461 lines
11 KiB
Go
461 lines
11 KiB
Go
package server
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"html/template"
|
|
"io"
|
|
"log/slog"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/gorilla/mux"
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
"git.riou.xyz/jriou/coller/internal"
|
|
)
|
|
|
|
type PageData struct {
|
|
Title string
|
|
Version string
|
|
Expirations []int
|
|
Expiration int
|
|
Languages []string
|
|
Language string
|
|
Err error
|
|
URL string
|
|
Note *Note
|
|
EnablePasswordProtection bool
|
|
EnableUploadFileButton bool
|
|
AllowClientEncryptionKey bool
|
|
AllowNoEncryption bool
|
|
AceDirectory string
|
|
BootstrapDirectory string
|
|
DisableEditor bool
|
|
Password string // Not stored in the database
|
|
}
|
|
|
|
func WebError(w http.ResponseWriter, pageData PageData, templates *template.Template, templateName string, logger *slog.Logger, topLevelErr error, err error) {
|
|
// Only show the top-level error to users
|
|
pageData.Err = topLevelErr
|
|
|
|
// Show full error in the logs
|
|
if err != nil {
|
|
err = fmt.Errorf("%v: %w", topLevelErr, err)
|
|
} else {
|
|
err = pageData.Err
|
|
}
|
|
logger.Error(fmt.Sprintf("%v", err))
|
|
templates.ExecuteTemplate(w, templateName, pageData)
|
|
}
|
|
|
|
type HomeHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
}
|
|
|
|
func (h *HomeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.Templates.ExecuteTemplate(w, "index", h.PageData)
|
|
}
|
|
|
|
type CreateNoteWithFormHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
db *Database
|
|
maxUploadSize int64
|
|
}
|
|
|
|
func (h *CreateNoteWithFormHandler) TemplateName() string {
|
|
return "create"
|
|
}
|
|
|
|
func (h *CreateNoteWithFormHandler) Name() string {
|
|
return "CreateNoteWithFormHandler"
|
|
}
|
|
|
|
func (h *CreateNoteWithFormHandler) WebError(w http.ResponseWriter, logger *slog.Logger, topLevelErr error, err error) {
|
|
WebError(w, h.PageData, h.Templates, h.TemplateName(), logger, topLevelErr, err)
|
|
}
|
|
|
|
func (h *CreateNoteWithFormHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.PageData.Err = nil
|
|
|
|
logger := h.logger.With("handler", h.Name())
|
|
|
|
logger.Debug("parsing multipart form")
|
|
err := r.ParseMultipartForm(h.maxUploadSize)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotParseForm, err)
|
|
return
|
|
}
|
|
|
|
logger.Debug("parsing content")
|
|
content := []byte(r.FormValue("content"))
|
|
|
|
logger.Debug("parsing file")
|
|
file, handler, err := r.FormFile("file")
|
|
if err != nil && !errors.Is(err, http.ErrMissingFile) {
|
|
h.WebError(w, logger, ErrCouldNotParseFile, err)
|
|
return
|
|
}
|
|
|
|
if !errors.Is(err, http.ErrMissingFile) {
|
|
defer file.Close()
|
|
|
|
logger.Debug("checking file size")
|
|
if handler.Size > h.maxUploadSize {
|
|
h.WebError(w, logger, ErrFileTooLarge, err)
|
|
return
|
|
}
|
|
|
|
logger.Debug("checking file content type")
|
|
if !strings.HasPrefix(handler.Header.Get("Content-Type"), "text/") {
|
|
h.WebError(w, logger, ErrTextFileExpected, err)
|
|
return
|
|
}
|
|
|
|
logger.Debug("reading uploaded file")
|
|
var fileContent bytes.Buffer
|
|
n, err := io.Copy(&fileContent, file)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotReadFile, err)
|
|
return
|
|
}
|
|
|
|
logger.Debug("file uploaded", slog.Any("bytes", n))
|
|
if n != 0 {
|
|
content = fileContent.Bytes()
|
|
}
|
|
}
|
|
|
|
logger.Debug("checking content")
|
|
if content == nil || len(content) == 0 {
|
|
h.WebError(w, logger, ErrEmptyNote, nil)
|
|
return
|
|
}
|
|
|
|
logger.Debug("checking inputs")
|
|
password := r.FormValue("password")
|
|
noEncryption := r.FormValue("no-encryption")
|
|
encryptionKey := r.FormValue("encryption-key")
|
|
expiration := r.FormValue("expiration")
|
|
deleteAfterRead := r.FormValue("delete-after-read")
|
|
language := r.FormValue("language")
|
|
|
|
if !h.PageData.AllowNoEncryption && noEncryption != "" {
|
|
h.WebError(w, logger, ErrEncryptionRequired, nil)
|
|
return
|
|
}
|
|
|
|
if !h.PageData.AllowClientEncryptionKey && encryptionKey != "" {
