WIP editor
This commit is contained in:
parent
b5dca6fa53
commit
f380f94043
|
@ -0,0 +1,237 @@
|
|||
package web
|
||||
|
||||
import (
|
||||
"h4kor/owl-blogs"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
)
|
||||
|
||||
func isUserLoggedIn(user *owl.User, r *http.Request) bool {
|
||||
sessionCookie, err := r.Cookie("session")
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
return user.ValidateSession(sessionCookie.Value)
|
||||
}
|
||||
|
||||
func setCSRFCookie(w http.ResponseWriter) string {
|
||||
csrfToken := owl.GenerateRandomString(32)
|
||||
cookie := http.Cookie{
|
||||
Name: "csrf_token",
|
||||
Value: csrfToken,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
}
|
||||
http.SetCookie(w, &cookie)
|
||||
return csrfToken
|
||||
}
|
||||
|
||||
func checkCSRF(r *http.Request) bool {
|
||||
// CSRF check
|
||||
formCsrfToken := r.FormValue("csrf_token")
|
||||
cookieCsrfToken, err := r.Cookie("csrf_token")
|
||||
|
||||
if err != nil {
|
||||
println("Error getting csrf token from cookie: ", err.Error())
|
||||
return false
|
||||
}
|
||||
if formCsrfToken != cookieCsrfToken.Value {
|
||||
println("Invalid csrf token")
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func userLoginGetHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
user, err := getUserFromRepo(repo, ps)
|
||||
if err != nil {
|
||||
println("Error getting user: ", err.Error())
|
||||
notFoundHandler(repo)(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if isUserLoggedIn(&user, r) {
|
||||
http.Redirect(w, r, user.EditorUrl(), http.StatusFound)
|
||||
return
|
||||
}
|
||||
csrfToken := setCSRFCookie(w)
|
||||
html, err := owl.RenderLoginPage(user, csrfToken)
|
||||
if err != nil {
|
||||
println("Error rendering login page: ", err.Error())
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "Internal server error",
|
||||
Message: "Internal server error",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
w.Write([]byte(html))
|
||||
}
|
||||
}
|
||||
|
||||
func userLoginPostHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
user, err := getUserFromRepo(repo, ps)
|
||||
if err != nil {
|
||||
println("Error getting user: ", err.Error())
|
||||
notFoundHandler(repo)(w, r)
|
||||
return
|
||||
}
|
||||
err = r.ParseForm()
|
||||
if err != nil {
|
||||
println("Error parsing form: ", err.Error())
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "Internal server error",
|
||||
Message: "Internal server error",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
|
||||
// CSRF check
|
||||
if !checkCSRF(r) {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "CSRF Error",
|
||||
Message: "Invalid csrf token",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
|
||||
password := r.Form.Get("password")
|
||||
if password == "" {
|
||||
userLoginGetHandler(repo)(w, r, ps)
|
||||
return
|
||||
}
|
||||
if !user.VerifyPassword(password) {
|
||||
userLoginGetHandler(repo)(w, r, ps)
|
||||
return
|
||||
}
|
||||
|
||||
// set session cookie
|
||||
cookie := http.Cookie{
|
||||
Name: "session",
|
||||
Value: user.CreateNewSession(),
|
||||
Path: "/",
|
||||
Expires: time.Now().Add(30 * 24 * time.Hour),
|
||||
HttpOnly: true,
|
||||
}
|
||||
http.SetCookie(w, &cookie)
|
||||
http.Redirect(w, r, user.EditorUrl(), http.StatusFound)
|
||||
}
|
||||
}
|
||||
|
||||
func userEditorGetHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
user, err := getUserFromRepo(repo, ps)
|
||||
if err != nil {
|
||||
println("Error getting user: ", err.Error())
|
||||
notFoundHandler(repo)(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if !isUserLoggedIn(&user, r) {
|
||||
http.Redirect(w, r, user.EditorLoginUrl(), http.StatusFound)
|
||||
return
|
||||
}
|
||||
|
||||
csrfToken := setCSRFCookie(w)
|
||||
html, err := owl.RenderEditorPage(user, csrfToken)
|
||||
if err != nil {
|
||||
println("Error rendering editor page: ", err.Error())
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "Internal server error",
|
||||
