A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

643 line
16 KiB

  1. /*
  2. * Copyright © 2018 A Bunch Tell LLC.
  3. *
  4. * This file is part of WriteFreely.
  5. *
  6. * WriteFreely is free software: you can redistribute it and/or modify
  7. * it under the terms of the GNU Affero General Public License, included
  8. * in the LICENSE file in this source code package.
  9. */
  10. package writefreely
  11. import (
  12. "database/sql"
  13. "flag"
  14. "fmt"
  15. "html/template"
  16. "net/http"
  17. "net/url"
  18. "os"
  19. "os/signal"
  20. "path/filepath"
  21. "regexp"
  22. "strings"
  23. "syscall"
  24. "time"
  25. _ "github.com/go-sql-driver/mysql"
  26. "github.com/gorilla/mux"
  27. "github.com/gorilla/schema"
  28. "github.com/gorilla/sessions"
  29. "github.com/manifoldco/promptui"
  30. "github.com/writeas/go-strip-markdown"
  31. "github.com/writeas/web-core/auth"
  32. "github.com/writeas/web-core/converter"
  33. "github.com/writeas/web-core/log"
  34. "github.com/writeas/writefreely/author"
  35. "github.com/writeas/writefreely/config"
  36. "github.com/writeas/writefreely/migrations"
  37. "github.com/writeas/writefreely/page"
  38. )
  39. const (
  40. staticDir = "static"
  41. assumedTitleLen = 80
  42. postsPerPage = 10
  43. serverSoftware = "WriteFreely"
  44. softwareURL = "https://writefreely.org"
  45. )
  46. var (
  47. debugging bool
  48. // Software version can be set from git env using -ldflags
  49. softwareVer = "0.8.1"
  50. // DEPRECATED VARS
  51. // TODO: pass app.cfg into GetCollection* calls so we can get these values
  52. // from Collection methods and we no longer need these.
  53. hostName string
  54. isSingleUser bool
  55. )
  56. type app struct {
  57. router *mux.Router
  58. db *datastore
  59. cfg *config.Config
  60. cfgFile string
  61. keys *keychain
  62. sessionStore *sessions.CookieStore
  63. formDecoder *schema.Decoder
  64. timeline *localTimeline
  65. }
  66. // handleViewHome shows page at root path. Will be the Pad if logged in and the
  67. // catch-all landing page otherwise.
  68. func handleViewHome(app *app, w http.ResponseWriter, r *http.Request) error {
  69. if app.cfg.App.SingleUser {
  70. // Render blog index
  71. return handleViewCollection(app, w, r)
  72. }
  73. // Multi-user instance
  74. u := getUserSession(app, r)
  75. if u != nil {
  76. // User is logged in, so show the Pad
  77. return handleViewPad(app, w, r)
  78. }
  79. p := struct {
  80. page.StaticPage
  81. Flashes []template.HTML
  82. }{
  83. StaticPage: pageForReq(app, r),
  84. }
  85. // Get error messages
  86. session, err := app.sessionStore.Get(r, cookieName)
  87. if err != nil {
  88. // Ignore this
  89. log.Error("Unable to get session in handleViewHome; ignoring: %v", err)
  90. }
  91. flashes, _ := getSessionFlashes(app, w, r, session)
  92. for _, flash := range flashes {
  93. p.Flashes = append(p.Flashes, template.HTML(flash))
  94. }
  95. // Show landing page
  96. return renderPage(w, "landing.tmpl", p)
  97. }
  98. func handleTemplatedPage(app *app, w http.ResponseWriter, r *http.Request, t *template.Template) error {
  99. p := struct {
  100. page.StaticPage
  101. Content template.HTML
  102. PlainContent string
  103. Updated string
  104. AboutStats *InstanceStats
  105. }{
  106. StaticPage: pageForReq(app, r),
  107. }
  108. if r.URL.Path == "/about" || r.URL.Path == "/privacy" {
  109. var c string
  110. var updated *time.Time
  111. var err error
  112. if r.URL.Path == "/about" {
  113. c, err = getAboutPage(app)
  114. // Fetch stats
  115. p.AboutStats = &InstanceStats{}
