GoBlog/http.go

502 lines
14 KiB
Go
Raw Normal View History

2020-07-28 19:17:07 +00:00
package main
import (
2020-10-19 19:09:51 +00:00
"compress/flate"
2020-12-13 14:16:47 +00:00
"fmt"
2021-03-10 17:08:20 +00:00
"log"
2020-07-28 19:17:07 +00:00
"net/http"
2021-02-16 20:27:52 +00:00
"net/url"
2020-07-28 19:17:07 +00:00
"strconv"
2021-02-16 20:27:52 +00:00
"strings"
"sync/atomic"
2021-03-10 17:08:20 +00:00
"time"
2020-09-25 17:23:01 +00:00
"github.com/caddyserver/certmagic"
2021-01-23 16:24:47 +00:00
"github.com/dchest/captcha"
2021-03-03 17:19:55 +00:00
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
2021-03-10 17:47:56 +00:00
servertiming "github.com/mitchellh/go-server-timing"
2020-07-28 19:17:07 +00:00
)
const (
contentType = "Content-Type"
2020-07-31 14:23:29 +00:00
charsetUtf8Suffix = "; charset=utf-8"
contentTypeHTML = "text/html"
contentTypeJSON = "application/json"
contentTypeWWWForm = "application/x-www-form-urlencoded"
contentTypeMultipartForm = "multipart/form-data"
contentTypeAS = "application/activity+json"
contentTypeRSS = "application/rss+xml"
contentTypeATOM = "application/atom+xml"
contentTypeJSONFeed = "application/feed+json"
contentTypeHTMLUTF8 = contentTypeHTML + charsetUtf8Suffix
contentTypeJSONUTF8 = contentTypeJSON + charsetUtf8Suffix
contentTypeASUTF8 = contentTypeAS + charsetUtf8Suffix
userAgent = "User-Agent"
appUserAgent = "GoBlog"
)
var (
2020-12-15 16:40:14 +00:00
d *dynamicHandler
)
2020-07-31 19:44:16 +00:00
2020-08-01 15:49:46 +00:00
func startServer() (err error) {
2020-11-03 17:58:32 +00:00
// Start
d = &dynamicHandler{}
2021-03-10 17:47:56 +00:00
// Set basic middlewares
var finalHandler http.Handler = d
if appConfig.Server.PublicHTTPS || appConfig.Server.SecurityHeaders {
finalHandler = securityHeaders(finalHandler)
}
finalHandler = servertiming.Middleware(finalHandler, nil)
finalHandler = middleware.Compress(flate.DefaultCompression)(finalHandler)
finalHandler = middleware.Recoverer(finalHandler)
if appConfig.Server.Logging {
finalHandler = logMiddleware(finalHandler)
}
// Load router
err = reloadRouter()
if err != nil {
2020-08-01 15:49:46 +00:00
return
2020-07-28 19:17:07 +00:00
}
2020-08-04 17:42:09 +00:00
localAddress := ":" + strconv.Itoa(appConfig.Server.Port)
2020-10-06 17:07:48 +00:00
if appConfig.Server.PublicHTTPS {
certmagic.Default.Storage = &certmagic.FileStorage{Path: "data/https"}
certmagic.DefaultACME.Agreed = true
certmagic.DefaultACME.Email = appConfig.Server.LetsEncryptMail
certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
2020-12-24 10:00:16 +00:00
hosts := []string{appConfig.Server.publicHostname}
if appConfig.Server.shortPublicHostname != "" {
hosts = append(hosts, appConfig.Server.shortPublicHostname)
}
2021-03-10 17:47:56 +00:00
err = certmagic.HTTPS(hosts, finalHandler)
2021-02-15 20:35:05 +00:00
} else if appConfig.Server.SecurityHeaders {
2021-03-10 17:47:56 +00:00
err = http.ListenAndServe(localAddress, finalHandler)
2020-08-01 15:49:46 +00:00
} else {
2021-03-10 17:49:32 +00:00
err = http.ListenAndServe(localAddress, finalHandler)
2020-07-29 14:41:36 +00:00
}
2020-08-01 15:49:46 +00:00
return
}
2020-07-29 14:41:36 +00:00
2020-07-31 19:44:16 +00:00
func reloadRouter() error {