Message: "Internal server error",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
w.Write([]byte(html))
|
||||
}
|
||||
}
|
||||
|
||||
func userEditorPostHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
|
||||
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
user, err := getUserFromRepo(repo, ps)
|
||||
if err != nil {
|
||||
println("Error getting user: ", err.Error())
|
||||
notFoundHandler(repo)(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if !isUserLoggedIn(&user, r) {
|
||||
http.Redirect(w, r, user.EditorLoginUrl(), http.StatusFound)
|
||||
return
|
||||
}
|
||||
|
||||
err = r.ParseForm()
|
||||
if err != nil {
|
||||
println("Error parsing form: ", err.Error())
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "Internal server error",
|
||||
Message: "Internal server error",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
|
||||
// CSRF check
|
||||
if !checkCSRF(r) {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "CSRF Error",
|
||||
Message: "Invalid csrf token",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
|
||||
// get form values
|
||||
post_type := r.Form.Get("type")
|
||||
title := r.Form.Get("title")
|
||||
description := r.Form.Get("description")
|
||||
content := r.Form.Get("content")
|
||||
draft := r.Form.Get("draft")
|
||||
|
||||
// validate form values
|
||||
if post_type == "article" && title == "" {
|
||||
userEditorGetHandler(repo)(w, r, ps)
|
||||
return
|
||||
}
|
||||
|
||||
// create post
|
||||
post, err := user.CreateNewPostFull(owl.PostMeta{
|
||||
Type: post_type,
|
||||
Title: title,
|
||||
Description: description,
|
||||
Draft: draft == "on",
|
||||
Date: time.Now(),
|
||||
}, content)
|
||||
|
||||
if err != nil {
|
||||
println("Error creating post: ", err.Error())
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
html, _ := owl.RenderUserError(user, owl.ErrorMessage{
|
||||
Error: "Internal server error",
|
||||
Message: "Internal server error",
|
||||
})
|
||||
w.Write([]byte(html))
|
||||
return
|
||||
}
|
||||
|
||||
// redirect to post
|
||||
if !post.Meta().Draft {
|
||||
http.Redirect(w, r, post.FullUrl(), http.StatusFound)
|
||||
} else {
|
||||
http.Redirect(w, r, user.EditorUrl(), http.StatusFound)
|
||||
}
|
||||
}
|
||||
}
|
|
@ -14,16 +14,27 @@ func Router(repo *owl.Repository) http.Handler {
|
|||
router.ServeFiles("/static/*filepath", http.Dir(repo.StaticDir()))
|
||||
router.GET("/", repoIndexHandler(repo))
|
||||
router.GET("/user/:user/", userIndexHandler(repo))
|
||||
// Editor
|
||||
router.GET("/user/:user/editor/auth/", userLoginGetHandler(repo))
|
||||
router.POST("/user/:user/editor/auth/", userLoginPostHandler(repo))
|
||||
router.GET("/user/:user/editor/", userEditorGetHandler(repo))
|
||||
router.POST("/user/:user/editor/", userEditorPostHandler(repo))
|
||||
// Media
|
||||
router.GET("/user/:user/media/*filepath", userMediaHandler(repo))
|
||||
// RSS
|
||||
router.GET("/user/:user/index.xml", userRSSHandler(repo))
|
||||
// Posts
|
||||
router.GET("/user/:user/posts/:post/", postHandler(repo))
|
||||
router.GET("/user/:user/posts/:post/media/*filepath", postMediaHandler(repo))
|
||||
// Webmention
|
||||
router.POST("/user/:user/webmention/", userWebmentionHandler(repo))
|
||||
// Micropub
|
||||
router.POST("/user/:user/micropub/", userMicropubHandler(repo))
|
||||
// IndieAuth
|
||||
router.GET("/user/:user/auth/", userAuthHandler(repo))
|
||||
router.POST("/user/:user/auth/", userAuthProfileHandler(repo))
|
||||
router.POST("/user/:user/auth/verify/", userAuthVerifyHandler(repo))
|
||||
router.POST("/user/:user/auth/token/", userAuthTokenHandler(repo))
|
||||
router.GET("/user/:user/media/*filepath", userMediaHandler(repo))
|
||||
router.GET("/user/:user/index.xml", userRSSHandler(repo))
|
||||
router.GET("/user/:user/posts/:post/", postHandler(repo))
|
||||
router.GET("/user/:user/posts/:post/media/*filepath", postMediaHandler(repo))
|
||||
router.POST("/user/:user/webmention/", userWebmentionHandler(repo))
