564 lines
13 KiB
Go
564 lines
13 KiB
Go
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"html/template"
|
|
"io/fs"
|
|
"net/http"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"git.dotya.ml/mirre-mt/pcmt/ent"
|
|
passwd "git.dotya.ml/mirre-mt/pcmt/modules/password"
|
|
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
|
|
"github.com/gorilla/sessions"
|
|
"github.com/labstack/echo-contrib/session"
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/microcosm-cc/bluemonday"
|
|
)
|
|
|
|
type tplMap map[string]*template.Template
|
|
|
|
var (
|
|
// tmpl *template.Template.
|
|
tmpls = template.New("")
|
|
templateMap tplMap
|
|
tmplFS fs.FS
|
|
bluemondayPolicy = bluemonday.UGCPolicy()
|
|
)
|
|
|
|
func listAllTmpls() []string {
|
|
files, err := filepath.Glob(tmplPath + "/*.tmpl")
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
for i, v := range files {
|
|
files[i] = strings.TrimPrefix(v, tmplPath+"/")
|
|
}
|
|
|
|
log.Debug("returning files")
|
|
|
|
return files
|
|
}
|
|
|
|
// TODO: mimic https://github.com/drone/funcmap/blob/master/funcmap.go
|
|
func setFuncMap(t *template.Template) {
|
|
t.Funcs(template.FuncMap{
|
|
"ifIE": func() template.HTML { return template.HTML("<!--[if IE]>") },
|
|
"endifIE": func() template.HTML { return template.HTML("<![endif]>") },
|
|
"htmlSafe": func(html string) template.HTML {
|
|
return template.HTML( //nolint:gosec
|
|
bluemondayPolicy.Sanitize(html),
|
|
)
|
|
},
|
|
"pageIs": func(want, got string) bool {
|
|
return want == got
|
|
},
|
|
})
|
|
}
|
|
|
|
func initTemplates(f fs.FS) {
|
|
if f != nil || f != tmplFS {
|
|
tmplFS = f
|
|
}
|
|
|
|
setFuncMap(tmpls)
|
|
|
|
allTmpls := listAllTmpls()
|
|
|
|
// ensure this fails at compile time, if at all ("Must").
|
|
tmpls = template.Must(tmpls.ParseFS(tmplFS, allTmpls...))
|
|
makeTplMap(tmpls)
|
|
}
|
|
|
|
func makeTplMap(tpl *template.Template) {
|
|
allTmpls := listAllTmpls()
|
|
|
|
var tp tplMap
|
|
|
|
if templateMap == nil {
|
|
tp = make(tplMap, len(allTmpls))
|
|
} else {
|
|
tp = templateMap
|
|
}
|
|
|
|
for _, v := range allTmpls {
|
|
tp[v] = tpl.Lookup(v)
|
|
}
|
|
|
|
templateMap = tp
|
|
}
|
|
|
|
func getTmpl(name string) *template.Template {
|
|
liveMode := setting.IsLive()
|
|
|
|
if liveMode {
|
|
log.Debug("re-reading tmpls") // TODO: only re-read the tmpl in question.
|
|
|
|
tpl := template.New("")
|
|
|
|
setFuncMap(tpl)
|
|
|
|
allTmpls := listAllTmpls()
|
|
|
|
// ensure this fails at compile time, if at all ("Must").
|
|
tmpls = template.Must(tpl.ParseFS(tmplFS, allTmpls...))
