aboutsummaryrefslogtreecommitdiff
path: root/service/transport.go
diff options
context:
space:
mode:
Diffstat (limited to 'service/transport.go')
-rw-r--r--service/transport.go253
1 files changed, 144 insertions, 109 deletions
diff --git a/service/transport.go b/service/transport.go
index 4518b1a..f7e31d6 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -1,25 +1,21 @@
package service
import (
- "context"
"encoding/json"
+ "fmt"
"log"
+ "mime/multipart"
"net/http"
"strconv"
"time"
"bloat/mastodon"
"bloat/model"
- "bloat/renderer"
"github.com/gorilla/mux"
)
const (
- sessionExp = 365 * 24 * time.Hour
-)
-
-const (
HTML int = iota
JSON
)
@@ -30,36 +26,16 @@ const (
CSRF
)
-type client struct {
- *mastodon.Client
- w http.ResponseWriter
- r *http.Request
- s model.Session
- csrf string
- ctx context.Context
- rctx *renderer.Context
-}
-
-func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
- http.SetCookie(w, &http.Cookie{
- Name: "session_id",
- Value: sid,
- Expires: time.Now().Add(exp),
- })
-}
-
-func writeJson(c *client, data interface{}) error {
- return json.NewEncoder(c.w).Encode(map[string]interface{}{
- "data": data,
- })
-}
-
-func redirect(c *client, url string) {
- c.w.Header().Add("Location", url)
- c.w.WriteHeader(http.StatusFound)
-}
+const csp = "default-src 'none';" +
+ " img-src *;" +
+ " media-src *;" +
+ " font-src *;" +
+ " child-src *;" +
+ " connect-src 'self';" +
+ " script-src 'self';" +
+ " style-src 'self'"
-func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
+func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
r := mux.NewRouter()
writeError := func(c *client, err error, t int, retry bool) {
@@ -75,16 +51,6 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
}
}
- authenticate := func(c *client, t int) error {
- var sid string
- if cookie, _ := c.r.Cookie("session_id"); cookie != nil {
- sid = cookie.Value
- }
- csrf := c.r.FormValue("csrf_token")
- ref := c.r.URL.RequestURI()
- return s.authenticate(c, sid, csrf, ref, t)
- }
-
handle := func(f func(c *client) error, at int, rt int) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) {
var err error
@@ -94,26 +60,35 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
r: req,
}
- defer func(begin time.Time) {
- logger.Printf("path=%s, err=%v, took=%v\n",
- req.URL.Path, err, time.Since(begin))
- }(time.Now())
+ if verbose {
+ defer func(begin time.Time) {
+ log.Printf("path=%s, err=%v, took=%v\n",
+ req.URL.Path, err, time.Since(begin))
+ }(time.Now())
+ }
- var ct string
+ h := c.w.Header()
switch rt {
case HTML:
- ct = "text/html; charset=utf-8"
+ h.Set("Content-Type", "text/html; charset=utf-8")
+ h.Set("Content-Security-Policy", csp)
case JSON:
- ct = "application/json"
+ h.Set("Content-Type", "application/json")
}
- c.w.Header().Add("Content-Type", ct)
- err = authenticate(c, at)
+ err = c.authenticate(at, s.instance)
if err != nil {
writeError(c, err, rt, req.Method == http.MethodGet)
return
}
+ // Override the CSP header to allow custom CSS
+ if rt == HTML && len(c.s.Settings.CSS) > 0 &&
+ len(c.s.Settings.CSSHash) > 0 {
+ v := fmt.Sprintf("%s 'sha256-%s'", csp, c.s.Settings.CSSHash)
+ h.Set("Content-Security-Policy", v)
+ }
+
err = f(c)
if err != nil {
writeError(c, err, rt, req.Method == http.MethodGet)
@@ -123,16 +98,16 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
}
rootPage := handle(func(c *client) error {
- err := authenticate(c, SESSION)
+ err := c.authenticate(SESSION, "")
if err != nil {
if err == errInvalidSession {
- redirect(c, "/signin")
+ c.redirect("/signin")
return nil
}
return err
}
if !c.s.IsLoggedIn() {
- redirect(c, "/signin")
+ c.redirect("/signin")
return nil
}
return s.RootPage(c)
@@ -147,12 +122,12 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if !ok {
return s.SigninPage(c)
}
- url, sid, err := s.NewSession(c, instance)
