writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1617 Commits
42 Branches
213 MiB
 
 
 
 
 
Branch: develop
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
writefreely/routes.go

248 lines
13 KiB
Raw Permalink Blame History 

  1. /*

  2.  * Copyright © 2018-2021 Musing Studio LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"net/http"

  15. 	"net/url"

  16. 	"path/filepath"

  17. 	"strings"

  18. 

  19. 	"github.com/gorilla/csrf"

  20. 	"github.com/gorilla/mux"

  21. 	"github.com/writeas/go-webfinger"

  22. 	"github.com/writeas/web-core/log"

  23. 	"github.com/writefreely/go-nodeinfo"

  24. )

  25. 

  26. // InitStaticRoutes adds routes for serving static files.

  27. // TODO: this should just be a func, not method

  28. func (app *App) InitStaticRoutes(r *mux.Router) {

  29. 	// Handle static files

  30. 	fs := http.FileServer(http.Dir(filepath.Join(app.cfg.Server.StaticParentDir, staticDir)))

  31. 	fs = cacheControl(fs)

  32. 	app.shttp = http.NewServeMux()

  33. 	app.shttp.Handle("/", fs)

  34. 	r.PathPrefix("/").Handler(fs)

  35. }

  36. 

  37. // InitRoutes adds dynamic routes for the given mux.Router.

  38. func InitRoutes(apper Apper, r *mux.Router) *mux.Router {

  39. 	// Create handler

  40. 	handler := NewWFHandler(apper)

  41. 

  42. 	// Set up routes

  43. 	hostSubroute := apper.App().cfg.App.Host[strings.Index(apper.App().cfg.App.Host, "://")+3:]

  44. 	if apper.App().cfg.App.SingleUser {

  45. 		hostSubroute = "{domain}"

  46. 	} else {

  47. 		if strings.HasPrefix(hostSubroute, "localhost") {

  48. 			hostSubroute = "localhost"

  49. 		}

  50. 	}

  51. 

  52. 	if apper.App().cfg.App.SingleUser {

  53. 		log.Info("Adding %s routes (single user)...", hostSubroute)

  54. 	} else {

  55. 		log.Info("Adding %s routes (multi-user)...", hostSubroute)

  56. 	}

  57. 

  58. 	// Primary app routes

  59. 	write := r.PathPrefix("/").Subrouter()

  60. 

  61. 	// Federation endpoint configurations

  62. 	wf := webfinger.Default(wfResolver{apper.App().db, apper.App().cfg})

  63. 	wf.NoTLSHandler = nil

  64. 

  65. 	// Federation endpoints

  66. 	// host-meta

  67. 	write.HandleFunc("/.well-known/host-meta", handler.Web(handleViewHostMeta, UserLevelReader))

  68. 	// webfinger

  69. 	write.HandleFunc(webfinger.WebFingerPath, handler.LogHandlerFunc(http.HandlerFunc(wf.Webfinger)))

  70. 	// nodeinfo

  71. 	niCfg := nodeInfoConfig(apper.App().db, apper.App().cfg)

  72. 	ni := nodeinfo.NewService(*niCfg, nodeInfoResolver{apper.App().cfg, apper.App().db})

  73. 	write.HandleFunc(nodeinfo.NodeInfoPath, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfoDiscover)))

  74. 	write.HandleFunc(niCfg.InfoURL, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfo)))

  75. 

  76. 	// handle mentions

  77. 	write.HandleFunc("/@/{handle}", handler.Web(handleViewMention, UserLevelReader))

  78. 

  79. 	configureSlackOauth(handler, write, apper.App())

  80. 	configureWriteAsOauth(handler, write, apper.App())

  81. 	configureGitlabOauth(handler, write, apper.App())

  82. 	configureGenericOauth(handler, write, apper.App())

  83. 	configureGiteaOauth(handler, write, apper.App())

  84. 

  85. 	// Set up dynamic page handlers

  86. 	// Handle auth

  87. 	auth := write.PathPrefix("/api/auth/").Subrouter()

  88. 	if apper.App().cfg.App.OpenRegistration {

  89. 		auth.HandleFunc("/signup", handler.All(apiSignup)).Methods("POST")

  90. 	}

  91. 	auth.HandleFunc("/login", handler.All(login)).Methods("POST")

  92. 	auth.HandleFunc("/read", handler.WebErrors(handleWebCollectionUnlock, UserLevelNone)).Methods("POST")

  93. 	auth.HandleFunc("/me", handler.All(handleAPILogout)).Methods("DELETE")

  94. 