  116. p.AboutStats.NumPosts, _ = app.db.GetTotalPosts()
  117. p.AboutStats.NumBlogs, _ = app.db.GetTotalCollections()
  118. } else {
  119. c, updated, err = getPrivacyPage(app)
  120. }
  121. if err != nil {
  122. return err
  123. }
  124. p.Content = template.HTML(applyMarkdown([]byte(c)))
  125. p.PlainContent = shortPostDescription(stripmd.Strip(c))
  126. if updated != nil {
  127. p.Updated = updated.Format("January 2, 2006")
  128. }
  129. }
  130. // Serve templated page
  131. err := t.ExecuteTemplate(w, "base", p)
  132. if err != nil {
  133. log.Error("Unable to render page: %v", err)
  134. }
  135. return nil
  136. }
  137. func pageForReq(app *app, r *http.Request) page.StaticPage {
  138. p := page.StaticPage{
  139. AppCfg: app.cfg.App,
  140. Path: r.URL.Path,
  141. Version: "v" + softwareVer,
  142. }
  143. // Add user information, if given
  144. var u *User
  145. accessToken := r.FormValue("t")
  146. if accessToken != "" {
  147. userID := app.db.GetUserID(accessToken)
  148. if userID != -1 {
  149. var err error
  150. u, err = app.db.GetUserByID(userID)
  151. if err == nil {
  152. p.Username = u.Username
  153. }
  154. }
  155. } else {
  156. u = getUserSession(app, r)
  157. if u != nil {
  158. p.Username = u.Username
  159. }
  160. }
  161. return p
  162. }
  163. var shttp = http.NewServeMux()
  164. var fileRegex = regexp.MustCompile("/([^/]*\\.[^/]*)$")
  165. func Serve() {
  166. debugPtr := flag.Bool("debug", false, "Enables debug logging.")
  167. createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")
  168. doConfig := flag.Bool("config", false, "Run the configuration process")
  169. genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")
  170. createSchema := flag.Bool("init-db", false, "Initialize app database")
  171. migrate := flag.Bool("migrate", false, "Migrate the database")
  172. createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")
  173. createUser := flag.String("create-user", "", "Create a regular user with the given username:password")
  174. resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")
  175. configFile := flag.String("c", "config.ini", "The configuration file to use")
  176. outputVersion := flag.Bool("v", false, "Output the current version")
  177. flag.Parse()
  178. debugging = *debugPtr
  179. app := &app{
  180. cfgFile: *configFile,
  181. }
  182. if *outputVersion {
  183. fmt.Println(serverSoftware + " " + softwareVer)
  184. os.Exit(0)
  185. } else if *createConfig {
  186. log.Info("Creating configuration...")
  187. c := config.New()
  188. log.Info("Saving configuration %s...", app.cfgFile)
  189. err := config.Save(c, app.cfgFile)
  190. if err != nil {
  191. log.Error("Unable to save configuration: %v", err)
  192. os.Exit(1)
  193. }
  194. os.Exit(0)
  195. } else if *doConfig {
  196. d, err := config.Configure(app.cfgFile)
  197. if err != nil {
  198. log.Error("Unable to configure: %v", err)
  199. os.Exit(1)
  200. }
  201. if d.User != nil {
  202. app.cfg = d.Config
  203. connectToDatabase(app)
  204. defer shutdown(app)
  205. if !app.db.DatabaseInitialized() {
  206. err = adminInitDatabase(app)
  207. if err != nil {
  208. log.Error(err.Error())
  209. os.Exit(1)
  210. }
  211. }
  212. u := &User{
  213. Username: d.User.Username,
  214. HashedPass: d.User.HashedPass,
  215. Created: time.Now().Truncate(time.Second).UTC(),
  216. }
  217. // Create blog
  218. log.Info("Creating user %s...\n", u.Username)
  219. err = app.db.CreateUser(u, app.cfg.App.SiteName)
  220. if err != nil {
  221. log.Error("Unable to create user: %s", err)
  222. os.Exit(1)
  223. }
  224. log.Info("Done!")
