// Verify xsrf token, used as zerver.FilterFunc
//
// The reason not use "Filter" as function name is to prevent the Xsrf from used as both Component and Filter
func (x *Xsrf) Verify(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
if x.VerifyFor(req) {
chain(req, resp)
} else {
resp.StatusCode(http.StatusBadRequest)
}
}
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
if req.ReqMethod() == zerver.METHOD_GET {
chain(req, resp)
return
}
reqId := req.GetHeader(ri.HeaderName)
if reqId == "" {
if ri.PassingOnNoId {
chain(req, resp)
} else {
resp.StatusCode(http.StatusBadRequest)
}
} else {
ip := http2.IpOfAddr(req.RemoteAddr())
id := ip + ":" + reqId
if err := ri.Store.Save(id); err == ErrRequestIDExist {
resp.StatusCode(http.StatusForbidden)
} else if err != nil {
ri.log.Warn(log.M{"msg": "save request id failed", "err": err.Error()})
} else {
chain(req, resp)
ri.Store.Remove(id)
}
}
}
func ReportStatus(resp zerver.Response, status int, err error) {
if err != nil {
SendErr(resp, err)
} else {
resp.StatusCode(status)
}
}
func (c *CORS) filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
headers := resp.Headers()
origin := "*"
if !c.allowAll {
origin = req.GetHeader(_CORS_ORIGIN)
if !c.allow(origin) {
resp.StatusCode(http.StatusForbidden)
return
}
}
headers.Set(_CORS_ALLOWORIGIN, origin)
headers.Set(_CORS_ALLOWMETHODS, c.methods)
headers.Set(_CORS_ALLOWHEADERS, c.headers)
headers.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
if c.exposeHeaders != "" {
headers.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
}
if c.preflightMaxage != "" {
headers.Set(_CORS_MAXAGE, c.preflightMaxage)
}
chain(req, resp)
}
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
status := resp.StatusCode(0)
if status == http.StatusNotFound {
resp.Headers().Set("Location", path+"/options?from="+url.QueryEscape(req.URL().Path))
resp.StatusCode(http.StatusMovedPermanently)
} else if status == http.StatusMethodNotAllowed {
io2.WriteString(resp, "The pprof interface only support GET request\n")
} else {
chain(req, resp)
}
}
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
now := time2.Now()
chain(req, resp)
cost := time2.Now().Sub(now)
l.log.Info(log.M{
"method": req.ReqMethod(),
"url": req.URL().String(),
"remote": req.RemoteAddr(),
"userAgent": req.GetHeader(zerver.HEADER_USERAGENT),
"cost": cost.String(),
"statusCode": resp.StatusCode(0),
})
}
func (r *Recovery) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
defer func() {
if err := recover(); err != nil {
resp.StatusCode(http.StatusInternalServerError)
buf := make([]byte, r.Bufsize)
n := runtime.Stack(buf, false)
buf = buf[:n]
r.log.Raw(0, log.LEVEL_ERROR, string(buf))
return
}
}()
chain(req, resp)
}
func SendErr(resp zerver.Response, err error) {
if err == nil {
panic("there is no error occurred")
}
switch e := errors.Unwrap(err).(type) {
case httperrs.Error:
resp.StatusCode(e.Code())
if e.Code() < int(httperrs.Server) {
resp.Send(Error{e.Error()})
return
}
default:
resp.Logger().Error(log.M{"msg": "internal server error", "error": err.Error()})
resp.StatusCode(http.StatusInternalServerError)
}
}
// Create xsrf token, used as zerver.HandleFunc
func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) {
tokBytes, err := x.CreateFor(req)
if err == nil {
resp.StatusCode(http.StatusServiceUnavailable)
return
}
if req.ReqMethod() == "POST" {
resp.StatusCode(http.StatusCreated)
}
defer x.Pool.Put(tokBytes)
err = resp.Send(Token{string(tokBytes)})
if err != nil {
x.log.Error(log.M{"msg": "send xsrf token", "err": err.Error()})
}
}
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) {
origin := "*"
if !c.allowAll {
origin = req.GetHeader(_CORS_ORIGIN)
if !c.allow(origin) {
resp.StatusCode(http.StatusOK)
return
}
}
respHeaders := resp.Headers()
respHeaders.Set(_CORS_ALLOWORIGIN, origin)
upperMethod := strings.ToUpper(method)
for _, m := range c.Methods {
if m == upperMethod {
respHeaders.Add(_CORS_ALLOWMETHODS, method)
break
}
}
for _, h := range strings2.SplitAndTrim(headers, ",") {
for _, ch := range c.Headers {
if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init
respHeaders.Add(_CORS_ALLOWHEADERS, ch)
break
}
}
}
respHeaders.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
if c.exposeHeaders != "" {
respHeaders.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
}
if c.preflightMaxage != "" {
respHeaders.Set(_CORS_MAXAGE, c.preflightMaxage)
}
resp.StatusCode(http.StatusOK)
}
func (NopMethodHandler) Patch(_ zerver.Request, resp zerver.Response) {
resp.StatusCode(http.StatusMethodNotAllowed)
}
