func (c *CORS) filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { headers := resp.Headers() origin := "*" if !c.allowAll { origin = req.GetHeader(_CORS_ORIGIN) if !c.allow(origin) { resp.StatusCode(http.StatusForbidden) return } } headers.Set(_CORS_ALLOWORIGIN, origin) headers.Set(_CORS_ALLOWMETHODS, c.methods) headers.Set(_CORS_ALLOWHEADERS, c.headers) headers.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials) if c.exposeHeaders != "" { headers.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders) } if c.preflightMaxage != "" { headers.Set(_CORS_MAXAGE, c.preflightMaxage) } chain(req, resp) }
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if req.ReqMethod() == zerver.METHOD_GET { chain(req, resp) return } reqId := req.GetHeader(ri.HeaderName) if reqId == "" { if ri.PassingOnNoId { chain(req, resp) } else { resp.StatusCode(http.StatusBadRequest) } } else { ip := http2.IpOfAddr(req.RemoteAddr()) id := ip + ":" + reqId if err := ri.Store.Save(id); err == ErrRequestIDExist { resp.StatusCode(http.StatusForbidden) } else if err != nil { ri.log.Warn(log.M{"msg": "save request id failed", "err": err.Error()}) } else { chain(req, resp) ri.Store.Remove(id) } } }
func Send(resp zerver.Response, key string, value interface{}, err error) { if err != nil { SendErr(resp, err) } else { resp.Send(key, value) } }
// Verify xsrf token, used as zerver.FilterFunc // // The reason not use "Filter" as function name is to prevent the Xsrf from used as both Component and Filter func (x *Xsrf) Verify(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if x.VerifyFor(req) { chain(req, resp) } else { resp.StatusCode(http.StatusBadRequest) } }
func ReportStatus(resp zerver.Response, status int, err error) { if err != nil { SendErr(resp, err) } else { resp.ReportStatus(status) } }
// Verify xsrf token, used as zerver.FilterFunc // // The reason not use "Filter" as function name is to prevent the Xsrf from used as both Component and Filter func (x *Xsrf) Verify(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if x.VerifyFor(req) { chain(req, resp) } else { resp.ReportBadRequest() resp.Send("error", x.Error) } }
func (j *JWTAuth) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if tokstr, basic := req.Authorization(); !basic && tokstr != "" { if tok, err := j.JWT.Parse(tokstr); err == nil { req.SetAttr(j.AuthTokenAttrName, tok) chain(req, resp) return } } resp.ReportUnauthorized() }
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { now := time2.Now() chain(req, resp) cost := time2.Now().Sub(now) l.log.Info(log.M{ "method": req.ReqMethod(), "url": req.URL().String(), "remote": req.RemoteAddr(), "userAgent": req.GetHeader(zerver.HEADER_USERAGENT), "cost": cost.String(), "statusCode": resp.StatusCode(0), }) }
func (ri *RequestId) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if req.Method() == "GET" { chain(req, resp) return } reqId := req.Header(ri.HeaderName) if reqId == "" { if ri.PassingOnNoId { chain(req, resp) } else { resp.ReportBadRequest() resp.Send("error", ri.Error) } } else { id := req.RemoteIP() + ":" + reqId if err := ri.Store.Save(id); err == ErrRequestIDExist { resp.ReportForbidden() resp.Send("error", ri.ErrorOverlap) } else if err != nil { ri.logger.Warnln(err) } else { chain(req, resp) ri.Store.Remove(id) } } }
func (h *Handler) Handle(req zerver.Request, resp zerver.Response) { req.Wrap(func(req *http.Request, shouldClose bool) (r *http.Request, c bool) { r, c = req, shouldClose err := req.ParseMultipartForm(h.MaxMemory) if err != nil { handle.SendErr(resp, handle.BadRequest(err)) return } if req.MultipartForm == nil || req.MultipartForm.File == nil { handle.SendErr(resp, h.ErrNoFile) return } files, has := req.MultipartForm.File[h.FileKey] if !has || len(files) == 0 { handle.SendErr(resp, h.ErrNoFile) return } file := convertFileHandler(files[0]) if !h.isSuffixSupported(filepath.Ext(file.Filename)) { handle.SendErr(resp, h.ErrNonImage) return } if file.Size() > h.MaxSize { handle.SendErr(resp, h.ErrTooLarge) return } fd, err := file.Open() if err != nil { handle.SendErr(resp, handle.BadRequest(err)) return } defer fd.Close() path, err := h.SaveImage(fd) if err != nil { handle.SendErr(resp, err) return } resp.Send(h.PathKey, path) return }) }
