2021-05-09 11:09:27 +00:00
|
|
|
// Package web contains web handlers and initialization stuff.
|
2021-05-09 10:42:12 +00:00
|
|
|
package web
|
|
|
|
|
|
|
|
import (
|
2022-04-02 16:58:57 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/backlinks"
|
2022-04-01 20:52:56 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/categories"
|
2022-04-09 08:28:57 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/help"
|
2022-04-23 20:35:36 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/hypview"
|
2022-04-02 06:38:16 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/misc"
|
2021-05-09 10:42:12 +00:00
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
|
2021-07-15 17:46:35 +00:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
|
2021-05-11 10:14:00 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/cfg"
|
2021-05-09 10:42:12 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/user"
|
2021-05-11 10:14:00 +00:00
|
|
|
"github.com/bouncepaw/mycorrhiza/util"
|
2021-05-09 10:42:12 +00:00
|
|
|
)
|
|
|
|
|
2021-10-01 17:34:56 +00:00
|
|
|
// Handler initializes and returns the HTTP router based on the configuration.
|
2021-07-15 17:46:35 +00:00
|
|
|
func Handler() http.Handler {
|
2021-07-15 18:14:05 +00:00
|
|
|
router := mux.NewRouter()
|
|
|
|
router.Use(func(next http.Handler) http.Handler {
|
2021-07-15 18:58:27 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
util.PrepareRq(rq)
|
2022-02-18 08:57:15 +00:00
|
|
|
w.Header().Add("Content-Security-Policy",
|
|
|
|
"default-src 'self' telegram.org *.telegram.org; "+
|
|
|
|
"img-src * data:; media-src *; style-src *; font-src * data:")
|
2021-07-15 18:58:27 +00:00
|
|
|
next.ServeHTTP(w, rq)
|
2021-07-15 17:46:35 +00:00
|
|
|
})
|
|
|
|
})
|
2021-07-15 18:58:27 +00:00
|
|
|
router.StrictSlash(true)
|
2021-07-15 17:46:35 +00:00
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
// Public routes. They're always accessible regardless of the user status.
|
2021-07-15 18:14:05 +00:00
|
|
|
initAuth(router)
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
// Wiki routes. They may be locked or restricted.
|
2021-07-15 18:14:05 +00:00
|
|
|
wikiRouter := router.PathPrefix("").Subrouter()
|
|
|
|
wikiRouter.Use(func(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
user := user.FromRequest(rq)
|
|
|
|
if !user.ShowLockMaybe(w, rq) {
|
|
|
|
next.ServeHTTP(w, rq)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
2021-07-15 17:46:35 +00:00
|
|
|
|
2021-07-15 18:14:05 +00:00
|
|
|
initReaders(wikiRouter)
|
|
|
|
initMutators(wikiRouter)
|
|
|
|
initHistory(wikiRouter)
|
2022-04-09 08:28:57 +00:00
|
|
|
help.InitHandlers(wikiRouter)
|
2022-04-02 16:58:57 +00:00
|
|
|
backlinks.InitHandlers(wikiRouter)
|
2022-04-01 22:01:54 +00:00
|
|
|
categories.InitHandlers(wikiRouter)
|
2022-04-02 06:38:16 +00:00
|
|
|
misc.InitHandlers(wikiRouter)
|
2022-04-23 20:35:36 +00:00
|
|
|
hypview.Init()
|
2021-05-09 11:09:27 +00:00
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
// Admin routes.
|
|
|
|
if cfg.UseAuth {
|
|
|
|
adminRouter := wikiRouter.PathPrefix("/admin").Subrouter()
|
|
|
|
adminRouter.Use(groupMiddleware("admin"))
|
|
|
|
initAdmin(adminRouter)
|
|
|
|
}
|
|
|
|
|
2021-06-12 13:51:28 +00:00
|
|
|
// Index page
|
2021-07-15 18:14:05 +00:00
|
|
|
wikiRouter.HandleFunc("/", func(w http.ResponseWriter, rq *http.Request) {
|
2021-07-15 17:46:35 +00:00
|
|
|
// Let's pray it never fails
|
|
|
|
addr, _ := url.Parse("/hypha/" + cfg.HomeHypha)
|
2021-07-15 18:14:05 +00:00
|
|
|
rq.URL = addr
|
|
|
|
handlerHypha(w, rq)
|
2021-05-09 10:42:12 +00:00
|
|
|
})
|
2021-07-15 17:46:35 +00:00
|
|
|
|
2021-07-15 18:14:05 +00:00
|
|
|
return router
|
2021-05-09 10:42:12 +00:00
|
|
|
}
|
2021-07-15 18:58:27 +00:00
|
|
|
|
|
|
|
func groupMiddleware(group string) func(http.Handler) http.Handler {
|
|
|
|
return func(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
if cfg.UseAuth && user.CanProceed(rq, group) {
|
|
|
|
next.ServeHTTP(w, rq)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: handle this better. Merge this code with all other
|
|
|
|
// authorization code in this project.
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
io.WriteString(w, "403 forbidden")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|