memos/server/server.go

package server

import (
	"fmt"
	"time"

	"github.com/usememos/memos/api"
	"github.com/usememos/memos/common"
	"github.com/usememos/memos/server/profile"
	"github.com/usememos/memos/store"

	"github.com/gorilla/securecookie"
	"github.com/gorilla/sessions"
	"github.com/labstack/echo-contrib/session"
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

type Server struct {
	e *echo.Echo

	Collector *MetricCollector

	Profile *profile.Profile

	Store *store.Store
}

func NewServer(profile *profile.Profile) *Server {
	e := echo.New()
	e.Debug = true
	e.HideBanner = true
	e.HidePort = true

	s := &Server{
		e:       e,
		Profile: profile,
	}

	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
		Format: `{"time":"${time_rfc3339}",` +
			`"method":"${method}","uri":"${uri}",` +
			`"status":${status},"error":"${error}"}` + "\n",
	}))

	e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
		Skipper:     s.OpenAPISkipper,
		TokenLookup: "cookie:_csrf",
	}))

	e.Use(middleware.CORS())

	e.Use(middleware.Secure())

	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
		Skipper:      middleware.DefaultSkipper,
		ErrorMessage: "Request timeout",
		Timeout:      30 * time.Second,
	}))

	embedFrontend(e)

	// In dev mode, set the const secret key to make signin session persistence.
	secret := []byte("usememos")
	if profile.Mode == "prod" {
		secret = securecookie.GenerateRandomKey(16)
	}
	e.Use(session.Middleware(sessions.NewCookieStore(secret)))

	rootGroup := e.Group("")
	s.registerRSSRoutes(rootGroup)

	webhookGroup := e.Group("/h")
	s.registerResourcePublicRoutes(webhookGroup)

	publicGroup := e.Group("/o")
	s.registerResourcePublicRoutes(publicGroup)
	s.registerGetterPublicRoutes(publicGroup)

	apiGroup := e.Group("/api")
	apiGroup.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
		return aclMiddleware(s, next)
	})
	s.registerSystemRoutes(apiGroup)
	s.registerAuthRoutes(apiGroup)
	s.registerUserRoutes(apiGroup)
	s.registerMemoRoutes(apiGroup)
	s.registerShortcutRoutes(apiGroup)
	s.registerResourceRoutes(apiGroup)
	s.registerTagRoutes(apiGroup)

	return s
}

func (server *Server) Run() error {
	return server.e.Start(fmt.Sprintf(":%d", server.Profile.Port))
}

func (server *Server) OpenAPISkipper(c echo.Context) bool {
	ctx := c.Request().Context()
	path := c.Path()

	// Skip auth.
	if common.HasPrefixes(path, "/api/auth") {
		return true
	}

	// If there is openId in query string and related user is found, then skip auth.
	openID := c.QueryParam("openId")
	if openID != "" {
		userFind := &api.UserFind{
			OpenID: &openID,
		}
		user, err := server.Store.FindUser(ctx, userFind)
		if err != nil && common.ErrorCode(err) != common.NotFound {
			return false
		}
		if user != nil {
			// Stores userID into context.
			c.Set(getUserIDContextKey(), user.ID)
			return true
		}
	}

	return false
}
refactor: backend 2022-02-03 15:32:03 +08:00			`package server`

			`import (`
			`"fmt"`
fix: resource api 2022-02-04 18:54:24 +08:00			`"time"`
refactor: backend 2022-02-03 15:32:03 +08:00
chore: add skipper in CSRF (#885) 2023-01-01 21:32:17 +08:00			`"github.com/usememos/memos/api"`
			`"github.com/usememos/memos/common"`
chore: rename module 2022-06-27 22:09:06 +08:00			`"github.com/usememos/memos/server/profile"`
			`"github.com/usememos/memos/store"`

fix: get session handler 2022-02-05 17:04:23 +08:00			`"github.com/gorilla/securecookie"`
refactor: backend 2022-02-03 15:32:03 +08:00			`"github.com/gorilla/sessions"`
			`"github.com/labstack/echo-contrib/session"`
			`"github.com/labstack/echo/v4"`
			`"github.com/labstack/echo/v4/middleware"`
			`)`

			`type Server struct {`
			`e *echo.Echo`

feat: add metric plugin (#361) 2022-10-29 11:15:39 +08:00			`Collector *MetricCollector`

chore: update server profile 2022-05-22 09:29:34 +08:00			`Profile *profile.Profile`
feat: system api with profiles 2022-03-29 20:53:43 +08:00
refactor: store 2022-05-16 07:37:23 +08:00			`Store *store.Store`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`

chore: update server profile 2022-05-22 09:29:34 +08:00			`func NewServer(profile profile.Profile) Server {`
refactor: backend 2022-02-03 15:32:03 +08:00			`e := echo.New()`
			`e.Debug = true`
			`e.HideBanner = true`
chore: add greeting banner 2022-05-20 22:48:36 +08:00			`e.HidePort = true`
refactor: backend 2022-02-03 15:32:03 +08:00
chore: add skipper in CSRF (#885) 2023-01-01 21:32:17 +08:00			`s := &Server{`
			`e: e,`
			`Profile: profile,`
			`}`

