writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
245 Commits
45 Branches
234 MiB
 
 
 
 
 
Tree: 8a555567a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8a555567a6'
${ noResults }
writefreely/app.go

576 lines
14 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"flag"

  16. 	"fmt"

  17. 	"html/template"

  18. 	"net/http"

  19. 	"net/url"

  20. 	"os"

  21. 	"os/signal"

  22. 	"regexp"

  23. 	"strings"

  24. 	"syscall"

  25. 	"time"

  26. 

  27. 	_ "github.com/go-sql-driver/mysql"

  28. 

  29. 	"github.com/gorilla/mux"

  30. 	"github.com/gorilla/schema"

  31. 	"github.com/gorilla/sessions"

  32. 	"github.com/manifoldco/promptui"

  33. 	"github.com/writeas/go-strip-markdown"

  34. 	"github.com/writeas/web-core/auth"

  35. 	"github.com/writeas/web-core/converter"

  36. 	"github.com/writeas/web-core/log"

  37. 	"github.com/writeas/writefreely/author"

  38. 	"github.com/writeas/writefreely/config"

  39. 	"github.com/writeas/writefreely/page"

  40. )

  41. 

  42. const (

  43. 	staticDir       = "static/"

  44. 	assumedTitleLen = 80

  45. 	postsPerPage    = 10

  46. 

  47. 	serverSoftware = "WriteFreely"

  48. 	softwareURL    = "https://writefreely.org"

  49. )

  50. 

  51. var (

  52. 	debugging bool

  53. 

  54. 	// Software version can be set from git env using -ldflags

  55. 	softwareVer = "0.6.0"

  56. 

  57. 	// DEPRECATED VARS

  58. 	// TODO: pass app.cfg into GetCollection* calls so we can get these values

  59. 	// from Collection methods and we no longer need these.

  60. 	hostName     string

  61. 	isSingleUser bool

  62. )

  63. 

  64. type app struct {

  65. 	router       *mux.Router

  66. 	db           *datastore

  67. 	cfg          *config.Config

  68. 	cfgFile      string

  69. 	keys         *keychain

  70. 	sessionStore *sessions.CookieStore

  71. 	formDecoder  *schema.Decoder

  72. 

  73. 	timeline *localTimeline

  74. }

  75. 

  76. // handleViewHome shows page at root path. Will be the Pad if logged in and the

  77. // catch-all landing page otherwise.

  78. func handleViewHome(app *app, w http.ResponseWriter, r *http.Request) error {

  79. 	if app.cfg.App.SingleUser {

  80. 		// Render blog index

  81. 		return handleViewCollection(app, w, r)

  82. 	}

  83. 

  84. 	// Multi-user instance

  85. 	u := getUserSession(app, r)

  86. 	if u != nil {

  87. 		// User is logged in, so show the Pad

  88. 		return handleViewPad(app, w, r)

  89. 	}

  90. 

  91. 	p := struct {

  92. 		page.StaticPage

  93. 		Flashes []template.HTML

  94. 	}{

  95. 		StaticPage: pageForReq(app, r),

  96. 	}

  97. 

  98. 	// Get error messages

  99. 	session, err := app.sessionStore.Get(r, cookieName)

  100. 	if err != nil {

  101. 		// Ignore this

  102. 		log.Error("Unable to get session in handleViewHome; ignoring: %v", err)

  103. 	}

  104. 	flashes, _ := getSessionFlashes(app, w, r, session)

  105. 	for _, flash := range flashes {

  106. 		p.Flashes = append(p.Flashes, template.HTML(flash))

  107. 	}

  108. 

  109. 	// Show landing page

  110. 	return renderPage(w, "landing.tmpl", p)

  111. }

  112. 

  113. func handleTemplatedPage(app *app, w http.ResponseWriter, r *http.Request, t *template.Template) error {

  114. 	p := struct {

  115. 		page.StaticPage

  116. 		Content      template.HTML

  117. 		PlainContent string

  118. 		Updated      string

  119. 

  120. 		AboutStats *InstanceStats

  121. 	}{

  122. 		StaticPage: pageForReq(app, r),

  123. 	}

  124. 	if r.URL.Path == "/about" || r.URL.Path == "/privacy" {

  125. 		var c string

  126. 		var updated *time.Time

  127. 		var err error

  128. 

  129. 		if r.URL.Path == "/about" {

  130. 			c, err = getAboutPage(app)

  131. 

