shiori/internal/webserver/handler.go

package webserver

import (
	"fmt"
	"html/template"
	"net/http"

	"github.com/go-shiori/shiori/internal/database"
	"github.com/go-shiori/shiori/internal/model"
	"github.com/go-shiori/warc"
	cch "github.com/patrickmn/go-cache"
)

var developmentMode = false

// Handler is handler for serving the web interface.
type handler struct {
	DB           database.DB
	DataDir      string
	RootPath     string
	UserCache    *cch.Cache
	SessionCache *cch.Cache
	ArchiveCache *cch.Cache
	Log          bool

	templates map[string]*template.Template
}

func (h *handler) prepareSessionCache() {
	h.SessionCache.OnEvicted(func(key string, val interface{}) {
		account := val.(model.Account)
		arr, found := h.UserCache.Get(account.Username)
		if !found {
			return
		}

		sessionIDs := arr.([]string)
		for i := 0; i < len(sessionIDs); i++ {
			if sessionIDs[i] == key {
				sessionIDs = append(sessionIDs[:i], sessionIDs[i+1:]...)
				break
			}
		}

		h.UserCache.Set(account.Username, sessionIDs, -1)
	})
}

func (h *handler) prepareArchiveCache() {
	h.ArchiveCache.OnEvicted(func(key string, data interface{}) {
		archive := data.(*warc.Archive)
		archive.Close()
	})
}

func (h *handler) prepareTemplates() error {
	// Prepare variables
	var err error
	h.templates = make(map[string]*template.Template)

	// Prepare func map
	funcMap := template.FuncMap{
		"html": func(s string) template.HTML {
			return template.HTML(s)
		},
	}

	// Create template for login, index and content
	for _, name := range []string{"login", "index", "content"} {
		h.templates[name], err = createTemplate(name+".html", funcMap)
		if err != nil {
			return err
		}
	}

	// Create template for archive overlay
	h.templates["archive"], err = template.New("archive").Delims("$$", "$$").Parse(
		`<div id="shiori-archive-header">
		<p id="shiori-logo"><span>栞</span>shiori</p>
		<div class="spacer"></div>
		<a href="$$.URL$$" target="_blank">View Original</a>
		$$if .HasContent$$
		<a href="/bookmark/$$.ID$$/content">View Readable</a>
		$$end$$
		</div>`)
	if err != nil {
		return err
	}

	return nil
}

func (h *handler) getSessionID(r *http.Request) string {
	// Try to get session ID from the header
	sessionID := r.Header.Get("X-Session-Id")

	// If not, try it from the cookie
	if sessionID == "" {
		cookie, err := r.Cookie("session-id")
		if err != nil {
			return ""
		}

		sessionID = cookie.Value
	}

	return sessionID
}

// validateSession checks whether user session is still valid or not
func (h *handler) validateSession(r *http.Request) error {
	sessionID := h.getSessionID(r)
	if sessionID == "" {
		return fmt.Errorf("session is not exist")
	}

	// Make sure session is not expired yet
	val, found := h.SessionCache.Get(sessionID)
	if !found {
		return fmt.Errorf("session has been expired")
	}

	// If this is not get request, make sure it's owner
	if r.Method != "" && r.Method != "GET" {
		if account := val.(model.Account); !account.Owner {
			return fmt.Errorf("account level is not sufficient")
		}
	}

	return nil
}
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`package webserver`

			`import (`
			`"fmt"`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`"html/template"`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`"net/http"`

			`"github.com/go-shiori/shiori/internal/database"`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`"github.com/go-shiori/shiori/internal/model"`
Move warc to another package 2019-10-09 21:10:12 +08:00			`"github.com/go-shiori/warc"`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`cch "github.com/patrickmn/go-cache"`
			`)`

			`var developmentMode = false`

			`// Handler is handler for serving the web interface.`
			`type handler struct {`
			`DB database.DB`
			`DataDir string`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`RootPath string`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`UserCache *cch.Cache`
			`SessionCache *cch.Cache`
Initial archive page 2019-08-05 19:26:37 +08:00			`ArchiveCache *cch.Cache`
Web Server and CI Improvements (#374) * Fix for infinite redirect loop path.Join trims the trailing slash if the path isn't /, use configured root instead. * Add repo root independence This makes the workflows agnostic of the repository root, making it possible to build in forked repos. * Add HTTP request logging * Fix proper RootPath handler * Add logging for all resources This adds proper logging for all resources, including errors. Logging is on by default, but can be turned off. * Report effective length of written data 2022-02-19 15:22:50 +08:00			`Log bool`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00
			`templates map[string]*template.Template`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`}`

Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`func (h *handler) prepareSessionCache() {`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`h.SessionCache.OnEvicted(func(key string, val interface{}) {`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`account := val.(model.Account)`
			`arr, found := h.UserCache.Get(account.Username)`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`if !found {`
			`return`
			`}`

			`sessionIDs := arr.([]string)`
			`for i := 0; i < len(sessionIDs); i++ {`
			`if sessionIDs[i] == key {`
			`sessionIDs = append(sessionIDs[:i], sessionIDs[i+1:]...)`
			`break`
			`}`
			`}`

Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`h.UserCache.Set(account.Username, sessionIDs, -1)`
			`})`
			`}`

			`func (h *handler) prepareArchiveCache() {`
			`h.ArchiveCache.OnEvicted(func(key string, data interface{}) {`
			`archive := data.(*warc.Archive)`
			`archive.Close()`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`})`
			`}`

Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`func (h *handler) prepareTemplates() error {`
			`// Prepare variables`
			`var err error`
			`h.templates = make(map[string]*template.Template)`

			`// Prepare func map`
			`funcMap := template.FuncMap{`
			`"html": func(s string) template.HTML {`
			`return template.HTML(s)`
			`},`
			`}`

			`// Create template for login, index and content`
			`for _, name := range []string{"login", "index", "content"} {`
			`h.templates[name], err = createTemplate(name+".html", funcMap)`
			`if err != nil {`
			`return err`
			`}`
			`}`

			`// Create template for archive overlay`
			`h.templates["archive"], err = template.New("archive").Delims("$$", "$$").Parse(`
			`<div id="shiori-archive-header">
			`<p id="shiori-logo"><span>栞</span>shiori</p>`
			`<div class="spacer"></div>`
			`<a href="$$.URL$$" target="_blank">View Original</a>`
			`$$if .HasContent$$`
			`<a href="/bookmark/$$.ID$$/content">View Readable</a>`
			`$$end$$`
			</div>`)
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

Now session id can be put in cookie or http header 2019-08-13 23:13:38 +08:00			`func (h handler) getSessionID(r http.Request) string {`
fix(api-ext): use same save logic as the api (#518) * switched session priority to header then cookie * fix(db): GetBookmarks handle no rows error * fix(api-ext): using same save logic as the api 2022-10-15 20:16:12 +08:00			`// Try to get session ID from the header`
			`sessionID := r.Header.Get("X-Session-Id")`

			`// If not, try it from the cookie`
			`if sessionID == "" {`
Now session id can be put in cookie or http header 2019-08-13 23:13:38 +08:00			`cookie, err := r.Cookie("session-id")`
			`if err != nil {`
			`return ""`
			`}`

fix(api-ext): use same save logic as the api (#518) * switched session priority to header then cookie * fix(db): GetBookmarks handle no rows error * fix(api-ext): using same save logic as the api 2022-10-15 20:16:12 +08:00			`sessionID = cookie.Value`
Now session id can be put in cookie or http header 2019-08-13 23:13:38 +08:00			`}`

			`return sessionID`
			`}`

Initial new web interfaces 2019-05-27 18:01:53 +08:00			`// validateSession checks whether user session is still valid or not`
			`func (h handler) validateSession(r http.Request) error {`
Now session id can be put in cookie or http header 2019-08-13 23:13:38 +08:00			`sessionID := h.getSessionID(r)`
			`if sessionID == "" {`
			`return fmt.Errorf("session is not exist")`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`}`

			`// Make sure session is not expired yet`
Now session id can be put in cookie or http header 2019-08-13 23:13:38 +08:00			`val, found := h.SessionCache.Get(sessionID)`
Add basic account level management 2019-08-12 20:57:18 +08:00			`if !found {`
Initial new web interfaces 2019-05-27 18:01:53 +08:00			`return fmt.Errorf("session has been expired")`
			`}`

Add basic account level management 2019-08-12 20:57:18 +08:00			`// If this is not get request, make sure it's owner`
			`if r.Method != "" && r.Method != "GET" {`
Initial support for subpath #39 2019-10-07 14:38:40 +08:00			`if account := val.(model.Account); !account.Owner {`
Add basic account level management 2019-08-12 20:57:18 +08:00			`return fmt.Errorf("account level is not sufficient")`
			`}`
			`}`

Initial new web interfaces 2019-05-27 18:01:53 +08:00			`return nil`
			`}`