h, err := buildHandler()
if err != nil {
return err
}
purgeCache()
2020-07-31 19:44:16 +00:00
d.swapHandler(h)
return nil
}
2021-02-27 07:31:06 +00:00
const paginationPath = "/page/{page:[0-9-]+}"
const feedPath = ".{feed:rss|json|atom}"
2021-01-30 18:37:26 +00:00
2021-02-27 07:31:06 +00:00
func buildHandler() (http.Handler, error) {
2021-03-10 17:08:20 +00:00
startTime := time.Now()
r := chi.NewRouter()
2021-02-27 07:31:06 +00:00
// Private mode
privateMode := false
privateModeHandler := []func(http.Handler) http.Handler{}
if pm := appConfig.PrivateMode; pm != nil && pm.Enabled {
privateMode = true
privateModeHandler = append(privateModeHandler, authMiddleware)
}
// Basic middleware
2020-12-24 10:00:16 +00:00
r.Use(redirectShortDomain)
2020-11-05 16:06:42 +00:00
r.Use(middleware.RedirectSlashes)
2020-12-22 19:29:25 +00:00
r.Use(middleware.CleanPath)
2020-10-19 19:09:51 +00:00
r.Use(middleware.GetHead)
if !appConfig.Cache.Enable {
r.Use(middleware.NoCache)
}
2021-02-27 07:31:06 +00:00
// No Index Header
if privateMode {
r.Use(noIndexHeader)
}
// Login middleware etc.
2020-12-15 16:40:14 +00:00
r.Use(checkIsLogin)
2021-01-23 16:24:47 +00:00
r.Use(checkIsCaptcha)
2021-02-20 22:35:16 +00:00
r.Use(checkLoggedIn)
2021-02-27 07:31:06 +00:00
r.Use(checkActivityStreamsRequest)
// Logout
r.With(authMiddleware).Get("/login", serveLogin)
r.With(authMiddleware).Get("/logout", serveLogout)
2020-10-06 17:07:48 +00:00
// Micropub
2021-02-27 07:31:06 +00:00
r.Route(micropubPath, func(r chi.Router) {
r.Use(checkIndieAuth)
r.Get("/", serveMicropubQuery)
r.Post("/", serveMicropubPost)
r.Post(micropubMediaSubPath, serveMicropubMedia)
})
2020-10-06 17:07:48 +00:00
2020-10-13 19:35:39 +00:00
// IndieAuth
2021-02-27 07:31:06 +00:00
r.Route("/indieauth", func(r chi.Router) {
r.Get("/", indieAuthRequest)
r.With(authMiddleware).Post("/accept", indieAuthAccept)
r.Post("/", indieAuthVerification)
r.Get("/token", indieAuthToken)
r.Post("/token", indieAuthToken)
2020-10-13 19:35:39 +00:00
})
// ActivityPub and stuff
if ap := appConfig.ActivityPub; ap != nil && ap.Enabled {
r.Post("/activitypub/inbox/{blog}", apHandleInbox)
2020-11-10 06:45:32 +00:00
r.Post("/activitypub/{blog}/inbox", apHandleInbox)
r.With(cacheMiddleware).Get("/.well-known/webfinger", apHandleWebfinger)
2020-11-17 16:10:14 +00:00
r.With(cacheMiddleware).Get("/.well-known/host-meta", handleWellKnownHostMeta)
r.With(cacheMiddleware).Get("/.well-known/nodeinfo", serveNodeInfoDiscover)
r.With(cacheMiddleware).Get("/nodeinfo", serveNodeInfo)
}
// Webmentions
2021-02-27 07:31:06 +00:00
r.Route(webmentionPath, func(r chi.Router) {
r.Post("/", handleWebmention)
r.Group(func(r chi.Router) {
// Authenticated routes
r.Use(authMiddleware)
r.Get("/", webmentionAdmin)
r.Get(paginationPath, webmentionAdmin)
r.Post("/delete", webmentionAdminDelete)
r.Post("/approve", webmentionAdminApprove)
})
})
// Notifications
notificationsPath := "/notifications"
r.Route(notificationsPath, func(r chi.Router) {
r.Use(authMiddleware)
handler := notificationsAdmin(notificationsPath)
r.Get("/", handler)
r.Get(paginationPath, handler)
})
// Posts
2021-01-15 20:56:46 +00:00
pp, err := allPostPaths(statusPublished)
if err != nil {