|
|
}
|
|
|
|
return tmpls.Lookup(name)
|
|
}
|
|
|
|
func Admin() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Invalid credentials")
|
|
}
|
|
}
|
|
|
|
func Index() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
tpl := getTmpl("index.tmpl")
|
|
csrf := c.Get("csrf").(string)
|
|
|
|
err := tpl.Execute(c.Response().Writer,
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Welcome!",
|
|
CSRF: csrf,
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "home",
|
|
},
|
|
)
|
|
if err != nil {
|
|
log.Errorf("error when executing tmpl: '%q'", err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func Signin() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
|
|
username := sess.Values["username"]
|
|
if username != nil {
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
}
|
|
|
|
tpl := getTmpl("signin.tmpl")
|
|
|
|
err := tpl.Execute(c.Response().Writer,
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Sign in",
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "signin",
|
|
},
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func SigninPost(client *ent.Client) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
err := c.Request().ParseForm()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var username string
|
|
|
|
var password string
|
|
|
|
if uname := c.Request().FormValue("username"); uname != "" {
|
|
username = uname
|
|
log.Infof("authenticating user '%s' at /signin", username)
|
|
} else {
|
|
log.Info("username was not set, returning to /signin")
|
|
|
|
return c.Redirect(http.StatusFound, "/signin")
|
|
}
|
|
|
|
if passwd := c.Request().FormValue("password"); passwd != "" {
|
|
password = passwd
|
|
} else {
|
|
log.Info("password was not set, returning to /signin")
|
|
|
|
return c.Redirect(http.StatusFound, "/signin")
|
|
}
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
|
|
if usr, err := moduser.QueryUser(ctx, client, username); err == nil {
|
|
log.Info("queried user:", &usr.ID)
|
|
|
|
if !passwd.Compare(usr.Password, password) {
|
|
log.Warn("wrong user credentials, redirecting to /signin")
|
|
|
|
return c.Redirect(http.StatusFound, "/signin")
|
|
}
|
|
} else {
|
|
if ent.IsNotFound(err) {
|
|
c.Logger().Error("user not found")
|
|
return c.Redirect(http.StatusFound, "/signin")
|
|
}
|
|
// just log the error instead of returning it to the user and
|
|
// redirect back to /signin.
|
|
c.Logger().Error(
|
|
http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
|
|
strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
|
|
)
|
|
|
|
return c.Redirect(http.StatusFound, "/signin")
|
|
}
|
|
|
|
secure := c.Request().URL.Scheme == "https" //nolint:goconst
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess != nil {
|
|
sess.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: 3600,
|
|
HttpOnly: true,
|
|
Secure: secure,
|
|
SameSite: http.SameSiteStrictMode,
|
|
}
|
|
sess.Values["foo"] = "bar"
|
|
sess.Values["username"] = username
|
|
|
|
err := sess.Save(c.Request(), c.Response())
|
|
if err != nil {
|
|
c.Logger().Error("failed to save session")
|
|
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
|
|
err.Error(),
|
|
)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
return c.Redirect(http.StatusMovedPermanently, "/home")
|
|
}
|
|
}
|
|
|
|
func Signup() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess != nil {
|
|
log.Info("gorilla session", "endpoint", "signup")
|
|
|
|
username := sess.Values["username"]
|
|
if username != nil {
|
|
return c.Redirect(http.StatusFound, "/home")
|
|
}
|
|
}
|
|
|
|
tpl := getTmpl("signup.tmpl")
|
|
|
|
csrf := c.Get("csrf").(string)
|
|
|
|
// secure := c.Request().URL.Scheme == "https"
|
|
// cookieCSRF := &http.Cookie{
|
|
// Name: "_csrf",
|
|
// Value: csrf,
|
|
// // SameSite: http.SameSiteStrictMode,
|
|
// SameSite: http.SameSiteLaxMode,
|
|
// MaxAge: 3600,
|
|
// Secure: secure,
|
|
// HttpOnly: true,
|
|
// }
|
|
// c.SetCookie(cookieCSRF)
|
|
|
|
err := tpl.Execute(c.Response().Writer,
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Sign up",
|
|
CSRF: csrf,
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "signup",
|
|
},
|
|
)
|
|
if err != nil {
|
|
log.Warnf("error: %q", err)
|
|
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func SignupPost(client *ent.Client) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
err := c.Request().ParseForm()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var username string
|
|
|
|
var email string
|
|
|
|
uname := c.Request().FormValue("username")
|
|
if uname == "" {
|
|
c.Logger().Error("signup: username was not set, returning to /signup")
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
}
|
|
|
|
username = uname
|
|
|
|
mail := c.Request().FormValue("email")
|
|
if mail == "" {
|
|
c.Logger().Error("signup: email not set")
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
}
|
|
|
|
email = mail
|
|
|
|
passwd := c.Request().FormValue("password")
|
|
if passwd == "" {
|
|
log.Info("signup: password was not set, returning to /signup")
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
}
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, log)
|
|
|
|
exists, err := moduser.Exists(ctx, client, username, email)
|
|
if err != nil {
|
|
c.Logger().Error("error checking whether user exists", err)
|
|
|
|
return renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if exists {
|
|
c.Logger().Error("username/email already taken")
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
}
|
|
|
|
u, err := moduser.CreateUser(
|
|
ctx,
|
|
client,
|
|
email,
|
|
username,
|
|
passwd,
|
|
)
|
|
if err != nil {
|
|
if errors.Is(err, errors.New("username is not unique")) {
|
|
c.Logger().Error("username already taken")
|
|
// TODO: re-render signup page with a flash message
|
|
// stating what went wrong.
|
|
return c.Redirect(http.StatusSeeOther, "/signup")
|
|
}
|
|
// TODO: don't return the error to the user, perhaps based
|
|
// on the devel mode.
