func (sis *SiteinfoService) Register(srv *ab.Server) error { clientjs := make([]string, len(sis.BaseURLs)) for i, baseurl := range sis.BaseURLs { clientjs[i] = getClientJS(baseurl) } srv.Post("/api/siteinfo", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { d := siteInfoRequest{} ab.MustDecode(r, &d) db := ab.GetDB(r) info, err := sis.getFromDB(db, d.Url) ab.MaybeFail(http.StatusInternalServerError, err) if info.Empty() { info, err = sis.fetchAndSaveSiteinfo(db, d.Url, clientjs) if err != nil { if err == timeoutError { ab.Fail(http.StatusServiceUnavailable, err) } else { ab.Fail(http.StatusBadGateway, err) } } if info.Empty() { info, err = sis.getFromDB(db, d.Url) ab.MaybeFail(http.StatusInternalServerError, err) } } ab.Render(r).JSON(info) })) return nil }
func corsPreflightHandler(baseURL, httpOrigin string) http.Handler { baseurl, err := url.Parse(baseURL) if err != nil { panic(err) } httporigin, err := url.Parse(httpOrigin) if err != nil { panic(err) } return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { origin := r.Header.Get("Origin") method := r.Header.Get("Access-Control-Request-Method") headers := r.Header.Get("Access-Control-Request-Headers") ab.LogTrace(r).Printf("CORS %s %s %s", method, origin, headers) w.Header().Add("Vary", "Origin") w.Header().Add("Vary", "Access-Control-Request-Method") w.Header().Add("Vary", "Access-Control-Request-Headers") if origin == "" || method == "" { ab.Fail(http.StatusBadRequest, nil) } originurl, err := url.Parse(origin) ab.MaybeFail(http.StatusBadRequest, err) if originurl.Host != baseurl.Host && originurl.Host != httporigin.Host { ab.Fail(http.StatusForbidden, nil) } w.Header().Set("Access-Control-Allow-Origin", origin) w.Header().Set("Access-Control-Allow-Methods", method) w.Header().Set("Access-Control-Allow-Headers", headers) w.Header().Set("Access-Control-Allow-Credentials", "true") w.Header().Set("Access-Control-Max-Age", "0") ab.Render(r).SetCode(http.StatusOK) }) }
func userService(ec *ab.EntityController) ab.Service { res := ab.EntityResource(ec, &User{}, ab.EntityResourceConfig{ DisableList: true, }) res.ExtraEndpoints = func(srv *ab.Server) error { srv.Get("/api/user", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { sess := ab.GetSession(r) if sess["uid"] != "" { db := ab.GetDB(r) user, err := ec.Load(db, "user", sess["uid"]) ab.MaybeFail(http.StatusInternalServerError, err) ab.Render(r). JSON(user) } })) return nil } return res }
func screeningService(ec *ab.EntityController) ab.Service { res := ab.EntityResource(ec, &Screening{}, ab.EntityResourceConfig{ DisablePost: true, DisableList: true, DisableGet: true, DisablePut: true, DisableDelete: true, }) res.ExtraEndpoints = func(srv *ab.Server) error { srv.Post("/api/walkthrough/:id/screening", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { wid := ab.GetParams(r).ByName("id") data := []string{} ab.MustDecode(r, &data) db := ab.GetDB(r) uid := ab.GetSession(r)["uid"] userEntity, err := ec.Load(db, "user", uid) ab.MaybeFail(http.StatusInternalServerError, err) user := userEntity.