🌱🏠 a cloud service to enable your own server (owned by you and running on your computer) to be accessible on the internet in seconds, no credit card required https://greenhouse.server.garden/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

410 lines
13 KiB

package main
import (
"bytes"
"crypto/rand"
"encoding/base64"
"encoding/json"
"fmt"
"html/template"
"io"
"io/ioutil"
"log"
"net/http"
"path/filepath"
"regexp"
"strings"
"sync"
"time"
"github.com/gorilla/mux"
)
type Session struct {
SessionId string
TenantId int
Email string
EmailVerified bool
LaxCookie bool
APIToken string
Expires time.Time
Flash *map[string]string
}
type FrontendApp struct {
Port int
TLSCertificate string
TLSKey string
Domain string
WorkingDirectory string
Router *mux.Router
EmailService *EmailService
Model *DBModel
Backend *BackendApp
Ingress *IngressService
HTMLTemplates map[string]*template.Template
PasswordHashSalt string
SessionCache map[string]*Session
SessionIdByTenantId map[int]string
SessionCacheMutex *sync.Mutex
basicURLPathRegex *regexp.Regexp
AdminTenantId int
}
func initFrontend(workingDirectory string, config *Config, model *DBModel, backend *BackendApp, emailService *EmailService) FrontendApp {
app := FrontendApp{
Port: config.FrontendPort,
TLSCertificate: config.FrontendTLSCertificate,
TLSKey: config.FrontendTLSKey,
Domain: config.FrontendDomain,
WorkingDirectory: workingDirectory,
Router: mux.NewRouter(),
EmailService: emailService,
Model: model,
Backend: backend,
Ingress: NewIngressService(config, model),
HTMLTemplates: map[string]*template.Template{},
PasswordHashSalt: "Ko0jOdSCzEyDtK4rmoocfcR9LxwOrIZsaVPBjImkb6AhRW6yNSmgsU122ArU1URBjcJ1EnskZ5r7",
SessionCache: map[string]*Session{},
SessionIdByTenantId: map[int]string{},
SessionCacheMutex: &sync.Mutex{},
basicURLPathRegex: regexp.MustCompile("(?i)[a-z0-9/?&_+-]+"),
}
app.handleWithSessionNotRequired("/", func(responseWriter http.ResponseWriter, request *http.Request, session Session) {
pageContent, err := app.renderTemplateToHTML("index.html", nil)
if err != nil {
app.unhandledError(responseWriter, err)
return
}
highlightContent, err := app.renderTemplateToHTML("index-highlight.html", nil)
if err != nil {
app.unhandledError(responseWriter, err)
return
}
app.buildPage(responseWriter, session, highlightContent, pageContent)
})
registerLoginRoutes(&app, emailService)
registerProfileRoutes(&app)
registerAdminPanelRoutes(&app)
app.reloadTemplates()
staticFilesDir := filepath.Join(workingDirectory, "frontend", "static")
log.Printf("serving static files from %s", staticFilesDir)
app.Router.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir(staticFilesDir))))
return app
}
func (app *FrontendApp) ListenAndServe() error {
if app.TLSKey != "" && app.TLSCertificate != "" {
return http.ListenAndServeTLS(fmt.Sprintf(":%d", app.Port), app.TLSCertificate, app.TLSKey, app.Router)
} else {
return http.ListenAndServe(fmt.Sprintf(":%d", app.Port), app.Router)
}
}
func (app *FrontendApp) setCookie(responseWriter http.ResponseWriter, name, value string, lifetimeSeconds int, sameSite http.SameSite) {
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent
// The Domain attribute specifies which hosts are allowed to receive the cookie.
// If unspecified, it defaults to the same host that set the cookie, excluding subdomains.
// If Domain is specified, then subdomains are always included.
// Therefore, specifying Domain is less restrictive than omitting it.
// However, it can be helpful when subdomains need to share information about a user.
