diff --git a/admin.go b/admin.go index b2eab1f..696d4eb 100644 --- a/admin.go +++ b/admin.go @@ -1,432 +1,432 @@ /* * Copyright © 2018-2019 A Bunch Tell LLC. * * This file is part of WriteFreely. * * WriteFreely is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, included * in the LICENSE file in this source code package. */ package writefreely import ( "database/sql" "fmt" "github.com/gogits/gogs/pkg/tool" "github.com/gorilla/mux" "github.com/writeas/impart" "github.com/writeas/web-core/auth" "github.com/writeas/web-core/log" "github.com/writeas/writefreely/config" "net/http" "runtime" "strconv" "time" ) var ( appStartTime = time.Now() sysStatus systemStatus ) const adminUsersPerPage = 30 type systemStatus struct { Uptime string NumGoroutine int // General statistics. MemAllocated string // bytes allocated and still in use MemTotal string // bytes allocated (even if freed) MemSys string // bytes obtained from system (sum of XxxSys below) Lookups uint64 // number of pointer lookups MemMallocs uint64 // number of mallocs MemFrees uint64 // number of frees // Main allocation heap statistics. HeapAlloc string // bytes allocated and still in use HeapSys string // bytes obtained from system HeapIdle string // bytes in idle spans HeapInuse string // bytes in non-idle span HeapReleased string // bytes released to the OS HeapObjects uint64 // total number of allocated objects // Low-level fixed-size structure allocator statistics. // Inuse is bytes used now. // Sys is bytes obtained from system. StackInuse string // bootstrap stacks StackSys string MSpanInuse string // mspan structures MSpanSys string MCacheInuse string // mcache structures MCacheSys string BuckHashSys string // profiling bucket hash table GCSys string // GC metadata OtherSys string // other system allocations // Garbage collector statistics. NextGC string // next run in HeapAlloc time (bytes) LastGC string // last run in absolute time (ns) PauseTotalNs string PauseNs string // circular buffer of recent GC pause times, most recent at [(NumGC+255)%256] NumGC uint32 } type inspectedCollection struct { CollectionObj Followers int LastPost string } type instanceContent struct { ID string Type string Title sql.NullString Content string Updated time.Time } func (c instanceContent) UpdatedFriendly() string { /* // TODO: accept a locale in this method and use that for the format var loc monday.Locale = monday.LocaleEnUS return monday.Format(u.Created, monday.DateTimeFormatsByLocale[loc], loc) */ return c.Updated.Format("January 2, 2006, 3:04 PM") } func handleViewAdminDash(app *App, u *User, w http.ResponseWriter, r *http.Request) error { updateAppStats() p := struct { *UserPage SysStatus systemStatus Config config.AppCfg Message, ConfigMessage string }{ UserPage: NewUserPage(app, r, u, "Admin", nil), SysStatus: sysStatus, Config: app.cfg.App, Message: r.FormValue("m"), ConfigMessage: r.FormValue("cm"), } showUserPage(w, "admin", p) return nil } func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Request) error { p := struct { *UserPage Config config.AppCfg Message string Users *[]User CurPage int TotalUsers int64 TotalPages []int }{ UserPage: NewUserPage(app, r, u, "Users", nil), Config: app.cfg.App, Message: r.FormValue("m"), } p.TotalUsers = app.db.GetAllUsersCount() ttlPages := p.TotalUsers / adminUsersPerPage p.TotalPages = []int{} for i := 1; i <= int(ttlPages); i++ { p.TotalPages = append(p.TotalPages, i) } var err error p.CurPage, err = strconv.Atoi(r.FormValue("p")) if err != nil || p.CurPage < 1 { p.CurPage = 1 } else if p.CurPage > int(ttlPages) { p.CurPage = int(ttlPages) } p.Users, err = app.db.GetAllUsers(uint(p.CurPage)) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get users: %v", err)} } showUserPage(w, "users", p) return nil } func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error { vars := mux.Vars(r) username := vars["username"] if username == "" { return impart.HTTPError{http.StatusFound, "/admin/users"} } p := struct { *UserPage Config config.AppCfg Message string User *User Colls []inspectedCollection LastPost string TotalPosts int64 }{ Config: app.cfg.App, Message: r.FormValue("m"), Colls: []inspectedCollection{}, } var err error p.User, err = app.db.GetUserForAuth(username) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)} } p.UserPage = NewUserPage(app, r, u, p.User.Username, nil) p.TotalPosts = app.db.GetUserPostsCount(p.User.ID) lp, err := app.db.GetUserLastPostTime(p.User.ID) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's last post time: %v", err)} } if lp != nil { p.LastPost = lp.Format("January 2, 2006, 3:04 PM") } colls, err := app.db.GetCollections(p.User) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's collections: %v", err)} } for _, c := range *colls { ic := inspectedCollection{ CollectionObj: CollectionObj{Collection: c}, } if app.cfg.App.Federation { folls, err := app.db.GetAPFollowers(&c) if err == nil { // TODO: handle error here (at least log it) ic.Followers = len(*folls) } } app.db.GetPostsCount(&ic.CollectionObj, true) lp, err := app.db.GetCollectionLastPostTime(c.ID) if err != nil { log.Error("Didn't get last post time for collection %d: %v", c.ID, err) } if lp != nil { ic.LastPost = lp.Format("January 2, 2006, 3:04 PM") } p.Colls = append(p.Colls, ic) } showUserPage(w, "view-user", p) return nil } func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error { p := struct { *UserPage Config config.AppCfg Message string Pages []*instanceContent }{ UserPage: NewUserPage(app, r, u, "Pages", nil), Config: app.cfg.App, Message: r.FormValue("m"), } var err error p.Pages, err = app.db.GetInstancePages() if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get pages: %v", err)} } // Add