  132. 			// Fetch stats

  133. 			p.AboutStats = &InstanceStats{}

  134. 			p.AboutStats.NumPosts, _ = app.db.GetTotalPosts()

  135. 			p.AboutStats.NumBlogs, _ = app.db.GetTotalCollections()

  136. 		} else {

  137. 			c, updated, err = getPrivacyPage(app)

  138. 		}

  139. 

  140. 		if err != nil {

  141. 			return err

  142. 		}

  143. 		p.Content = template.HTML(applyMarkdown([]byte(c)))

  144. 		p.PlainContent = shortPostDescription(stripmd.Strip(c))

  145. 		if updated != nil {

  146. 			p.Updated = updated.Format("January 2, 2006")

  147. 		}

  148. 	}

  149. 

  150. 	// Serve templated page

  151. 	err := t.ExecuteTemplate(w, "base", p)

  152. 	if err != nil {

  153. 		log.Error("Unable to render page: %v", err)

  154. 	}

  155. 	return nil

  156. }

  157. 

  158. func pageForReq(app *app, r *http.Request) page.StaticPage {

  159. 	p := page.StaticPage{

  160. 		AppCfg:  app.cfg.App,

  161. 		Path:    r.URL.Path,

  162. 		Version: "v" + softwareVer,

  163. 	}

  164. 

  165. 	// Add user information, if given

  166. 	var u *User

  167. 	accessToken := r.FormValue("t")

  168. 	if accessToken != "" {

  169. 		userID := app.db.GetUserID(accessToken)

  170. 		if userID != -1 {

  171. 			var err error

  172. 			u, err = app.db.GetUserByID(userID)

  173. 			if err == nil {

  174. 				p.Username = u.Username

  175. 			}

  176. 		}

  177. 	} else {

  178. 		u = getUserSession(app, r)

  179. 		if u != nil {

  180. 			p.Username = u.Username

  181. 		}

  182. 	}

  183. 

  184. 	return p

  185. }

  186. 

  187. var shttp = http.NewServeMux()

  188. var fileRegex = regexp.MustCompile("/([^/]*\\.[^/]*)$")

  189. 

  190. func Serve() {

  191. 	debugPtr := flag.Bool("debug", false, "Enables debug logging.")

  192. 	createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")

  193. 	doConfig := flag.Bool("config", false, "Run the configuration process")

  194. 	genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")

  195. 	createSchema := flag.Bool("init-db", false, "Initialize app database")

  196. 	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")

  197. 	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")

  198. 	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")

  199. 	configFile := flag.String("c", "config.ini", "The configuration file to use")

  200. 	outputVersion := flag.Bool("v", false, "Output the current version")

  201. 	flag.Parse()

  202. 

  203. 	debugging = *debugPtr

  204. 

  205. 	app := &app{

  206. 		cfgFile: *configFile,

  207. 	}

  208. 

  209. 	if *outputVersion {

  210. 		fmt.Println(serverSoftware + " " + softwareVer)

  211. 		os.Exit(0)

  212. 	} else if *createConfig {

  213. 		log.Info("Creating configuration...")

  214. 		c := config.New()

  215. 		log.Info("Saving configuration %s...", app.cfgFile)

  216. 		err := config.Save(c, app.cfgFile)

  217. 		if err != nil {

  218. 			log.Error("Unable to save configuration: %v", err)

  219. 			os.Exit(1)

  220. 		}

  221. 		os.Exit(0)

  222. 	} else if *doConfig {

  223. 		d, err := config.Configure(app.cfgFile)

  224. 		if err != nil {

  225. 			log.Error("Unable to configure: %v", err)

  226. 			os.Exit(1)

  227. 		}

  228. 		if d.User != nil {

  229. 			app.cfg = d.Config

  230. 			connectToDatabase(app)

  231. 			defer shutdown(app)

  232. 

  233. 			u := &User{

  234. 				Username:   d.User.Username,

  235. 				HashedPass: d.User.HashedPass,

  236. 				Created:    time.Now().Truncate(time.Second).UTC(),

  237. 			}

  238. 

  239. 			// Create blog

  240. 			log.Info("Creating user %s...\n", u.Username)

  241. 			err = app.db.CreateUser(u, app.cfg.App.SiteName)

  242. 			if err != nil {

  243. 				log.Error("Unable to create user: %s", err)

  244. 				os.Exit(1)

  245. 			}

  246. 			log.Info("Done!")