return nil, err
2020-07-30 19:18:13 +00:00
}
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
for _, path := range pp {
r.Get(path, servePost)
}
})
2021-01-15 20:56:46 +00:00
// Drafts
dp, err := allPostPaths(statusDraft)
if err != nil {
return nil, err
}
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(authMiddleware)
for _, path := range dp {
r.Get(path, servePost)
2021-01-15 20:56:46 +00:00
}
})
2021-01-15 20:56:46 +00:00
2020-11-09 17:33:56 +00:00
// Post aliases
allPostAliases, err := allPostAliases()
if err != nil {
return nil, err
2020-07-30 19:18:13 +00:00
}
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
for _, path := range allPostAliases {
r.Get(path, servePostAlias)
}
})
// Assets
for _, path := range allAssetPaths() {
r.Get(path, serveAsset)
}
2020-12-23 13:11:14 +00:00
// Static files
for _, path := range allStaticPaths() {
r.Get(path, serveStaticFile)
2020-12-23 13:11:14 +00:00
}
2021-01-10 14:59:43 +00:00
// Media files
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).Get(`/m/{file:[0-9a-fA-F]+(\.[0-9a-zA-Z]+)?}`, serveMediaFile)
2021-01-10 14:59:43 +00:00
2021-01-23 16:24:47 +00:00
// Captcha
r.Handle("/captcha/*", captcha.Server(500, 250))
2020-12-22 21:15:29 +00:00
// Short paths
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).With(cacheMiddleware).Get("/s/{id:[0-9a-fA-F]+}", redirectToLongPath)
2020-12-22 21:15:29 +00:00
2020-10-06 17:07:48 +00:00
for blog, blogConfig := range appConfig.Blogs {
2020-10-12 17:12:24 +00:00
fullBlogPath := blogConfig.Path
blogPath := fullBlogPath
2020-10-06 17:07:48 +00:00
if blogPath == "/" {
blogPath = ""
2020-08-31 19:12:43 +00:00
}
// Sections
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
for _, section := range blogConfig.Sections {
if section.Name != "" {
secPath := blogPath + "/" + section.Name
handler := serveSection(blog, secPath, section)
r.Get(secPath, handler)
r.Get(secPath+feedPath, handler)
r.Get(secPath+paginationPath, handler)
}
2020-08-31 19:12:43 +00:00
}
})
2020-10-06 17:07:48 +00:00
// Taxonomies
2020-10-06 17:07:48 +00:00
for _, taxonomy := range blogConfig.Taxonomies {
if taxonomy.Name != "" {
taxPath := blogPath + "/" + taxonomy.Name
taxValues, err := allTaxonomyValues(blog, taxonomy.Name)
2020-10-06 17:07:48 +00:00
if err != nil {
return nil, err
}
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
r.Get(taxPath, serveTaxonomy(blog, taxonomy))
for _, tv := range taxValues {
vPath := taxPath + "/" + urlize(tv)
handler := serveTaxonomyValue(blog, vPath, taxonomy, tv)
r.Get(vPath, handler)
r.Get(vPath+feedPath, handler)
r.Get(vPath+paginationPath, handler)
}
})
2020-08-31 19:12:43 +00:00
}
2020-08-25 18:55:32 +00:00
}
2020-10-06 17:07:48 +00:00
// Photos
2021-01-04 19:29:49 +00:00
if blogConfig.Photos != nil && blogConfig.Photos.Enabled {
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
photoPath := blogPath + blogConfig.Photos.Path
handler := servePhotos(blog, photoPath)
r.Get(photoPath, handler)
r.Get(photoPath+feedPath, handler)
r.Get(photoPath+paginationPath, handler)
})
2020-10-06 17:07:48 +00:00
}
2020-09-21 16:03:05 +00:00
2020-11-15 10:34:48 +00:00
// Search
2021-01-04 19:29:49 +00:00
