err.Status),

  847. 				template.HTML(fmt.Sprintf("<p style=\"text-align: center\" class=\"introduction\">%s</p>", err.Message)),

  848. 			}

  849. 			h.errors.Blank.ExecuteTemplate(w, "base", p)

  850. 			return

  851. 		}

  852. 		impart.WriteError(w, err)

  853. 		return

  854. 	}

  855. 

  856. 	impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."})

  857. }

  858. 

  859. func (h *Handler) handleError(w http.ResponseWriter, r *http.Request, err error) {

  860. 	if err == nil {

  861. 		return

  862. 	}

  863. 

  864. 	if err, ok := err.(impart.HTTPError); ok {

  865. 		if err.Status >= 300 && err.Status < 400 {

  866. 			sendRedirect(w, err.Status, err.Message)

  867. 			return

  868. 		}

  869. 

  870. 		//		if strings.Contains(r.Header.Get("Accept"), "text/html") {

  871. 		impart.WriteError(w, err)

  872. 		//		}

  873. 		return

  874. 	}

  875. 

  876. 	if IsJSON(r) {

  877. 		impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."})

  878. 		return

  879. 	}

  880. 	h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  881. }

  882. 

  883. func (h *Handler) handleTextError(w http.ResponseWriter, r *http.Request, err error) {

  884. 	if err == nil {

  885. 		return

  886. 	}

  887. 

  888. 	if err, ok := err.(impart.HTTPError); ok {

  889. 		if err.Status >= 300 && err.Status < 400 {

  890. 			sendRedirect(w, err.Status, err.Message)

  891. 			return

  892. 		}

  893. 

  894. 		w.WriteHeader(err.Status)

  895. 		fmt.Fprintf(w, http.StatusText(err.Status))

  896. 		return

  897. 	}

  898. 

  899. 	w.WriteHeader(http.StatusInternalServerError)

  900. 	fmt.Fprintf(w, "This is an unhelpful error message for a miscellaneous internal error.")

  901. }

  902. 

  903. func (h *Handler) handleOAuthError(w http.ResponseWriter, r *http.Request, err error) {

  904. 	if err == nil {

  905. 		return

  906. 	}

  907. 

  908. 	if err, ok := err.(impart.HTTPError); ok {

  909. 		if err.Status >= 300 && err.Status < 400 {

  910. 			sendRedirect(w, err.Status, err.Message)

  911. 			return

  912. 		}

  913. 

  914. 		impart.WriteOAuthError(w, err)

  915. 		return

  916. 	}

  917. 

  918. 	impart.WriteOAuthError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."})

  919. 	return

  920. }

  921. 

  922. func correctPageFromLoginAttempt(r *http.Request) string {

  923. 	to := r.FormValue("to")

  924. 	if to == "" {

  925. 		to = "/"

  926. 	} else if !strings.HasPrefix(to, "/") {

  927. 		to = "/" + to

  928. 	}

  929. 	return to

  930. }

  931. 

  932. func (h *Handler) LogHandlerFunc(f http.HandlerFunc) http.HandlerFunc {

  933. 	return func(w http.ResponseWriter, r *http.Request) {

  934. 		h.handleHTTPError(w, r, func() error {

  935. 			status := 200

  936. 			start := time.Now()

  937. 

  938. 			defer func() {

  939. 				if e := recover(); e != nil {

  940. 					log.Error("Handler.LogHandlerFunc\n\n%s: %s", e, debug.Stack())

  941. 					h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))

  942. 					status = 500

  943. 				}

  944. 

  945. 				// TODO: log actual status code returned

  946. 				log.Info(h.app.ReqLog(r, status, time.Since(start)))

  947. 			}()

  948. 

  949. 			if h.app.App().cfg.App.Private {

  950. 				// This instance is private, so ensure it's being accessed by a valid user

  951. 				// Check if authenticated with an access token

  952. 				_, apiErr := optionalAPIAuth(h.app.App(), r)

  953. 				if apiErr != nil {

  954. 					if err, ok := apiErr.(impart.HTTPError); ok {

  955. 						status = err.Status

  956. 					} else {

  957. 						status = 500

  958. 					}

  959. 

  960. 					if apiErr == ErrNotLoggedIn {

  961. 						// Fall back to web auth since there was no access token given

  962. 						_, err := webAuth(h.app.App(), r)

  963. 						if err != nil {

  964. 							if err, ok := apiErr.(impart.HTTPError); ok {

  965. 								status = err.Status

  966. 							} else {

  967. 								status = 500

  968. 							}

  969. 							return err

  970. 						}

  971. 					} else {

  972. 						return apiErr

  973. 					}

  974. 				}

  975. 			}

  976. 

  977. 			f(w, r)

  978. 

  979. 			return nil

  980. 		}())

  981. 	}

  982. }

  983. 

  984. func (h *Handler) Gopher(f gopherFunc) gopher.HandlerFunc {

  985. 	return func(w gopher.ResponseWriter, r *gopher.Request) {

  986. 		defer func() {

  987. 			if e := recover(); e != nil {

  988. 				log.Error("%s: %s", e, debug.Stack())

  989. 				w.WriteError("An internal error occurred")

  990. 			}

  991. 			log.Info("gopher: %s", r.Selector)

  992. 		}()

  993. 

  994. 		err := f(h.app.App(), w, r)

  995. 		if err != nil {

  996. 			log.Error("failed: %s", err)

  997. 			w.WriteError("the page failed for some reason (see logs)")

  998. 		}

  999. 	}

  1000. }

  1001. 

  1002. func sendRedirect(w http.ResponseWriter, code int, location string) int {

  1003. 	w.Header().Set("Location", location)

  1004. 	w.WriteHeader(code)

  1005. 	return code

  1006. }

  1007. 

  1008. func cacheControl(next http.Handler) http.Handler {

  1009. 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  1010. 		w.Header().Set("Cache-Control", "public, max-age=604800, immutable")

  1011. 		next.ServeHTTP(w, r)

  1012. 	})

  1013. }