  247. 		}

  248. 		os.Exit(0)

  249. 	} else if *genKeys {

  250. 		errStatus := 0

  251. 

  252. 		err := generateKey(emailKeyPath)

  253. 		if err != nil {

  254. 			errStatus = 1

  255. 		}

  256. 		err = generateKey(cookieAuthKeyPath)

  257. 		if err != nil {

  258. 			errStatus = 1

  259. 		}

  260. 		err = generateKey(cookieKeyPath)

  261. 		if err != nil {

  262. 			errStatus = 1

  263. 		}

  264. 

  265. 		os.Exit(errStatus)

  266. 	} else if *createSchema {

  267. 		loadConfig(app)

  268. 		connectToDatabase(app)

  269. 		defer shutdown(app)

  270. 

  271. 		schemaFileName := "schema.sql"

  272. 		if app.cfg.Database.Type == driverSQLite {

  273. 			schemaFileName = "sqlite.sql"

  274. 		}

  275. 

  276. 		schema, err := Asset(schemaFileName)

  277. 		if err != nil {

  278. 			log.Error("Unable to load schema file: %v", err)

  279. 			os.Exit(1)

  280. 		}

  281. 

  282. 		tblReg := regexp.MustCompile("CREATE TABLE (IF NOT EXISTS )?`([a-z_]+)`")

  283. 

  284. 		queries := strings.Split(string(schema), ";\n")

  285. 		for _, q := range queries {

  286. 			if strings.TrimSpace(q) == "" {

  287. 				continue

  288. 			}

  289. 			parts := tblReg.FindStringSubmatch(q)

  290. 			if len(parts) >= 3 {

  291. 				log.Info("Creating table %s...", parts[2])

  292. 			} else {

  293. 				log.Info("Creating table ??? (Weird query) No match in: %v", parts)

  294. 			}

  295. 			_, err = app.db.Exec(q)

  296. 			if err != nil {

  297. 				log.Error("%s", err)

  298. 			} else {

  299. 				log.Info("Created.")

  300. 			}

  301. 		}

  302. 		os.Exit(0)

  303. 	} else if *createAdmin != "" {

  304. 		adminCreateUser(app, *createAdmin, true)

  305. 	} else if *createUser != "" {

  306. 		adminCreateUser(app, *createUser, false)

  307. 	} else if *resetPassUser != "" {

  308. 		// Connect to the database

  309. 		loadConfig(app)

  310. 		connectToDatabase(app)

  311. 		defer shutdown(app)

  312. 

  313. 		// Fetch user

  314. 		u, err := app.db.GetUserForAuth(*resetPassUser)

  315. 		if err != nil {

  316. 			log.Error("Get user: %s", err)

  317. 			os.Exit(1)

  318. 		}

  319. 

  320. 		// Prompt for new password

  321. 		prompt := promptui.Prompt{

  322. 			Templates: &promptui.PromptTemplates{

  323. 				Success: "{{ . | bold | faint }}: ",

  324. 			},

  325. 			Label: "New password",

  326. 			Mask:  '*',

  327. 		}

  328. 		newPass, err := prompt.Run()

  329. 		if err != nil {

  330. 			log.Error("%s", err)

  331. 			os.Exit(1)

  332. 		}

  333. 

  334. 		// Do the update

  335. 		log.Info("Updating...")

  336. 		err = adminResetPassword(app, u, newPass)

  337. 		if err != nil {

  338. 			log.Error("%s", err)

  339. 			os.Exit(1)

  340. 		}

  341. 		log.Info("Success.")

  342. 		os.Exit(0)

  343. 	}

  344. 

  345. 	log.Info("Initializing...")

  346. 

  347. 	loadConfig(app)

  348. 

  349. 	hostName = app.cfg.App.Host

  350. 	isSingleUser = app.cfg.App.SingleUser

  351. 	app.cfg.Server.Dev = *debugPtr

  352. 

  353. 	initTemplates()

  354. 

  355. 	// Load keys

  356. 	log.Info("Loading encryption keys...")

  357. 	err := initKeys(app)

  358. 	if err != nil {

  359. 		log.Error("\n%s\n", err)

  360. 	}

  361. 