fix: resource api 2022-02-04 18:54:24 +08:00			`e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{`
chore: update logger 2022-08-19 00:45:02 +08:00			Format: `{"time":"${time_rfc3339}",` +
			`"method":"${method}","uri":"${uri}",` +
			`"status":${status},"error":"${error}"}` + "\n",
fix: resource api 2022-02-04 18:54:24 +08:00			`}))`

chore: fix CSRF (#876) 2022-12-30 00:17:19 +08:00			`e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{`
chore: add skipper in CSRF (#885) 2023-01-01 21:32:17 +08:00			`Skipper: s.OpenAPISkipper,`
chore: fix CSRF (#876) 2022-12-30 00:17:19 +08:00			`TokenLookup: "cookie:_csrf",`
			`}))`

chore: use `cors` middleware 2022-07-30 14:52:37 +08:00			`e.Use(middleware.CORS())`

chore: update version to `0.9.1` (#882) 2022-12-31 15:40:53 +08:00			`e.Use(middleware.Secure())`

fix: resource api 2022-02-04 18:54:24 +08:00			`e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{`
			`Skipper: middleware.DefaultSkipper,`
			`ErrorMessage: "Request timeout",`
			`Timeout: 30 * time.Second,`
			`}))`

feat: use go embed 2022-07-10 09:02:56 +08:00			`embedFrontend(e)`
refactor: backend 2022-02-03 15:32:03 +08:00
refactor: visitor view (#107) * refactor: update api * refactor: visitor view * chore: update seed data 2022-07-07 23:11:20 +08:00			`// In dev mode, set the const secret key to make signin session persistence.`
chore: rename repo 2022-05-21 12:33:18 +08:00			`secret := []byte("usememos")`
chore: update mode flag 2022-05-02 09:40:25 +08:00			`if profile.Mode == "prod" {`
feat: const session secret key in dev 2022-03-29 07:30:29 +08:00			`secret = securecookie.GenerateRandomKey(16)`
			`}`
			`e.Use(session.Middleware(sessions.NewCookieStore(secret)))`
refactor: backend 2022-02-03 15:32:03 +08:00
feat: rss support (#343) * feat: rss support * chore: go mod tidy * chore: change route group prefix * Update server/server.go Co-authored-by: boojack <stevenlgtm@gmail.com> * Update server/rss.go Co-authored-by: boojack <stevenlgtm@gmail.com> Co-authored-by: boojack <stevenlgtm@gmail.com> 2022-10-26 20:13:02 +08:00			`rootGroup := e.Group("")`
			`s.registerRSSRoutes(rootGroup)`

feat: upgrade dev version to `0.8.1` (#656) * feat: upgrade version to `0.8.1` * chore: update 2022-12-02 21:09:11 +08:00			`webhookGroup := e.Group("/h")`
			`s.registerResourcePublicRoutes(webhookGroup)`

chore: update resource base url 2022-09-09 07:40:21 +08:00			`publicGroup := e.Group("/o")`
			`s.registerResourcePublicRoutes(publicGroup)`
chore: code clean (#516) 2022-11-21 23:23:05 +08:00			`s.registerGetterPublicRoutes(publicGroup)`
refactor: backend 2022-02-03 15:32:03 +08:00
			`apiGroup := e.Group("/api")`
			`apiGroup.Use(func(next echo.HandlerFunc) echo.HandlerFunc {`
chore: update acl middleware 2022-07-27 19:45:37 +08:00			`return aclMiddleware(s, next)`
refactor: backend 2022-02-03 15:32:03 +08:00			`})`
feat: system api with profiles 2022-03-29 20:53:43 +08:00			`s.registerSystemRoutes(apiGroup)`
refactor: backend 2022-02-03 15:32:03 +08:00			`s.registerAuthRoutes(apiGroup)`
			`s.registerUserRoutes(apiGroup)`
			`s.registerMemoRoutes(apiGroup)`
			`s.registerShortcutRoutes(apiGroup)`
			`s.registerResourceRoutes(apiGroup)`
feat: add `/api/tag` (#82) 2022-06-21 21:58:33 +08:00			`s.registerTagRoutes(apiGroup)`
refactor: backend 2022-02-03 15:32:03 +08:00
			`return s`
			`}`

			`func (server *Server) Run() error {`
feat: system api with profiles 2022-03-29 20:53:43 +08:00			`return server.e.Start(fmt.Sprintf(":%d", server.Profile.Port))`
refactor: backend 2022-02-03 15:32:03 +08:00			`}`
chore: add skipper in CSRF (#885) 2023-01-01 21:32:17 +08:00
			`func (server *Server) OpenAPISkipper(c echo.Context) bool {`
			`ctx := c.Request().Context()`
			`path := c.Path()`

			`// Skip auth.`
			`if common.HasPrefixes(path, "/api/auth") {`
			`return true`
			`}`

			`// If there is openId in query string and related user is found, then skip auth.`
			`openID := c.QueryParam("openId")`
			`if openID != "" {`
			`userFind := &api.UserFind{`
			`OpenID: &openID,`
			`}`
			`user, err := server.Store.FindUser(ctx, userFind)`
			`if err != nil && common.ErrorCode(err) != common.NotFound {`
			`return false`
			`}`
			`if user != nil {`
			`// Stores userID into context.`
			`c.Set(getUserIDContextKey(), user.ID)`
			`return true`
			`}`
			`}`

			`return false`
			`}`