writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 Commits
45 Branches
208 MiB
 
 
 
 
 
Tree: 3ae45bc156
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3ae45bc156'
${ noResults }
writefreely/app.go

573 lines
14 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"flag"

  16. 	"fmt"

  17. 	"html/template"

  18. 	"net/http"

  19. 	"net/url"

  20. 	"os"

  21. 	"os/signal"

  22. 	"regexp"

  23. 	"strings"

  24. 	"syscall"

  25. 	"time"

  26. 

  27. 	_ "github.com/go-sql-driver/mysql"

  28. 	_ "github.com/mattn/go-sqlite3"

  29. 

  30. 	"github.com/gorilla/mux"

  31. 	"github.com/gorilla/schema"

  32. 	"github.com/gorilla/sessions"

  33. 	"github.com/manifoldco/promptui"

  34. 	"github.com/writeas/go-strip-markdown"

  35. 	"github.com/writeas/web-core/auth"

  36. 	"github.com/writeas/web-core/converter"

  37. 	"github.com/writeas/web-core/log"

  38. 	"github.com/writeas/writefreely/author"

  39. 	"github.com/writeas/writefreely/config"

  40. 	"github.com/writeas/writefreely/page"

  41. )

  42. 

  43. const (

  44. 	staticDir       = "static/"

  45. 	assumedTitleLen = 80

  46. 	postsPerPage    = 10

  47. 

  48. 	serverSoftware = "WriteFreely"

  49. 	softwareURL    = "https://writefreely.org"

  50. )

  51. 

  52. var (

  53. 	debugging bool

  54. 

  55. 	// Software version can be set from git env using -ldflags

  56. 	softwareVer = "0.6.0"

  57. 

  58. 	// DEPRECATED VARS

  59. 	// TODO: pass app.cfg into GetCollection* calls so we can get these values

  60. 	// from Collection methods and we no longer need these.

  61. 	hostName     string

  62. 	isSingleUser bool

  63. )

  64. 

  65. type app struct {

  66. 	router       *mux.Router

  67. 	db           *datastore

  68. 	cfg          *config.Config

  69. 	cfgFile      string

  70. 	keys         *keychain

  71. 	sessionStore *sessions.CookieStore

  72. 	formDecoder  *schema.Decoder

  73. 

  74. 	timeline *localTimeline

  75. }

  76. 

  77. // handleViewHome shows page at root path. Will be the Pad if logged in and the

  78. // catch-all landing page otherwise.

  79. func handleViewHome(app *app, w http.ResponseWriter, r *http.Request) error {

  80. 	if app.cfg.App.SingleUser {

  81. 		// Render blog index

  82. 		return handleViewCollection(app, w, r)

  83. 	}

  84. 

  85. 	// Multi-user instance

  86. 	u := getUserSession(app, r)

  87. 	if u != nil {

  88. 		// User is logged in, so show the Pad

  89. 		return handleViewPad(app, w, r)

  90. 	}

  91. 

  92. 	p := struct {

  93. 		page.StaticPage

  94. 		Flashes []template.HTML

  95. 	}{

  96. 		StaticPage: pageForReq(app, r),

  97. 	}

  98. 

  99. 	// Get error messages

  100. 	session, err := app.sessionStore.Get(r, cookieName)

  101. 	if err != nil {

  102. 		// Ignore this

  103. 		log.Error("Unable to get session in handleViewHome; ignoring: %v", err)

  104. 	}

  105. 	flashes, _ := getSessionFlashes(app, w, r, session)

  106. 	for _, flash := range flashes {

  107. 		p.Flashes = append(p.Flashes, template.HTML(flash))

  108. 	}

  109. 

  110. 	// Show landing page

  111. 	return renderPage(w, "landing.tmpl", p)

  112. }

  113. 

  114. func handleTemplatedPage(app *app, w http.ResponseWriter, r *http.Request, t *template.Template) error {

  115. 	p := struct {

  116. 		page.StaticPage

  117. 		Content      template.HTML

  118. 		PlainContent string

  119. 		Updated      string

  120. 

  121. 		AboutStats *InstanceStats

  122. 	}{

  123. 		StaticPage: pageForReq(app, r),

  124. 	}

  125. 	if r.URL.Path == "/about" || r.URL.Path == "/privacy" {

  126. 		var c string

  127. 		var updated *time.Time

  128. 		var err error

  129. 