  95. 	// Handle logged in user sections

  96. 	me := write.PathPrefix("/me").Subrouter()

  97. 	me.HandleFunc("/", handler.Redirect("/me", UserLevelUser))

  98. 	me.HandleFunc("/c", handler.Redirect("/me/c/", UserLevelUser)).Methods("GET")

  99. 	me.HandleFunc("/c/", handler.User(viewCollections)).Methods("GET")

  100. 	me.HandleFunc("/c/{collection}", handler.User(viewEditCollection)).Methods("GET")

  101. 	me.HandleFunc("/c/{collection}/stats", handler.User(viewStats)).Methods("GET")

  102. 	me.HandleFunc("/c/{collection}/subscribers", handler.User(handleViewSubscribers)).Methods("GET")

  103. 	me.Path("/delete").Handler(csrf.Protect(apper.App().keys.CSRFKey)(handler.User(handleUserDelete))).Methods("POST")

  104. 	me.HandleFunc("/posts", handler.Redirect("/me/posts/", UserLevelUser)).Methods("GET")

  105. 	me.HandleFunc("/posts/", handler.User(viewArticles)).Methods("GET")

  106. 	me.HandleFunc("/posts/export.csv", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")

  107. 	me.HandleFunc("/posts/export.zip", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")

  108. 	me.HandleFunc("/posts/export.json", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")

  109. 	me.HandleFunc("/export", handler.User(viewExportOptions)).Methods("GET")

  110. 	me.HandleFunc("/export.json", handler.Download(viewExportFull, UserLevelUser)).Methods("GET")

  111. 	me.HandleFunc("/import", handler.User(viewImport)).Methods("GET")

  112. 	me.Path("/settings").Handler(csrf.Protect(apper.App().keys.CSRFKey)(handler.User(viewSettings))).Methods("GET")

  113. 	me.HandleFunc("/invites", handler.User(handleViewUserInvites)).Methods("GET")

  114. 	me.HandleFunc("/logout", handler.Web(viewLogout, UserLevelNone)).Methods("GET")

  115. 

  116. 	write.HandleFunc("/api/me", handler.All(viewMeAPI)).Methods("GET")

  117. 	apiMe := write.PathPrefix("/api/me/").Subrouter()

  118. 	apiMe.HandleFunc("/", handler.All(viewMeAPI)).Methods("GET")

  119. 	apiMe.HandleFunc("/posts", handler.UserWebAPI(viewMyPostsAPI)).Methods("GET")

  120. 	apiMe.HandleFunc("/collections", handler.UserAPI(viewMyCollectionsAPI)).Methods("GET")

  121. 	apiMe.HandleFunc("/password", handler.All(updatePassphrase)).Methods("POST")

  122. 	apiMe.HandleFunc("/self", handler.All(updateSettings)).Methods("POST")

  123. 	apiMe.HandleFunc("/invites", handler.User(handleCreateUserInvite)).Methods("POST")

  124. 	apiMe.HandleFunc("/import", handler.User(handleImport)).Methods("POST")

  125. 	apiMe.HandleFunc("/oauth/remove", handler.User(removeOauth)).Methods("POST")

  126. 

  127. 	// Sign up validation

  128. 	write.HandleFunc("/api/alias", handler.All(handleUsernameCheck)).Methods("POST")

  129. 

  130. 	write.HandleFunc("/api/markdown", handler.All(handleRenderMarkdown)).Methods("POST")

  131. 

  132. 	instanceURL, _ := url.Parse(apper.App().Config().App.Host)

  133. 	host := instanceURL.Host

  134. 

  135. 	// Handle collections

  136. 	write.HandleFunc("/api/collections", handler.All(newCollection)).Methods("POST")

  137. 	apiColls := write.PathPrefix("/api/collections/").Subrouter()

  138. 	apiColls.HandleFunc("/monetization-pointer", handler.PlainTextAPI(handleSPSPEndpoint)).Methods("GET")

  139. 	apiColls.HandleFunc("/"+host, handler.AllReader(fetchCollection)).Methods("GET")

  140. 	apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.AllReader(fetchCollection)).Methods("GET")

  141. 	apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.All(existingCollection)).Methods("POST", "DELETE")