func (r *Recovery) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { defer func() { if err := recover(); err != nil { resp.StatusCode(http.StatusInternalServerError) buf := make([]byte, r.Bufsize) n := runtime.Stack(buf, false) buf = buf[:n] r.log.Raw(0, log.LEVEL_ERROR, string(buf)) return } }() chain(req, resp) }
func Compress(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { encoding := req.AcceptEncodings() if strings.Contains(encoding, zerver.ENCODING_GZIP) { resp.SetContentEncoding(zerver.ENCODING_GZIP) resp.Wrap(gzipWrapper) } else if strings.Contains(encoding, zerver.ENCODING_DEFLATE) { resp.SetContentEncoding(zerver.ENCODING_DEFLATE) resp.Wrap(flateWrapper) } else { chain(req, resp) return } chain(req, resp) resp.RemoveHeader("Content-Length") }
func (r *Recovery) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { defer func() { e := recover() if e == nil || r.NoStack { return } resp.ReportInternalServerError() buffer := bytes.NewBuffer(make([]byte, 0, r.Bufsize)) fmt.Fprint(buffer, e) buf := buffer.Bytes() runtime.Stack(buf[len(buf):cap(buf)], false) req.Logger().Errorln(unsafe2.String(buf[:cap(buf)])) }() chain(req, resp) }
func (j *JSONP) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if req.ReqMethod() != zerver.METHOD_GET { chain(req, resp) return } callback := req.Vars().QueryVar(j.CallbackVar) if callback == "" { chain(req, resp) return } buffer := bytes.NewBuffer(make([]byte, 0, 256)) bw := wrap.BuffRespWriter{ // to avoid write header 200 first when write callback name Buffer: buffer, } resp.Wrap(func(w http.ResponseWriter, shouldClose bool) (http.ResponseWriter, bool) { bw.ResponseWriter = w bw.ShouldClose = shouldClose return &bw, shouldClose }) chain(req, resp) bw.Buffer = nil _, err := io2.WriteString(resp, callback) if err == nil { _, err = io2.WriteString(resp, "(") if err == nil { _, err = resp.Write(buffer.Bytes()) if err == nil { _, err = io2.WriteString(resp, ")") } } } if err != nil { j.log.Warn(log.M{"msg": "write jsonp response failed", "err": err.Error()}) } }
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if l.CountTime { now := time2.Now() chain(req, resp) cost := time2.Now().Sub(now) l.logger.Infoln( cost.String(), resp.Status(), req.Method(), req.URL().Path, req.RemoteIP(), req.UserAgent()) } else { chain(req, resp) l.logger.Infoln( resp.Status(), req.Method(), req.URL().Path, req.RemoteIP(), req.UserAgent()) } }
func (l *Log) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if l.CountTime { nano := time.Now().UnixNano() chain(req, resp) nano = time.Now().UnixNano() - nano l.logger.Infoln( time2.ToHuman(nano), resp.Status(), req.Method(), req.URL().Path, req.RemoteIP(), req.UserAgent()) } else { chain(req, resp) l.logger.Infoln( resp.Status(), req.Method(), req.URL().Path, req.RemoteIP(), req.UserAgent()) } }
func SendErr(resp zerver.Response, err error) { if err == nil { panic("there is no error occurred") } switch e := errors.Unwrap(err).(type) { case httperrs.Error: resp.StatusCode(e.Code()) if e.Code() < int(httperrs.Server) { resp.Send(Error{e.Error()}) return } default: resp.Logger().Error(log.M{"msg": "internal server error", "error": err.Error()}) resp.StatusCode(http.StatusInternalServerError) } }
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { status := resp.StatusCode(0) if status == http.StatusNotFound { resp.Headers().Set("Location", path+"/options?from="+url.QueryEscape(req.URL().Path)) resp.StatusCode(http.StatusMovedPermanently) } else if status == http.StatusMethodNotAllowed { io2.WriteString(resp, "The pprof interface only support GET request\n") } else { chain(req, resp) } }
