pcmt/handlers/handlers.go

445 lines
10 KiB
Go
Raw Normal View History

package handlers
import (
"context"
"errors"
"html/template"
"io/fs"
"net/http"
"path/filepath"
"strings"
"git.dotya.ml/mirre-mt/pcmt/ent"
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
"github.com/microcosm-cc/bluemonday"
)
type tplMap map[string]*template.Template
var (
// tmpl *template.Template.
// tmpls = template.New("").
templateMap tplMap
tmplFS fs.FS
bluemondayPolicy = bluemonday.UGCPolicy()
)
func listAllTmpls() []string {
files, err := filepath.Glob(tmplPath + "/*.tmpl")
if err != nil {
panic(err)
}
for i, v := range files {
files[i] = strings.TrimPrefix(v, tmplPath+"/")
}
2023-05-03 06:03:38 +02:00
log.Debug("returning files")
return files
}
2023-04-19 04:45:49 +02:00
// TODO: mimic https://github.com/drone/funcmap/blob/master/funcmap.go
func setFuncMap(t *template.Template) {
2023-04-19 04:45:49 +02:00
t.Funcs(template.FuncMap{
"ifIE": func() template.HTML { return template.HTML("<!--[if IE]>") },
"endifIE": func() template.HTML { return template.HTML("<![endif]>") },
"htmlSafe": func(html string) template.HTML {
return template.HTML( //nolint:gosec
bluemondayPolicy.Sanitize(html),
)
},
"pageIs": func(want, got string) bool {
2023-04-19 03:57:07 +02:00
return want == got
},
})
}
func initTemplates(f fs.FS) {
if f != nil || f != tmplFS {
tmplFS = f
}
setFuncMap(Renderer.tmpls)
allTmpls := listAllTmpls()
// ensure this fails at compile time, if at all ("Must").
Renderer.tmpls = template.Must(Renderer.tmpls.ParseFS(tmplFS, allTmpls...))
makeTplMap(Renderer.tmpls)
}
func makeTplMap(tpl *template.Template) {
allTmpls := listAllTmpls()
2023-04-19 04:45:49 +02:00
var tp tplMap
2023-04-19 04:45:49 +02:00
if templateMap == nil {
tp = make(tplMap, len(allTmpls))
} else {
tp = templateMap
}
for _, v := range allTmpls {
tp[v] = tpl.Lookup(v)
}
templateMap = tp
}
func getTmpl(name string) *template.Template {
liveMode := setting.IsLive()
if liveMode {
2023-05-03 06:03:38 +02:00
log.Debug("re-reading tmpls") // TODO: only re-read the tmpl in question.
2023-04-19 04:45:49 +02:00
tpl := template.New("")
2023-04-19 04:45:49 +02:00
setFuncMap(tpl)
2023-04-19 04:45:49 +02:00
allTmpls := listAllTmpls()
2023-04-19 04:45:49 +02:00
// ensure this fails at compile time, if at all ("Must").
Renderer.tmpls = template.Must(tpl.ParseFS(tmplFS, allTmpls...))
}
return Renderer.tmpls.Lookup(name)
}
func Admin() echo.HandlerFunc {
return func(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, "Invalid credentials")
}
}
func Index() echo.HandlerFunc {
return func(c echo.Context) error {
sess, _ := session.Get(setting.SessionCookieName(), c)
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
tpl := getTmpl("index.tmpl")
csrf := c.Get("csrf").(string)
err := tpl.Execute(c.Response().Writer,
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Welcome!",
CSRF: csrf,
DevelMode: setting.IsDevel(),
Current: "home",
},
)
if err != nil {
log.Errorf("error when executing tmpl: '%q'", err)
return err
}
return nil
}
}
func Signup() echo.HandlerFunc {
return func(c echo.Context) error {
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
log.Info("gorilla session", "endpoint", "signup")
2023-04-19 04:45:49 +02:00
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
}
csrf := c.Get("csrf").(string)
// secure := c.Request().URL.Scheme == "https"
// cookieCSRF := &http.Cookie{
// Name: "_csrf",
// Value: csrf,
// // SameSite: http.SameSiteStrictMode,
// SameSite: http.SameSiteLaxMode,
// MaxAge: 3600,
// Secure: secure,
// HttpOnly: true,
// }
// c.SetCookie(cookieCSRF)
err := c.Render(
http.StatusOK,
"signup.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Sign up",
CSRF: csrf,
DevelMode: setting.IsDevel(),
Current: "signup",
},
)
if err != nil {
log.Warnf("error: %q", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
return nil
}
}
func SignupPost(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
err := c.Request().ParseForm()
if err != nil {
return err
}
var username string
2023-04-19 04:45:49 +02:00
var email string
2023-04-19 04:45:49 +02:00
uname := c.Request().FormValue("username")
if uname == "" {
c.Logger().Error("signup: username was not set, returning to /signup")
return c.Redirect(http.StatusSeeOther, "/signup")
}
2023-04-19 04:01:03 +02:00
username = uname
mail := c.Request().FormValue("email")
if mail == "" {
c.Logger().Error("signup: email not set")
return c.Redirect(http.StatusSeeOther, "/signup")
}
email = mail
passwd := c.Request().FormValue("password")
if passwd == "" {
log.Info("signup: password was not set, returning to /signup")
return c.Redirect(http.StatusSeeOther, "/signup")
}
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
exists, err := moduser.Exists(ctx, client, username, email)
if err != nil {
c.Logger().Error("error checking whether user exists", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
2023-04-19 22:08:17 +02:00
if exists {
c.Logger().Error("username/email already taken")
return c.Redirect(http.StatusSeeOther, "/signup")
}
u, err := moduser.CreateUser(
ctx,
client,
email,
username,
passwd,
)
if err != nil {
if errors.Is(err, errors.New("username is not unique")) {
c.Logger().Error("username already taken")
// TODO: re-render signup page with a flash message
// stating what went wrong.