  142. 	apiColls.HandleFunc("/{alias}/posts", handler.AllReader(fetchCollectionPosts)).Methods("GET")

  143. 	apiColls.HandleFunc("/{alias}/posts", handler.All(newPost)).Methods("POST")

  144. 	apiColls.HandleFunc("/{alias}/posts/{post}", handler.AllReader(fetchPost)).Methods("GET")

  145. 	apiColls.HandleFunc("/{alias}/posts/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST")

  146. 	apiColls.HandleFunc("/{alias}/posts/{post}/splitcontent", handler.AllReader(handleGetSplitContent)).Methods("GET", "POST")

  147. 	apiColls.HandleFunc("/{alias}/posts/{post}/{property}", handler.AllReader(fetchPostProperty)).Methods("GET")

  148. 	apiColls.HandleFunc("/{alias}/collect", handler.All(addPost)).Methods("POST")

  149. 	apiColls.HandleFunc("/{alias}/pin", handler.All(pinPost)).Methods("POST")

  150. 	apiColls.HandleFunc("/{alias}/unpin", handler.All(pinPost)).Methods("POST")

  151. 	apiColls.HandleFunc("/{alias}/email/subscribe", handler.All(handleCreateEmailSubscription)).Methods("POST")

  152. 	apiColls.HandleFunc("/{alias}/email/subscribe", handler.All(handleDeleteEmailSubscription)).Methods("DELETE")

  153. 	apiColls.HandleFunc("/{collection}/email/unsubscribe", handler.All(handleDeleteEmailSubscription)).Methods("GET")

  154. 	apiColls.HandleFunc("/{alias}/inbox", handler.All(handleFetchCollectionInbox)).Methods("POST")

  155. 	apiColls.HandleFunc("/{alias}/outbox", handler.AllReader(handleFetchCollectionOutbox)).Methods("GET")

  156. 	apiColls.HandleFunc("/{alias}/following", handler.AllReader(handleFetchCollectionFollowing)).Methods("GET")

  157. 	apiColls.HandleFunc("/{alias}/followers", handler.AllReader(handleFetchCollectionFollowers)).Methods("GET")

  158. 

  159. 	// Handle posts

  160. 	write.HandleFunc("/api/posts", handler.All(newPost)).Methods("POST")

  161. 	posts := write.PathPrefix("/api/posts/").Subrouter()

  162. 	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.AllReader(fetchPost)).Methods("GET")

  163. 	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST", "PUT")

  164. 	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(deletePost)).Methods("DELETE")

  165. 	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}/{property}", handler.AllReader(fetchPostProperty)).Methods("GET")

  166. 	posts.HandleFunc("/claim", handler.All(addPost)).Methods("POST")

  167. 	posts.HandleFunc("/disperse", handler.All(dispersePost)).Methods("POST")

  168. 

  169. 	write.HandleFunc("/auth/signup", handler.Web(handleWebSignup, UserLevelNoneRequired)).Methods("POST")

  170. 	write.HandleFunc("/auth/login", handler.Web(webLogin, UserLevelNoneRequired)).Methods("POST")

  171. 

  172. 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")

  173. 	write.HandleFunc("/admin/monitor", handler.Admin(handleViewAdminMonitor)).Methods("GET")

  174. 	write.HandleFunc("/admin/settings", handler.Admin(handleViewAdminSettings)).Methods("GET")

  175. 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")

  176. 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")

  177. 	write.HandleFunc("/admin/user/{username}/delete", handler.Admin(handleAdminDeleteUser)).Methods("POST")

  178. 	write.HandleFunc("/admin/user/{username}/status", handler.Admin(handleAdminToggleUserStatus)).Methods("POST")

  179. 	write.HandleFunc("/admin/user/{username}/passphrase", handler.Admin(handleAdminResetUserPass)).Methods("POST")

  180. 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")

  181. 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")

  182. 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")

  183. 	write.HandleFunc("/admin/update/{page}", handler.Admin(handleAdminUpdateSite)).Methods("POST")

  184. 	write.HandleFunc("/admin/updates", handler.Admin(handleViewAdminUpdates)).Methods("GET")

  185. 