in default pages var hasAbout, hasPrivacy bool for i, c := range p.Pages { if hasAbout && hasPrivacy { break } if c.ID == "about" { hasAbout = true if !c.Title.Valid { p.Pages[i].Title = defaultAboutTitle(app.cfg) } } else if c.ID == "privacy" { hasPrivacy = true if !c.Title.Valid { p.Pages[i].Title = defaultPrivacyTitle() } } } if !hasAbout { p.Pages = append(p.Pages, &instanceContent{ ID: "about", Title: defaultAboutTitle(app.cfg), Content: defaultAboutPage(app.cfg), Updated: defaultPageUpdatedTime, }) } if !hasPrivacy { p.Pages = append(p.Pages, &instanceContent{ ID: "privacy", Title: defaultPrivacyTitle(), Content: defaultPrivacyPolicy(app.cfg), Updated: defaultPageUpdatedTime, }) } showUserPage(w, "pages", p) return nil } func handleViewAdminPage(app *App, u *User, w http.ResponseWriter, r *http.Request) error { vars := mux.Vars(r) slug := vars["slug"] if slug == "" { return impart.HTTPError{http.StatusFound, "/admin/pages"} } p := struct { *UserPage Config config.AppCfg Message string Content *instanceContent }{ Config: app.cfg.App, Message: r.FormValue("m"), } var err error // Get pre-defined pages, or select slug if slug == "about" { p.Content, err = getAboutPage(app) } else if slug == "privacy" { p.Content, err = getPrivacyPage(app) } else { p.Content, err = app.db.GetDynamicContent(slug) } if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get page: %v", err)} } title := "New page" if p.Content != nil { title = "Edit " + p.Content.ID } else { p.Content = &instanceContent{} } p.UserPage = NewUserPage(app, r, u, title, nil) showUserPage(w, "view-page", p) return nil } func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Request) error { vars := mux.Vars(r) id := vars["page"] // Validate if id != "about" && id != "privacy" { return impart.HTTPError{http.StatusNotFound, "No such page."} } // Update page m := "" err := app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "page") if err != nil { m = "?m=" + err.Error() } return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m} } -func handleAdminUpdateConfig(app *App, u *User, w http.ResponseWriter, r *http.Request) error { - app.cfg.App.SiteName = r.FormValue("site_name") - app.cfg.App.SiteDesc = r.FormValue("site_desc") - app.cfg.App.OpenRegistration = r.FormValue("open_registration") == "on" +func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error { + apper.App().cfg.App.SiteName = r.FormValue("site_name") + apper.App().cfg.App.SiteDesc = r.FormValue("site_desc") + apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on" mul, err := strconv.Atoi(r.FormValue("min_username_len")) if err == nil { - app.cfg.App.MinUsernameLen = mul + apper.App().cfg.App.MinUsernameLen = mul } mb, err := strconv.Atoi(r.FormValue("max_blogs")) if err == nil { - app.cfg.App.MaxBlogs = mb + apper.App().cfg.App.MaxBlogs = mb } - app.cfg.App.Federation = r.FormValue("federation") == "on" - app.cfg.App.PublicStats = r.FormValue("public_stats") == "on" - app.cfg.App.Private = r.FormValue("private") == "on" - app.cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on" - if app.cfg.App.LocalTimeline && app.timeline == nil { + apper.App().cfg.App.Federation = r.FormValue("federation") == "on" + apper.App().cfg.App.PublicStats = r.FormValue("public_stats") == "on" + apper.App().cfg.App.Private = r.FormValue("private") == "on" + apper.App().cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on" + if apper.App().cfg.App.LocalTimeline && apper.App().timeline == nil { log.Info("Initializing local timeline...") - initLocalTimeline(app) + initLocalTimeline(apper.App()) } - app.cfg.App.UserInvites = r.FormValue("user_invites") - if app.cfg.App.UserInvites == "none" { - app.cfg.App.UserInvites = "" + apper.App().cfg.App.UserInvites = r.FormValue("user_invites") + if apper.App().cfg.App.UserInvites == "none" { + apper.App().cfg.App.UserInvites = "" } m := "?cm=Configuration+saved." - err = config.Save(app.cfg, app.cfgFile) + err = apper.SaveConfig(apper.App().cfg) if err != nil { m = "?cm=" + err.Error() } return impart.HTTPError{http.StatusFound, "/admin" + m + "#config"} } func updateAppStats() { sysStatus.Uptime = tool.TimeSincePro(appStartTime) m := new(runtime.MemStats) runtime.ReadMemStats(m) sysStatus.NumGoroutine = runtime.NumGoroutine() sysStatus.MemAllocated = tool.FileSize(int64(m.Alloc)) sysStatus.MemTotal = tool.FileSize(int64(m.TotalAlloc)) sysStatus.MemSys = tool.FileSize(int64(m.Sys)) sysStatus.Lookups = m.Lookups sysStatus.MemMallocs = m.Mallocs sysStatus.MemFrees = m.Frees sysStatus.HeapAlloc = tool.FileSize(int64(m.HeapAlloc)) sysStatus.HeapSys = tool.FileSize(int64(m.HeapSys)) sysStatus.HeapIdle = tool.FileSize(int64(m.HeapIdle)) sysStatus.HeapInuse = tool.FileSize(int64(m.HeapInuse)) sysStatus.HeapReleased = tool.FileSize(int64(m.HeapReleased)) sysStatus.HeapObjects = m.HeapObjects sysStatus.StackInuse = tool.FileSize(int64(m.StackInuse)) sysStatus.StackSys = tool.FileSize(int64(m.StackSys)) sysStatus.MSpanInuse = tool.FileSize(int64(m.MSpanInuse)) sysStatus.MSpanSys = tool.FileSize(int64(m.MSpanSys)) sysStatus.MCacheInuse = tool.FileSize(int64(m.MCacheInuse)) sysStatus.MCacheSys = tool.FileSize(int64(m.MCacheSys)) sysStatus.BuckHashSys = tool.FileSize(int64(m.BuckHashSys)) sysStatus.GCSys = tool.FileSize(int64(m.GCSys)) sysStatus.OtherSys = tool.FileSize(int64(m.OtherSys)) sysStatus.NextGC = tool.FileSize(int64(m.NextGC)) sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000) sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000) sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000) sysStatus.NumGC = m.NumGC } func adminResetPassword(app *App, u *User, newPass string) error { hashedPass, err := auth.HashPass([]byte(newPass)) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)} } err = app.db.ChangePassphrase(u.ID, true, "", hashedPass) if err != nil { return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)} } return nil } diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go index 1ddb3da..484135d 100644 --- a/cmd/writefreely/main.go +++ b/cmd/writefreely/main.go @@ -1,142 +1,142 @@ /* * Copyright © 2018-2019 A Bunch Tell LLC. * * This file is part of WriteFreely. * * WriteFreely is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, included * in the LICENSE file in this source code package. */ package main import ( "flag" "fmt" "github.com/gorilla/mux" "github.com/writeas/web-core/log" "github.com/writeas/writefreely" "os" "strings" ) func main() { // General options usable with other commands debugPtr := flag.Bool("debug", false, "Enables debug logging.") configFile := flag.String("c", "config.ini", "The configuration file to use") // Setup actions createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits") doConfig := flag.Bool("config", false, "Run the configuration process") genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys") createSchema := flag.Bool("init-db", false, "Initialize app database") migrate := flag.Bool("migrate", false, "Migrate the database") // Admin actions createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password") createUser := flag.String("create-user", "", "Create a regular user with the given username:password") resetPassUser := flag.String("reset-pass", "", "Reset the given user's password") outputVersion := flag.Bool("v", false, "Output the current version") flag.Parse() app := writefreely.NewApp(*configFile) if *outputVersion { writefreely.OutputVersion() os.Exit(0) } else if *createConfig { err := writefreely.CreateConfig(app) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *doConfig { writefreely.DoConfig(app) os.Exit(0) } else if *genKeys { err := writefreely.GenerateKeyFiles(app) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *createSchema { err := writefreely.CreateSchema(app) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *createAdmin != "" { username, password, err := userPass(*createAdmin, true) if err != nil { log.Error(err.Error()) os.Exit(1) } err = writefreely.CreateUser(app, username, password, true) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *createUser != "" { username, password, err := userPass(*createUser, false) if err != nil { log.Error(err.Error()) os.Exit(1) } err = writefreely.CreateUser(app, username, password, false) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *resetPassUser != "" { err := writefreely.ResetPassword(app, *resetPassUser) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } else if *migrate { err := writefreely.Migrate(app) if err != nil { log.Error(err.Error()) os.Exit(1) } os.Exit(0) } // Initialize the application var err error app, err = writefreely.Initialize(app, *debugPtr) if err != nil { log.Error("%s", err) os.Exit(1) } // Set app routes r := mux.NewRouter() - app.InitRoutes(r) + writefreely.InitRoutes(app, r) app.InitStaticRoutes(r) // Serve the application writefreely.Serve(app, r) } func userPass(credStr string, isAdmin bool) (user string, pass string, err error) { creds := strings.Split(credStr, ":") if len(creds) != 2 { c := "user" if isAdmin { c = "admin" } err = fmt.Errorf("usage: writefreely --create-%s username:password", c) return } user = creds[0] pass = creds[1] return } diff --git a/handle.go b/handle.go index acde1a1..81a4823 100644 --- a/handle.go +++ b/handle.go @@ -1,648 +1,687 @@ /* - * Copyright © 2018 A Bunch Tell LLC. + * Copyright © 2018-2019 A Bunch Tell LLC. * * This file is part of WriteFreely. * * WriteFreely is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, included * in the LICENSE file in this source code package. */ package writefreely import ( "fmt" "html/template" "net/http" "net/url" "runtime/debug" "strconv" "strings" "time" "github.com/gorilla/sessions" "github.com/writeas/impart" "github.com/writeas/web-core/log" "github.com/writeas/writefreely/page" ) type UserLevel int const ( UserLevelNone UserLevel = iota // user or not -- ignored UserLevelOptional // user or not -- object fetched if user UserLevelNoneRequired // non-user (required) UserLevelUser // user (required) ) type ( - handlerFunc func(app *App, w http.ResponseWriter, r *http.Request) error - userHandlerFunc func(app *App, u *User, w http.ResponseWriter, r *http.Request) error - dataHandlerFunc func(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error) - authFunc func(app *App, r *http.Request) (*User, error) + handlerFunc func(app *App, w http.ResponseWriter, r *http.Request) error + userHandlerFunc func(app *App, u *User, w http.ResponseWriter, r *http.Request) error + userApperHandlerFunc func(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error + dataHandlerFunc func(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error) + authFunc func(app *App, r *http.Request) (*User, error) ) type Handler struct { errors *ErrorPages sessionStore *sessions.CookieStore - app *App + app Apper } // ErrorPages hold template HTML error pages for displaying errors to the user. // In each, there should be a defined template named "base". type ErrorPages struct { NotFound *template.Template Gone *template.Template InternalServerError *template.Template Blank *template.Template } // NewHandler returns a new Handler instance, using the given StaticPage data, // and saving alias to the application's CookieStore. -func NewHandler(app *App) *Handler { +func NewHandler(apper Apper) *Handler { h := &Handler{ errors: &ErrorPages{ NotFound: template.Must(template.New("").Parse("{{define \"base\"}}404

Not found.

{{end}}")), Gone: template.Must(template.New("").Parse("{{define \"base\"}}410

Gone.

{{end}}")), InternalServerError: template.Must(template.New("").Parse("{{define \"base\"}}500

Internal server error.

{{end}}")), Blank: template.Must(template.New("").Parse("{{define \"base\"}}{{.Title}}

{{.Content}}

{{end}}")), }, - sessionStore: app.sessionStore, - app: app, + sessionStore: apper.App().sessionStore, + app: apper, } return h } // NewWFHandler returns a new Handler instance, using WriteFreely template files. // You MUST call writefreely.InitTemplates() before this. -func NewWFHandler(app *App) *Handler { - h := NewHandler(app) +func NewWFHandler(apper Apper) *Handler { + h := NewHandler(apper) h.SetErrorPages(&ErrorPages{ NotFound: pages["404-general.tmpl"], Gone: pages["410.tmpl"], InternalServerError: pages["500.tmpl"], Blank: pages["blank.tmpl"], }) return h } // SetErrorPages sets the given set of ErrorPages as templates for any errors // that come up. func (h *Handler) SetErrorPages(e *ErrorPages) { h.errors = e } // User handles requests made in the web application by the authenticated user. // This provides user-friendly HTML pages and actions that work in the browser. func (h *Handler) User(f userHandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { log.Error("%s: %s", e, debug.Stack()) - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = http.StatusInternalServerError } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() - u := getUserSession(h.app, r) + u := getUserSession(h.app.App(), r) if u == nil { err := ErrNotLoggedIn status = err.Status return err } - err := f(h.app, u, w, r) + err := f(h.app.App(), u, w, r) if err == nil { status = http.StatusOK } else if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = http.StatusInternalServerError } return err }()) } } // Admin handles requests on /admin routes func (h *Handler) Admin(f userHandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { log.Error("%s: %s", e, debug.Stack()) - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) + status = http.StatusInternalServerError + } + + log.Info(fmt.Sprintf("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent())) + }() + + u := getUserSession(h.app.App(), r) + if u == nil || !u.IsAdmin() { + err := impart.HTTPError{http.StatusNotFound, ""} + status = err.Status + return err + } + + err := f(h.app.App(), u, w, r) + if err == nil { + status = http.StatusOK + } else if err, ok := err.(impart.HTTPError); ok { + status = err.Status + } else { + status = http.StatusInternalServerError + } + + return err + }()) + } +} + +// AdminApper handles requests on /admin routes that require an Apper. +func (h *Handler) AdminApper(f userApperHandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + h.handleHTTPError(w, r, func() error { + var status int + start := time.Now() + + defer func() { + if e := recover(); e != nil { + log.Error("%s: %s", e, debug.Stack()) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = http.StatusInternalServerError } log.Info(fmt.Sprintf("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent())) }() - u := getUserSession(h.app, r) + u := getUserSession(h.app.App(), r) if u == nil || !u.IsAdmin() { err := impart.HTTPError{http.StatusNotFound, ""} status = err.Status return err } err := f(h.app, u, w, r) if err == nil { status = http.StatusOK } else if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = http.StatusInternalServerError } return err }()) } } // UserAPI handles requests made in the API by the authenticated user. // This provides user-friendly HTML pages and actions that work in the browser. func (h *Handler) UserAPI(f userHandlerFunc) http.HandlerFunc { return h.UserAll(false, f, func(app *App, r *http.Request) (*User, error) { // Authorize user from Authorization header t := r.Header.Get("Authorization") if t == "" { return nil, ErrNoAccessToken } u := &User{ID: app.db.GetUserID(t)} if u.ID == -1 { return nil, ErrBadAccessToken } return u, nil }) } func (h *Handler) UserAll(web bool, f userHandlerFunc, a authFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { handleFunc := func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { log.Error("%s: %s", e, debug.Stack()) impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."}) status = 500 } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() - u, err := a(h.app, r) + u, err := a(h.app.App(), r) if err != nil { if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = 500 } return err } - err = f(h.app, u, w, r) + err = f(h.app.App(), u, w, r) if err == nil { status = 200 } else if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = 500 } return err } if web { h.handleHTTPError(w, r, handleFunc()) } else { h.handleError(w, r, handleFunc()) } } } func (h *Handler) RedirectOnErr(f handlerFunc, loc string) handlerFunc { return func(app *App, w http.ResponseWriter, r *http.Request) error { err := f(app, w, r) if err != nil { if ie, ok := err.