return c.Redirect(http.StatusSeeOther, "/signup")
}
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" - failed to create schema resources",
err.Error(),
)
}
log.Infof("successfully registered user '%s'", username)
log.Debug("user details", "id", u.ID, "email", u.Email, "isAdmin", u.IsAdmin)
secure := c.Request().URL.Scheme == "https" //nolint:goconst
sess, _ := session.Get(setting.SessionCookieName(), c)
sess.Options = &sessions.Options{
Path: "/",
MaxAge: 3600,
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteStrictMode,
}
sess.Values["foo"] = "bar"
sess.Values["username"] = username
2023-04-19 04:45:49 +02:00
err = sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("failed to save session")
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
err.Error(),
)
}
2023-04-19 04:45:49 +02:00
return c.Redirect(http.StatusMovedPermanently, "/home")
}
}
2023-04-19 04:45:49 +02:00
func Home(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
var username string
2023-04-19 04:45:49 +02:00
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess == nil {
log.Info("no session, redirecting to /signin", "endpoint", "/home")
return c.Redirect(http.StatusPermanentRedirect, "/signin")
}
if sess.Values["foo"] != nil {
log.Info("gorilla session", "custom field test", sess.Values["foo"].(string))
}
uname := sess.Values["username"]
if uname == nil {
log.Info("session cookie found but username invalid, redirecting to signin", "endpoint", "/home")
2023-04-19 04:45:49 +02:00
return c.Redirect(http.StatusSeeOther, "/signin")
}
log.Info("gorilla session", "username", sess.Values["username"].(string))
username = sess.Values["username"].(string)
// example denial.
// if _, err := c.Cookie("aha"); err != nil {
// log.Printf("error: %q", err)
// return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
// }
var u moduser.User
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
if usr, err := moduser.QueryUser(ctx, client, username); err == nil && usr != nil {
c.Logger().Debug("got usr: ", usr.Username)
c.Logger().Debug("admin? ", usr.IsAdmin)
u.ID = usr.ID
u.Username = usr.Username
u.IsActive = usr.IsActive
u.IsLoggedIn = true
} else {
c.Logger().Error("failed to query usr", username)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" failed to query usr (make sure you've got cookies enabled)",
err.Error(),
)
}
err := c.Render(http.StatusInternalServerError, "home.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Home",
Name: username,
DevelMode: setting.IsDevel(),
Current: "home",
User: u,
},
)
if err != nil {
c.Logger().Errorf("error: %q", err)
return renderErrorPage(
c,
http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
return nil
}
}
func Logout() echo.HandlerFunc {
return func(c echo.Context) error {
switch {
case c.Request().Method == "POST":
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
log.Infof("max-age before logout: %d", sess.Options.MaxAge)
sess.Options.MaxAge = -1
if username := sess.Values["username"]; username != nil {
sess.Values["username"] = ""
}
err := sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("could not delete session cookie")
}
}
return c.Redirect(http.StatusMovedPermanently, "/logout")
case c.Request().Method == "GET":
err := c.Render(
http.StatusOK,
"logout.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Logout",
DevelMode: setting.IsDevel(),
Current: "logout",
},
)
if err != nil {
c.Logger().Errorf("error: %q", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
}
return nil
}
}
// experimental global redirect handler?
// http.HandleFunc("/redirect", func(w http.ResponseWriter, r *http.Request) {
// loc, err := url.QueryUnescape(r.URL.Query().Get("loc"))
// if err != nil {
// http.Error(w, fmt.Sprintf("invalid redirect: %q", r.URL.Query().Get("loc")), http.StatusBadRequest)
// return
// }
// http.Redirect(w, r, loc, http.StatusFound)
// })