  225. }
  226. os.Exit(0)
  227. } else if *genKeys {
  228. errStatus := 0
  229. // Read keys path from config
  230. loadConfig(app)
  231. // Create keys dir if it doesn't exist yet
  232. fullKeysDir := filepath.Join(app.cfg.Server.KeysParentDir, keysDir)
  233. if _, err := os.Stat(fullKeysDir); os.IsNotExist(err) {
  234. err = os.Mkdir(fullKeysDir, 0700)
  235. if err != nil {
  236. log.Error("%s", err)
  237. os.Exit(1)
  238. }
  239. }
  240. // Generate keys
  241. initKeyPaths(app)
  242. err := generateKey(emailKeyPath)
  243. if err != nil {
  244. errStatus = 1
  245. }
  246. err = generateKey(cookieAuthKeyPath)
  247. if err != nil {
  248. errStatus = 1
  249. }
  250. err = generateKey(cookieKeyPath)
  251. if err != nil {
  252. errStatus = 1
  253. }
  254. os.Exit(errStatus)
  255. } else if *createSchema {
  256. loadConfig(app)
  257. connectToDatabase(app)
  258. defer shutdown(app)
  259. err := adminInitDatabase(app)
  260. if err != nil {
  261. log.Error(err.Error())
  262. os.Exit(1)
  263. }
  264. os.Exit(0)
  265. } else if *createAdmin != "" {
  266. err := adminCreateUser(app, *createAdmin, true)
  267. if err != nil {
  268. log.Error(err.Error())
  269. os.Exit(1)
  270. }
  271. os.Exit(0)
  272. } else if *createUser != "" {
  273. err := adminCreateUser(app, *createUser, false)
  274. if err != nil {
  275. log.Error(err.Error())
  276. os.Exit(1)
  277. }
  278. os.Exit(0)
  279. } else if *resetPassUser != "" {
  280. // Connect to the database
  281. loadConfig(app)
  282. connectToDatabase(app)
  283. defer shutdown(app)
  284. // Fetch user
  285. u, err := app.db.GetUserForAuth(*resetPassUser)
  286. if err != nil {
  287. log.Error("Get user: %s", err)
  288. os.Exit(1)
  289. }
  290. // Prompt for new password
  291. prompt := promptui.Prompt{
  292. Templates: &promptui.PromptTemplates{
  293. Success: "{{ . | bold | faint }}: ",
  294. },
  295. Label: "New password",
  296. Mask: '*',
  297. }
  298. newPass, err := prompt.Run()
  299. if err != nil {
  300. log.Error("%s", err)
  301. os.Exit(1)
  302. }
  303. // Do the update
  304. log.Info("Updating...")
  305. err = adminResetPassword(app, u, newPass)
  306. if err != nil {
  307. log.Error("%s", err)
  308. os.Exit(1)
  309. }
  310. log.Info("Success.")
  311. os.Exit(0)
  312. } else if *migrate {
  313. loadConfig(app)
  314. connectToDatabase(app)
  315. defer shutdown(app)
  316. err := migrations.Migrate(migrations.NewDatastore(app.db.DB, app.db.driverName))
  317. if err != nil {
  318. log.Error("migrate: %s", err)
  319. os.Exit(1)
  320. }
  321. os.Exit(0)
  322. }
  323. log.Info("Initializing...")
  324. loadConfig(app)
  325. hostName = app.cfg.App.Host
  326. isSingleUser = app.cfg.App.SingleUser
  327. app.cfg.Server.Dev = *debugPtr
  328. err := initTemplates(app.cfg)
  329. if err != nil {
  330. log.Error("load templates: %s", err)
  331. os.Exit(1)
  332. }
  333. // Load keys
  334. log.Info("Loading encryption keys...")
  335. initKeyPaths(app)
  336. err = initKeys(app)
  337. if err != nil {
  338. log.Error("\n%s\n", err)
  339. }
  340. // Initialize modules
  341. app.sessionStore = initSession(app)
  342. app.formDecoder = schema.NewDecoder()
  343. app.formDecoder.RegisterConverter(converter.NullJSONString{}, converter.ConvertJSONNullString)
  344. app.formDecoder.RegisterConverter(converter.NullJSONBool{}, converter.ConvertJSONNullBool)
  345. app.formDecoder.RegisterConverter(sql.NullString{}, converter.ConvertSQLNullString)
  346. app.formDecoder.RegisterConverter(sql.NullBool{}, converter.ConvertSQLNullBool)
  347. app.formDecoder.RegisterConverter(sql.NullInt64{}, converter.ConvertSQLNullInt64)
  348. app.formDecoder.RegisterConverter(sql.NullFloat64{}, converter.ConvertSQLNullFloat64)
  349. // Check database configuration
  350. if app.cfg.Database.Type == driverMySQL && (app.cfg.Database.User == "" || app.cfg.Database.Password == "") {
  351. log.Error("Database user or password not set.")