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError)+" - failed to create schema resources",
|
|
err.Error(),
|
|
)
|
|
if err != nil {
|
|
c.Logger().Error("error: %q", err)
|
|
return err
|
|
}
|
|
}
|
|
|
|
log.Infof("successfully registered user '%s'", username)
|
|
log.Debug("user details", "id", u.ID, "email", u.Email, "isAdmin", u.IsAdmin)
|
|
|
|
secure := c.Request().URL.Scheme == "https" //nolint:goconst
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
sess.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: 3600,
|
|
HttpOnly: true,
|
|
Secure: secure,
|
|
SameSite: http.SameSiteStrictMode,
|
|
}
|
|
sess.Values["foo"] = "bar"
|
|
sess.Values["username"] = username
|
|
|
|
err = sess.Save(c.Request(), c.Response())
|
|
if err != nil {
|
|
c.Logger().Error("failed to save session")
|
|
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
|
|
err.Error(),
|
|
)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return c.Redirect(http.StatusMovedPermanently, "/home")
|
|
}
|
|
}
|
|
|
|
func Home() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
var username string
|
|
|
|
tpl := getTmpl("home.tmpl")
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess == nil {
|
|
log.Info("no session, redirecting to /signin", "endpoint", "/home")
|
|
return c.Redirect(http.StatusPermanentRedirect, "/signin")
|
|
}
|
|
|
|
if sess.Values["foo"] != nil {
|
|
log.Info("gorilla session", "custom field test", sess.Values["foo"].(string))
|
|
}
|
|
|
|
uname := sess.Values["username"]
|
|
if uname == nil {
|
|
log.Info("session cookie found but username invalid, redirecting to signin", "endpoint", "/home")
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/signin")
|
|
}
|
|
|
|
log.Info("gorilla session", "username", sess.Values["username"].(string))
|
|
username = sess.Values["username"].(string)
|
|
|
|
// example denial.
|
|
// if _, err := c.Cookie("aha"); err != nil {
|
|
// log.Printf("error: %q", err)
|
|
// return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
|
|
// }
|
|
|
|
err := tpl.Execute(c.Response().Writer,
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Home",
|
|
Name: username,
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "home",
|
|
},
|
|
)
|
|
if err != nil {
|
|
log.Warnf("error: %q", err)
|
|
|
|
c.Logger().Errorf("error: %q", err)
|
|
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
|
|
if err != nil {
|
|
c.Logger().Errorf("error: %q", err)
|
|
|
|
return echo.NewHTTPError(
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func Logout() echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
switch {
|
|
case c.Request().Method == "POST":
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess != nil {
|
|
log.Infof("max-age before logout: %d", sess.Options.MaxAge)
|
|
sess.Options.MaxAge = -1
|
|
|
|
if username := sess.Values["username"]; username != nil {
|
|
sess.Values["username"] = ""
|
|
}
|
|
|
|
err := sess.Save(c.Request(), c.Response())
|
|
if err != nil {
|
|
c.Logger().Error("could not delete session cookie")
|
|
}
|
|
}
|
|
|
|
return c.Redirect(http.StatusMovedPermanently, "/logout")
|
|
|
|
case c.Request().Method == "GET":
|
|
tpl := getTmpl("logout.tmpl")
|
|
|
|
err := tpl.Execute(c.Response().Writer,
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Logout",
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "logout",
|
|
},
|
|
)
|
|
if err != nil {
|
|
c.Logger().Errorf("error: %q", err)
|
|
|
|
err = renderErrorPage(
|
|
c.Response().Writer,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
|
|
if err != nil {
|
|
c.Logger().Errorf("error: %q", err)
|
|
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// experimental global redirect handler?
|
|
// http.HandleFunc("/redirect", func(w http.ResponseWriter, r *http.Request) {
|
|
// loc, err := url.QueryUnescape(r.URL.Query().Get("loc"))
|
|
// if err != nil {
|
|
// http.Error(w, fmt.Sprintf("invalid redirect: %q", r.URL.Query().Get("loc")), http.StatusBadRequest)
|
|
// return
|
|
// }
|
|
// http.Redirect(w, r, loc, http.StatusFound)
|
|
// })
|