toSet := &http.Cookie{
Name: name,
HttpOnly: true,
Secure: true,
SameSite: sameSite,
Path: "/",
Value: value,
MaxAge: lifetimeSeconds,
}
http.SetCookie(responseWriter, toSet)
}
func (app *FrontendApp) deleteCookie(responseWriter http.ResponseWriter, name string) {
http.SetCookie(responseWriter, &http.Cookie{
Name: name,
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
Path: "/",
Value: "",
MaxAge: -1,
})
}
func (app *FrontendApp) getSession(request *http.Request, domain string) (Session, error) {
toReturn := Session{
Flash: &(map[string]string{}),
}
for _, cookie := range request.Cookies() {
//log.Printf("getSession %t: %s: %s\n", toReturn.SessionId == "", cookie.Name, cookie.Value)
if cookie.Name == "sessionId" || (cookie.Name == "sessionIdLax" && toReturn.SessionId == "") {
app.SessionCacheMutex.Lock()
session, hasSession := app.SessionCache[cookie.Value]
app.SessionCacheMutex.Unlock()
if hasSession {
if time.Now().Before(session.Expires) && (cookie.Name != "sessionIdLax" || session.LaxCookie) {
toReturn.SessionId = cookie.Value
toReturn.TenantId = session.TenantId
toReturn.Email = session.Email
toReturn.EmailVerified = session.EmailVerified
toReturn.LaxCookie = session.LaxCookie
toReturn.Expires = session.Expires
continue
}
}
session, err := app.Model.GetSession(cookie.Value, cookie.Name == "sessionIdLax")
if err != nil {
log.Printf("can't getSession because can't query session from database: %+v", err)
return toReturn, err
}
if session != nil {
app.SessionCacheMutex.Lock()
existingSession, hasExisting := app.SessionIdByTenantId[session.TenantId]
if hasExisting {
delete(app.SessionCache, existingSession)
}
app.SessionIdByTenantId[session.TenantId] = cookie.Value
app.SessionCache[cookie.Value] = session
app.SessionCacheMutex.Unlock()
toReturn.SessionId = cookie.Value
toReturn.TenantId = session.TenantId
toReturn.Email = session.Email
toReturn.EmailVerified = session.EmailVerified
toReturn.LaxCookie = session.LaxCookie
toReturn.Expires = session.Expires
}
//log.Printf("toReturn.SessionId %s\n", toReturn.SessionId)
} else if cookie.Name == "flash" && cookie.Value != "" {
bytes, err := base64.RawURLEncoding.DecodeString(cookie.Value)
if err != nil {
log.Printf("can't getSession because can't base64 decode flash cookie: %+v", err)
return toReturn, err
}
flash := map[string]string{}
err = json.Unmarshal(bytes, &flash)
if err != nil {
log.Printf("can't getSession because can't json parse the decoded flash cookie: %+v", err)
return toReturn, err
}
toReturn.Flash = &flash
}
}
return toReturn, nil
}
func (app *FrontendApp) setSession(responseWriter http.ResponseWriter, session *Session) error {
sessionIdBuffer := make([]byte, 32)
rand.Read(sessionIdBuffer)
sessionId := base64.RawURLEncoding.EncodeToString(sessionIdBuffer)
err := app.Model.SetSession(sessionId, session)
if err != nil {
return err
}
bytes, _ := json.MarshalIndent(session, "", " ")
log.Printf("setSession(): %s %s\n", sessionId, string(bytes))
app.SessionCacheMutex.Lock()
existingSession, hasExisting := app.SessionIdByTenantId[session.TenantId]
if hasExisting {
delete(app.SessionCache, existingSession)
}
app.SessionIdByTenantId[session.TenantId] = sessionId
app.SessionCache[sessionId] = session
app.SessionCacheMutex.Unlock()
exipreInSeconds := int(session.Expires.Sub(time.Now()).Seconds())
if session.LaxCookie {
app.setCookie(responseWriter, "sessionIdLax", sessionId, exipreInSeconds, http.SameSiteLaxMode)
} else {
app.setCookie(responseWriter, "sessionId", sessionId, exipreInSeconds, http.SameSiteStrictMode)
}
return nil
}
func (app *FrontendApp) unhandledError(responseWriter http.ResponseWriter, err error) {
log.Printf("500 internal server error: %+v\n", err)
responseWriter.Header().Add("Content-Type", "text/plain")
responseWriter.WriteHeader(http.StatusInternalServerError)
responseWriter.Write([]byte("500 internal server error"))
}
func (app *FrontendApp) handleWithSpecificUser(path string, userId int, handler func(http.ResponseWriter, *http.Request, Session)) {
app.handleWithSessionImpl(path, true, userId, handler)
}
func (app *FrontendApp) handleWithSession(path string, handler func(http.ResponseWriter, *http.Request, Session)) {
app.handleWithSessionImpl(path, true, 0, handler)
}
func (app *FrontendApp) handleWithSessionNotRequired(path string, handler func(http.ResponseWriter, *http.Request, Session)) {
app.handleWithSessionImpl(path, false, 0, handler)
}
func (app *FrontendApp) handleWithSessionImpl(path string, required bool, requireUserId int, handler func(http.ResponseWriter, *http.Request, Session)) {
app.Router.HandleFunc(path, func(responseWriter http.ResponseWriter, request *http.Request) {