+ url, sess, err := s.NewSession(c, instance)
if err != nil {
return err
}
- setSessionCookie(c.w, sid, sessionExp)
- redirect(c, url)
+ c.setSession(sess)
+ c.redirect(url)
return nil
}, NOAUTH, HTML)
@@ -167,7 +142,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
}, SESSION, HTML)
defaultTimelinePage := handle(func(c *client) error {
- redirect(c, "/timeline/home")
+ c.redirect("/timeline/home")
return nil
}, SESSION, HTML)
@@ -217,6 +192,11 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
return s.UserSearchPage(c, id, sq, offset)
}, SESSION, HTML)
+ mutePage := handle(func(c *client) error {
+ id, _ := mux.Vars(c.r)["id"]
+ return s.MutePage(c, id)
+ }, SESSION, HTML)
+
aboutPage := handle(func(c *client) error {
return s.AboutPage(c)
}, SESSION, HTML)
@@ -241,14 +221,65 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
return s.FiltersPage(c)
}, SESSION, HTML)
+ profilePage := handle(func(c *client) error {
+ return s.ProfilePage(c)
+ }, SESSION, HTML)
+
+ profileUpdate := handle(func(c *client) error {
+ name := c.r.FormValue("name")
+ bio := c.r.FormValue("bio")
+ var avatar, banner *multipart.FileHeader
+ if f := c.r.MultipartForm.File["avatar"]; len(f) > 0 {
+ avatar = f[0]
+ }
+ if f := c.r.MultipartForm.File["banner"]; len(f) > 0 {
+ banner = f[0]
+ }
+ var fields []mastodon.Field
+ for i := 0; i < 16; i++ {
+ n := c.r.FormValue(fmt.Sprintf("field-name-%d", i))
+ v := c.r.FormValue(fmt.Sprintf("field-value-%d", i))
+ if len(n) == 0 {
+ continue
+ }
+ f := mastodon.Field{Name: n, Value: v}
+ fields = append(fields, f)
+ }
+ locked := c.r.FormValue("locked") == "true"
+ err := s.ProfileUpdate(c, name, bio, avatar, banner, fields, locked)
+ if err != nil {
+ return err
+ }
+ c.redirect("/")
+ return nil
+ }, CSRF, HTML)
+
+ profileDelAvatar := handle(func(c *client) error {
+ err := s.ProfileDelAvatar(c)
+ if err != nil {
+ return err
+ }
+ c.redirect(c.r.FormValue("referrer"))
+ return nil
+ }, CSRF, HTML)
+
+ profileDelBanner := handle(func(c *client) error {
+ err := s.ProfileDelBanner(c)
+ if err != nil {
+ return err
+ }
+ c.redirect(c.r.FormValue("referrer"))
+ return nil
+ }, CSRF, HTML)
+
signin := handle(func(c *client) error {
instance := c.r.FormValue("instance")
- url, sid, err := s.NewSession(c, instance)
+ url, sess, err := s.NewSession(c, instance)
if err != nil {
return err
}
- setSessionCookie(c.w, sid, sessionExp)
- redirect(c, url)
+ c.setSession(sess)
+ c.redirect(url)
return nil
}, NOAUTH, HTML)
@@ -259,7 +290,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, "/")
+ c.redirect("/")
return nil
}, SESSION, HTML)
@@ -287,7 +318,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
} else {
location = c.r.FormValue("referrer")
}
- redirect(c, location)
+ c.redirect(location)
return nil
}, CSRF, HTML)
@@ -301,7 +332,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -315,7 +346,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -329,7 +360,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -343,7 +374,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -355,7 +386,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+statusID)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + statusID)
return nil
}, CSRF, HTML)
@@ -371,7 +402,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -381,7 +412,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -391,7 +422,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -401,23 +432,19 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
mute := handle(func(c *client) error {
id, _ := mux.Vars(c.r)["id"]
- q := c.r.URL.Query()
- var notifications *bool
- if r, ok := q["notifications"]; ok && len(r) > 0 {
- notifications = new(bool)
- *notifications = r[0] == "true"
- }
- err := s.Mute(c, id, notifications)
+ notifications, _ := strconv.ParseBool(c.r.FormValue("notifications"))
+ duration, _ := strconv.Atoi(c.r.FormValue("duration"))