if blogConfig.Search != nil && blogConfig.Search.Enabled {
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
searchPath := blogPath + blogConfig.Search.Path
handler := serveSearch(blog, searchPath)
r.Get(searchPath, handler)
r.Post(searchPath, handler)
searchResultPath := searchPath + "/" + searchPlaceholder
resultHandler := serveSearchResults(blog, searchResultPath)
r.Get(searchResultPath, resultHandler)
r.Get(searchResultPath+feedPath, resultHandler)
r.Get(searchResultPath+paginationPath, resultHandler)
})
2020-11-15 10:34:48 +00:00
}
2021-01-04 19:29:49 +00:00
// Stats
if blogConfig.BlogStats != nil && blogConfig.BlogStats.Enabled {
statsPath := blogPath + blogConfig.BlogStats.Path
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).With(cacheMiddleware).Get(statsPath, serveBlogStats(blog, statsPath))
2021-01-04 19:29:49 +00:00
}
2020-12-13 14:16:47 +00:00
// Year / month archives
dates, err := allPublishedDates(blog)
2020-12-13 14:16:47 +00:00
if err != nil {
return nil, err
}
r.Group(func(r chi.Router) {
2021-02-27 07:31:06 +00:00
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
2021-03-10 17:08:20 +00:00
already := map[string]bool{}
for _, d := range dates {
// Year
yearPath := blogPath + "/" + fmt.Sprintf("%0004d", d.year)
2021-03-10 17:08:20 +00:00
if !already[yearPath] {
yearHandler := serveDate(blog, yearPath, d.year, 0, 0)
r.Get(yearPath, yearHandler)
r.Get(yearPath+feedPath, yearHandler)
r.Get(yearPath+paginationPath, yearHandler)
already[yearPath] = true
}
// Specific month
monthPath := yearPath + "/" + fmt.Sprintf("%02d", d.month)
2021-03-10 17:08:20 +00:00
if !already[monthPath] {
monthHandler := serveDate(blog, monthPath, d.year, d.month, 0)
r.Get(monthPath, monthHandler)
r.Get(monthPath+feedPath, monthHandler)
r.Get(monthPath+paginationPath, monthHandler)
already[monthPath] = true
}
// Specific day
dayPath := monthPath + "/" + fmt.Sprintf("%02d", d.day)
2021-03-10 17:08:20 +00:00
if !already[dayPath] {
dayHandler := serveDate(blog, monthPath, d.year, d.month, d.day)
r.Get(dayPath, dayHandler)
r.Get(dayPath+feedPath, dayHandler)
r.Get(dayPath+paginationPath, dayHandler)
already[dayPath] = true
}
// Generic month
genericMonthPath := blogPath + "/x/" + fmt.Sprintf("%02d", d.month)
2021-03-10 17:08:20 +00:00
if !already[genericMonthPath] {
genericMonthHandler := serveDate(blog, genericMonthPath, 0, d.month, 0)
r.Get(genericMonthPath, genericMonthHandler)
r.Get(genericMonthPath+feedPath, genericMonthHandler)
r.Get(genericMonthPath+paginationPath, genericMonthHandler)
already[genericMonthPath] = true
}
// Specific day
genericMonthDayPath := genericMonthPath + "/" + fmt.Sprintf("%02d", d.day)
2021-03-10 17:08:20 +00:00
if !already[genericMonthDayPath] {
genericMonthDayHandler := serveDate(blog, genericMonthDayPath, 0, d.month, d.day)
r.Get(genericMonthDayPath, genericMonthDayHandler)
r.Get(genericMonthDayPath+feedPath, genericMonthDayHandler)
r.Get(genericMonthDayPath+paginationPath, genericMonthDayHandler)
already[genericMonthDayPath] = true
}
}
})
2020-12-13 14:16:47 +00:00
2020-10-06 17:07:48 +00:00
// Blog
2020-12-23 15:53:10 +00:00
if !blogConfig.PostAsHome {
2021-02-27 07:31:06 +00:00
r.Group(func(r chi.Router) {
r.Use(privateModeHandler...)