|
|
h.WebError(w, logger, ErrClientEncryptionKeyNotAllowed, nil)
|
|
return
|
|
}
|
|
|
|
if !h.PageData.AllowClientEncryptionKey && encryptionKey == "" && noEncryption == "" {
|
|
logger.Debug("generating encryption key")
|
|
encryptionKey = internal.GenerateChars(encryptionKeyLength)
|
|
}
|
|
|
|
logger.Debug("computing expiration")
|
|
var expirationInt int
|
|
if expiration == "Expiration" {
|
|
expirationInt = 0
|
|
} else {
|
|
expirationInt, err = strconv.Atoi(expiration)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrInvalidExpiration, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
logger.Debug("saving note to the database")
|
|
note, err := h.db.Create(content, []byte(password), encryptionKey, encryptionKey != "", expirationInt, deleteAfterRead != "", language)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotCreateNote, err)
|
|
return
|
|
}
|
|
|
|
logger.Debug("building note url")
|
|
|
|
var scheme = "http://"
|
|
if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {
|
|
scheme = proto + "://"
|
|
} else if r.TLS != nil {
|
|
scheme = "https://"
|
|
}
|
|
|
|
h.PageData.URL = fmt.Sprintf("%s%s/%d.html", scheme, r.Host, note.ID)
|
|
if encryptionKey != "" {
|
|
h.PageData.URL += "#" + encryptionKey
|
|
}
|
|
|
|
logger.Debug("rendering page")
|
|
h.Templates.ExecuteTemplate(w, h.TemplateName(), h.PageData)
|
|
}
|
|
|
|
type GetRawWebNoteHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
db *Database
|
|
}
|
|
|
|
func (h *GetRawWebNoteHandler) TemplateName() string {
|
|
return "unprotectedNote"
|
|
}
|
|
|
|
func (h *GetRawWebNoteHandler) Name() string {
|
|
return "GetRawWebNoteHandler"
|
|
}
|
|
|
|
func (h *GetRawWebNoteHandler) WebError(w http.ResponseWriter, logger *slog.Logger, topLevelErr error, err error) {
|
|
WebError(w, h.PageData, h.Templates, h.TemplateName(), logger, topLevelErr, err)
|
|
}
|
|
|
|
func (h *GetRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.PageData.Err = nil
|
|
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
logger := h.logger.With("handler", h.Name(), "note_id", id)
|
|
|
|
logger.Debug("fetching note from the database")
|
|
note, err := h.db.Get(id)
|
|
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotFindNote, err)
|
|
return
|
|
}
|
|
|
|
if note == nil {
|
|
h.WebError(w, logger, ErrNoteDoesNotExist, err)
|
|
return
|
|
}
|
|
|
|
if note.Encrypted || len(note.PasswordHash) > 0 {
|
|
logger.Debug("rendering page")
|
|
h.PageData.Note = note
|
|
h.Templates.ExecuteTemplate(w, h.TemplateName(), h.PageData)
|
|
return
|
|
}
|
|
|
|
logger.Debug("returning content")
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.WriteHeader(http.StatusOK)
|
|
fmt.Fprint(w, string(note.Content))
|
|
}
|
|
|
|
type GetProtectedRawWebNoteHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
db *Database
|
|
maxUploadSize int64
|
|
}
|
|
|
|
func (h *GetProtectedRawWebNoteHandler) TemplateName() string {
|
|
return "protectedNote"
|
|
}
|
|
|
|
func (h *GetProtectedRawWebNoteHandler) Name() string {
|
|
return "GetProtectedRawWebNoteHandler"
|
|
}
|
|
|
|
func (h *GetProtectedRawWebNoteHandler) WebError(w http.ResponseWriter, logger *slog.Logger, topLevelErr error, err error) {
|
|
WebError(w, h.PageData, h.Templates, h.TemplateName(), logger, topLevelErr, err)
|
|
}
|
|
|
|
func (h *GetProtectedRawWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.PageData.Err = nil
|
|
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
logger := h.logger.With("handler", h.Name(), "note_id", id)
|
|
|
|
logger.Debug("parsing multipart form")
|
|
err := r.ParseMultipartForm(h.maxUploadSize)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotParseForm, err)
|
|
return
|
|
}
|
|
|
|
password := r.FormValue("password")
|
|
encryptionKey := r.FormValue("encryption-key")
|
|
|
|
logger.Debug("fetching note from the database")
|
|
note, err := h.db.Get(id)
|
|
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotFindNote, err)
|
|
return
|
|
}
|
|
|
|
if note == nil {
|
|
h.WebError(w, logger, ErrNoteDoesNotExist, nil)
