func New(conf *config.Config, db db.DB) (*Server, error) {
s := &Server{
config: conf,
db: db,
}
if !s.config.Server.Development {
tmpl, err := s.loadTemplates()
if err != nil {
return nil, err
}
s.tmpl = tmpl
}
n := negroni.Classic()
csrfHandler := csrf.Protect(
[]byte(s.config.Server.CSRFAuthKey),
csrf.Secure(!s.config.Server.Development),
csrf.FieldName("_csrf"),
)
n.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
csrfHandler(next).ServeHTTP(w, r)
})
n.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
handlers.HTTPMethodOverrideHandler(next).ServeHTTP(w, r)
})
n.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
handlers.CompressHandler(next).ServeHTTP(w, r)
})
n.UseFunc(s.userAuthMiddleware)
r := httprouter.New()
r.ServeFiles("/static/*filepath", http.Dir(path.Join(DataDir, "public")))
r.GET("/signin", s.wrapHandler(s.HandleGetSignIn))
r.POST("/signin", s.wrapHandler(s.HandlePostSignIn))
r.POST("/signout", s.wrapHandler(s.HandlePostSignOut))
r.GET("/logs", s.wrapHandler(s.HandleGetLogs))
r.POST("/logs", s.wrapHandler(s.HandlePostLog))
r.GET("/logs/:id/download", s.wrapHandler(s.HandleDownloadLog))
r.GET("/logs/:id", s.wrapHandler(s.HandleGetLog))
r.PATCH("/logs/:id", s.wrapHandler(s.HandlePatchLog))
r.DELETE("/logs/:id", s.wrapHandler(s.HandleDeleteLog))
r.GET("/", s.wrapHandler(s.HandleDashboard))
n.UseHandler(r)
s.handler = n
return s, nil
}
// ServeSSL serves cosgo on port 443 with attached key+cert
func (c *Cosgo) ServeSSL() {
go func() {
time.Sleep(100 * time.Millisecond)
log.Println("Cosgo: Serving TLS on", *sslport)
}()
log.Fatalln(http.ListenAndServeTLS(*sslport, *path2cert, *path2key,
csrf.Protect(c.antiCSRFkey,
csrf.HttpOnly(true),
csrf.FieldName(*cookie),
csrf.CookieName(*cookie),
csrf.Secure(true),
csrf.MaxAge(600),
csrf.ErrorHandler(http.HandlerFunc(csrfErrorHandler)),
)(c.r)))
}
// CreateAdminRouter creates the routes for handling requests to the web interface.
// This function returns an http.Handler to be used in http.ListenAndServe().
func CreateAdminRouter() http.Handler {
router := mux.NewRouter()
// Base Front-end routes
router.HandleFunc("/", Use(Base, mid.RequireLogin))
router.HandleFunc("/login", Login)
router.HandleFunc("/logout", Use(Logout, mid.RequireLogin))
router.HandleFunc("/campaigns", Use(Campaigns, mid.RequireLogin))
router.HandleFunc("/campaigns/{id:[0-9]+}", Use(CampaignID, mid.RequireLogin))
router.HandleFunc("/templates", Use(Templates, mid.RequireLogin))
router.HandleFunc("/users", Use(Users, mid.RequireLogin))
router.HandleFunc("/landing_pages", Use(LandingPages, mid.RequireLogin))
router.HandleFunc("/sending_profiles", Use(SendingProfiles, mid.RequireLogin))
router.HandleFunc("/register", Use(Register, mid.RequireLogin))
router.HandleFunc("/settings", Use(Settings, mid.RequireLogin))
// Create the API routes
api := router.PathPrefix("/api").Subrouter()
api = api.StrictSlash(true)
api.HandleFunc("/", Use(API, mid.RequireLogin))
api.HandleFunc("/reset", Use(API_Reset, mid.RequireLogin))
api.HandleFunc("/campaigns/", Use(API_Campaigns, mid.RequireAPIKey))
api.HandleFunc("/campaigns/{id:[0-9]+}", Use(API_Campaigns_Id, mid.RequireAPIKey))
api.HandleFunc("/campaigns/{id:[0-9]+}/results", Use(API_Campaigns_Id_Results, mid.RequireAPIKey))
api.HandleFunc("/campaigns/{id:[0-9]+}/complete", Use(API_Campaigns_Id_Complete, mid.RequireAPIKey))
api.HandleFunc("/groups/", Use(API_Groups, mid.RequireAPIKey))
api.HandleFunc("/groups/{id:[0-9]+}", Use(API_Groups_Id, mid.RequireAPIKey))
api.HandleFunc("/templates/", Use(API_Templates, mid.RequireAPIKey))
api.HandleFunc("/templates/{id:[0-9]+}", Use(API_Templates_Id, mid.RequireAPIKey))
api.HandleFunc("/pages/", Use(API_Pages, mid.RequireAPIKey))
api.HandleFunc("/pages/{id:[0-9]+}", Use(API_Pages_Id, mid.RequireAPIKey))