func SendErr(resp zerver.Response, err error) { switch err := err.(type) { case httperrs.Error: resp.ReportStatus(err.Code()) if err.Code() < int(httperrs.Server) { OnErrLog(resp.Send(KeyError, err.Error())) return } default: resp.ReportInternalServerError() } Logger.Errorln(err.Error()) }
// Create xsrf token, used as zerver.HandleFunc func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) { tokBytes, err := x.CreateFor(req) if err == nil { resp.ReportServiceUnavailable() return } if req.Method() == "POST" { resp.ReportCreated() } defer x.Pool.Put(tokBytes) x.logger.Warnln(resp.Send("tokBytes", tokBytes)) }
func SendErr(resp zerver.Response, err error) { switch err := errors.Unwrap(err).(type) { case httperrs.Error: resp.ReportStatus(err.Code()) if err.Code() < int(httperrs.Server) { if err := resp.Send(KeyError, err.Error()); err != nil { Logger.Errorln(err.Error()) } return } default: resp.ReportInternalServerError() } Logger.Errorln(err.Error()) }
// Create xsrf token, used as zerver.HandleFunc func (x *Xsrf) Create(req zerver.Request, resp zerver.Response) { tokBytes, err := x.CreateFor(req) if err == nil { resp.StatusCode(http.StatusServiceUnavailable) return } if req.ReqMethod() == "POST" { resp.StatusCode(http.StatusCreated) } defer x.Pool.Put(tokBytes) err = resp.Send(Token{string(tokBytes)}) if err != nil { x.log.Error(log.M{"msg": "send xsrf token", "err": err.Error()}) } }
func Compress(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { encoding := req.GetHeader(zerver.HEADER_ACCEPTENCODING) respHeaders := resp.Headers() if strings.Contains(encoding, zerver.ENCODING_GZIP) { respHeaders.Set(zerver.HEADER_CONTENTENCODING, zerver.ENCODING_GZIP) resp.Wrap(gzipWrapper) } else if strings.Contains(encoding, zerver.ENCODING_DEFLATE) { respHeaders.Set(zerver.HEADER_CONTENTENCODING, zerver.ENCODING_DEFLATE) resp.Wrap(flateWrapper) } else { chain(req, resp) return } chain(req, resp) respHeaders.Del(zerver.HEADER_CONTENTLENGTH) }
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) { origin := "*" if !c.allowAll { origin = req.GetHeader(_CORS_ORIGIN) if !c.allow(origin) { resp.StatusCode(http.StatusOK) return } } respHeaders := resp.Headers() respHeaders.Set(_CORS_ALLOWORIGIN, origin) upperMethod := strings.ToUpper(method) for _, m := range c.Methods { if m == upperMethod { respHeaders.Add(_CORS_ALLOWMETHODS, method) break } } for _, h := range strings2.SplitAndTrim(headers, ",") { for _, ch := range c.Headers { if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init respHeaders.Add(_CORS_ALLOWHEADERS, ch) break } } } respHeaders.Set(_CORS_ALLOWCREDENTIALS, c.allowCredentials) if c.exposeHeaders != "" { respHeaders.Set(_CORS_EXPOSEHEADERS, c.exposeHeaders) } if c.preflightMaxage != "" { respHeaders.Set(_CORS_MAXAGE, c.preflightMaxage) } resp.StatusCode(http.StatusOK) }
func (c *CORS) preflight(req zerver.Request, resp zerver.Response, method, headers string) { origin := "*" if !c.allowAll { origin = req.Header(_CORS_ORIGIN) if !c.allow(origin) { goto END } } resp.SetHeader(_CORS_ALLOWORIGIN, origin) method = strings.ToUpper(method) for _, m := range c.Methods { if m == method { resp.AddHeader(_CORS_ALLOWMETHODS, m) break } } for _, h := range strings2.SplitAndTrim(headers, ",") { for _, ch := range c.Headers { if strings.ToLower(h) == ch { // c.Headers already ToLowered when Init resp.AddHeader(_CORS_ALLOWHEADERS, ch) break } } } resp.SetHeader(_CORS_ALLOWCREDENTIALS, c.allowCredentials) if c.exposeHeaders != "" { resp.SetHeader(_CORS_EXPOSEHEADERS, c.exposeHeaders) } if c.preflightMaxage != "" { resp.SetHeader(_CORS_MAXAGE, c.preflightMaxage) } END: resp.ReportOK() }
