2018-04-28 22:02:36 +08:00
|
|
|
package serve
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"fmt"
|
|
|
|
"html/template"
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
dt "github.com/RadhiFadlillah/shiori/database"
|
|
|
|
jwt "github.com/dgrijalva/jwt-go"
|
|
|
|
"github.com/dgrijalva/jwt-go/request"
|
|
|
|
)
|
|
|
|
|
|
|
|
// webHandler is handler for every API and routes to web page
|
|
|
|
type webHandler struct {
|
|
|
|
db dt.Database
|
2018-05-18 17:18:38 +08:00
|
|
|
dataDir string
|
2018-04-28 22:02:36 +08:00
|
|
|
jwtKey []byte
|
|
|
|
tplCache *template.Template
|
|
|
|
}
|
|
|
|
|
|
|
|
// newWebHandler returns new webHandler
|
2018-05-18 17:18:38 +08:00
|
|
|
func newWebHandler(db dt.Database, dataDir string) (*webHandler, error) {
|
2018-04-28 22:02:36 +08:00
|
|
|
// Create JWT key
|
|
|
|
jwtKey := make([]byte, 32)
|
|
|
|
_, err := rand.Read(jwtKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create handler
|
|
|
|
handler := &webHandler{
|
2018-05-22 21:13:28 +08:00
|
|
|
db: db,
|
|
|
|
dataDir: dataDir,
|
|
|
|
jwtKey: jwtKey,
|
2018-04-28 22:02:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return handler, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *webHandler) checkToken(r *http.Request) error {
|
|
|
|
tokenCookie, err := r.Cookie("token")
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Token does not exist")
|
|
|
|
}
|
|
|
|
|
|
|
|
token, err := jwt.Parse(tokenCookie.Value, h.jwtKeyFunc)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
claims := token.Claims.(jwt.MapClaims)
|
|
|
|
return claims.Valid()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *webHandler) checkAPIToken(r *http.Request) error {
|
|
|
|
token, err := request.ParseFromRequest(r,
|
|
|
|
request.AuthorizationHeaderExtractor,
|
|
|
|
h.jwtKeyFunc)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
claims := token.Claims.(jwt.MapClaims)
|
|
|
|
return claims.Valid()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *webHandler) jwtKeyFunc(token *jwt.Token) (interface{}, error) {
|
|
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
|
|
return nil, fmt.Errorf("Unexpected signing method")
|
|
|
|
}
|
|
|
|
|
|
|
|
return h.jwtKey, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func createTemplate(filename string, funcMap template.FuncMap) (*template.Template, error) {
|
|
|
|
// Open file
|
|
|
|
src, err := assets.Open(filename)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer src.Close()
|
|
|
|
|
|
|
|
// Read file content
|
|
|
|
srcContent, err := ioutil.ReadAll(src)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create template
|
2018-05-22 21:13:28 +08:00
|
|
|
return template.New(filename).Delims("$|", "|$").Funcs(funcMap).Parse(string(srcContent))
|
2018-04-28 22:02:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func redirectPage(w http.ResponseWriter, r *http.Request, url string) {
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
|
|
w.Header().Set("Pragma", "no-cache")
|
|
|
|
w.Header().Set("Expires", "0")
|
|
|
|
http.Redirect(w, r, url, 301)
|
|
|
|
}
|