|
||||
router.POST("/user/:user/micropub/", userMicropubHandler(repo))
|
||||
router.GET("/user/:user/.well-known/oauth-authorization-server", userAuthMetadataHandler(repo))
|
||||
router.NotFound = http.HandlerFunc(notFoundHandler(repo))
|
||||
return router
|
||||
|
@ -33,16 +44,27 @@ func SingleUserRouter(repo *owl.Repository) http.Handler {
|
|||
router := httprouter.New()
|
||||
router.ServeFiles("/static/*filepath", http.Dir(repo.StaticDir()))
|
||||
router.GET("/", userIndexHandler(repo))
|
||||
// Editor
|
||||
router.GET("/editor/auth/", userLoginGetHandler(repo))
|
||||
router.POST("/editor/auth/", userLoginPostHandler(repo))
|
||||
router.GET("/editor/", userEditorGetHandler(repo))
|
||||
router.POST("/editor/", userEditorPostHandler(repo))
|
||||
// Media
|
||||
router.GET("/media/*filepath", userMediaHandler(repo))
|
||||
// RSS
|
||||
router.GET("/index.xml", userRSSHandler(repo))
|
||||
// Posts
|
||||
router.GET("/posts/:post/", postHandler(repo))
|
||||
router.GET("/posts/:post/media/*filepath", postMediaHandler(repo))
|
||||
// Webmention
|
||||
router.POST("/webmention/", userWebmentionHandler(repo))
|
||||
// Micropub
|
||||
router.POST("/micropub/", userMicropubHandler(repo))
|
||||
// IndieAuth
|
||||
router.GET("/auth/", userAuthHandler(repo))
|
||||
router.POST("/auth/", userAuthProfileHandler(repo))
|
||||
router.POST("/auth/verify/", userAuthVerifyHandler(repo))
|
||||
router.POST("/auth/token/", userAuthTokenHandler(repo))
|
||||
router.GET("/media/*filepath", userMediaHandler(repo))
|
||||
router.GET("/index.xml", userRSSHandler(repo))
|
||||
router.GET("/posts/:post/", postHandler(repo))
|
||||
router.GET("/posts/:post/media/*filepath", postMediaHandler(repo))
|
||||
router.POST("/webmention/", userWebmentionHandler(repo))
|
||||
router.POST("/micropub/", userMicropubHandler(repo))
|
||||
router.GET("/.well-known/oauth-authorization-server", userAuthMetadataHandler(repo))
|
||||
router.NotFound = http.HandlerFunc(notFoundHandler(repo))
|
||||
return router
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
<details>
|
||||
<summary>Write Article</summary>
|
||||
<form action="" method="post">
|
||||
<h2>Create New Article</h2>
|
||||
<input type="hidden" name="csrf_token" value="{{.CsrfToken}}">
|
||||
<input type="hidden" name="type" value="article">
|
||||
<label for="title">Title</label>
|
||||
<input type="text" name="title" placeholder="Title" />
|
||||
<label for="description">Description</label>
|
||||
<input type="text" name="description" placeholder="Description" />
|
||||
<label for="content">Content</label>
|
||||
<textarea name="content" placeholder="Content" rows="24"></textarea>
|
||||
<input type="checkbox" name="draft" />
|
||||
<label for="draft">Draft</label>
|
||||
<br><br>
|
||||
<input type="submit" value="Create" />
|
||||
</form>
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary>Write Note</summary>
|
||||
TODO
|
||||
</details>
|
|
@ -0,0 +1,6 @@
|
|||
<form action="" method="post">
|
||||
<h2>Login to Editor</h2>
|
||||
<input type="hidden" name="csrf_token" value="{{.CsrfToken}}">
|
||||
<input type="password" name="password" />
|
||||
<input type="submit" value="Login" />
|
||||
</form>
|
6
post.go
6
post.go
|
@ -32,6 +32,7 @@ type Reply struct {
|
|||
}
|
||||
|
||||
type PostMeta struct {
|
||||
Type string `yaml:"type"`
|
||||
Title string `yaml:"title"`
|
||||
Description string `yaml:"description"`
|
||||
Aliases []string `yaml:"aliases"`
|
||||
|
@ -46,6 +47,7 @@ func (pm PostMeta) FormattedDate() string {
|
|||
|
||||
func (pm *PostMeta) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
||||
type T struct {
|
||||
Type string `yaml:"type"`
|
||||
Title string `yaml:"title"`
|
||||
Description string `yaml:"description"`
|
||||
Aliases []string `yaml:"aliases"`
|
||||
|
@ -65,6 +67,10 @@ func (pm *PostMeta) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|||
return err
|
||||
}
|
||||
|
||||
pm.Type = t.Type
|
||||
if pm.Type == "" {
|
||||
