package serve import ( "crypto/rand" "fmt" "html/template" "io/ioutil" "net/http" dt "github.com/RadhiFadlillah/shiori/database" jwt "github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go/request" ) // webHandler is handler for every API and routes to web page type webHandler struct { db dt.Database dataDir string jwtKey []byte tplCache *template.Template } // newWebHandler returns new webHandler func newWebHandler(db dt.Database, dataDir string) (*webHandler, error) { // Create JWT key jwtKey := make([]byte, 32) _, err := rand.Read(jwtKey) if err != nil { return nil, err } jwtKey = []byte("Test12345") // Create templates funcMap := template.FuncMap{ "html": func(s string) template.HTML { return template.HTML(s) }, } tplCache, err := createTemplate("cache.html", funcMap) if err != nil { return nil, err } // Create handler handler := &webHandler{ db: db, dataDir: dataDir, jwtKey: jwtKey, tplCache: tplCache, } return handler, nil } func (h *webHandler) checkToken(r *http.Request) error { tokenCookie, err := r.Cookie("token") if err != nil { return fmt.Errorf("Token does not exist") } token, err := jwt.Parse(tokenCookie.Value, h.jwtKeyFunc) if err != nil { return err } claims := token.Claims.(jwt.MapClaims) return claims.Valid() } func (h *webHandler) checkAPIToken(r *http.Request) error { token, err := request.ParseFromRequest(r, request.AuthorizationHeaderExtractor, h.jwtKeyFunc) if err != nil { return err } claims := token.Claims.(jwt.MapClaims) return claims.Valid() } func (h *webHandler) jwtKeyFunc(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method") } return h.jwtKey, nil } func createTemplate(filename string, funcMap template.FuncMap) (*template.Template, error) { // Open file src, err := assets.Open(filename) if err != nil { return nil, err } defer src.Close() // Read file content srcContent, err := ioutil.ReadAll(src) if err != nil { return nil, err } // Create template return template.New(filename).Funcs(funcMap).Parse(string(srcContent)) } func redirectPage(w http.ResponseWriter, r *http.Request, url string) { w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") w.Header().Set("Pragma", "no-cache") w.Header().Set("Expires", "0") http.Redirect(w, r, url, 301) }