  130. 		if r.URL.Path == "/about" {

  131. 			c, err = getAboutPage(app)

  132. 

  133. 			// Fetch stats

  134. 			p.AboutStats = &InstanceStats{}

  135. 			p.AboutStats.NumPosts, _ = app.db.GetTotalPosts()

  136. 			p.AboutStats.NumBlogs, _ = app.db.GetTotalCollections()

  137. 		} else {

  138. 			c, updated, err = getPrivacyPage(app)

  139. 		}

  140. 

  141. 		if err != nil {

  142. 			return err

  143. 		}

  144. 		p.Content = template.HTML(applyMarkdown([]byte(c)))

  145. 		p.PlainContent = shortPostDescription(stripmd.Strip(c))

  146. 		if updated != nil {

  147. 			p.Updated = updated.Format("January 2, 2006")

  148. 		}

  149. 	}

  150. 

  151. 	// Serve templated page

  152. 	err := t.ExecuteTemplate(w, "base", p)

  153. 	if err != nil {

  154. 		log.Error("Unable to render page: %v", err)

  155. 	}

  156. 	return nil

  157. }

  158. 

  159. func pageForReq(app *app, r *http.Request) page.StaticPage {

  160. 	p := page.StaticPage{

  161. 		AppCfg:  app.cfg.App,

  162. 		Path:    r.URL.Path,

  163. 		Version: "v" + softwareVer,

  164. 	}

  165. 

  166. 	// Add user information, if given

  167. 	var u *User

  168. 	accessToken := r.FormValue("t")

  169. 	if accessToken != "" {

  170. 		userID := app.db.GetUserID(accessToken)

  171. 		if userID != -1 {

  172. 			var err error

  173. 			u, err = app.db.GetUserByID(userID)

  174. 			if err == nil {

  175. 				p.Username = u.Username

  176. 			}

  177. 		}

  178. 	} else {

  179. 		u = getUserSession(app, r)

  180. 		if u != nil {

  181. 			p.Username = u.Username

  182. 		}

  183. 	}

  184. 

  185. 	return p

  186. }

  187. 

  188. var shttp = http.NewServeMux()

  189. var fileRegex = regexp.MustCompile("/([^/]*\\.[^/]*)$")

  190. 

  191. func Serve() {

  192. 	debugPtr := flag.Bool("debug", false, "Enables debug logging.")

  193. 	createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")

  194. 	doConfig := flag.Bool("config", false, "Run the configuration process")

  195. 	genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")

  196. 	createSchema := flag.Bool("init-db", false, "Initialize app database")

  197. 	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")

  198. 	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")

  199. 	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")

  200. 	configFile := flag.String("c", "config.ini", "The configuration file to use")

  201. 	outputVersion := flag.Bool("v", false, "Output the current version")

  202. 	flag.Parse()

  203. 

  204. 	debugging = *debugPtr

  205. 

  206. 	app := &app{

  207. 		cfgFile: *configFile,

  208. 	}

  209. 

  210. 	if *outputVersion {

  211. 		fmt.Println(serverSoftware + " " + softwareVer)

  212. 		os.Exit(0)

  213. 	} else if *createConfig {

  214. 		log.Info("Creating configuration...")

  215. 		c := config.New()

  216. 		log.Info("Saving configuration %s...", app.cfgFile)

  217. 		err := config.Save(c, app.cfgFile)

  218. 		if err != nil {

  219. 			log.Error("Unable to save configuration: %v", err)

  220. 			os.Exit(1)

  221. 		}

  222. 		os.Exit(0)

  223. 	} else if *doConfig {

  224. 		d, err := config.Configure(app.cfgFile)

  225. 		if err != nil {

  226. 			log.Error("Unable to configure: %v", err)

  227. 			os.Exit(1)

  228. 		}

  229. 		if d.User != nil {

  230. 			app.cfg = d.Config

  231. 			connectToDatabase(app)

  232. 			defer shutdown(app)

  233. 

  234. 			u := &User{

  235. 				Username:   d.User.Username,

  236. 				HashedPass: d.User.HashedPass,

  237. 				Created:    time.Now().Truncate(time.Second).UTC(),

  238. 			}

  239. 

  240. 			// Create blog

  241. 			log.Info("Creating user %s...\n", u.Username)

  242. 			err = app.db.CreateUser(u, app.cfg.App.SiteName)

  243. 			if err != nil {

  244. 				log.Error("Unable to create user: %s", err)

  245. 				os.Exit(1)

  246. 			}

  247. 			log.Info("Done!")