  352. os.Exit(1)
  353. }
  354. if app.cfg.Database.Host == "" {
  355. app.cfg.Database.Host = "localhost"
  356. }
  357. if app.cfg.Database.Database == "" {
  358. app.cfg.Database.Database = "writefreely"
  359. }
  360. connectToDatabase(app)
  361. defer shutdown(app)
  362. // Test database connection
  363. err = app.db.Ping()
  364. if err != nil {
  365. log.Error("Database ping failed: %s", err)
  366. }
  367. r := mux.NewRouter()
  368. handler := NewHandler(app)
  369. handler.SetErrorPages(&ErrorPages{
  370. NotFound: pages["404-general.tmpl"],
  371. Gone: pages["410.tmpl"],
  372. InternalServerError: pages["500.tmpl"],
  373. Blank: pages["blank.tmpl"],
  374. })
  375. // Handle app routes
  376. initRoutes(handler, r, app.cfg, app.db)
  377. // Handle local timeline, if enabled
  378. if app.cfg.App.LocalTimeline {
  379. log.Info("Initializing local timeline...")
  380. initLocalTimeline(app)
  381. }
  382. // Handle static files
  383. fs := http.FileServer(http.Dir(filepath.Join(app.cfg.Server.StaticParentDir, staticDir)))
  384. shttp.Handle("/", fs)
  385. r.PathPrefix("/").Handler(fs)
  386. // Handle shutdown
  387. c := make(chan os.Signal, 2)
  388. signal.Notify(c, os.Interrupt, syscall.SIGTERM)
  389. go func() {
  390. <-c
  391. log.Info("Shutting down...")
  392. shutdown(app)
  393. log.Info("Done.")
  394. os.Exit(0)
  395. }()
  396. http.Handle("/", r)
  397. // Start web application server
  398. var bindAddress = app.cfg.Server.Bind
  399. if bindAddress == "" {
  400. bindAddress = "localhost"
  401. }
  402. if app.cfg.IsSecureStandalone() {
  403. log.Info("Serving redirects on http://%s:80", bindAddress)
  404. go func() {
  405. err = http.ListenAndServe(
  406. fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  407. http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently)
  408. }))
  409. log.Error("Unable to start redirect server: %v", err)
  410. }()
  411. log.Info("Serving on https://%s:443", bindAddress)
  412. log.Info("---")
  413. err = http.ListenAndServeTLS(
  414. fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, nil)
  415. } else {
  416. log.Info("Serving on http://%s:%d\n", bindAddress, app.cfg.Server.Port)
  417. log.Info("---")
  418. err = http.ListenAndServe(fmt.Sprintf("%s:%d", bindAddress, app.cfg.Server.Port), nil)
  419. }
  420. if err != nil {
  421. log.Error("Unable to start: %v", err)
  422. os.Exit(1)
  423. }
  424. }
  425. func loadConfig(app *app) {
  426. log.Info("Loading %s configuration...", app.cfgFile)
  427. cfg, err := config.Load(app.cfgFile)
  428. if err != nil {
  429. log.Error("Unable to load configuration: %v", err)
  430. os.Exit(1)
  431. }
  432. app.cfg = cfg
  433. }
  434. func connectToDatabase(app *app) {
  435. log.Info("Connecting to %s database...", app.cfg.Database.Type)
  436. var db *sql.DB
  437. var err error
  438. if app.cfg.Database.Type == driverMySQL {
  439. db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String())))
  440. db.SetMaxOpenConns(50)
  441. } else if app.cfg.Database.Type == driverSQLite {
  442. if !SQLiteEnabled {
  443. log.Error("Invalid database type '%s'. Binary wasn't compiled with SQLite3 support.", app.cfg.Database.Type)
  444. os.Exit(1)
  445. }
  446. if app.cfg.Database.FileName == "" {
  447. log.Error("SQLite database filename value in config.ini is empty.")
