alpha/main.go

199 lines
4.5 KiB
Go
Raw Normal View History

package main
2022-05-25 02:25:42 +00:00
import (
2022-05-28 00:12:28 +00:00
"fmt"
"io"
2022-05-25 02:25:42 +00:00
"log"
"net/http"
2022-05-28 00:12:28 +00:00
"os"
"path/filepath"
"strconv"
2022-05-27 23:34:48 +00:00
"strings"
2022-05-25 02:25:42 +00:00
"time"
2022-05-29 23:47:13 +00:00
admintemplates "git.yetaga.in/alazyreader/alpha/admin_templates"
2022-05-25 02:25:42 +00:00
)
type SessionProvider interface {
Create(user User, expr time.Duration) (string, error)
Get(key string) (User, error)
Refresh(key string, user User, expr time.Duration) error
}
type PageProvider interface {
Page(key string) (*Page, error)
Save(key string, page *Page) error
}
2022-05-29 23:47:13 +00:00
type UserProvider interface {
Authenticate(name string, password string) (User, error)
}
2022-05-25 02:25:42 +00:00
type RootHandler struct {
2022-05-28 00:12:28 +00:00
Sessions SessionProvider
Pages PageProvider
2022-05-29 23:47:13 +00:00
Users UserProvider
Admin *AdminHandler
2022-05-28 00:12:28 +00:00
StaticDir string
2022-05-25 02:25:42 +00:00
}
2022-05-27 23:34:48 +00:00
type AdminHandler struct {
Sessions SessionProvider
}
func (h *AdminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("admin route"))
}
2022-05-29 23:47:13 +00:00
func (h *RootHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "GET":
// serve login form
w.Write([]byte(admintemplates.LoginPage))
case "POST":
// handle login request
r.ParseForm()
username := r.PostForm.Get("username")
password := r.PostForm.Get("password")
if username == "" {
h.ErrorHandle(http.StatusBadRequest, w)
return
}
user, err := h.Users.Authenticate(username, password)
if err != nil {
h.ErrorHandle(http.StatusForbidden, w)
return
}
sessionKey, err := h.Sessions.Create(user, time.Duration(time.Hour*24))
if err != nil {
h.ErrorHandle(http.StatusInternalServerError, w)
return
}
w.Header().Add("Set-Cookie", "alphasess="+sessionKey)
http.Redirect(w, r, "/admin", http.StatusFound)
default:
// anything else doesn't do anything
h.ErrorHandle(http.StatusMethodNotAllowed, w)
}
}
2022-05-25 02:25:42 +00:00
func (h *RootHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
2022-05-29 23:47:13 +00:00
// handle login route
if r.URL.Path == "/login" {
h.LoginHandler(w, r)
return
}
// hand off to admin router
2022-05-27 23:34:48 +00:00
if strings.HasPrefix(r.URL.Path, "/admin") {
2022-05-29 23:47:13 +00:00
if user, ok := h.IsLoggedIn(r); !ok {
http.Redirect(w, r, "/login", http.StatusFound)
return
} else if HasRole(user.Roles, "admin") {
h.Admin.ServeHTTP(w, r)
return
}
h.ErrorHandle(http.StatusForbidden, w)
2022-05-25 02:25:42 +00:00
return
}
2022-05-29 23:47:13 +00:00
2022-05-27 23:34:48 +00:00
// attempt to serve from the managed pages
2022-05-25 02:25:42 +00:00
page, err := h.Pages.Page(r.URL.Path)
2022-05-27 23:34:48 +00:00
if err == nil {
w.Write(page.Contents)
2022-05-25 02:25:42 +00:00
return
}
2022-05-27 23:34:48 +00:00
// fall back to serving out of the static directory, but:
// 1. prevent the generated indexes from rendering
if strings.HasSuffix(r.URL.Path, "/") {
2022-05-29 23:47:13 +00:00
h.ErrorHandle(http.StatusNotFound, w)
2022-05-27 23:34:48 +00:00
return
}
// 2. prevent hidden paths from rendering
for _, seg := range strings.Split(r.URL.Path, "/") {
if strings.HasPrefix(seg, ".") {
2022-05-29 23:47:13 +00:00
h.ErrorHandle(http.StatusNotFound, w)
2022-05-27 23:34:48 +00:00
return
}
}
2022-05-28 00:12:28 +00:00
// 3. catch files that would 404 and serve our own 404 page
if !staticFileExists(filepath.Join(h.StaticDir, r.URL.Path)) {
2022-05-29 23:47:13 +00:00
h.ErrorHandle(http.StatusNotFound, w)
2022-05-28 00:12:28 +00:00
return
}
2022-05-27 23:34:48 +00:00
// finally, use the built-in fileserver to serve
2022-05-28 00:12:28 +00:00
fs := http.FileServer(http.Dir(h.StaticDir))
2022-05-27 23:34:48 +00:00
fs.ServeHTTP(w, r)
2022-05-25 02:25:42 +00:00
}
2022-05-28 00:12:28 +00:00
func (h *RootHandler) ErrorHandle(status int, w http.ResponseWriter) {
f, err := os.Open(filepath.Join(h.StaticDir, strconv.Itoa(status)+".html"))
if err == nil {
w.WriteHeader(status)
_, err = io.Copy(w, f)
if err != nil {
fmt.Fprintf(w, "Internal Server Error while loading %d page\n", status)
}
return
}
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.Header().Set("X-Content-Type-Options", "nosniff")
2022-05-29 23:47:13 +00:00
w.WriteHeader(http.StatusNotFound)
2022-05-28 00:12:28 +00:00
fmt.Fprintf(w, "%d\n", status)
}
2022-05-29 23:47:13 +00:00
func (h *RootHandler) IsLoggedIn(r *http.Request) (User, bool) {
cookie, err := r.Cookie("alphasess")
if err != nil {
return User{}, false
}
user, err := h.Sessions.Get(cookie.Value)
return user, err == nil
}
func HasRole(roles []string, role string) bool {
for _, r := range roles {
if r == role {
return true
}
}
return false
}
2022-05-28 00:12:28 +00:00
func staticFileExists(name string) bool {
f, err := os.Open(name)
if err != nil {
return false
}
defer f.Close()
_, err = f.Stat()
return err == nil
}
func main() {
2022-05-29 23:47:13 +00:00
sessions := &Sessions{}
pages := &Index{}
users := &Userstore{}
users.Create("testuser", []string{"admin"}, "password")
2022-05-25 02:25:42 +00:00
handler := &RootHandler{
2022-05-29 23:47:13 +00:00
Sessions: sessions,
Pages: pages,
Users: users,
Admin: &AdminHandler{
Sessions: sessions,
},
2022-05-28 00:12:28 +00:00
StaticDir: "./static",
2022-05-25 02:25:42 +00:00
}
2022-05-29 23:47:13 +00:00
pages.Save("foo", &Page{
2022-05-25 02:25:42 +00:00
Contents: []byte("foobar"),
})
2022-05-29 23:47:13 +00:00
pages.Save("index", &Page{
2022-05-27 23:34:48 +00:00
Contents: []byte("root"),
})
2022-05-29 23:47:13 +00:00
log.Printf("serving on http://localhost:8080")
2022-05-25 02:25:42 +00:00
err := http.ListenAndServe(":8080", handler)
log.Fatalf("server error: %v", err)
}