+ err := s.Mute(c, id, notifications, duration)
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect("/user/" + id)
return nil
}, CSRF, HTML)
@@ -427,7 +454,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -437,7 +464,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -447,7 +474,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -457,7 +484,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -467,7 +494,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -504,7 +531,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, "/")
+ c.redirect("/")
return nil
}, CSRF, HTML)
@@ -514,7 +541,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -524,7 +551,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -534,7 +561,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -545,7 +572,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -559,7 +586,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -573,7 +600,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
- redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+ c.redirect(c.r.FormValue("referrer") + "#status-" + id)
return nil
}, CSRF, HTML)
@@ -584,7 +611,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -594,7 +621,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -608,7 +635,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -618,7 +645,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -629,7 +656,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -648,7 +675,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
@@ -660,14 +687,17 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- redirect(c, c.r.FormValue("referrer"))
+ c.redirect(c.r.FormValue("referrer"))
return nil
}, CSRF, HTML)
signout := handle(func(c *client) error {
- s.Signout(c)
- setSessionCookie(c.w, "", 0)
- redirect(c, "/")
+ err := s.Signout(c)
+ if err != nil {
+ return err
+ }
+ c.unsetSession()
+ c.redirect("/")
return nil
}, CSRF, HTML)
@@ -677,7 +707,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- return writeJson(c, count)
+ return c.writeJson(count)
}, CSRF, JSON)
fUnlike := handle(func(c *client) error {
@@ -686,7 +716,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- return writeJson(c, count)
+ return c.writeJson(count)
}, CSRF, JSON)
fRetweet := handle(func(c *client) error {
@@ -695,7 +725,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- return writeJson(c, count)
+ return c.writeJson(count)
}, CSRF, JSON)
fUnretweet := handle(func(c *client) error {
@@ -704,7 +734,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
- return writeJson(c, count)
+ return c.writeJson(count)
}, CSRF, JSON)
r.HandleFunc("/", rootPage).Methods(http.MethodGet)
@@ -720,11 +750,16 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
r.HandleFunc("/user/{id}", userPage).Methods(http.MethodGet)
r.HandleFunc("/user/{id}/{type}", userPage).Methods(http.MethodGet)
r.HandleFunc("/usersearch/{id}", userSearchPage).Methods(http.MethodGet)
+ r.HandleFunc("/mute/{id}", mutePage).Methods(http.MethodGet)
r.HandleFunc("/about", aboutPage).Methods(http.MethodGet)
r.HandleFunc("/emojis", emojisPage).Methods(http.MethodGet)
r.HandleFunc("/search", searchPage).Methods(http.MethodGet)
r.HandleFunc("/settings", settingsPage).Methods(http.MethodGet)
r.HandleFunc("/filters", filtersPage).Methods(http.MethodGet)
+ r.HandleFunc("/profile", profilePage).Methods(http.MethodGet)
+ r.HandleFunc("/profile", profileUpdate).Methods(http.MethodPost)
+ r.HandleFunc("/profile/delavatar", profileDelAvatar).Methods(http.MethodPost)
+ r.HandleFunc("/profile/delbanner", profileDelBanner).Methods(http.MethodPost)
r.HandleFunc("/signin", signin).Methods(http.MethodPost)
r.HandleFunc("/oauth_callback", oauthCallback).Methods(http.MethodGet)
r.HandleFunc("/post", post).Methods(http.MethodPost)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 05:20:29 +0000