(impart.HTTPError); ok { // Override default redirect with returned error's, if it's a // redirect error. if ie.Status == http.StatusFound { return ie } } return impart.HTTPError{http.StatusFound, loc} } return nil } } func (h *Handler) Page(n string) http.HandlerFunc { return h.Web(func(app *App, w http.ResponseWriter, r *http.Request) error { t, ok := pages[n] if !ok { return impart.HTTPError{http.StatusNotFound, "Page not found."} } sp := pageForReq(app, r) err := t.ExecuteTemplate(w, "base", sp) if err != nil { log.Error("Unable to render page: %v", err) } return err }, UserLevelOptional) } func (h *Handler) WebErrors(f handlerFunc, ul UserLevel) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // TODO: factor out this logic shared with Web() h.handleHTTPError(w, r, func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { - u := getUserSession(h.app, r) + u := getUserSession(h.app.App(), r) username := "None" if u != nil { username = u.Username } log.Error("User: %s\n\n%s: %s", username, e, debug.Stack()) - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() var session *sessions.Session var err error if ul != UserLevelNone { session, err = h.sessionStore.Get(r, cookieName) if err != nil && (ul == UserLevelNoneRequired || ul == UserLevelUser) { // Cookie is required, but we can ignore this error log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul, err) } _, gotUser := session.Values[cookieUserVal].(*User) if ul == UserLevelNoneRequired && gotUser { to := correctPageFromLoginAttempt(r) log.Info("Handler: Required NO user, but got one. Redirecting to %s", to) err := impart.HTTPError{http.StatusFound, to} status = err.Status return err } else if ul == UserLevelUser && !gotUser { log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.") err := ErrNotLoggedIn status = err.Status return err } } // TODO: pass User object to function - err = f(h.app, w, r) + err = f(h.app.App(), w, r) if err == nil { status = 200 } else if httpErr, ok := err.(impart.HTTPError); ok { status = httpErr.Status if status < 300 || status > 399 { - addSessionFlash(h.app, w, r, httpErr.Message, session) + addSessionFlash(h.app.App(), w, r, httpErr.Message, session) return impart.HTTPError{http.StatusFound, r.Referer()} } } else { e := fmt.Sprintf("[Web handler] 500: %v", err) if !strings.HasSuffix(e, "write: broken pipe") { log.Error(e) } else { log.Error(e) } log.Info("Web handler internal error render") - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } return err }()) } } // Web handles requests made in the web application. This provides user- // friendly HTML pages and actions that work in the browser. func (h *Handler) Web(f handlerFunc, ul UserLevel) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { - u := getUserSession(h.app, r) + u := getUserSession(h.app.App(), r) username := "None" if u != nil { username = u.Username } log.Error("User: %s\n\n%s: %s", username, e, debug.Stack()) log.Info("Web deferred internal error render") - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() if ul != UserLevelNone { session, err := h.sessionStore.Get(r, cookieName) if err != nil && (ul == UserLevelNoneRequired || ul == UserLevelUser) { // Cookie is required, but we can ignore this error log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul, err) } _, gotUser := session.Values[cookieUserVal].(*User) if ul == UserLevelNoneRequired && gotUser { to := correctPageFromLoginAttempt(r) log.Info("Handler: Required NO user, but got one. Redirecting to %s", to) err := impart.HTTPError{http.StatusFound, to} status = err.Status return err } else if ul == UserLevelUser && !gotUser { log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.") err := ErrNotLoggedIn status = err.Status return err } } // TODO: pass User object to function - err := f(h.app, w, r) + err := f(h.app.App(), w, r) if err == nil { status = 200 } else if httpErr, ok := err.(impart.HTTPError); ok { status = httpErr.Status } else { e := fmt.Sprintf("[Web handler] 500: %v", err) log.Error(e) log.Info("Web internal error render") - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } return err }()) } } func (h *Handler) All(f handlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleError(w, r, func() error { // TODO: return correct "success" status status := 200 start := time.Now() defer func() { if e := recover(); e != nil { log.Error("%s:\n%s", e, debug.Stack()) impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "Something didn't work quite right."}) status = 500 } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() // TODO: do any needed authentication - err := f(h.app, w, r) + err := f(h.app.App(), w, r) if err != nil { if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = 500 } } return err }()) } } func (h *Handler) Download(f dataHandlerFunc, ul UserLevel) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { var status int start := time.Now() defer func() { if e := recover(); e != nil { log.Error("%s: %s", e, debug.Stack()) - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() - data, filename, err := f(h.app, w, r) + data, filename, err := f(h.app.App(), w, r) if err != nil { if err, ok := err.