pm.Type = "article"
|
||||
}
|
||||
pm.Title = t.Title
|
||||
pm.Description = t.Description
|
||||
pm.Aliases = t.Aliases
|
||||
|
|
35
renderer.go
35
renderer.go
|
@ -35,6 +35,11 @@ type AuthRequestData struct {
|
|||
CsrfToken string
|
||||
}
|
||||
|
||||
type EditorViewData struct {
|
||||
User User
|
||||
CsrfToken string
|
||||
}
|
||||
|
||||
type ErrorMessage struct {
|
||||
Error string
|
||||
Message string
|
||||
|
@ -168,3 +173,33 @@ func RenderUserList(repo Repository) (string, error) {
|
|||
|
||||
return renderTemplateStr([]byte(baseTemplate), data)
|
||||
}
|
||||
|
||||
func RenderLoginPage(user User, csrfToken string) (string, error) {
|
||||
loginHtml, err := renderEmbedTemplate("embed/editor/login.html", EditorViewData{
|
||||
User: user,
|
||||
CsrfToken: csrfToken,
|
||||
})
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return renderIntoBaseTemplate(user, PageContent{
|
||||
Title: "Login",
|
||||
Content: template.HTML(loginHtml),
|
||||
})
|
||||
}
|
||||
|
||||
func RenderEditorPage(user User, csrfToken string) (string, error) {
|
||||
editorHtml, err := renderEmbedTemplate("embed/editor/editor.html", EditorViewData{
|
||||
User: user,
|
||||
CsrfToken: csrfToken,
|
||||
})
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return renderIntoBaseTemplate(user, PageContent{
|
||||
Title: "Editor",
|
||||
Content: template.HTML(editorHtml),
|
||||
})
|
||||
}
|
||||
|
|
57
user.go
57
user.go
|
@ -52,6 +52,12 @@ type AccessToken struct {
|
|||
ExpiresIn int `yaml:"expires_in"`
|
||||
}
|
||||
|
||||
type Session struct {
|
||||
Id string `yaml:"id"`
|
||||
Created time.Time `yaml:"created"`
|
||||
ExpiresIn int `yaml:"expires_in"`
|
||||
}
|
||||
|
||||
func (user User) Dir() string {
|
||||
return path.Join(user.repo.UsersDir(), user.name)
|
||||
}
|
||||
|
@ -98,6 +104,16 @@ func (user User) MediaUrl() string {
|
|||
return url
|
||||
}
|
||||
|
||||
func (user User) EditorUrl() string {
|
||||
url, _ := url.JoinPath(user.UrlPath(), "editor/")
|
||||
return url
|
||||
}
|
||||
|
||||
func (user User) EditorLoginUrl() string {
|
||||
url, _ := url.JoinPath(user.UrlPath(), "editor/auth/")
|
||||
return url
|
||||
}
|
||||
|
||||
func (user User) PostDir() string {
|
||||
return path.Join(user.Dir(), "public")
|
||||
}
|
||||
|
@ -122,6 +138,10 @@ func (user User) AccessTokensFile() string {
|
|||
return path.Join(user.MetaDir(), "access_tokens.yml")
|
||||
}
|
||||
|
||||
func (user User) SessionsFile() string {
|
||||
return path.Join(user.MetaDir(), "sessions.yml")
|
||||
}
|
||||
|
||||
func (user User) Name() string {
|
||||
return user.name
|
||||
}
|
||||
|
@ -397,8 +417,45 @@ func (user User) ValidateAccessToken(token string) (bool, AccessToken) {
|
|||
tokens := user.getAccessTokens()
|
||||
for _, t := range tokens {
|
||||
if t.Token == token {
|
||||
if time.Since(t.Created) < time.Duration(t.ExpiresIn)*time.Second {
|
||||
return true, t
|
||||
}
|
||||
}
|
||||
}
|
||||
return false, AccessToken{}
|
||||
}
|
||||
|
||||
func (user User) getSessions() []Session {
|
||||
sessions := make([]Session, 0)
|
||||
loadFromYaml(user.SessionsFile(), &sessions)
|
||||
return sessions
|
||||
}
|
||||
|
||||
func (user User) addSession(session Session) error {
|
||||
sessions := user.getSessions()
|
||||
sessions = append(sessions, session)
|
||||
return saveToYaml(user.SessionsFile(), sessions)
|
||||
}
|
||||
|
||||
func (user User) CreateNewSession() string {
|
||||
// generate code
|
||||
code := GenerateRandomString(32)
|
||||
user.addSession(Session{
|
||||
Id: code,
|
||||
Created: time.Now(),
|
||||
ExpiresIn: 30 * 24 * 60 * 60,
|
||||
})
|
||||
return code
|
||||
}
|
||||
|
||||
func (user User) ValidateSession(session_id string) bool {
|
||||
sessions := user.getSessions()
|
||||
for _, session := range sessions {
|
||||
if session.Id == session_id {
|
||||
if time.Since(session.Created) < time.Duration(session.ExpiresIn)*time.Second {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue