lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions
depot/web/fup/fuphttp/fuphttp.go

285 lines
8.6 KiB
Go
Raw Normal View History

fup: add SPDX headers
2021-03-20 20:40:40 +00:00
// SPDX-FileCopyrightText: 2021 Luke Granger-Brown <depot@lukegb.com>
//
// SPDX-License-Identifier: Apache-2.0
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
package fuphttp
import (
"context"
"fmt"
"io/fs"
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
"log"
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
"net/http"
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
"strings"
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
"time"
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
"github.com/google/safehtml"
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
"github.com/google/safehtml/template"
"github.com/google/safehtml/template/uncheckedconversions"
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
shuncheckedconversions "github.com/google/safehtml/uncheckedconversions"
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
"github.com/gorilla/mux"
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
"gocloud.dev/blob"
fup/fuphttp: add filename generator to options and application
2021-03-21 17:07:47 +00:00
"hg.lukegb.com/lukegb/depot/web/fup/fuphttp/fngen"
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
"hg.lukegb.com/lukegb/depot/web/fup/hashfs"
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
)
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
const (
defaultRedirectExpiry = 5 * time.Minute
)
fup: add cheddar as a syntax highlighter
2021-03-21 18:52:22 +00:00
type Highlighter interface {
Markdown(ctx context.Context, text string) (safehtml.HTML, error)
Code(ctx context.Context, filename, theme, text string) (safehtml.HTML, error)
}
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
type Config struct {
Templates fs.FS
Static fs.FS
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
StaticRoot safehtml.TrustedResourceURL
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
AppRoot string
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
// If set, redirects to a signed URL if possible instead of serving directly.
RedirectToBlobstore bool
fup: implement deleting expired files on request This is a very basic implementation of gating that we only return files which haven't expired. If the file has expired, then we just delete it.
2021-03-21 14:56:42 +00:00
// RedirectExpiry sets the maximum lifetime of a signed URL, if RedirectToBlobstore is in use and the backend supports signed URLs.
// Note that if a file has an expiry then the signed URL's validity will be capped at the expiry of the underlying file.
RedirectExpiry time.Duration // Defaults to 5 minutes.
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
// Set one of these, but not both.
StorageURL string
StorageBackend *blob.Bucket
fup/fuphttp: add filename generator to options and application
2021-03-21 17:07:47 +00:00
// FilenameGenerator returns a new filename based on the provided prefix and extension.
FilenameGenerator fngen.FilenameGenerator
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
fup: add cheddar as a syntax highlighter
2021-03-21 18:52:22 +00:00
// Highlighter is used for syntax highlighting and Markdown rendering.
// If nil, then no syntax highlighting or Markdown rendering will be performed.
Highlighter Highlighter
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
// UseDirectDownload decides whether the "pretty" wrapped page or the direct download page is the most appropriate for a given set of parameters.
UseDirectDownload func(fileExtension string, mimeType string) bool
fup: add auth middleware machinery This allows clients to register an authentication middleware which will be provided values in the context that it can use to make an authn/authz decision.
2021-03-23 00:45:28 +00:00
// AuthMiddleware is a Gorilla middleware to provide authentication information.
//
// It runs on every handler, including public ones, and will be provided with information:
// - if the page is an upload page (either the homepage, the paste textbox page, or the upload handler), the IsMutate will return true.
// - if the page is an API handler, then IsAPIRequest will return true.
AuthMiddleware mux.MiddlewareFunc
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
}
type Application struct {
fup: add basic view and paste UIs
2021-03-22 00:25:32 +00:00
indexTmpl *template.Template
pasteTmpl *template.Template
notFoundTmpl *template.Template
viewTextTmpl *template.Template
viewRenderedTmpl *template.Template
viewBinaryTmpl *template.Template
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
storageBackend *blob.Bucket
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
appRoot string
fup: add cheddar as a syntax highlighter
2021-03-21 18:52:22 +00:00
highlighter Highlighter
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
redirectToBlobstore bool
redirectExpiry time.Duration
fup/fuphttp: add filename generator to options and application
2021-03-21 17:07:47 +00:00
filenameGenerator fngen.FilenameGenerator
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
useDirectDownload func(fileExtension string, mimeType string) bool
fup: add auth middleware machinery This allows clients to register an authentication middleware which will be provided values in the context that it can use to make an authn/authz decision.
2021-03-23 00:45:28 +00:00
authMiddleware mux.MiddlewareFunc
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
}
func DefaultUseDirectDownload(fileExtension, mimeType string) bool {
fup: add additional mimetypes to pretty page
2021-03-22 01:09:00 +00:00
switch mimeType {
case "application/json", "application/xml", "application/xhtml+xml", "application/x-csh", "application/x-sh":
return false
}
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
return !strings.HasPrefix(mimeType, "text/")
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
}
fup: add auth middleware machinery This allows clients to register an authentication middleware which will be provided values in the context that it can use to make an authn/authz decision.
2021-03-23 00:45:28 +00:00
func isAPIRequest(r *http.Request) bool {
return r.Header.Get("Accept") == "application/json"
}
type contextKey string
const (
ctxKeyIsMutate = contextKey("isMutate")
ctxKeyIsAPIRequest = contextKey("isAPIRequest")
)
// IsAPIRequest determines whether a request was made from an API client rather than from a browser.
func IsAPIRequest(ctx context.Context) bool {
return ctx.Value(ctxKeyIsAPIRequest).(bool)
}
// IsMutate determines whether a request for the given context is for a "mutate".
// This includes things like the HTML for the home page, which in itself is not a mutate but is useless if you're not allowed to auth.
func IsMutate(ctx context.Context) bool {
return ctx.Value(ctxKeyIsMutate).(bool)
}
func contextPopulateMiddleware(isMutate bool) mux.MiddlewareFunc {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
ctx = context.WithValue(ctx, ctxKeyIsMutate, isMutate)
ctx = context.WithValue(ctx, ctxKeyIsAPIRequest, isAPIRequest(r))
next.ServeHTTP(rw, r.WithContext(ctx))
})
}
}
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
func (a *Application) Handler() http.Handler {
r := mux.NewRouter()
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
renderTemplate := func(t *template.Template) http.HandlerFunc {
return func(rw http.ResponseWriter, r *http.Request) {
if err := t.Execute(rw, nil); err != nil {
log.Printf("rendering template: %v", err)
}
}
}
r.NotFoundHandler = http.HandlerFunc(a.notFound)
fup: add auth middleware machinery This allows clients to register an authentication middleware which will be provided values in the context that it can use to make an authn/authz decision.
2021-03-23 00:45:28 +00:00
authR := r.PathPrefix("/").Subrouter()
authR.HandleFunc("/", renderTemplate(a.indexTmpl))
authR.HandleFunc("/paste", renderTemplate(a.pasteTmpl))
authR.HandleFunc("/upload", a.upload).Methods("POST", "PUT")
authR.HandleFunc("/upload/{filename}", a.upload).Methods("PUT")
publicR := r.PathPrefix("/").Subrouter()
publicR.HandleFunc("/raw/{filename}", a.rawDownload)
publicR.HandleFunc("/{filename}", a.view)
if a.authMiddleware != nil {
authR.Use(contextPopulateMiddleware(true))
authR.Use(a.authMiddleware)
publicR.Use(contextPopulateMiddleware(false))
publicR.Use(a.authMiddleware)
}
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
return r
}
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
func (a *Application) notFound(rw http.ResponseWriter, r *http.Request) {
rw.WriteHeader(http.StatusNotFound)
if err := a.notFoundTmpl.Execute(rw, nil); err != nil {
log.Printf("rendering 404 template: %v", err)
}
}
func (a *Application) internalError(rw http.ResponseWriter, r *http.Request) {
fup/fuphttp: add badRequest handler We might get bad requests for e.g. file uploads, so we should have an error handler for that. This also disables mime type sniffing for the other text/plain error handler.
2021-03-21 17:08:29 +00:00
rw.Header().Set("Content-type", "text/plain; charset=utf-8")
rw.Header().Set("X-Content-Type-Options", "nosniff")
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
rw.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(rw, "hammed server :(\n")
}
fup/fuphttp: add badRequest handler We might get bad requests for e.g. file uploads, so we should have an error handler for that. This also disables mime type sniffing for the other text/plain error handler.
2021-03-21 17:08:29 +00:00
func (a *Application) badRequest(rw http.ResponseWriter, r *http.Request, err error) {
rw.Header().Set("Content-type", "text/plain; charset=utf-8")
rw.Header().Set("X-Content-Type-Options", "nosniff")
rw.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(rw, "bad request: %v\n", err.Error())
}
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
func (a *Application) appURL(s string) string {
return a.appRoot + s
}
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
func parseTemplate(t *template.Template, fsys fs.FS, name string) (*template.Template, error) {
bs, err := fs.ReadFile(fsys, name)
if err != nil {
return nil, fmt.Errorf("reading template %q: %w", name, err)
}
return t.ParseFromTrustedTemplate(
uncheckedconversions.TrustedTemplateFromStringKnownToSatisfyTypeContract(string(bs)),
)
}
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
func loadTemplate(fsys fs.FS, name string, funcs template.FuncMap) (*template.Template, error) {
t := template.New(name).Funcs(funcs)
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
var err error
if t, err = parseTemplate(t, fsys, "base.html"); err != nil {
return nil, fmt.Errorf("loading base template: %w", err)
}
if t, err = parseTemplate(t, fsys, fmt.Sprintf("%s.html", name)); err != nil {
return nil, fmt.Errorf("loading leaf template: %w", err)
}
return t, nil
}
func New(ctx context.Context, cfg *Config) (*Application, error) {
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
a := &Application{
redirectToBlobstore: cfg.RedirectToBlobstore,
redirectExpiry: cfg.RedirectExpiry,
fup/fuphttp: add filename generator to options and application
2021-03-21 17:07:47 +00:00
filenameGenerator: cfg.FilenameGenerator,
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
useDirectDownload: cfg.UseDirectDownload,
appRoot: cfg.AppRoot,
fup: add basic view and paste UIs
2021-03-22 00:25:32 +00:00
highlighter: cfg.Highlighter,
fup: add auth middleware machinery This allows clients to register an authentication middleware which will be provided values in the context that it can use to make an authn/authz decision.
2021-03-23 00:45:28 +00:00
authMiddleware: cfg.AuthMiddleware,
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
}
if a.redirectExpiry == 0 {
a.redirectExpiry = defaultRedirectExpiry
}
fup/fuphttp: add filename generator to options and application
2021-03-21 17:07:47 +00:00
if a.filenameGenerator == nil {
a.filenameGenerator = fngen.PetnameGenerator
}
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
if a.useDirectDownload == nil {
a.useDirectDownload = DefaultUseDirectDownload
}
fup: add file serving This adds both redirect-to-signed-URL and proxy fileserving. The proxy fileserving is somewhat limited: we don't support the Range header, and it isn't easy to reuse the net/http ServeContent implementation because that requires a SeekCloser. I think it might be possible to "bodge" a SeekCloser on top of dynamically opening files, but it'll be a bit wonky and will be slower than strictly necessary.
2021-03-21 03:04:38 +00:00
bkt := cfg.StorageBackend
if bkt == nil {
var err error
if bkt, err = blob.OpenBucket(ctx, cfg.StorageURL); err != nil {
return nil, fmt.Errorf("opening bucket %q: %v", cfg.StorageURL, err)
}
}
a.storageBackend = bkt
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
tmpls := []struct {
t **template.Template
name string
}{
{&a.indexTmpl, "index"},
fup: add basic view and paste UIs
2021-03-22 00:25:32 +00:00
{&a.pasteTmpl, "paste"},
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
{&a.notFoundTmpl, "404"},
fup: add basic view and paste UIs
2021-03-22 00:25:32 +00:00
{&a.viewTextTmpl, "text"},
{&a.viewRenderedTmpl, "rendered"},
{&a.viewBinaryTmpl, "binary"},
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
}
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
funcMap := template.FuncMap{
fup: implement file uploads! TODO: tests for this.
2021-03-21 18:04:37 +00:00
"app": func(s string) safehtml.URL {
return safehtml.URLSanitized(a.appRoot + s)
},
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
"static": func(s string) safehtml.TrustedResourceURL {
staticPath := s
if fs, ok := cfg.Static.(*hashfs.FS); ok {
sp, ok := fs.LookupHashedName(staticPath)
if ok {
staticPath = sp
} else {
log.Printf("warning: couldn't find static file %v", staticPath)
}
}
return shuncheckedconversions.TrustedResourceURLFromStringKnownToSatisfyTypeContract(cfg.StaticRoot.String() + staticPath)
},
}
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
for _, tmpl := range tmpls {
fup: add a template function for getting paths to static assets We add the hash of the file to the static assets, so they can be cached indefinitely. This also, however, means that we need some way of referring to them.
2021-03-21 03:03:15 +00:00
t, err := loadTemplate(cfg.Templates, tmpl.name, funcMap)
fup: create serve subcommand and fuphttp package This is the skeleton of the application. Let's goooo!
2021-03-20 19:53:43 +00:00
if err != nil {
return nil, fmt.Errorf("loading template %q: %w", tmpl.name, err)
}
*tmpl.t = t
}
return a, nil
}
Reference in a new issue Copy permalink