Exemplo n.º 1
0
func rpcMuxHandler(main http.Handler, rpch http.Handler, authKey string) http.Handler {
	corsHandler := cors.Allow(&cors.Options{
		AllowAllOrigins:  true,
		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
		AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
		ExposeHeaders:    []string{"ETag"},
		AllowCredentials: true,
		MaxAge:           time.Hour,
	})

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		corsHandler(w, r)
		if r.URL.Path == "/ping" || r.Method == "OPTIONS" {
			w.WriteHeader(200)
			return
		}
		_, password, _ := parseBasicAuth(r.Header)
		if password == "" && strings.Contains(r.Header.Get("Accept"), "text/event-stream") {
			password = r.URL.Query().Get("key")
		}
		if len(password) != len(authKey) || subtle.ConstantTimeCompare([]byte(password), []byte(authKey)) != 1 {
			w.WriteHeader(401)
			return
		}
		if r.URL.Path == rpcplus.DefaultRPCPath {
			rpch.ServeHTTP(w, r)
		} else {
			main.ServeHTTP(w, r)
		}
	})
}
Exemplo n.º 2
0
Arquivo: api.go Projeto: kuntenz/flynn
func corsHandler(corsOptions *cors.Options) http.HandlerFunc {
	defaultCorsHandler := cors.Allow(corsOptions)
	return func(w http.ResponseWriter, req *http.Request) {
		origin := req.Header.Get("Origin")
		if req.URL.Path == "/ping" && strings.HasPrefix(origin, "http://localhost:") {
			cors.Allow(&cors.Options{
				AllowOrigins:     []string{origin},
				AllowMethods:     []string{"GET"},
				AllowHeaders:     corsOptions.AllowHeaders,
				ExposeHeaders:    corsOptions.ExposeHeaders,
				AllowCredentials: corsOptions.AllowCredentials,
				MaxAge:           corsOptions.MaxAge,
			})(w, req)
		} else {
			defaultCorsHandler(w, req)
		}
	}
}
Exemplo n.º 3
0
func (api *httpAPI) CorsHandler(main http.Handler, addr string) http.Handler {
	corsHandler := cors.Allow(&cors.Options{
		AllowOrigins:     []string{addr},
		AllowMethods:     []string{"GET", "POST"},
		AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
		ExposeHeaders:    []string{"ETag"},
		AllowCredentials: false,
		MaxAge:           time.Hour,
	})
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		corsHandler(w, r)
		main.ServeHTTP(w, r)
	})
}
Exemplo n.º 4
0
func APIHandler(conf *Config) http.Handler {
	r := martini.NewRouter()
	m := martini.New()
	m.Use(martini.Logger())
	m.Use(martini.Recovery())
	m.Use(render.Renderer(render.Options{
		Directory:  conf.StaticPath,
		Extensions: []string{".html"},
	}))
	m.Action(r.Handle)

	m.Map(conf)

	httpInterfaceURL := conf.InterfaceURL
	if strings.HasPrefix(conf.InterfaceURL, "https") {
		httpInterfaceURL = "http" + strings.TrimPrefix(conf.InterfaceURL, "https")
	}

	m.Use(cors.Allow(&cors.Options{
		AllowOrigins:     []string{conf.InterfaceURL, httpInterfaceURL},
		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
		AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
		ExposeHeaders:    []string{"ETag"},
		AllowCredentials: true,
		MaxAge:           time.Hour,
	}))

	r.Group(conf.PathPrefix, func(r martini.Router) {
		m.Use(reqHelperMiddleware)
		r.Post("/user/sessions", binding.Json(LoginInfo{}), login)
		r.Delete("/user/session", logout)

		r.Get("/config", getConfig)
		r.Get("/cert", getCert)

		r.Any("/assets/dashboard.*.js", serveDashboardJs)

		r.Any("/assets.*", martini.Static(filepath.Join(conf.StaticPath, "assets"), martini.StaticOptions{
			Prefix: "/assets",
		}))

		r.Get("/.*", func(r render.Render) {
			r.HTML(200, "dashboard", "")
		})
	})

	return m
}
Exemplo n.º 5
0
Arquivo: api.go Projeto: BobbWu/flynn
func (api *API) CorsHandler(main http.Handler) http.Handler {
	httpInterfaceURL := api.conf.InterfaceURL
	if strings.HasPrefix(api.conf.InterfaceURL, "https") {
		httpInterfaceURL = "http" + strings.TrimPrefix(api.conf.InterfaceURL, "https")
	}
	corsHandler := cors.Allow(&cors.Options{
		AllowOrigins:     []string{api.conf.InterfaceURL, httpInterfaceURL},
		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
		AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
		ExposeHeaders:    []string{"ETag"},
		AllowCredentials: true,
		MaxAge:           time.Hour,
	})
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		if strings.HasSuffix(req.URL.Path, "/ping") || req.Method == "OPTIONS" {
			httphelper.CORSAllowAllHandler(w, req)
			w.WriteHeader(200)
			return
		}
		corsHandler(w, req)
		main.ServeHTTP(w, req)
	})
}
Exemplo n.º 6
0
}

func IsValidationError(err error) bool {
	return isJSONErrorWithCode(err, ValidationErrorCode)
}

// IsRetryableError indicates whether a HTTP request can be safely retried.
func IsRetryableError(err error) bool {
	e, ok := err.(JSONError)
	return ok && e.Retry
}

var CORSAllowAllHandler = cors.Allow(&cors.Options{
	AllowAllOrigins:  true,
	AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
	AllowHeaders:     []string{"Authorization", "Accept", "Content-Type", "If-Match", "If-None-Match"},
	ExposeHeaders:    []string{"ETag"},
	AllowCredentials: true,
	MaxAge:           time.Hour,
})

// Handler is an extended version of http.Handler that also takes a context
// argument ctx.
type Handler interface {
	ServeHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request)
}

// The HandlerFunc type is an adapter to allow the use of ordinary functions as
// Handlers.  If f is a function with the appropriate signature, HandlerFunc(f)
// is a Handler object that calls f.
type HandlerFunc func(context.Context, http.ResponseWriter, *http.Request)