func rpcMuxHandler(main http.Handler, rpch http.Handler, authKey string) http.Handler {
corsHandler := cors.Allow(&cors.Options{
AllowAllOrigins: true,
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: true,
MaxAge: time.Hour,
})
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
corsHandler(w, r)
if r.URL.Path == "/ping" || r.Method == "OPTIONS" {
w.WriteHeader(200)
return
}
_, password, _ := parseBasicAuth(r.Header)
if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") {
password = r.URL.Query().Get("key")
}
if len(password) != len(authKey) || subtle.ConstantTimeCompare([]byte(password), []byte(authKey)) != 1 {
w.WriteHeader(401)
return
}
if r.URL.Path == rpcplus.DefaultRPCPath {
rpch.ServeHTTP(w, r)
} else {
main.ServeHTTP(w, r)
}
})
}
func corsHandler(corsOptions *cors.Options) http.HandlerFunc {
defaultCorsHandler := cors.Allow(corsOptions)
return func(w http.ResponseWriter, req *http.Request) {
origin := req.Header.Get("Origin")
if req.URL.Path == "/ping" && strings.HasPrefix(origin, "http://localhost:") {
cors.Allow(&cors.Options{
AllowOrigins: []string{origin},
AllowMethods: []string{"GET"},
AllowHeaders: corsOptions.AllowHeaders,
ExposeHeaders: corsOptions.ExposeHeaders,
AllowCredentials: corsOptions.AllowCredentials,
MaxAge: corsOptions.MaxAge,
})(w, req)
} else {
defaultCorsHandler(w, req)
}
}
}
func (api *httpAPI) CorsHandler(main http.Handler, addr string) http.Handler {
corsHandler := cors.Allow(&cors.Options{
AllowOrigins: []string{addr},
AllowMethods: []string{"GET", "POST"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: false,
MaxAge: time.Hour,
})
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
corsHandler(w, r)
main.ServeHTTP(w, r)
})
}
func APIHandler(conf *Config) http.Handler {
r := martini.NewRouter()
m := martini.New()
m.Use(martini.Logger())
m.Use(martini.Recovery())
m.Use(render.Renderer(render.Options{
Directory: conf.StaticPath,
Extensions: []string{".html"},
}))
m.Action(r.Handle)
m.Map(conf)
httpInterfaceURL := conf.InterfaceURL
if strings.HasPrefix(conf.InterfaceURL, "https") {
httpInterfaceURL = "http" + strings.TrimPrefix(conf.InterfaceURL, "https")
}
m.Use(cors.Allow(&cors.Options{
AllowOrigins: []string{conf.InterfaceURL, httpInterfaceURL},
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: true,
MaxAge: time.Hour,
}))
r.Group(conf.PathPrefix, func(r martini.Router) {
m.Use(reqHelperMiddleware)
r.Post("/user/sessions", binding.Json(LoginInfo{}), login)
r.Delete("/user/session", logout)
r.Get("/config", getConfig)
r.Get("/cert", getCert)
r.Any("/assets/dashboard.*.js", serveDashboardJs)
r.Any("/assets.*", martini.Static(filepath.Join(conf.StaticPath, "assets"), martini.StaticOptions{
Prefix: "/assets",
}))
r.Get("/.*", func(r render.Render) {
r.HTML(200, "dashboard", "")
})
})
return m
}
func (api *API) CorsHandler(main http.Handler) http.Handler {
httpInterfaceURL := api.conf.InterfaceURL
if strings.HasPrefix(api.conf.InterfaceURL, "https") {
httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https")
}
corsHandler := cors.Allow(&cors.Options{
AllowOrigins: []string{api.conf.InterfaceURL, httpInterfaceURL},
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: true,
MaxAge: time.Hour,
})
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" {
httphelper.CORSAllowAllHandler(w, req)
w.WriteHeader(200)
return
}
corsHandler(w, req)
main.ServeHTTP(w, req)
})
}
}
func IsValidationError(err error) bool {
return isJSONErrorWithCode(err, ValidationErrorCode)
}
// IsRetryableError indicates whether a HTTP request can be safely retried.
func IsRetryableError(err error) bool {
e, ok := err.(JSONError)
return ok && e.Retry
}
var CORSAllowAllHandler = cors.Allow(&cors.Options{
AllowAllOrigins: true,
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
ExposeHeaders: []string{"ETag"},
AllowCredentials: true,
MaxAge: time.Hour,
})
// Handler is an extended version of http.Handler that also takes a context
// argument ctx.
type Handler interface {
ServeHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request)
}
// The HandlerFunc type is an adapter to allow the use of ordinary functions as
// Handlers. If f is a function with the appropriate signature, HandlerFunc(f)
// is a Handler object that calls f.
type HandlerFunc func(context.Context, http.ResponseWriter, *http.Request)