r.Use(cacheMiddleware)
handler := serveHome(blog, blogPath)
r.Get(fullBlogPath, handler)
r.Get(fullBlogPath+feedPath, handler)
r.Get(blogPath+paginationPath, handler)
})
}
2020-10-13 11:40:16 +00:00
// Custom pages
for _, cp := range blogConfig.CustomPages {
2020-11-01 17:37:21 +00:00
handler := serveCustomPage(blogConfig, cp)
2020-10-13 11:40:16 +00:00
if cp.Cache {
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).With(cacheMiddleware).Get(cp.Path, handler)
2020-10-13 11:40:16 +00:00
} else {
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).Get(cp.Path, handler)
2020-10-13 11:40:16 +00:00
}
}
2021-01-17 11:53:07 +00:00
// Random post
if rp := blogConfig.RandomPost; rp != nil && rp.Enabled {
randomPath := rp.Path
if randomPath == "" {
randomPath = "/random"
}
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).Get(blogPath+randomPath, redirectToRandomPost(blog))
}
2021-01-17 11:53:07 +00:00
// Editor
2021-02-27 07:31:06 +00:00
r.Route(blogPath+"/editor", func(r chi.Router) {
r.Use(authMiddleware)
r.Get("/", serveEditor(blog))
r.Post("/", serveEditorPost(blog))
2021-01-17 11:53:07 +00:00
})
2021-01-23 16:24:47 +00:00
// Comments
if commentsConfig := blogConfig.Comments; commentsConfig != nil && commentsConfig.Enabled {
commentsPath := blogPath + "/comment"
r.Route(commentsPath, func(cr chi.Router) {
2021-02-27 07:31:06 +00:00
cr.Use(privateModeHandler...)
cr.With(cacheMiddleware).Get("/{id:[0-9]+}", serveComment(blog))
2021-01-23 16:24:47 +00:00
cr.With(captchaMiddleware).Post("/", createComment(blog, commentsPath))
// Admin
cr.Group(func(r chi.Router) {
r.Use(authMiddleware)
2021-02-17 15:07:42 +00:00
handler := commentsAdmin(blog, commentsPath)
r.Get("/", handler)
r.Get(paginationPath, handler)
r.Post("/delete", commentsAdminDelete)
})
2021-01-23 16:24:47 +00:00
})
}
2020-08-05 17:14:10 +00:00
}
2020-09-22 15:08:34 +00:00
// Sitemap
2021-02-27 07:31:06 +00:00
r.With(privateModeHandler...).With(cacheMiddleware).Get(sitemapPath, serveSitemap)
2020-09-22 15:08:34 +00:00
// Robots.txt - doesn't need cache, because it's too simple
2021-02-27 07:31:06 +00:00
if !privateMode {
r.Get("/robots.txt", serveRobotsTXT)
} else {
r.Get("/robots.txt", servePrivateRobotsTXT)
}
2020-10-15 18:54:43 +00:00
// Check redirects, then serve 404
r.With(cacheMiddleware, checkRegexRedirects).NotFound(serve404)
r.MethodNotAllowed(func(rw http.ResponseWriter, r *http.Request) {
2020-12-24 09:09:34 +00:00
serveError(rw, r, "", http.StatusMethodNotAllowed)
})
2021-03-10 17:08:20 +00:00
log.Println("Building handler took", time.Since(startTime))
return r, nil
2020-07-28 19:17:07 +00:00
}
2020-10-16 13:35:38 +00:00
func securityHeaders(next http.Handler) http.Handler {
2021-02-16 20:27:52 +00:00
extraCSPDomains := ""
if mp := appConfig.Micropub.MediaStorage; mp != nil && mp.MediaURL != "" {
if u, err := url.Parse(mp.MediaURL); err == nil {
extraCSPDomains += " " + u.Hostname()
}
}
if len(appConfig.Server.CSPDomains) > 0 {
extraCSPDomains += " " + strings.Join(appConfig.Server.CSPDomains, " ")
}
2020-10-16 13:35:38 +00:00
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
2021-02-27 07:31:06 +00:00
w.Header().Set("Strict-Transport-Security", "max-age=31536000;")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Xss-Protection", "1; mode=block")
w.Header().Set("Content-Security-Policy", "default-src 'self'"+extraCSPDomains)
next.ServeHTTP(w, r)
})
}
func noIndexHeader(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Robots-Tag", "noindex")
2020-10-16 13:35:38 +00:00
next.ServeHTTP(w, r)
})
}
type dynamicHandler struct {
realHandler atomic.Value
}
func (d *dynamicHandler) swapHandler(h http.Handler) {
d.realHandler.Store(h)
}
func (d *dynamicHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
2020-11-10 15:40:22 +00:00
// Fix to use Path routing instead of RawPath routing in Chi
r.URL.RawPath = ""
// Serve request
d.realHandler.Load().(http.Handler).ServeHTTP(w, r)
}