func (h *Handler) Handle(req zerver.Request, resp zerver.Response) { req.Wrap(func(requ *http.Request, shouldClose bool) (r *http.Request, c bool) { r, c = requ, shouldClose err := requ.ParseMultipartForm(h.MaxMemory) if err != nil { handle.SendBadRequest(resp, err) return } if requ.MultipartForm == nil || requ.MultipartForm.File == nil { handle.SendErr(resp, h.ErrNoFile) return } files, has := requ.MultipartForm.File[h.FileKey] if !has || len(files) == 0 { handle.SendErr(resp, h.ErrNoFile) return } if len(h.Params) > 0 { for _, param := range h.Params { if vals := requ.MultipartForm.Value[param]; len(vals) != 0 { req.SetAttr(param, vals[0]) } } } if h.PreChecker != nil { if err = h.PreChecker(req); err != nil { handle.SendErr(resp, err) return } } file := convertFileHandler(files[0]) if !h.isSuffixSupported(filepath.Ext(file.Filename)) { handle.SendErr(resp, h.ErrNonImage) return } if file.Size() > h.MaxSize { handle.SendErr(resp, h.ErrTooLarge) return } fd, err := file.Open() if err != nil { handle.SendBadRequest(resp, err) return } defer fd.Close() if h.log.IsDebugEnable() { h.log.Debug(log.M{"msg": "file upload", "filename": fd.Filename(), "bytes": fd.Size()}) } path, err := h.SaveImage(fd, req) if err != nil { handle.SendErr(resp, err) return } if h.PostDo != nil { err := h.PostDo(req) if err != nil { h.log.Warn(log.M{"msg": "call post do failed", "err": err.Error()}) } } resp.Send(Path{path}) return }) }
func (j JSONP) Filter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { if req.Method() != "GET" { chain(req, resp) return } res, _ := req.ResourceMaster().Resource(resource.RES_JSON) if res == nil { resp.ReportNotAcceptable() return } callback := req.Param(string(j)) if callback == "" { resp.ReportBadRequest() resp.Send("error", "no callback function") return } resp.SetContentType(resource.RES_JSON, res) _, err := resp.WriteString(callback) if err != nil { goto ERROR } _, err = resp.WriteString("(") if err != nil { goto ERROR } chain(req, resp) _, err = resp.WriteString(")") if err == nil { return } ERROR: req.Logger().Warnln(err) }
func globalFilter(req zerver.Request, resp zerver.Response, chain zerver.FilterChain) { resp.SetContentType("text/plain", nil) if resp.Status() == http.StatusNotFound { resp.SetHeader("Location", path+"/options?from="+url.QueryEscape(req.URL().Path)) resp.ReportMovedPermanently() } else if resp.Status() == http.StatusMethodNotAllowed { resp.WriteString("The pprof interface only support GET request\n") } else { chain(req, resp) } }
func (h *Handler) Handle(req zerver.Request, resp zerver.Response) { req.Wrap(func(requ *http.Request, shouldClose bool) (r *http.Request, c bool) { r, c = requ, shouldClose err := requ.ParseMultipartForm(h.MaxMemory) if err != nil { handle.SendBadRequest(resp, err) return } if requ.MultipartForm == nil || requ.MultipartForm.File == nil { handle.SendErr(resp, h.ErrNoFile) return } files, has := requ.MultipartForm.File[h.FileKey] if !has || len(files) == 0 { handle.SendErr(resp, h.ErrNoFile) return } if len(h.Params) > 0 { for _, param := range h.Params { if vals := requ.MultipartForm.Value[param]; len(vals) != 0 { req.SetAttr(param, vals[0]) } } } if h.PreChecker != nil { if err = h.PreChecker(req); err != nil { handle.SendErr(resp, err) return } } file := convertFileHandler(files[0]) if !h.isSuffixSupported(filepath.Ext(file.Filename)) { handle.SendErr(resp, h.ErrNonImage) return } if file.Size() > h.MaxSize { handle.SendErr(resp, h.ErrTooLarge) return } fd, err := file.Open() if err != nil { handle.SendBadRequest(resp, err) return } defer fd.Close() h.logger.Debugf("upload file: %s, size: %s\n", fd.Filename(), bytesize.ToHuman(uint64(fd.Size()))) path, err := h.SaveImage(fd, req) if err != nil { handle.SendErr(resp, err) return } if h.PostDo != nil { err := h.PostDo(req) if err != nil { h.logger.Warnln("PostDo", err) } } resp.SetContentType(resource.RES_JSON, nil) resp.Send(h.PathKey, path) return }) }
func (NopMethodHandler) Patch(_ zerver.Request, resp zerver.Response) { resp.StatusCode(http.StatusMethodNotAllowed) }