  448. os.Exit(1)
  449. }
  450. db, err = sql.Open("sqlite3_with_regex", app.cfg.Database.FileName+"?parseTime=true&cached=shared")
  451. db.SetMaxOpenConns(1)
  452. } else {
  453. log.Error("Invalid database type '%s'. Only 'mysql' and 'sqlite3' are supported right now.", app.cfg.Database.Type)
  454. os.Exit(1)
  455. }
  456. if err != nil {
  457. log.Error("%s", err)
  458. os.Exit(1)
  459. }
  460. app.db = &datastore{db, app.cfg.Database.Type}
  461. }
  462. func shutdown(app *app) {
  463. log.Info("Closing database connection...")
  464. app.db.Close()
  465. }
  466. func adminCreateUser(app *app, credStr string, isAdmin bool) error {
  467. // Create an admin user with --create-admin
  468. creds := strings.Split(credStr, ":")
  469. if len(creds) != 2 {
  470. c := "user"
  471. if isAdmin {
  472. c = "admin"
  473. }
  474. return fmt.Errorf("usage: writefreely --create-%s username:password", c)
  475. }
  476. loadConfig(app)
  477. connectToDatabase(app)
  478. defer shutdown(app)
  479. // Ensure an admin / first user doesn't already exist
  480. firstUser, _ := app.db.GetUserByID(1)
  481. if isAdmin {
  482. // Abort if trying to create admin user, but one already exists
  483. if firstUser != nil {
  484. return fmt.Errorf("Admin user already exists (%s). Create a regular user with: writefreely --create-user", firstUser.Username)
  485. }
  486. } else {
  487. // Abort if trying to create regular user, but no admin exists yet
  488. if firstUser == nil {
  489. return fmt.Errorf("No admin user exists yet. Create an admin first with: writefreely --create-admin")
  490. }
  491. }
  492. // Create the user
  493. username := creds[0]
  494. password := creds[1]
  495. // Normalize and validate username
  496. desiredUsername := username
  497. username = getSlug(username, "")
  498. usernameDesc := username
  499. if username != desiredUsername {
  500. usernameDesc += " (originally: " + desiredUsername + ")"
  501. }
  502. if !author.IsValidUsername(app.cfg, username) {
  503. return fmt.Errorf("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)
  504. }
  505. // Hash the password
  506. hashedPass, err := auth.HashPass([]byte(password))
  507. if err != nil {
  508. return fmt.Errorf("Unable to hash password: %v", err)
  509. }
  510. u := &User{
  511. Username: username,
  512. HashedPass: hashedPass,
  513. Created: time.Now().Truncate(time.Second).UTC(),
  514. }
  515. userType := "user"
  516. if isAdmin {
  517. userType = "admin"
  518. }
  519. log.Info("Creating %s %s...", userType, usernameDesc)
  520. err = app.db.CreateUser(u, desiredUsername)
  521. if err != nil {
  522. return fmt.Errorf("Unable to create user: %s", err)
  523. }
  524. log.Info("Done!")
  525. return nil
  526. }
  527. func adminInitDatabase(app *app) error {
  528. schemaFileName := "schema.sql"
  529. if app.cfg.Database.Type == driverSQLite {
  530. schemaFileName = "sqlite.sql"
  531. }
  532. schema, err := Asset(schemaFileName)
  533. if err != nil {
  534. return fmt.Errorf("Unable to load schema file: %v", err)
  535. }
  536. tblReg := regexp.MustCompile("CREATE TABLE (IF NOT EXISTS )?`([a-z_]+)`")
  537. queries := strings.Split(string(schema), ";\n")
  538. for _, q := range queries {
  539. if strings.TrimSpace(q) == "" {
  540. continue
  541. }
  542. parts := tblReg.FindStringSubmatch(q)
  543. if len(parts) >= 3 {
  544. log.Info("Creating table %s...", parts[2])
  545. } else {
  546. log.Info("Creating table ??? (Weird query) No match in: %v", parts)
  547. }
  548. _, err = app.db.Exec(q)
  549. if err != nil {
  550. log.Error("%s", err)
  551. } else {
  552. log.Info("Created.")
  553. }
  554. }
  555. // Set up migrations table
  556. log.Info("Updating appmigrations table...")
  557. err = migrations.SetInitialMigrations(migrations.NewDatastore(app.db.DB, app.db.driverName))
  558. if err != nil {
  559. return fmt.Errorf("Unable to set initial migrations: %v", err)
  560. }
  561. log.Info("Done.")
  562. return nil
  563. }