(*User) wt, err := LoadActualRevision(db, ec, wid) ab.MaybeFail(http.StatusBadRequest, err) if wt.UID != uid && !user.Admin { ab.Fail(http.StatusForbidden, nil) } if len(data) == 0 || len(data) != len(wt.Steps)-1 { ab.Fail(http.StatusBadRequest, fmt.Errorf("got %d images, expected: %d", len(data), len(wt.Steps)-1)) } screening := &Screening{ WID: wid, UID: uid, Steps: uint(len(wt.Steps) - 1), Created: time.Now(), Published: true, } err = ec.Insert(db, screening) ab.MaybeFail(http.StatusInternalServerError, err) images := map[string][]byte{} for i, d := range data { if d == "" { continue } dataurl, err := dataurl.DecodeString(d) if err != nil { ab.LogTrace(r).Printf("data url error: %s", dataurl) ab.Fail(http.StatusBadRequest, err) } if dataurl.ContentType() != "image/png" { ab.Fail(http.StatusBadRequest, errors.New("not a png")) } fn := screening.ScreenshotPath(uint(i)) images[fn] = dataurl.Data } if len(images) == 0 { ab.Fail(http.StatusBadRequest, errors.New("no images sent")) } for name, content := range images { if err := ioutil.WriteFile(name, content, 0644); err != nil { ab.LogUser(r).Println(err) } } ab.Render(r). SetCode(http.StatusCreated). JSON(screening) }), userLoggedInMiddleware) lock := map[string]chan struct{}{} var mtx sync.Mutex srv.Get("/api/walkthrough/:id/screening", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { wid := ab.GetParams(r).ByName("id") db := ab.GetDB(r) screening, err := LoadActualScreeningForWalkthrough(db, ec, wid) ab.MaybeFail(http.StatusInternalServerError, err) if screening == nil { ab.Fail(http.StatusNotFound, nil) } fn := screening.GIFPath() reply := func() { filelist := make([]string, int(screening.Steps)) for i := uint(0); i < screening.Steps; i++ { filelist[i] = "/" + screening.ScreenshotPath(i) } ab.Render(r).AddOffer("image/gif", func(w http.ResponseWriter) { f, err := os.Open(fn) ab.MaybeFail(http.StatusInternalServerError, err) defer f.Close() io.Copy(w, f) }).JSON(filelist) } if _, err := os.Stat(fn); err == nil { reply() return } // Short-circuits the gif generation process. // If the client wants JSON, there is no need // to go through the GIF generation, which is // an expensive process. if r.Header.Get("Accept") == "application/json" { reply() return } mtx.Lock() l, ok := lock[fn] if ok { mtx.Unlock() select { case <-l: reply() case <-time.After(5 * time.Second): w.Header().Set("Retry-After", "30") ab.Render(r).SetCode(http.StatusServiceUnavailable) } return } l = make(chan struct{}) lock[fn] = l mtx.Unlock() err = screening.createGIF(false) defer func() { mtx.Lock() delete(lock, fn) mtx.Unlock() }() if err != nil { if _, ok := err.(*os.PathError); ok { ab.Fail(http.StatusNotFound, err) } else { ab.Fail(http.StatusInternalServerError, err) } } close(l) reply() })) return nil } return res }
func walkthroughService(ec *ab.EntityController, search *search.SearchService, baseurl string) ab.Service { h := &walkthroughEntityResourceHelper{ controller: ec, } res := ab.EntityResource(ec, &Walkthrough{}, ab.EntityResourceConfig{ PostMiddlewares: []func(http.Handler) http.Handler{userLoggedInMiddleware}, PutMiddlewares: []func(http.Handler) http.Handler{userLoggedInMiddleware}, DeleteMiddlewares: []func(http.Handler) http.Handler{userLoggedInMiddleware}, EntityResourceLister: h, EntityResourceLoader: h, }) res.ExtraEndpoints = func(srv *ab.Server) error { reindexing := false var reindexingMutex sync.RWMutex srv.Post("/api/reindexwalkthroughs", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { reindexingMutex.RLock() idxing := reindexing reindexingMutex.RUnlock() if idxing { ab.Fail(http.StatusServiceUnavailable, errors.New("reindexing is in progress")) } reindexingMutex.Lock() reindexing = true reindexingMutex.Unlock() db := ab.GetDB(r) go