(impart.HTTPError); ok { status = err.Status } else { status = 500 } return err } ext := ".json" ct := "application/json" if strings.HasSuffix(r.URL.Path, ".csv") { ext = ".csv" ct = "text/csv" } else if strings.HasSuffix(r.URL.Path, ".zip") { ext = ".zip" ct = "application/zip" } w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s%s", filename, ext)) w.Header().Set("Content-Type", ct) w.Header().Set("Content-Length", strconv.Itoa(len(data))) fmt.Fprint(w, string(data)) status = 200 return nil }()) } } func (h *Handler) Redirect(url string, ul UserLevel) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { start := time.Now() var status int if ul != UserLevelNone { session, err := h.sessionStore.Get(r, cookieName) if err != nil && (ul == UserLevelNoneRequired || ul == UserLevelUser) { // Cookie is required, but we can ignore this error log.Error("Handler: Unable to get session (for user permission %d); ignoring: %v", ul, err) } _, gotUser := session.Values[cookieUserVal].(*User) if ul == UserLevelNoneRequired && gotUser { to := correctPageFromLoginAttempt(r) log.Info("Handler: Required NO user, but got one. Redirecting to %s", to) err := impart.HTTPError{http.StatusFound, to} status = err.Status return err } else if ul == UserLevelUser && !gotUser { log.Info("Handler: Required a user, but DIDN'T get one. Sending not logged in.") err := ErrNotLoggedIn status = err.Status return err } } status = sendRedirect(w, http.StatusFound, url) log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) return nil }()) } } func (h *Handler) handleHTTPError(w http.ResponseWriter, r *http.Request, err error) { if err == nil { return } if err, ok := err.(impart.HTTPError); ok { if err.Status >= 300 && err.Status < 400 { sendRedirect(w, err.Status, err.Message) return } else if err.Status == http.StatusUnauthorized { q := "" if r.URL.RawQuery != "" { q = url.QueryEscape("?" + r.URL.RawQuery) } sendRedirect(w, http.StatusFound, "/login?to="+r.URL.Path+q) return } else if err.Status == http.StatusGone { w.WriteHeader(err.Status) p := &struct { page.StaticPage Content *template.HTML }{ - StaticPage: pageForReq(h.app, r), + StaticPage: pageForReq(h.app.App(), r), } if err.Message != "" { co := template.HTML(err.Message) p.Content = &co } h.errors.Gone.ExecuteTemplate(w, "base", p) return } else if err.Status == http.StatusNotFound { w.WriteHeader(err.Status) - h.errors.NotFound.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.NotFound.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) return } else if err.Status == http.StatusInternalServerError { w.WriteHeader(err.Status) log.Info("handleHTTPErorr internal error render") - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) return } else if err.Status == http.StatusAccepted { impart.WriteSuccess(w, "", err.Status) return } else { p := &struct { page.StaticPage Title string Content template.HTML }{ - pageForReq(h.app, r), + pageForReq(h.app.App(), r), fmt.Sprintf("Uh oh (%d)", err.Status), template.HTML(fmt.Sprintf("

%s

", err.Message)), } h.errors.Blank.ExecuteTemplate(w, "base", p) return } impart.WriteError(w, err) return } impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."}) } func (h *Handler) handleError(w http.ResponseWriter, r *http.Request, err error) { if err == nil { return } if err, ok := err.(impart.HTTPError); ok { if err.Status >= 300 && err.Status < 400 { sendRedirect(w, err.Status, err.Message) return } // if strings.Contains(r.Header.Get("Accept"), "text/html") { impart.WriteError(w, err) // } return } if IsJSON(r.Header.Get("Content-Type")) { impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."}) return } - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) } func correctPageFromLoginAttempt(r *http.Request) string { to := r.FormValue("to") if to == "" { to = "/" } else if !strings.HasPrefix(to, "/") { to = "/" + to } return to } func (h *Handler) LogHandlerFunc(f http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { h.handleHTTPError(w, r, func() error { status := 200 start := time.Now() defer func() { if e := recover(); e != nil { log.Error("Handler.LogHandlerFunc\n\n%s: %s", e, debug.Stack()) - h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app, r)) + h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r)) status = 500 } // TODO: log actual status code returned log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent()) }() f(w, r) return nil }()) } } func sendRedirect(w http.ResponseWriter, code int, location string) int { w.Header().Set("Location", location) w.WriteHeader(code) return code } diff --git a/routes.go b/routes.go index a136970..13dd3a5 100644 --- a/routes.go +++ b/routes.go @@ -1,207 +1,207 @@ /* * Copyright © 2018-2019 A Bunch Tell LLC. * * This file is part of WriteFreely. * * WriteFreely is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, included * in the LICENSE file in this source code package. */ package writefreely import ( "github.com/gorilla/mux" "github.com/writeas/go-webfinger" "github.com/writeas/web-core/log" "github.com/writefreely/go-nodeinfo" "net/http" "path/filepath" "strings" ) // InitStaticRoutes adds routes for serving static files. // TODO: this should just be a func, not method func (app *App) InitStaticRoutes(r *mux.Router) { // Handle static files fs := http.FileServer(http.Dir(filepath.Join(app.cfg.Server.StaticParentDir, staticDir))) app.shttp = http.NewServeMux() app.shttp.Handle("/", fs) r.PathPrefix("/").Handler(fs) } // InitRoutes adds dynamic routes for the given mux.Router. -func (app *App) InitRoutes(r *mux.Router) *mux.Router { +func InitRoutes(apper Apper, r *mux.Router) *mux.Router { // Create handler - handler := NewWFHandler(app) + handler := NewWFHandler(apper) // Set up routes - hostSubroute := app.cfg.App.Host[strings.Index(app.cfg.App.Host, "://")+3:] - if app.cfg.App.SingleUser { + hostSubroute := apper.App().cfg.App.Host[strings.Index(apper.App().cfg.App.Host, "://")+3:] + if apper.App().cfg.App.SingleUser { hostSubroute = "{domain}" } else { if strings.HasPrefix(hostSubroute, "localhost") { hostSubroute = "localhost" } } - if app.cfg.App.SingleUser { + if apper.App().cfg.App.SingleUser { log.Info("Adding %s routes (single user)...", hostSubroute) } else { log.Info("Adding %s routes (multi-user)...", hostSubroute) } // Primary app routes write := r.PathPrefix("/").Subrouter() // Federation endpoint configurations - wf := webfinger.Default(wfResolver{app.db, app.cfg}) + wf := webfinger.Default(wfResolver{apper.App().db, apper.App().cfg}) wf.NoTLSHandler = nil // Federation endpoints // host-meta write.HandleFunc("/.well-known/host-meta", handler.Web(handleViewHostMeta, UserLevelOptional)) // webfinger write.HandleFunc(webfinger.WebFingerPath, handler.LogHandlerFunc(http.HandlerFunc(wf.Webfinger))) // nodeinfo - niCfg := nodeInfoConfig(app.db, app.cfg) - ni := nodeinfo.NewService(*niCfg, nodeInfoResolver{app.cfg, app.db}) + niCfg := nodeInfoConfig(apper.App().db, apper.App().cfg) + ni := nodeinfo.NewService(*niCfg, nodeInfoResolver{apper.App().cfg, apper.App().db}) write.HandleFunc(nodeinfo.NodeInfoPath, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfoDiscover))) write.HandleFunc(niCfg.InfoURL, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfo))) // Set up dyamic page handlers // Handle auth auth := write.PathPrefix("/api/auth/").Subrouter() - if app.cfg.App.OpenRegistration { + if apper.App().cfg.App.OpenRegistration { auth.HandleFunc("/signup", handler.All(apiSignup)).Methods("POST") } auth.HandleFunc("/login", handler.All(login)).Methods("POST") auth.HandleFunc("/read", handler.WebErrors(handleWebCollectionUnlock, UserLevelNone)).Methods("POST") auth.HandleFunc("/me", handler.All(handleAPILogout)).Methods("DELETE") // Handle logged in user sections me := write.PathPrefix("/me").Subrouter() me.HandleFunc("/", handler.Redirect("/me", UserLevelUser)) me.HandleFunc("/c", handler.Redirect("/me/c/", UserLevelUser)).Methods("GET") me.HandleFunc("/c/", handler.User(viewCollections)).Methods("GET") me.HandleFunc("/c/{collection}", handler.User(viewEditCollection)).Methods("GET") me.HandleFunc("/c/{collection}/stats", handler.User(viewStats)).Methods("GET") me.HandleFunc("/posts", handler.Redirect("/me/posts/", UserLevelUser)).Methods("GET") me.HandleFunc("/posts/", handler.User(viewArticles)).Methods("GET") me.HandleFunc("/posts/export.csv", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET") me.HandleFunc("/posts/export.zip", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET") me.HandleFunc("/posts/export.json", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET") me.HandleFunc("/export", handler.User(viewExportOptions)).Methods("GET") me.HandleFunc("/export.json", handler.Download(viewExportFull, UserLevelUser)).Methods("GET") me.HandleFunc("/settings", handler.User(viewSettings)).Methods("GET") me.HandleFunc("/invites", handler.User(handleViewUserInvites)).Methods("GET") me.HandleFunc("/logout", handler.Web(viewLogout, UserLevelNone)).Methods("GET") write.HandleFunc("/api/me", handler.All(viewMeAPI)).Methods("GET") apiMe := write.PathPrefix("/api/me/").Subrouter() apiMe.HandleFunc("/", handler.All(viewMeAPI)).Methods("GET") apiMe.HandleFunc("/posts", handler.UserAPI(viewMyPostsAPI)).Methods("GET") apiMe.HandleFunc("/collections", handler.UserAPI(viewMyCollectionsAPI)).Methods("GET") apiMe.HandleFunc("/password", handler.All(updatePassphrase)).Methods("POST") apiMe.HandleFunc("/self", handler.All(updateSettings)).Methods("POST") apiMe.HandleFunc("/invites", handler.User(handleCreateUserInvite)).Methods("POST") // Sign up validation write.HandleFunc("/api/alias", handler.All(handleUsernameCheck)).Methods("POST") // Handle collections write.HandleFunc("/api/collections", handler.All(newCollection)).Methods("POST") apiColls := write.PathPrefix("/api/collections/").Subrouter() apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.All(fetchCollection)).Methods("GET") apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.All(existingCollection)).Methods("POST", "DELETE") apiColls.HandleFunc("/{alias}/posts", handler.All(fetchCollectionPosts)).Methods("GET") apiColls.HandleFunc("/{alias}/posts", handler.All(newPost)).Methods("POST") apiColls.HandleFunc("/{alias}/posts/{post}", handler.All(fetchPost)).Methods("GET") apiColls.HandleFunc("/{alias}/posts/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST") apiColls.HandleFunc("/{alias}/posts/{post}/{property}", handler.All(fetchPostProperty)).Methods("GET") apiColls.HandleFunc("/{alias}/collect", handler.All(addPost)).Methods("POST") apiColls.HandleFunc("/{alias}/pin", handler.All(pinPost)).Methods("POST") apiColls.HandleFunc("/{alias}/unpin", handler.All(pinPost)).Methods("POST") apiColls.HandleFunc("/{alias}/inbox", handler.All(handleFetchCollectionInbox)).Methods("POST") apiColls.HandleFunc("/{alias}/outbox", handler.All(handleFetchCollectionOutbox)).Methods("GET") apiColls.HandleFunc("/{alias}/following", handler.All(handleFetchCollectionFollowing)).Methods("GET") apiColls.HandleFunc("/{alias}/followers", handler.All(handleFetchCollectionFollowers)).Methods("GET") // Handle posts write.HandleFunc("/api/posts", handler.All(newPost)).Methods("POST") posts := write.PathPrefix("/api/posts/").Subrouter() posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(fetchPost)).Methods("GET") posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST", "PUT") posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(deletePost)).Methods("DELETE") posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}/{property}", handler.All(fetchPostProperty)).Methods("GET") posts.HandleFunc("/claim", handler.All(addPost)).Methods("POST") posts.HandleFunc("/disperse", handler.All(dispersePost)).Methods("POST") write.HandleFunc("/auth/signup", handler.Web(handleWebSignup, UserLevelNoneRequired)).Methods("POST") write.HandleFunc("/auth/login", handler.Web(webLogin, UserLevelNoneRequired)).Methods("POST") write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET") write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET") write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET") write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET") write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET") - write.HandleFunc("/admin/update/config", handler.Admin(handleAdminUpdateConfig)).Methods("POST") + write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST") write.HandleFunc("/admin/update/{page}", handler.Admin(handleAdminUpdateSite)).Methods("POST") // Handle special pages first write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired)) write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelNoneRequired)).Methods("GET") // TODO: show a reader-specific 404 page if the function is disabled // TODO: change this based on configuration for either public or private-to-this-instance readPerm := UserLevelOptional write.HandleFunc("/read", handler.Web(viewLocalTimeline, readPerm)) RouteRead(handler, readPerm, write.PathPrefix("/read").Subrouter()) draftEditPrefix := "" - if app.cfg.App.SingleUser { + if apper.App().cfg.App.SingleUser { draftEditPrefix = "/d" write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET") } else { write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET") } // All the existing stuff write.HandleFunc(draftEditPrefix+"/{action}/edit", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET") write.HandleFunc(draftEditPrefix+"/{action}/meta", handler.Web(handleViewMeta, UserLevelOptional)).Methods("GET") // Collections - if app.cfg.App.SingleUser { + if apper.App().cfg.App.SingleUser { RouteCollections(handler, write.PathPrefix("/").Subrouter()) } else { write.HandleFunc("/{prefix:[@~$!\\-+]}{collection}", handler.Web(handleViewCollection, UserLevelOptional)) write.HandleFunc("/{collection}/", handler.Web(handleViewCollection, UserLevelOptional)) RouteCollections(handler, write.PathPrefix("/{prefix:[@~$!\\-+]?}{collection}").Subrouter()) // Posts } write.HandleFunc(draftEditPrefix+"/{post}", handler.Web(handleViewPost, UserLevelOptional)) write.HandleFunc("/", handler.Web(handleViewHome, UserLevelOptional)) return r } func RouteCollections(handler *Handler, r *mux.Router) { r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelOptional)) r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelOptional)) r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelOptional)) r.HandleFunc("/tags/{tag}", handler.Web(handleViewCollectionTag, UserLevelOptional)) r.HandleFunc("/sitemap.xml", handler.All(handleViewSitemap)) r.HandleFunc("/feed/", handler.All(ViewFeed)) r.HandleFunc("/{slug}", handler.Web(viewCollectionPost, UserLevelOptional)) r.HandleFunc("/{slug}/edit", handler.Web(handleViewPad, UserLevelUser)) r.HandleFunc("/{slug}/edit/meta", handler.Web(handleViewMeta, UserLevelUser)) r.HandleFunc("/{slug}/", handler.Web(handleCollectionPostRedirect, UserLevelOptional)).Methods("GET") } func RouteRead(handler *Handler, readPerm UserLevel, r *mux.Router) { r.HandleFunc("/api/posts", handler.Web(viewLocalTimelineAPI, readPerm)) r.HandleFunc("/p/{page}", handler.Web(viewLocalTimeline, readPerm)) r.HandleFunc("/feed/", handler.Web(viewLocalTimelineFeed, readPerm)) r.HandleFunc("/t/{tag}", handler.Web(viewLocalTimeline, readPerm)) r.HandleFunc("/a/{post}", handler.Web(handlePostIDRedirect, readPerm)) r.HandleFunc("/{author}", handler.Web(viewLocalTimeline, readPerm)) r.HandleFunc("/", handler.Web(viewLocalTimeline, readPerm)) }