api.HandleFunc("/smtp/", Use(API_SMTP, mid.RequireAPIKey))
api.HandleFunc("/smtp/{id:[0-9]+}", Use(API_SMTP_Id, mid.RequireAPIKey))
api.HandleFunc("/util/send_test_email", Use(API_Send_Test_Email, mid.RequireAPIKey))
api.HandleFunc("/import/group", API_Import_Group)
api.HandleFunc("/import/email", API_Import_Email)
api.HandleFunc("/import/site", API_Import_Site)
// Setup static file serving
router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
// Setup CSRF Protection
csrfHandler := csrf.Protect([]byte(auth.GenerateSecureKey()),
csrf.FieldName("csrf_token"),
csrf.Secure(config.Conf.AdminConf.UseTLS))
csrfRouter := csrfHandler(router)
return Use(csrfRouter.ServeHTTP, mid.CSRFExceptions, mid.GetContext)
}
func main() {
r := mux.NewRouter()
// Set template and the delimeters
t := template.New("index")
t.Delims("<<<", ">>>")
temps = template.Must(t.ParseFiles("./views/index.html"))
CSRF := csrf.Protect(
[]byte(conf.CSRFKey),
csrf.RequestHeader("Request-Token"),
csrf.FieldName("request_token"),
csrf.Secure(!conf.Debug),
)
r.HandleFunc("/", indexHandler)
r.PathPrefix("/dist/").Handler(createStaticHandler("/dist/", "./dist/"))
r.HandleFunc("/save", api.SaveSnippet)
r.HandleFunc("/snippet/{id}", api.GetSnippet)
http.ListenAndServe(":"+conf.Port, CSRF(r))
}
func main() {
// Create the server, load mbox and fortunes and run initialize
cosgo := setup()
// Set all the needed /url paths
e := cosgo.route(cwd)
if e != nil {
log.Fatalln(e)
}
// Needs to be compiled with build tag 'debug' to be redefined, and -debug CLI flag to be activated
if *debug {
cosgo.debug()
}
cosgo.Bind = *bind
cosgo.Port = strconv.Itoa(*portnum)
log.Println("Refreshing every", *refreshTime)
go func() {
time.Sleep(100 * time.Millisecond)
log.Println("Listening on", cosgo.Bind+":"+cosgo.Port)
}()
// Try to bind
listener, binderr := net.Listen("tcp", cosgo.Bind+":"+cosgo.Port)
if binderr != nil {
log.Println(binderr)
os.Exit(1)
}
if cosgo.antiCSRFkey == nil {
cosgo.antiCSRFkey = anticsrfGen()
}
if *path2cert != *path2key {
go cosgo.ServeSSL()
}
// Is nolog enabled?
if *nolog {
*logfile = os.DevNull
}
// stdout or a filename
openLogFile()
// Start Serving
// Here we either use fastcgi or normal http server, using csrf and mux.
// with custom csrf error handler and 10 minute cookie.
if !*fastcgi {
go func() {
if listener != nil {
go http.Serve(listener,
csrf.Protect(cosgo.antiCSRFkey,
csrf.HttpOnly(true),
csrf.FieldName(*cookie),
csrf.CookieName(*cookie),
csrf.Secure(*secure), csrf.MaxAge(600), csrf.ErrorHandler(http.HandlerFunc(csrfErrorHandler)))(cosgo.r))
} else {
log.Fatalln("nil listener")
}
}()
} else {
go func() {
if listener != nil {
go fcgi.Serve(listener,
csrf.Protect(cosgo.antiCSRFkey,
csrf.HttpOnly(true),
csrf.FieldName(*cookie),
csrf.CookieName(*cookie),
csrf.Secure(*secure), csrf.MaxAge(600), csrf.ErrorHandler(http.HandlerFunc(csrfErrorHandler)))(cosgo.r))
} else {
log.Fatalln("nil listener")
}
}()
}
select {
// Fire up the cosgo engine
case <-time.After(*refreshTime):
cosgo.rw.Lock()
if *debug && !*quiet {
log.Println("Info: Generating Random 40 URL Key...")
}
t1 := time.Now()
// set a random URL key (40 char length).
kee := generateURLKey(40)
cosgo.URLKey = kee
if *debug && !*quiet {
log.Printf("Generated URL Key %q in %v", cosgo.URLKey, time.Now().Sub(t1))
}
cosgo.rw.Unlock()
// every X minutes change the URL key (default 42 minutes)
// break tests uncomment next line
//*refreshTime = time.Nanosecond
if !*quiet {
log.Printf("Uptime: %s (%s)", time.Since(timeboot), humanize(time.Since(timeboot)))
log.Printf("Hits: %v", hitcounter)
log.Printf("Messages: %v", inboxcount)
if *debug {
log.Printf("Port: %v", cosgo.Port)
}
if *path2cert != "" {
log.Println("TLS: ON")
}
}
}
}