  362. 	// Initialize modules

  363. 	app.sessionStore = initSession(app)

  364. 	app.formDecoder = schema.NewDecoder()

  365. 	app.formDecoder.RegisterConverter(converter.NullJSONString{}, converter.ConvertJSONNullString)

  366. 	app.formDecoder.RegisterConverter(converter.NullJSONBool{}, converter.ConvertJSONNullBool)

  367. 	app.formDecoder.RegisterConverter(sql.NullString{}, converter.ConvertSQLNullString)

  368. 	app.formDecoder.RegisterConverter(sql.NullBool{}, converter.ConvertSQLNullBool)

  369. 	app.formDecoder.RegisterConverter(sql.NullInt64{}, converter.ConvertSQLNullInt64)

  370. 	app.formDecoder.RegisterConverter(sql.NullFloat64{}, converter.ConvertSQLNullFloat64)

  371. 

  372. 	// Check database configuration

  373. 	if app.cfg.Database.Type == driverMySQL && (app.cfg.Database.User == "" || app.cfg.Database.Password == "") {

  374. 		log.Error("Database user or password not set.")

  375. 		os.Exit(1)

  376. 	}

  377. 	if app.cfg.Database.Host == "" {

  378. 		app.cfg.Database.Host = "localhost"

  379. 	}

  380. 	if app.cfg.Database.Database == "" {

  381. 		app.cfg.Database.Database = "writefreely"

  382. 	}

  383. 

  384. 	connectToDatabase(app)

  385. 	defer shutdown(app)

  386. 

  387. 	// Test database connection

  388. 	err = app.db.Ping()

  389. 	if err != nil {

  390. 		log.Error("Database ping failed: %s", err)

  391. 	}

  392. 

  393. 	r := mux.NewRouter()

  394. 	handler := NewHandler(app)

  395. 	handler.SetErrorPages(&ErrorPages{

  396. 		NotFound:            pages["404-general.tmpl"],

  397. 		Gone:                pages["410.tmpl"],

  398. 		InternalServerError: pages["500.tmpl"],

  399. 		Blank:               pages["blank.tmpl"],

  400. 	})

  401. 

  402. 	// Handle app routes

  403. 	initRoutes(handler, r, app.cfg, app.db)

  404. 

  405. 	// Handle local timeline, if enabled

  406. 	if app.cfg.App.LocalTimeline {

  407. 		log.Info("Initializing local timeline...")

  408. 		initLocalTimeline(app)

  409. 	}

  410. 

  411. 	// Handle static files

  412. 	fs := http.FileServer(http.Dir(staticDir))

  413. 	shttp.Handle("/", fs)

  414. 	r.PathPrefix("/").Handler(fs)

  415. 

  416. 	// Handle shutdown

  417. 	c := make(chan os.Signal, 2)

  418. 	signal.Notify(c, os.Interrupt, syscall.SIGTERM)

  419. 	go func() {

  420. 		<-c

  421. 		log.Info("Shutting down...")

  422. 		shutdown(app)

  423. 		log.Info("Done.")

  424. 		os.Exit(0)

  425. 	}()

  426. 

  427. 	http.Handle("/", r)

  428. 

  429. 	// Start web application server

  430. 	var bindAddress = app.cfg.Server.Bind

  431. 	if bindAddress == "" {

  432. 		bindAddress = "localhost"

  433. 	}

  434. 	if app.cfg.IsSecureStandalone() {

  435. 		log.Info("Serving redirects on http://%s:80", bindAddress)

  436. 		go func() {

  437. 			err = http.ListenAndServe(

  438. 				fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  439. 					http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently)

  440. 				}))

  441. 			log.Error("Unable to start redirect server: %v", err)

  442. 		}()

  443. 

  444. 		log.Info("Serving on https://%s:443", bindAddress)

  445. 		log.Info("---")

  446. 		err = http.ListenAndServeTLS(

  447. 			fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, nil)

  448. 	} else {

  449. 		log.Info("Serving on http://%s:%d\n", bindAddress, app.cfg.Server.Port)

  450. 		log.Info("---")

  451. 		err = http.ListenAndServe(fmt.Sprintf("%s:%d", bindAddress, app.cfg.Server.Port), nil)

  452. 	}

  453. 	if err != nil {

  454. 		log.Error("Unable to start: %v", err)

  455. 		os.Exit(1)

  456. 	}

  457. }

  458. 

  459. func loadConfig(app *app) {

  460. 	log.Info("Loading %s configuration...", app.cfgFile)

  461. 	cfg, err := config.Load(app.cfgFile)

  462. 	if err != nil {

  463. 		log.Error("Unable to load configuration: %v", err)

  464. 		os.Exit(1)

  465. 	}

  466. 	app.cfg = cfg

  467. }

  468. 

