Beispiel #1
0
// Verify xsrf token, used as zerver.FilterFunc
//
// The reason not use "Filter" as function name is to prevent the Xsrf from used as both Component and Filter
func (x *Xsrf) Verify(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if x.VerifyFor(req) {
		chain(req, resp)
	} else {
		resp.StatusCode(http.StatusBadRequest)
	}
}
Beispiel #2
0
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	if req.ReqMethod() == zerver.METHOD_GET {
		chain(req, resp)
		return
	}

	reqId := req.GetHeader(ri.HeaderName)
	if reqId == "" {
		if ri.PassingOnNoId {
			chain(req, resp)
		} else {
			resp.StatusCode(http.StatusBadRequest)
		}
	} else {
		ip := http2.IpOfAddr(req.RemoteAddr())
		id := ip + ":" + reqId
		if err := ri.Store.Save(id); err == ErrRequestIDExist {
			resp.StatusCode(http.StatusForbidden)
		} else if err != nil {
			ri.log.Warn(log.M{"msg": "save request id failed", "err": err.Error()})
		} else {
			chain(req, resp)
			ri.Store.Remove(id)
		}
	}
}
Beispiel #3
0
func ReportStatus(resp zerver.Response, status int, err error) {
	if err != nil {
		SendErr(resp, err)
	} else {
		resp.StatusCode(status)
	}
}
Beispiel #4
0
func (c *CORS) filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	headers := resp.Headers()
	origin := "*"
	if !c.allowAll {
		origin = req.GetHeader(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.StatusCode(http.StatusForbidden)
			return
		}
	}
	headers.Set(_CORS_ALLOWORIGIN, origin)

	headers.Set(_CORS_ALLOWMETHODS, c.methods)
	headers.Set(_CORS_ALLOWHEADERS, c.headers)

	headers.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		headers.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}
	if c.preflightMaxage != "" {
		headers.Set(_CORS_MAXAGE, c.preflightMaxage)
	}

	chain(req, resp)
}
Beispiel #5
0
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	status := resp.StatusCode(0)
	if status == http.StatusNotFound {
		resp.Headers().Set("Location", path+"/options?from="+url.QueryEscape(req.URL().Path))
		resp.StatusCode(http.StatusMovedPermanently)
	} else if status == http.StatusMethodNotAllowed {
		io2.WriteString(resp, "The pprof interface only support GET request\n")
	} else {
		chain(req, resp)
	}
}
Beispiel #6
0
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	now := time2.Now()
	chain(req, resp)
	cost := time2.Now().Sub(now)

	l.log.Info(log.M{
		"method":     req.ReqMethod(),
		"url":        req.URL().String(),
		"remote":     req.RemoteAddr(),
		"userAgent":  req.GetHeader(zerver.HEADER_USERAGENT),
		"cost":       cost.String(),
		"statusCode": resp.StatusCode(0),
	})
}
Beispiel #7
0
func (r *Recovery) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) {
	defer func() {
		if err := recover(); err != nil {
			resp.StatusCode(http.StatusInternalServerError)
			buf := make([]byte, r.Bufsize)
			n := runtime.Stack(buf, false)
			buf = buf[:n]

			r.log.Raw(0, log.LEVEL_ERROR, string(buf))
			return
		}
	}()

	chain(req, resp)
}
Beispiel #8
0
func SendErr(resp zerver.Response, err error) {
	if err == nil {
		panic("there is no error occurred")
	}
	switch e := errors.Unwrap(err).(type) {
	case httperrs.Error:
		resp.StatusCode(e.Code())
		if e.Code() < int(httperrs.Server) {
			resp.Send(Error{e.Error()})
			return
		}
	default:
		resp.Logger().Error(log.M{"msg": "internal server error", "error": err.Error()})
		resp.StatusCode(http.StatusInternalServerError)
	}
}
Beispiel #9
0
// Create xsrf token, used as zerver.HandleFunc
func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) {
	tokBytes, err := x.CreateFor(req)
	if err == nil {
		resp.StatusCode(http.StatusServiceUnavailable)
		return
	}

	if req.ReqMethod() == "POST" {
		resp.StatusCode(http.StatusCreated)
	}

	defer x.Pool.Put(tokBytes)
	err = resp.Send(Token{string(tokBytes)})
	if err != nil {
		x.log.Error(log.M{"msg": "send xsrf token", "err": err.Error()})
	}
}
Beispiel #10
0
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) {
	origin := "*"
	if !c.allowAll {
		origin = req.GetHeader(_CORS_ORIGIN)
		if !c.allow(origin) {
			resp.StatusCode(http.StatusOK)
			return
		}
	}

	respHeaders := resp.Headers()
	respHeaders.Set(_CORS_ALLOWORIGIN, origin)
	upperMethod := strings.ToUpper(method)

	for _, m := range c.Methods {
		if m == upperMethod {
			respHeaders.Add(_CORS_ALLOWMETHODS, method)
			break
		}
	}

	for _, h := range strings2.SplitAndTrim(headers, ",") {
		for _, ch := range c.Headers {
			if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init
				respHeaders.Add(_CORS_ALLOWHEADERS, ch)
				break
			}
		}
	}

	respHeaders.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials)
	if c.exposeHeaders != "" {
		respHeaders.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders)
	}

	if c.preflightMaxage != "" {
		respHeaders.Set(_CORS_MAXAGE, c.preflightMaxage)
	}

	resp.StatusCode(http.StatusOK)
}
Beispiel #11
0
func (NopMethodHandler) Patch(_ zerver.Request, resp zerver.Response) {
	resp.StatusCode(http.StatusMethodNotAllowed)
}