session, err := app.getSession(request, app.Domain)
bytes, _ := json.MarshalIndent(session, "", " ")
log.Printf("handleWithSession(): %s\n", string(bytes))
if err != nil {
app.unhandledError(responseWriter, err)
} else {
if (required && session.TenantId == 0) || (requireUserId != 0 && requireUserId != session.TenantId) {
// anti-XSS: only set returnTo if it matches a basic url pattern
if app.basicURLPathRegex.MatchString(request.URL.Path) {
msg := fmt.Sprintf("Please log in in order to access %s%s", app.Domain, request.URL.Path)
app.setFlash(responseWriter, session, "info", msg)
app.setFlash(responseWriter, session, "returnTo", request.URL.Path)
}
http.Redirect(responseWriter, request, "/login", http.StatusFound)
return
}
handler(responseWriter, request, session)
}
})
}
func (app *FrontendApp) buildPage(responseWriter http.ResponseWriter, session Session, highlight, page template.HTML) {
var buffer bytes.Buffer
templateName := "page.html"
pageTemplate, hasPageTemplate := app.HTMLTemplates[templateName]
if !hasPageTemplate {
panic(fmt.Errorf("template '%s' not found!", templateName))
}
err := pageTemplate.Execute(
&buffer,
struct {
Session Session
Highlight template.HTML
Page template.HTML
}{session, highlight, page},
)
app.deleteCookie(responseWriter, "flash")
if err != nil {
app.unhandledError(responseWriter, err)
} else {
io.Copy(responseWriter, &buffer)
}
}
func (app *FrontendApp) renderTemplateToHTML(templateName string, data interface{}) (template.HTML, error) {
var buffer bytes.Buffer
desiredTemplate, hasTemplate := app.HTMLTemplates[templateName]
if !hasTemplate {
return "", fmt.Errorf("template '%s' not found!", templateName)
}
err := desiredTemplate.Execute(&buffer, data)
if err != nil {
return "", err
}
return template.HTML(buffer.String()), nil
}
func (app *FrontendApp) buildPageFromTemplate(responseWriter http.ResponseWriter, session Session, templateName string, data interface{}) {
content, err := app.renderTemplateToHTML(templateName, data)
if err != nil {
app.unhandledError(responseWriter, err)
} else {
app.buildPage(responseWriter, session, template.HTML(""), content)
}
}
func (app *FrontendApp) setFlash(responseWriter http.ResponseWriter, session Session, key, value string) {
(*session.Flash)[key] += value
bytes, err := json.Marshal((*session.Flash))
if err != nil {
log.Printf("can't setFlash because can't json marshal the flash map: %+v", err)
return
}
app.setCookie(responseWriter, "flash", base64.RawURLEncoding.EncodeToString(bytes), 60, http.SameSiteStrictMode)
}
func (app *FrontendApp) reloadTemplates() {
loadTemplate := func(filename string) *template.Template {
newTemplateString, err := ioutil.ReadFile(filename)
if err != nil {
panic(err)
}
newTemplate, err := template.New(filename).Parse(string(newTemplateString))
if err != nil {
panic(err)
}
return newTemplate
}
frontendDirectory := filepath.Join(app.WorkingDirectory, "frontend")
//frontendVersion = hashTemplateAndStaticFiles(frontendDirectory)[:6]
fileInfos, err := ioutil.ReadDir(frontendDirectory)
if err != nil {
panic(err)
}
for _, fileInfo := range fileInfos {
if !fileInfo.IsDir() && strings.Contains(fileInfo.Name(), ".gotemplate") {
app.HTMLTemplates[strings.Replace(fileInfo.Name(), ".gotemplate", "", 1)] = loadTemplate(filepath.Join(frontendDirectory, fileInfo.Name()))
}
}
}
// func hashTemplateAndStaticFiles(workingDirectory string) string {
// filenameMatch := regexp.MustCompile("(\\.gotemplate)|(\\.html)|(\\.css)|(\\.js)$")
// toHash := map[string]bool{}
// var getFileNamesRecurse func(workingDirectory string, path string, depth int)
// getFileNamesRecurse = func(workingDirectory string, path string, depth int) {
// if depth > 10 {
// panic(errors.New("too much recursion inside hashTemplateAndStaticFiles()"))
// }
// fileInfos, err := ioutil.ReadDir(filepath.Join(workingDirectory, path))
// if err != nil {
// panic(err)
// }
// for _, fileInfo := range fileInfos {
// if fileInfo.IsDir() {
// getFileNamesRecurse(workingDirectory, filepath.Join(path, fileInfo.Name()), depth+1)
// } else if filenameMatch.Match([]byte(fileInfo.Name())) {
// toHash[filepath.Join(path, fileInfo.Name())] = true
// }
// }
// }
// toHashSlice := sort.StringSlice(make([]string, len(toHash)))
// i := 0
// for filename := range toHash {
// toHashSlice[i] = filename
// i++
// }
// toHashSlice.Sort()
// hash := sha256.New()
// for _, filename := range toHashSlice {
// fileContents, err := ioutil.ReadFile(filepath.Join(workingDirectory, filename))
// if err != nil {
// panic(err)
// }
// hash.Write([]byte(fileContents))
// }
// return fmt.Sprintf("%x", hash.Sum(nil))
// }