mirror of https://github.com/jlelse/GoBlog
297 lines
8.5 KiB
Go
297 lines
8.5 KiB
Go
package main
|
|
|
|
import (
|
|
"compress/flate"
|
|
"net/http"
|
|
"os"
|
|
"strconv"
|
|
"sync/atomic"
|
|
|
|
"github.com/go-chi/chi"
|
|
"github.com/go-chi/chi/middleware"
|
|
"github.com/gorilla/handlers"
|
|
"golang.org/x/crypto/acme/autocert"
|
|
)
|
|
|
|
const (
|
|
contentType = "Content-Type"
|
|
|
|
charsetUtf8Suffix = "; charset=utf-8"
|
|
|
|
contentTypeHTML = "text/html"
|
|
contentTypeJSON = "application/json"
|
|
contentTypeWWWForm = "application/x-www-form-urlencoded"
|
|
contentTypeMultipartForm = "multipart/form-data"
|
|
contentTypeAS = "application/activity+json"
|
|
|
|
contentTypeHTMLUTF8 = contentTypeHTML + charsetUtf8Suffix
|
|
contentTypeJSONUTF8 = contentTypeJSON + charsetUtf8Suffix
|
|
contentTypeASUTF8 = contentTypeAS + charsetUtf8Suffix
|
|
)
|
|
|
|
var (
|
|
d *dynamicHandler
|
|
logMiddleware func(next http.Handler) http.Handler
|
|
authMiddleware func(next http.Handler) http.Handler
|
|
)
|
|
|
|
func startServer() (err error) {
|
|
// Init
|
|
if appConfig.Server.Logging {
|
|
f, err := os.OpenFile(appConfig.Server.LogFile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer f.Close()
|
|
logMiddleware = func(next http.Handler) http.Handler {
|
|
lh := handlers.CombinedLoggingHandler(f, next)
|
|
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
// Remove remote address for privacy
|
|
r.RemoteAddr = "127.0.0.1"
|
|
lh.ServeHTTP(rw, r)
|
|
})
|
|
}
|
|
}
|
|
authMiddleware = middleware.BasicAuth("", map[string]string{
|
|
appConfig.User.Nick: appConfig.User.Password,
|
|
})
|
|
// Start
|
|
d = &dynamicHandler{}
|
|
err = reloadRouter()
|
|
if err != nil {
|
|
return
|
|
}
|
|
localAddress := ":" + strconv.Itoa(appConfig.Server.Port)
|
|
if appConfig.Server.PublicHTTPS {
|
|
cache, err := newAutocertCache()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
certManager := autocert.Manager{
|
|
Prompt: autocert.AcceptTOS,
|
|
HostPolicy: autocert.HostWhitelist(appConfig.Server.Domain),
|
|
Cache: cache,
|
|
Email: appConfig.Server.LetsEncryptMail,
|
|
}
|
|
tlsConfig := certManager.TLSConfig()
|
|
server := http.Server{
|
|
Addr: ":https",
|
|
Handler: securityHeaders(d),
|
|
TLSConfig: tlsConfig,
|
|
}
|
|
go http.ListenAndServe(":http", certManager.HTTPHandler(nil))
|
|
err = server.ListenAndServeTLS("", "")
|
|
} else if appConfig.Server.LocalHTTPS {
|
|
err = http.ListenAndServeTLS(localAddress, "https/server.crt", "https/server.key", d)
|
|
} else {
|
|
err = http.ListenAndServe(localAddress, d)
|
|
}
|
|
return
|
|
}
|
|
|
|
func reloadRouter() error {
|
|
h, err := buildHandler()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
d.swapHandler(h)
|
|
return nil
|
|
}
|
|
|
|
func buildHandler() (http.Handler, error) {
|
|
r := chi.NewRouter()
|
|
|
|
if appConfig.Server.Logging {
|
|
r.Use(logMiddleware)
|
|
}
|
|
r.Use(middleware.Recoverer)
|
|
r.Use(middleware.Compress(flate.DefaultCompression))
|
|
r.Use(middleware.RedirectSlashes)
|
|
r.Use(middleware.GetHead)
|
|
if !appConfig.Cache.Enable {
|
|
r.Use(middleware.NoCache)
|
|
}
|
|
|
|
// Profiler
|
|
if appConfig.Server.Debug {
|
|
r.Mount("/debug", middleware.Profiler())
|
|
}
|
|
|
|
// API
|
|
r.Route("/api", func(apiRouter chi.Router) {
|
|
apiRouter.Use(middleware.NoCache, authMiddleware)
|
|
apiRouter.Post("/hugo", apiPostCreateHugo)
|
|
})
|
|
|
|
// Micropub
|
|
r.Route(micropubPath, func(mpRouter chi.Router) {
|
|
mpRouter.Use(middleware.NoCache, checkIndieAuth)
|
|
mpRouter.Get("/", serveMicropubQuery)
|
|
mpRouter.Post("/", serveMicropubPost)
|
|
if appConfig.Micropub.MediaStorage != nil {
|
|
mpRouter.Post(micropubMediaSubPath, serveMicropubMedia)
|
|
}
|
|
})
|
|
|
|
// IndieAuth
|
|
r.Route("/indieauth", func(indieauthRouter chi.Router) {
|
|
indieauthRouter.Use(middleware.NoCache)
|
|
indieauthRouter.With(authMiddleware, minifier.Middleware).Get("/", indieAuthAuthGet)
|
|
indieauthRouter.With(authMiddleware).Post("/accept", indieAuthAccept)
|
|
indieauthRouter.Post("/", indieAuthAuthPost)
|
|
indieauthRouter.Get("/token", indieAuthToken)
|
|
indieauthRouter.Post("/token", indieAuthToken)
|
|
})
|
|
|
|
// ActivityPub and stuff
|
|
if appConfig.ActivityPub.Enabled {
|
|
r.Post("/activitypub/inbox/{blog}", apHandleInbox)
|
|
r.Get("/.well-known/webfinger", apHandleWebfinger)
|
|
r.Get("/.well-known/host-meta", handleWellKnownHostMeta)
|
|
}
|
|
|
|
// Webmentions
|
|
r.Route("/webmention", func(webmentionRouter chi.Router) {
|
|
webmentionRouter.Use(middleware.NoCache)
|
|
webmentionRouter.Post("/", handleWebmention)
|
|
webmentionRouter.With(authMiddleware, minifier.Middleware).Get("/admin", webmentionAdmin)
|
|
webmentionRouter.With(authMiddleware).Post("/admin/delete/{id:\\d+}", webmentionAdminDelete)
|
|
webmentionRouter.With(authMiddleware).Post("/admin/approve/{id:\\d+}", webmentionAdminApprove)
|
|
})
|
|
|
|
// Posts
|
|
allPostPaths, err := allPostPaths()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var postMW []func(http.Handler) http.Handler
|
|
if appConfig.ActivityPub.Enabled {
|
|
postMW = []func(http.Handler) http.Handler{manipulateAsPath, cacheMiddleware, minifier.Middleware}
|
|
} else {
|
|
postMW = []func(http.Handler) http.Handler{cacheMiddleware, minifier.Middleware}
|
|
}
|
|
for _, path := range allPostPaths {
|
|
if path != "" {
|
|
r.With(postMW...).Get(path, servePost)
|
|
}
|
|
}
|
|
|
|
// Redirects
|
|
allRedirectPaths, err := allRedirectPaths()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, path := range allRedirectPaths {
|
|
if path != "" {
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(path, serveRedirect)
|
|
}
|
|
}
|
|
|
|
// Assets
|
|
for _, path := range allAssetPaths() {
|
|
r.Get(path, serveAsset)
|
|
}
|
|
|
|
paginationPath := "/page/{page:[0-9-]+}"
|
|
feedPath := ".{feed:rss|json|atom}"
|
|
|
|
for blog, blogConfig := range appConfig.Blogs {
|
|
|
|
fullBlogPath := blogConfig.Path
|
|
blogPath := fullBlogPath
|
|
if blogPath == "/" {
|
|
blogPath = ""
|
|
}
|
|
|
|
// Indexes, Feeds
|
|
for _, section := range blogConfig.Sections {
|
|
if section.Name != "" {
|
|
path := blogPath + "/" + section.Name
|
|
handler := serveSection(blog, path, section)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(path, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(path+feedPath, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(path+paginationPath, handler)
|
|
}
|
|
}
|
|
|
|
for _, taxonomy := range blogConfig.Taxonomies {
|
|
if taxonomy.Name != "" {
|
|
path := blogPath + "/" + taxonomy.Name
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(path, serveTaxonomy(blog, taxonomy))
|
|
values, err := allTaxonomyValues(blog, taxonomy.Name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, tv := range values {
|
|
vPath := path + "/" + urlize(tv)
|
|
handler := serveTaxonomyValue(blog, vPath, taxonomy, tv)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(vPath, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(vPath+feedPath, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(vPath+paginationPath, handler)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Photos
|
|
if blogConfig.Photos.Enabled {
|
|
handler := servePhotos(blog)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(blogPath+blogConfig.Photos.Path, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(blogPath+blogConfig.Photos.Path+paginationPath, handler)
|
|
}
|
|
|
|
// Blog
|
|
var mw []func(http.Handler) http.Handler
|
|
if appConfig.ActivityPub.Enabled {
|
|
mw = []func(http.Handler) http.Handler{manipulateAsPath, cacheMiddleware, minifier.Middleware}
|
|
} else {
|
|
mw = []func(http.Handler) http.Handler{cacheMiddleware, minifier.Middleware}
|
|
}
|
|
handler := serveHome(blog, blogPath)
|
|
r.With(mw...).Get(fullBlogPath, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(fullBlogPath+feedPath, handler)
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(blogPath+paginationPath, handler)
|
|
|
|
// Custom pages
|
|
for _, cp := range blogConfig.CustomPages {
|
|
handler := serveCustomPage(blogConfig, cp)
|
|
if cp.Cache {
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(cp.Path, handler)
|
|
} else {
|
|
r.With(minifier.Middleware).Get(cp.Path, handler)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Sitemap
|
|
r.With(cacheMiddleware, minifier.Middleware).Get(sitemapPath, serveSitemap)
|
|
|
|
// Check redirects, then serve 404
|
|
r.With(checkRegexRedirects, cacheMiddleware, minifier.Middleware).NotFound(serve404)
|
|
|
|
return r, nil
|
|
}
|
|
|
|
func securityHeaders(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Add("Strict-Transport-Security", "max-age=31536000;")
|
|
w.Header().Add("Referrer-Policy", "no-referrer")
|
|
w.Header().Add("X-Content-Type-Options", "nosniff")
|
|
w.Header().Add("X-Frame-Options", "SAMEORIGIN")
|
|
w.Header().Add("X-Xss-Protection", "1; mode=block")
|
|
// TODO: Add CSP
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
type dynamicHandler struct {
|
|
realHandler atomic.Value
|
|
}
|
|
|
|
func (d *dynamicHandler) swapHandler(h http.Handler) {
|
|
d.realHandler.Store(h)
|
|
}
|
|
|
|
func (d *dynamicHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
d.realHandler.Load().(http.Handler).ServeHTTP(w, r)
|
|
}
|