  186. 	// Handle special pages first

  187. 	write.Path("/reset").Handler(csrf.Protect(apper.App().keys.CSRFKey)(handler.Web(viewResetPassword, UserLevelNoneRequired)))

  188. 	write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))

  189. 	write.HandleFunc("/signup", handler.Web(handleViewLanding, UserLevelNoneRequired))

  190. 	write.HandleFunc("/invite/{code:[a-zA-Z0-9]+}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")

  191. 	// TODO: show a reader-specific 404 page if the function is disabled

  192. 	write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))

  193. 	RouteRead(handler, UserLevelReader, write.PathPrefix("/read").Subrouter())

  194. 

  195. 	draftEditPrefix := ""

  196. 	if apper.App().cfg.App.SingleUser {

  197. 		draftEditPrefix = "/d"

  198. 		write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")

  199. 	} else {

  200. 		write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")

  201. 	}

  202. 

  203. 	// All the existing stuff

  204. 	write.HandleFunc(draftEditPrefix+"/{action}/edit", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")

  205. 	write.HandleFunc(draftEditPrefix+"/{action}/meta", handler.Web(handleViewMeta, UserLevelUser)).Methods("GET")

  206. 	// Collections

  207. 	if apper.App().cfg.App.SingleUser {

  208. 		RouteCollections(handler, write.PathPrefix("/").Subrouter())

  209. 	} else {

  210. 		write.HandleFunc("/{prefix:[@~$!\\-+]}{collection}", handler.Web(handleViewCollection, UserLevelReader))

  211. 		write.HandleFunc("/{collection}/", handler.Web(handleViewCollection, UserLevelReader))

  212. 		RouteCollections(handler, write.PathPrefix("/{prefix:[@~$!\\-+]?}{collection}").Subrouter())

  213. 		// Posts

  214. 	}

  215. 	write.HandleFunc(draftEditPrefix+"/{post}", handler.Web(handleViewPost, UserLevelOptional))

  216. 	write.HandleFunc("/", handler.Web(handleViewHome, UserLevelOptional))

  217. 

  218. 	return r

  219. }

  220. 

  221. func RouteCollections(handler *Handler, r *mux.Router) {

  222. 	r.HandleFunc("/logout", handler.Web(handleLogOutCollection, UserLevelOptional))

  223. 	r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader))

  224. 	r.HandleFunc("/lang:{lang:[a-z]{2}}", handler.Web(handleViewCollectionLang, UserLevelOptional))

  225. 	r.HandleFunc("/lang:{lang:[a-z]{2}}/page/{page:[0-9]+}", handler.Web(handleViewCollectionLang, UserLevelOptional))

  226. 	r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))

  227. 	r.HandleFunc("/tag:{tag}/page/{page:[0-9]+}", handler.Web(handleViewCollectionTag, UserLevelReader))

  228. 	r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))

  229. 	r.HandleFunc("/sitemap.xml", handler.AllReader(handleViewSitemap))

  230. 	r.HandleFunc("/feed/", handler.AllReader(ViewFeed))

  231. 	r.HandleFunc("/email/confirm/{subscriber}", handler.All(handleConfirmEmailSubscription)).Methods("GET")

  232. 	r.HandleFunc("/email/unsubscribe/{subscriber}", handler.All(handleDeleteEmailSubscription)).Methods("GET")

  233. 	r.HandleFunc("/{slug}", handler.CollectionPostOrStatic)

  234. 	r.HandleFunc("/{slug}/edit", handler.Web(handleViewPad, UserLevelUser))

  235. 	r.HandleFunc("/{slug}/edit/meta", handler.Web(handleViewMeta, UserLevelUser))

  236. 	r.HandleFunc("/{slug}/", handler.Web(handleCollectionPostRedirect, UserLevelReader)).Methods("GET")

  237. }

  238. 

  239. func RouteRead(handler *Handler, readPerm UserLevelFunc, r *mux.Router) {

  240. 	r.HandleFunc("/api/posts", handler.Web(viewLocalTimelineAPI, readPerm))

  241. 	r.HandleFunc("/p/{page}", handler.Web(viewLocalTimeline, readPerm))

  242. 	r.HandleFunc("/feed/", handler.Web(viewLocalTimelineFeed, readPerm))

  243. 	r.HandleFunc("/t/{tag}", handler.Web(viewLocalTimeline, readPerm))

  244. 	r.HandleFunc("/a/{post}", handler.Web(handlePostIDRedirect, readPerm))

  245. 	r.HandleFunc("/{author}", handler.Web(viewLocalTimeline, readPerm))

  246. 	r.HandleFunc("/", handler.Web(viewLocalTimeline, readPerm))

  247. }