func rpcMuxHandler(main http.Handler, rpch http.Handler, authKey string) http.Handler { corsHandler := cors.Allow(&cors.Options{ AllowAllOrigins: true, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: true, MaxAge: time.Hour, }) return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { corsHandler(w, r) if r.URL.Path == "/ping" || r.Method == "OPTIONS" { w.WriteHeader(200) return } _, password, _ := parseBasicAuth(r.Header) if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") { password = r.URL.Query().Get("key") } if len(password) != len(authKey) || subtle.ConstantTimeCompare([]byte(password), []byte(authKey)) != 1 { w.WriteHeader(401) return } if r.URL.Path == rpcplus.DefaultRPCPath { rpch.ServeHTTP(w, r) } else { main.ServeHTTP(w, r) } }) }
func corsHandler(corsOptions *cors.Options) http.HandlerFunc { defaultCorsHandler := cors.Allow(corsOptions) return func(w http.ResponseWriter, req *http.Request) { origin := req.Header.Get("Origin") if req.URL.Path == "/ping" && strings.HasPrefix(origin, "http://localhost:") { cors.Allow(&cors.Options{ AllowOrigins: []string{origin}, AllowMethods: []string{"GET"}, AllowHeaders: corsOptions.AllowHeaders, ExposeHeaders: corsOptions.ExposeHeaders, AllowCredentials: corsOptions.AllowCredentials, MaxAge: corsOptions.MaxAge, })(w, req) } else { defaultCorsHandler(w, req) } } }
func (api *httpAPI) CorsHandler(main http.Handler, addr string) http.Handler { corsHandler := cors.Allow(&cors.Options{ AllowOrigins: []string{addr}, AllowMethods: []string{"GET", "POST"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: false, MaxAge: time.Hour, }) return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { corsHandler(w, r) main.ServeHTTP(w, r) }) }
func APIHandler(conf *Config) http.Handler { r := martini.NewRouter() m := martini.New() m.Use(martini.Logger()) m.Use(martini.Recovery()) m.Use(render.Renderer(render.Options{ Directory: conf.StaticPath, Extensions: []string{".html"}, })) m.Action(r.Handle) m.Map(conf) httpInterfaceURL := conf.InterfaceURL if strings.HasPrefix(conf.InterfaceURL, "https") { httpInterfaceURL = "http" + strings.TrimPrefix(conf.InterfaceURL, "https") } m.Use(cors.Allow(&cors.Options{ AllowOrigins: []string{conf.InterfaceURL, httpInterfaceURL}, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: true, MaxAge: time.Hour, })) r.Group(conf.PathPrefix, func(r martini.Router) { m.Use(reqHelperMiddleware) r.Post("/user/sessions", binding.Json(LoginInfo{}), login) r.Delete("/user/session", logout) r.Get("/config", getConfig) r.Get("/cert", getCert) r.Any("/assets/dashboard.*.js", serveDashboardJs) r.Any("/assets.*", martini.Static(filepath.Join(conf.StaticPath, "assets"), martini.StaticOptions{ Prefix: "/assets", })) r.Get("/.*", func(r render.Render) { r.HTML(200, "dashboard", "") }) }) return m }
func (api *API) CorsHandler(main http.Handler) http.Handler { httpInterfaceURL := api.conf.InterfaceURL if strings.HasPrefix(api.conf.InterfaceURL, "https") { httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https") } corsHandler := cors.Allow(&cors.Options{ AllowOrigins: []string{api.conf.InterfaceURL, httpInterfaceURL}, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: true, MaxAge: time.Hour, }) return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" { httphelper.CORSAllowAllHandler(w, req) w.WriteHeader(200) return } corsHandler(w, req) main.ServeHTTP(w, req) }) }
} func IsValidationError(err error) bool { return isJSONErrorWithCode(err, ValidationErrorCode) } // IsRetryableError indicates whether a HTTP request can be safely retried. func IsRetryableError(err error) bool { e, ok := err.(JSONError) return ok && e.Retry } var CORSAllowAllHandler = cors.Allow(&cors.Options{ AllowAllOrigins: true, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"}, ExposeHeaders: []string{"ETag"}, AllowCredentials: true, MaxAge: time.Hour, }) // Handler is an extended version of http.Handler that also takes a context // argument ctx. type Handler interface { ServeHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request) } // The HandlerFunc type is an adapter to allow the use of ordinary functions as // Handlers. If f is a function with the appropriate signature, HandlerFunc(f) // is a Handler object that calls f. type HandlerFunc func(context.Context, http.ResponseWriter, *http.Request)