  469. func connectToDatabase(app *app) {

  470. 	log.Info("Connecting to %s database...", app.cfg.Database.Type)

  471. 

  472. 	var db *sql.DB

  473. 	var err error

  474. 	if app.cfg.Database.Type == driverMySQL {

  475. 		db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String())))

  476. 		db.SetMaxOpenConns(50)

  477. 	} else if app.cfg.Database.Type == driverSQLite {

  478. 		if !SQLiteEnabled {

  479. 			log.Error("Invalid database type '%s'. Binary wasn't compiled with SQLite3 support.", app.cfg.Database.Type)

  480. 			os.Exit(1)

  481. 		}

  482. 		if app.cfg.Database.FileName == "" {

  483. 			log.Error("SQLite database filename value in config.ini is empty.")

  484. 			os.Exit(1)

  485. 		}

  486. 		db, err = sql.Open("sqlite3_with_regex", app.cfg.Database.FileName+"?parseTime=true&cached=shared")

  487. 		db.SetMaxOpenConns(1)

  488. 	} else {

  489. 		log.Error("Invalid database type '%s'. Only 'mysql' and 'sqlite3' are supported right now.", app.cfg.Database.Type)

  490. 		os.Exit(1)

  491. 	}

  492. 	if err != nil {

  493. 		log.Error("%s", err)

  494. 		os.Exit(1)

  495. 	}

  496. 	app.db = &datastore{db, app.cfg.Database.Type}

  497. }

  498. 

  499. func shutdown(app *app) {

  500. 	log.Info("Closing database connection...")

  501. 	app.db.Close()

  502. }

  503. 

  504. func adminCreateUser(app *app, credStr string, isAdmin bool) {

  505. 	// Create an admin user with --create-admin

  506. 	creds := strings.Split(credStr, ":")

  507. 	if len(creds) != 2 {

  508. 		log.Error("usage: writefreely --create-admin username:password")

  509. 		os.Exit(1)

  510. 	}

  511. 

  512. 	loadConfig(app)

  513. 	connectToDatabase(app)

  514. 	defer shutdown(app)

  515. 

  516. 	// Ensure an admin / first user doesn't already exist

  517. 	firstUser, _ := app.db.GetUserByID(1)

  518. 	if isAdmin {

  519. 		// Abort if trying to create admin user, but one already exists

  520. 		if firstUser != nil {

  521. 			log.Error("Admin user already exists (%s). Create a regular user with: writefreely --create-user", firstUser.Username)

  522. 			os.Exit(1)

  523. 		}

  524. 	} else {

  525. 		// Abort if trying to create regular user, but no admin exists yet

  526. 		if firstUser == nil {

  527. 			log.Error("No admin user exists yet. Create an admin first with: writefreely --create-admin")

  528. 			os.Exit(1)

  529. 		}

  530. 	}

  531. 

  532. 	// Create the user

  533. 	username := creds[0]

  534. 	password := creds[1]

  535. 

  536. 	// Normalize and validate username

  537. 	desiredUsername := username

  538. 	username = getSlug(username, "")

  539. 

  540. 	usernameDesc := username

  541. 	if username != desiredUsername {

  542. 		usernameDesc += " (originally: " + desiredUsername + ")"

  543. 	}

  544. 

  545. 	if !author.IsValidUsername(app.cfg, username) {

  546. 		log.Error("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)

  547. 		os.Exit(1)

  548. 	}

  549. 

  550. 	// Hash the password

  551. 	hashedPass, err := auth.HashPass([]byte(password))

  552. 	if err != nil {

  553. 		log.Error("Unable to hash password: %v", err)

  554. 		os.Exit(1)

  555. 	}

  556. 

  557. 	u := &User{

  558. 		Username:   username,

  559. 		HashedPass: hashedPass,

  560. 		Created:    time.Now().Truncate(time.Second).UTC(),

  561. 	}

  562. 

  563. 	userType := "user"

  564. 	if isAdmin {

  565. 		userType = "admin"

  566. 	}

  567. 	log.Info("Creating %s %s...", userType, usernameDesc)

  568. 	err = app.db.CreateUser(u, desiredUsername)

  569. 	if err != nil {

  570. 		log.Error("Unable to create user: %s", err)

  571. 		os.Exit(1)

  572. 	}

  573. 	log.Info("Done!")

  574. 	os.Exit(0)

  575. }