  248. 		}

  249. 		os.Exit(0)

  250. 	} else if *genKeys {

  251. 		errStatus := 0

  252. 

  253. 		err := generateKey(emailKeyPath)

  254. 		if err != nil {

  255. 			errStatus = 1

  256. 		}

  257. 		err = generateKey(cookieAuthKeyPath)

  258. 		if err != nil {

  259. 			errStatus = 1

  260. 		}

  261. 		err = generateKey(cookieKeyPath)

  262. 		if err != nil {

  263. 			errStatus = 1

  264. 		}

  265. 

  266. 		os.Exit(errStatus)

  267. 	} else if *createSchema {

  268. 		loadConfig(app)

  269. 		connectToDatabase(app)

  270. 		defer shutdown(app)

  271. 

  272. 		schemaFileName := "schema.sql"

  273. 		if app.cfg.Database.Type == "sqlite3" {

  274. 			schemaFileName = "sqlite.sql"

  275. 		}

  276. 

  277. 		schema, err := Asset(schemaFileName)

  278. 		if err != nil {

  279. 			log.Error("Unable to load schema file: %v", err)

  280. 			os.Exit(1)

  281. 		}

  282. 

  283. 		tblReg := regexp.MustCompile("CREATE TABLE (IF NOT EXISTS )?`([a-z_]+)`")

  284. 

  285. 		queries := strings.Split(string(schema), ";\n")

  286. 		for _, q := range queries {

  287. 			if strings.TrimSpace(q) == "" {

  288. 				continue

  289. 			}

  290. 			parts := tblReg.FindStringSubmatch(q)

  291. 			if len(parts) >= 3 {

  292. 				log.Info("Creating table %s...", parts[2])

  293. 			} else {

  294. 				log.Info("Creating table ??? (Weird query) No match in: %v", parts)

  295. 			}

  296. 			_, err = app.db.Exec(q)

  297. 			if err != nil {

  298. 				log.Error("%s", err)

  299. 			} else {

  300. 				log.Info("Created.")

  301. 			}

  302. 		}

  303. 		os.Exit(0)

  304. 	} else if *createAdmin != "" {

  305. 		adminCreateUser(app, *createAdmin, true)

  306. 	} else if *createUser != "" {

  307. 		adminCreateUser(app, *createUser, false)

  308. 	} else if *resetPassUser != "" {

  309. 		// Connect to the database

  310. 		loadConfig(app)

  311. 		connectToDatabase(app)

  312. 		defer shutdown(app)

  313. 

  314. 		// Fetch user

  315. 		u, err := app.db.GetUserForAuth(*resetPassUser)

  316. 		if err != nil {

  317. 			log.Error("Get user: %s", err)

  318. 			os.Exit(1)

  319. 		}

  320. 

  321. 		// Prompt for new password

  322. 		prompt := promptui.Prompt{

  323. 			Templates: &promptui.PromptTemplates{

  324. 				Success: "{{ . | bold | faint }}: ",

  325. 			},

  326. 			Label: "New password",

  327. 			Mask:  '*',

  328. 		}

  329. 		newPass, err := prompt.Run()

  330. 		if err != nil {

  331. 			log.Error("%s", err)

  332. 			os.Exit(1)

  333. 		}

  334. 

  335. 		// Do the update

  336. 		log.Info("Updating...")

  337. 		err = adminResetPassword(app, u, newPass)

  338. 		if err != nil {

  339. 			log.Error("%s", err)

  340. 			os.Exit(1)

  341. 		}

  342. 		log.Info("Success.")

  343. 		os.Exit(0)

  344. 	}

  345. 

  346. 	log.Info("Initializing...")

  347. 

  348. 	loadConfig(app)

  349. 

  350. 	hostName = app.cfg.App.Host

  351. 	isSingleUser = app.cfg.App.SingleUser

  352. 	app.cfg.Server.Dev = *debugPtr

  353. 

  354. 	initTemplates()

  355. 

  356. 	// Load keys

  357. 	log.Info("Loading encryption keys...")

  358. 	err := initKeys(app)

  359. 	if err != nil {

  360. 		log.Error("\n%s\n", err)

  361. 	}

  362. 

  363. 	// Initialize modules

  364. 	app.sessionStore = initSession(app)

  365. 	app.formDecoder = schema.NewDecoder()

  366. 	app.formDecoder.RegisterConverter(converter.NullJSONString{}, converter.ConvertJSONNullString)

  367. 	app.formDecoder.RegisterConverter(converter.NullJSONBool{}, converter.ConvertJSONNullBool)

  368. 	app.formDecoder.RegisterConverter(sql.NullString{}, converter.ConvertSQLNullString)

  369. 	app.formDecoder.RegisterConverter(sql.NullBool{}, converter.ConvertSQLNullBool)

  370. 	app.formDecoder.RegisterConverter(sql.NullInt64{}, converter.ConvertSQLNullInt64)

  371. 	app.formDecoder.RegisterConverter(sql.NullFloat64{}, converter.ConvertSQLNullFloat64)

  372. 

  373. 	// Check database configuration

  374. 	if app.cfg.Database.User == "" || app.cfg.Database.Password == "" {

  375. 		log.Error("Database user or password not set.")

  376. 		os.Exit(1)

  377. 	}

  378. 	if app.cfg.Database.Host == "" {

  379. 		app.cfg.Database.Host = "localhost"

  380. 	}

  381. 	if app.cfg.Database.Database == "" {

  382. 		app.cfg.Database.Database = "writefreely"

  383. 	}

  384. 

  385. 	connectToDatabase(app)

  386. 	defer shutdown(app)

  387. 

  388. 	// Test database connection

  389. 	err = app.db.Ping()

  390. 	if err != nil {

  391. 		log.Error("Database ping failed: %s", err)

  392. 	}

  393. 

  394. 	r := mux.NewRouter()

  395. 	handler := NewHandler(app)

  396. 	handler.SetErrorPages(&ErrorPages{

  397. 		NotFound:            pages["404-general.tmpl"],

  398. 		Gone:                pages["410.tmpl"],

  399. 		InternalServerError: pages["500.tmpl"],

  400. 		Blank:               pages["blank.tmpl"],

  401. 	})

  402. 

  403. 	// Handle app routes

  404. 	initRoutes(handler, r, app.cfg, app.db)

  405. 

  406. 	// Handle local timeline, if enabled

  407. 	if app.cfg.App.LocalTimeline {

  408. 		log.Info("Initializing local timeline...")

  409. 		initLocalTimeline(app)

  410. 	}

  411. 

  412. 	// Handle static files

  413. 	fs := http.FileServer(http.Dir(staticDir))

  414. 	shttp.Handle("/", fs)

  415. 	r.PathPrefix("/").Handler(fs)

  416. 

  417. 	// Handle shutdown

  418. 	c := make(chan os.Signal, 2)

  419. 	signal.Notify(c, os.Interrupt, syscall.SIGTERM)

  420. 	go func() {

  421. 		<-c

  422. 		log.Info("Shutting down...")

  423. 		shutdown(app)

  424. 		log.Info("Done.")

  425. 		os.Exit(0)

  426. 	}()

  427. 

  428. 	http.Handle("/", r)

  429. 

  430. 	// Start web application server

  431. 	var bindAddress = app.cfg.Server.Bind

  432. 	if bindAddress == "" {

  433. 		bindAddress = "localhost"

  434. 	}

  435. 	if app.cfg.IsSecureStandalone() {

  436. 		log.Info("Serving redirects on http://%s:80", bindAddress)

  437. 		go func() {

  438. 			err = http.ListenAndServe(

  439. 				fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  440. 					http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently)

  441. 				}))

  442. 			log.Error("Unable to start redirect server: %v", err)

  443. 		}()

  444. 

  445. 		log.Info("Serving on https://%s:443", bindAddress)

  446. 		log.Info("---")

  447. 		err = http.ListenAndServeTLS(

  448. 			fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, nil)

  449. 	} else {

  450. 		log.Info("Serving on http://%s:%d\n", bindAddress, app.cfg.Server.Port)

  451. 		log.Info("---")

  452. 		err = http.ListenAndServe(fmt.Sprintf("%s:%d", bindAddress, app.cfg.Server.Port), nil)

  453. 	}

  454. 	if err != nil {

  455. 		log.Error("Unable to start: %v", err)

  456. 		os.Exit(1)

  457. 	}

  458. }

  459. 

  460. func loadConfig(app *app) {

  461. 	log.Info("Loading %s configuration...", app.cfgFile)

  462. 	cfg, err := config.Load(app.cfgFile)

  463. 	if err != nil {

  464. 		log.Error("Unable to load configuration: %v", err)

  465. 		os.Exit(1)

  466. 	}

  467. 	app.cfg = cfg

  468. }

  469. 

  470. func connectToDatabase(app *app) {

  471. 	log.Info("Connecting to %s database...", app.cfg.Database.Type)

  472. 

  473. 	var db *sql.DB

  474. 	var err error

  475. 	if app.cfg.Database.Type == "mysql" {

  476. 		db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String())))

  477. 		db.SetMaxOpenConns(50)

  478. 	} else if app.cfg.Database.Type == "sqlite3" {

  479. 		if app.cfg.Database.FileName == "" {

  480. 			log.Error("SQLite database filename value in config.ini is empty.")

  481. 			os.Exit(1)

  482. 		}

  483. 		db, err = sql.Open("sqlite3", app.cfg.Database.FileName+"?parseTime=true&cached=shared")

  484. 		db.SetMaxOpenConns(1)

  485. 	} else {

  486. 		log.Error("Invalid database type '%s'. Only 'mysql' and 'sqlite3' are supported right now.", app.cfg.Database.Type)

  487. 		os.Exit(1)

  488. 	}

  489. 	if err != nil {

  490. 		log.Error("%s", err)

  491. 		os.Exit(1)

  492. 	}

  493. 	app.db = &datastore{db, app.cfg.Database.Type}

  494. }

  495. 

  496. func shutdown(app *app) {

  497. 	log.Info("Closing database connection...")

  498. 	app.db.Close()

  499. }

  500. 

  501. func adminCreateUser(app *app, credStr string, isAdmin bool) {

  502. 	// Create an admin user with --create-admin

  503. 	creds := strings.Split(credStr, ":")

  504. 	if len(creds) != 2 {

  505. 		log.Error("usage: writefreely --create-admin username:password")

  506. 		os.Exit(1)

  507. 	}

  508. 

  509. 	loadConfig(app)

  510. 	connectToDatabase(app)

  511. 	defer shutdown(app)

  512. 

  513. 	// Ensure an admin / first user doesn't already exist

  514. 	firstUser, _ := app.db.GetUserByID(1)

  515. 	if isAdmin {

  516. 		// Abort if trying to create admin user, but one already exists

  517. 		if firstUser != nil {

  518. 			log.Error("Admin user already exists (%s). Create a regular user with: writefreely --create-user", firstUser.Username)

  519. 			os.Exit(1)

  520. 		}

  521. 	} else {

  522. 		// Abort if trying to create regular user, but no admin exists yet

  523. 		if firstUser == nil {

  524. 			log.Error("No admin user exists yet. Create an admin first with: writefreely --create-admin")

  525. 			os.Exit(1)

  526. 		}

  527. 	}

  528. 

  529. 	// Create the user

  530. 	username := creds[0]

  531. 	password := creds[1]

  532. 

  533. 	// Normalize and validate username

  534. 	desiredUsername := username

  535. 	username = getSlug(username, "")

  536. 

  537. 	usernameDesc := username

  538. 	if username != desiredUsername {

  539. 		usernameDesc += " (originally: " + desiredUsername + ")"

  540. 	}

  541. 

  542. 	if !author.IsValidUsername(app.cfg, username) {

  543. 		log.Error("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)

  544. 		os.Exit(1)

  545. 	}

  546. 

  547. 	// Hash the password

  548. 	hashedPass, err := auth.HashPass([]byte(password))

  549. 	if err != nil {

  550. 		log.Error("Unable to hash password: %v", err)

  551. 		os.Exit(1)

  552. 	}

  553. 

  554. 	u := &User{

  555. 		Username:   username,

  556. 		HashedPass: hashedPass,

  557. 		Created:    time.Now().Truncate(time.Second).UTC(),

  558. 	}

  559. 

  560. 	userType := "user"

  561. 	if isAdmin {

  562. 		userType = "admin"

  563. 	}

  564. 	log.Info("Creating %s %s...", userType, usernameDesc)

  565. 	err = app.db.CreateUser(u, desiredUsername)

  566. 	if err != nil {

  567. 		log.Error("Unable to create user: %s", err)

  568. 		os.Exit(1)

  569. 	}

  570. 	log.Info("Done!")

  571. 	os.Exit(0)

  572. }