|
|
return
|
|
}
|
|
|
|
if note.Encrypted {
|
|
if encryptionKey == "" {
|
|
h.WebError(w, logger, ErrEncryptionKeyNotFound, nil)
|
|
return
|
|
}
|
|
logger.Debug("decrypting content")
|
|
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotDecryptNote, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
if len(note.PasswordHash) > 0 {
|
|
logger.Debug("comparing password hashes")
|
|
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
|
h.WebError(w, logger, ErrInvalidPassword, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
logger.Debug("returning content")
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.WriteHeader(http.StatusOK)
|
|
fmt.Fprint(w, string(note.Content))
|
|
}
|
|
|
|
type GetWebNoteHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
db *Database
|
|
}
|
|
|
|
func (h *GetWebNoteHandler) TemplateName() string {
|
|
return "unprotectedNote"
|
|
}
|
|
|
|
func (h *GetWebNoteHandler) Name() string {
|
|
return "GetWebNoteHandler"
|
|
}
|
|
|
|
func (h *GetWebNoteHandler) WebError(w http.ResponseWriter, logger *slog.Logger, topLevelErr error, err error) {
|
|
WebError(w, h.PageData, h.Templates, h.TemplateName(), logger, topLevelErr, err)
|
|
}
|
|
|
|
func (h *GetWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.PageData.Err = nil
|
|
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
logger := h.logger.With("handler", h.Name(), "note_id", id)
|
|
|
|
note, err := h.db.Get(id)
|
|
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotFindNote, err)
|
|
return
|
|
}
|
|
|
|
if note == nil {
|
|
h.WebError(w, logger, ErrNoteDoesNotExist, nil)
|
|
return
|
|
}
|
|
|
|
h.PageData.Note = note
|
|
|
|
logger.Debug("rendering page")
|
|
h.Templates.ExecuteTemplate(w, h.TemplateName(), h.PageData)
|
|
}
|
|
|
|
type GetProtectedWebNoteHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
db *Database
|
|
maxUploadSize int64
|
|
}
|
|
|
|
func (h *GetProtectedWebNoteHandler) TemplateName() string {
|
|
return "protectedNote"
|
|
}
|
|
|
|
func (h *GetProtectedWebNoteHandler) Name() string {
|
|
return "GetProtectedWebNoteHandler"
|
|
}
|
|
|
|
func (h *GetProtectedWebNoteHandler) WebError(w http.ResponseWriter, logger *slog.Logger, topLevelErr error, err error) {
|
|
WebError(w, h.PageData, h.Templates, h.TemplateName(), logger, topLevelErr, err)
|
|
}
|
|
|
|
func (h *GetProtectedWebNoteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.PageData.Err = nil
|
|
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
logger := h.logger.With("handler", h.Name(), "note_id", id)
|
|
|
|
logger.Debug("parsing multipart form")
|
|
err := r.ParseMultipartForm(h.maxUploadSize)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotParseForm, err)
|
|
return
|
|
}
|
|
|
|
password := r.FormValue("password")
|
|
encryptionKey := r.FormValue("encryption-key")
|
|
|
|
note, err := h.db.Get(id)
|
|
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotFindNote, err)
|
|
return
|
|
}
|
|
|
|
if note == nil {
|
|
h.WebError(w, logger, ErrNoteDoesNotExist, nil)
|
|
return
|
|
}
|
|
|
|
if note.Encrypted {
|
|
if encryptionKey == "" {
|
|
h.WebError(w, logger, ErrEncryptionKeyNotFound, nil)
|
|
return
|
|
}
|
|
note.Content, err = internal.Decrypt(note.Content, encryptionKey)
|
|
if err != nil {
|
|
h.WebError(w, logger, ErrCouldNotDecryptNote, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
if len(note.PasswordHash) > 0 {
|
|
if err := bcrypt.CompareHashAndPassword(note.PasswordHash, []byte(password)); err != nil {
|
|
h.WebError(w, logger, ErrInvalidPassword, err)
|
|
return
|
|
}
|
|
}
|
|
|
|
h.PageData.Password = password
|
|
h.PageData.Note = note
|
|
|
|
logger.Debug("rendering page")
|
|
h.Templates.ExecuteTemplate(w, h.TemplateName(), h.PageData)
|
|
}
|
|
|
|
type ClientsHandler struct {
|
|
Templates *template.Template
|
|
PageData PageData
|
|
logger *slog.Logger
|
|
}
|
|
|
|
func (h *ClientsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
h.logger.Debug("rendering clients web page")
|
|
h.Templates.ExecuteTemplate(w, "clients", h.PageData)
|
|
}
|