3d2da43207
Disallows loading external ressources. Providers can override it with their reverse proxy settings.
213 lines
4.4 KiB
Go
213 lines
4.4 KiB
Go
package koushin
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
const cookieName = "koushin_session"
|
|
|
|
// Server holds all the koushin server state.
|
|
type Server struct {
|
|
Sessions *SessionManager
|
|
Plugins []Plugin
|
|
|
|
imap struct {
|
|
host string
|
|
tls bool
|
|
insecure bool
|
|
}
|
|
|
|
smtp struct {
|
|
host string
|
|
tls bool
|
|
insecure bool
|
|
}
|
|
}
|
|
|
|
func (s *Server) parseIMAPURL(imapURL string) error {
|
|
u, err := url.Parse(imapURL)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to parse IMAP server URL: %v", err)
|
|
}
|
|
|
|
s.imap.host = u.Host
|
|
switch u.Scheme {
|
|
case "imap":
|
|
// This space is intentionally left blank
|
|
case "imaps":
|
|
s.imap.tls = true
|
|
case "imap+insecure":
|
|
s.imap.insecure = true
|
|
default:
|
|
return fmt.Errorf("unrecognized IMAP URL scheme: %s", u.Scheme)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Server) parseSMTPURL(smtpURL string) error {
|
|
u, err := url.Parse(smtpURL)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to parse SMTP server URL: %v", err)
|
|
}
|
|
|
|
s.smtp.host = u.Host
|
|
switch u.Scheme {
|
|
case "smtp":
|
|
// This space is intentionally left blank
|
|
case "smtps":
|
|
s.smtp.tls = true
|
|
case "smtp+insecure":
|
|
s.smtp.insecure = true
|
|
default:
|
|
return fmt.Errorf("unrecognized SMTP URL scheme: %s", u.Scheme)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func newServer(imapURL, smtpURL string) (*Server, error) {
|
|
s := &Server{}
|
|
|
|
if err := s.parseIMAPURL(imapURL); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if smtpURL != "" {
|
|
if err := s.parseSMTPURL(smtpURL); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
s.Sessions = newSessionManager(s.dialIMAP, s.dialSMTP)
|
|
|
|
return s, nil
|
|
}
|
|
|
|
// Context is the context used by HTTP handlers.
|
|
//
|
|
// Use a type assertion to get it from a echo.Context:
|
|
//
|
|
// ctx := ectx.(*koushin.Context)
|
|
type Context struct {
|
|
echo.Context
|
|
Server *Server
|
|
Session *Session // nil if user isn't logged in
|
|
}
|
|
|
|
var aLongTimeAgo = time.Unix(233431200, 0)
|
|
|
|
// SetSession sets a cookie for the provided session. Passing a nil session
|
|
// unsets the cookie.
|
|
func (ctx *Context) SetSession(s *Session) {
|
|
cookie := http.Cookie{
|
|
Name: cookieName,
|
|
HttpOnly: true,
|
|
// TODO: domain, secure
|
|
}
|
|
if s != nil {
|
|
cookie.Value = s.token
|
|
} else {
|
|
cookie.Expires = aLongTimeAgo // unset the cookie
|
|
}
|
|
ctx.SetCookie(&cookie)
|
|
}
|
|
|
|
func isPublic(path string) bool {
|
|
if strings.HasPrefix(path, "/plugins/") {
|
|
parts := strings.Split(path, "/")
|
|
return len(parts) >= 4 && parts[3] == "assets"
|
|
}
|
|
return path == "/login" || strings.HasPrefix(path, "/themes/")
|
|
}
|
|
|
|
type Options struct {
|
|
IMAPURL, SMTPURL string
|
|
Theme string
|
|
}
|
|
|
|
// New creates a new server.
|
|
func New(e *echo.Echo, options *Options) error {
|
|
s, err := newServer(options.IMAPURL, options.SMTPURL)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
s.Plugins = append([]Plugin(nil), plugins...)
|
|
for _, p := range s.Plugins {
|
|
e.Logger.Printf("Registered plugin '%v'", p.Name())
|
|
}
|
|
|
|
luaPlugins, err := loadAllLuaPlugins(e.Logger)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load plugins: %v", err)
|
|
}
|
|
s.Plugins = append(s.Plugins, luaPlugins...)
|
|
|
|
e.Renderer, err = loadTemplates(e.Logger, options.Theme, s.Plugins)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load templates: %v", err)
|
|
}
|
|
|
|
e.HTTPErrorHandler = func(err error, c echo.Context) {
|
|
code := http.StatusInternalServerError
|
|
if he, ok := err.(*echo.HTTPError); ok {
|
|
code = he.Code
|
|
} else {
|
|
c.Logger().Error(err)
|
|
}
|
|
// TODO: hide internal errors
|
|
c.String(code, err.Error())
|
|
}
|
|
|
|
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(ectx echo.Context) error {
|
|
ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'")
|
|
return next(ectx)
|
|
}
|
|
})
|
|
|
|
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(ectx echo.Context) error {
|
|
ctx := &Context{Context: ectx, Server: s}
|
|
ctx.Set("context", ctx)
|
|
|
|
cookie, err := ctx.Cookie(cookieName)
|
|
if err == http.ErrNoCookie {
|
|
// Require auth for all pages except /login
|
|
if isPublic(ctx.Path()) {
|
|
return next(ctx)
|
|
} else {
|
|
return ctx.Redirect(http.StatusFound, "/login")
|
|
}
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx.Session, err = ctx.Server.Sessions.get(cookie.Value)
|
|
if err == errSessionExpired {
|
|
ctx.SetSession(nil)
|
|
return ctx.Redirect(http.StatusFound, "/login")
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
ctx.Session.ping()
|
|
|
|
return next(ctx)
|
|
}
|
|
})
|
|
|
|
e.Static("/themes", "themes")
|
|
|
|
for _, p := range s.Plugins {
|
|
p.SetRoutes(e.Group(""))
|
|
}
|
|
|
|
return nil
|
|
}
|