func() { defer func() { reindexingMutex.Lock() reindexing = false reindexingMutex.Unlock() }() err := search.PurgeIndex() if err != nil { log.Println(err) return } wts, err := LoadAllActualWalkthroughs(db, ec, 0, 0) if err != nil { log.Println(err) return } for _, wt := range wts { err = search.IndexEntity("walkthrough", wt) if err != nil { log.Println(err) return } } }() ab.Render(r).SetCode(http.StatusAccepted) }), ab.RestrictPrivateAddressMiddleware()) srv.Get("/api/mysites", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { db := ab.GetDB(r) uid := ab.GetSession(r)["uid"] rows, err := db.Query("SELECT DISTINCT steps->0->'arg0' AS site FROM walkthrough WHERE uid = $1 AND published ORDER BY site", uid) ab.MaybeFail(http.StatusInternalServerError, err) defer rows.Close() sites := []string{} for rows.Next() { var site sql.NullString err = rows.Scan(&site) ab.MaybeFail(http.StatusInternalServerError, err) if site.Valid { siteName := site.String // strip surrounding " siteName = siteName[1:] siteName = siteName[:len(siteName)-1] sites = append(sites, siteName) } } ab.Render(r).JSON(sites) }), userLoggedInMiddleware) return nil } res.AddPostEvent(ab.ResourceEventCallback{ BeforeCallback: func(r *http.Request, d ab.Resource) { wt := d.(*Walkthrough) uid := UserDelegate.CurrentUser(r) if wt.UID == "" { wt.UID = uid } if wt.UID != uid { ab.Fail(http.StatusBadRequest, errors.New("invalid user id")) } wt.Updated = time.Now() wt.Revision = "" wt.UUID = "" }, AfterCallback: func(r *http.Request, d ab.Resource) { db := ab.GetDB(r) wt := d.(*Walkthrough) search.IndexEntity("walkthrough", wt) userEntity, err := ec.Load(db, "user", wt.UID) if err != nil { log.Println(err) return } user := userEntity.(*User) startURL := "" if len(wt.Steps) > 0 && wt.Steps[0].Command == "open" { startURL = wt.Steps[0].Arg0 } message := fmt.Sprintf("%s has recorded a Walkthrough (<%s|%s>) on %s", user.Mail, baseurl+"walkthrough/"+wt.UUID, html.EscapeString(wt.Name), html.EscapeString(startURL), ) DBLog(db, ec, "walkthroughrecord", message) }, }) res.AddPutEvent(ab.ResourceEventCallback{ BeforeCallback: func(r *http.Request, d ab.Resource) { db := ab.GetDB(r) wt := d.(*Walkthrough) uid := UserDelegate.CurrentUser(r) currentUserEntity, err := ec.Load(db, "user", uid) ab.MaybeFail(http.StatusBadRequest, err) currentUser := currentUserEntity.(*User) if wt.UID != uid { if !currentUser.Admin { ab.Fail(http.StatusForbidden, nil) } } previousRevision, err := LoadActualRevision(db, ec, wt.UUID) ab.MaybeFail(http.StatusBadRequest, err) if previousRevision == nil { ab.Fail(http.StatusNotFound, nil) } if previousRevision.UID != uid && !currentUser.Admin { ab.Fail(http.StatusForbidden, nil) } wt.Updated = time.Now() wt.Revision = "" }, AfterCallback: func(r *http.Request, d ab.Resource) { search.IndexEntity("walkthrough", d.(*Walkthrough)) }, }) res.AddDeleteEvent(ab.ResourceEventCallback{ InsideCallback: func(r *http.Request, d ab.Resource) { db := ab.GetDB(r) uid := UserDelegate.CurrentUser(r) wt := d.(*Walkthrough) currentUserEntity, err := ec.Load(db, "user", uid) ab.MaybeFail(http.StatusBadRequest, err) currentUser := currentUserEntity.(*User) if wt.UID != uid { if !currentUser.Admin { ab.Fail(http.StatusForbidden, nil) } } }, }) return res }
func handleIndex(w http.ResponseWriter, r *http.Request) { token := ab.GetCSRFToken(r) ab.Render(r).HTML(indexTemplate, pageData{ CSRFToken: token, }) }