diff options
| author | Felix Hanley <felix@userspace.com.au> | 2020-02-28 06:18:40 +0000 |
|---|---|---|
| committer | Felix Hanley <felix@userspace.com.au> | 2020-02-28 06:18:40 +0000 |
| commit | 1fbf1e1e1edc16e9a08fdb0d2012ca10f695f7ca (patch) | |
| tree | d2c260fbffdc9da6202ef70de468476b371d04fd | |
| parent | 71f16081700ccdae5442aa2abf969012a999c774 (diff) | |
| download | sws-1fbf1e1e1edc16e9a08fdb0d2012ca10f695f7ca.tar.gz sws-1fbf1e1e1edc16e9a08fdb0d2012ca10f695f7ca.tar.bz2 | |
Fix template clobbering
| -rw-r--r-- | cmd/server/auth.go | 32 | ||||
| -rw-r--r-- | cmd/server/handlers.go | 4 | ||||
| -rw-r--r-- | cmd/server/helpers.go | 9 | ||||
| -rw-r--r-- | cmd/server/hits.go | 5 | ||||
| -rw-r--r-- | cmd/server/main.go | 77 | ||||
| -rw-r--r-- | cmd/server/sites.go | 2 | ||||
| -rw-r--r-- | templates/home.tmpl | 1 | ||||
| -rw-r--r-- | templates/login.tmpl | 3 | ||||
| -rw-r--r-- | templates/navbar.tmpl | 2 | ||||
| -rw-r--r-- | templates/site.tmpl | 6 |
10 files changed, 72 insertions, 69 deletions
diff --git a/cmd/server/auth.go b/cmd/server/auth.go index 642eb7c..ed0c75f 100644 --- a/cmd/server/auth.go +++ b/cmd/server/auth.go @@ -9,7 +9,12 @@ import ( "src.userspace.com.au/sws" ) -func handleAuth(db sws.UserStore, rndr Renderer) http.HandlerFunc { +const ( + loginURL = "/login" + logoutURL = "/logout" +) + +func handleLogin(db sws.UserStore, rndr Renderer) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { email := r.PostFormValue("email") password := r.PostFormValue("password") @@ -72,8 +77,33 @@ func handleAuth(db sws.UserStore, rndr Renderer) http.HandlerFunc { if returnPath := qs.Get("return_to"); returnPath != "" { qs.Del("return_to") r.URL.RawQuery = qs.Encode() + debug("redirecting to", returnPath) http.Redirect(w, r, flashURL(r, returnPath), http.StatusSeeOther) } http.Redirect(w, r, flashURL(r, "/sites"), http.StatusSeeOther) } } + +func handleLogout(rndr Renderer) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + http.SetCookie(w, &http.Cookie{ + Name: "jwt", + Value: "", + HttpOnly: true, + Path: "/", + //Secure: true, + Expires: time.Time{}, + }) + r = flashSet(r, flashSuccess, "de-authenticated successfully") + http.Redirect(w, r, flashURL(r, "/"), http.StatusSeeOther) + } +} + +func authRedirect(w http.ResponseWriter, r *http.Request, msg string) { + flashSet(r, flashError, msg) + log(msg) + qs := r.URL.Query() + qs.Set("return_to", r.URL.Path) + r.URL.RawQuery = qs.Encode() + http.Redirect(w, r, flashURL(r, loginURL), http.StatusSeeOther) +} diff --git a/cmd/server/handlers.go b/cmd/server/handlers.go index 603f7e9..e5ab385 100644 --- a/cmd/server/handlers.go +++ b/cmd/server/handlers.go @@ -14,7 +14,7 @@ type templateData struct { End *time.Time Site *sws.Site Sites []*sws.Site - Pages *sws.PageSet + PageSet *sws.PageSet Browsers *sws.BrowserSet Hits *sws.HitSet } @@ -29,7 +29,6 @@ func newTemplateData(r *http.Request) *templateData { func handleIndex(rndr Renderer) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/html") payload := newTemplateData(r) if err := rndr.Render(w, "home", payload); err != nil { log(err) @@ -40,7 +39,6 @@ func handleIndex(rndr Renderer) http.HandlerFunc { func handleExample(rndr Renderer) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/html") if err := rndr.Render(w, "example", nil); err != nil { log(err) http.Error(w, http.StatusText(500), 500) diff --git a/cmd/server/helpers.go b/cmd/server/helpers.go index a91744d..d17fa43 100644 --- a/cmd/server/helpers.go +++ b/cmd/server/helpers.go @@ -43,15 +43,6 @@ func httpError(w http.ResponseWriter, code int, msg string) { http.Error(w, http.StatusText(code), code) } -func authRedirect(w http.ResponseWriter, r *http.Request, msg string) { - flashSet(r, flashError, msg) - log(msg) - qs := r.URL.Query() - qs.Set("return_to", r.URL.Path) - r.URL.RawQuery = qs.Encode() - http.Redirect(w, r, flashURL(r, "/login"), http.StatusSeeOther) -} - func extractTimeRange(r *http.Request) (*time.Time, *time.Time) { begin := timePtr(time.Now().Truncate(time.Hour).Add(-168 * time.Hour)) end := timePtr(time.Now()) diff --git a/cmd/server/hits.go b/cmd/server/hits.go index 8c0d703..af06757 100644 --- a/cmd/server/hits.go +++ b/cmd/server/hits.go @@ -13,7 +13,10 @@ import ( "src.userspace.com.au/sws" ) -const gif = "R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" +const ( + endpoint = "//stats.userspace.com.au/sws.gif" + gif = "R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" +) func handleHits(db sws.HitStore) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { diff --git a/cmd/server/main.go b/cmd/server/main.go index d220a03..fc9515c 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -29,12 +29,6 @@ var ( tokenAuth *jwtauth.JWTAuth ) -const ( - endpoint = "//stats.userspace.com.au/sws.gif" - loginURL = "/login" - logoutURL = "/logout" -) - // Flags var ( verbose *bool @@ -113,17 +107,18 @@ func main() { tmplsPublic := append(tmplsCommon, "layouts/public.tmpl") tmpls, err := LoadHTMLTemplateMap(map[string][]string{ - "sites": append(tmplsAuthed, "sites.tmpl"), - "site": append(tmplsAuthed, "site.tmpl"), - "home": append(tmplsPublic, "home.tmpl"), - "login": append(tmplsPublic, "login.tmpl"), + "sites": append([]string{"sites.tmpl"}, tmplsAuthed...), + "site": append([]string{"site.tmpl"}, tmplsAuthed...), + "home": append([]string{"home.tmpl"}, tmplsPublic...), + "login": append([]string{"login.tmpl"}, tmplsPublic...), "example": []string{"example.tmpl"}, }, funcMap) if err != nil { log(err) os.Exit(1) } - //debug(tmpls.DefinedTemplates()) + debug(tmpls["login"].DefinedTemplates()) + debug(tmpls["home"].DefinedTemplates()) renderer := templates.NewRenderer(tmpls) r := chi.NewRouter() @@ -147,22 +142,32 @@ func main() { // For UI r.Get("/hits", handleHits(st)) + // Public routes + r.Get("/", handleIndex(renderer)) + r.Get(loginURL, func(w http.ResponseWriter, r *http.Request) { + payload := newTemplateData(r) + if err := renderer.Render(w, "login", payload); err != nil { + httpError(w, 500, err.Error()) + return + } + return + }) + + r.Post(loginURL, handleLogin(st, renderer)) + + r.Get("/*", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + p := strings.TrimPrefix(r.URL.Path, "/") + if b, err := StaticLoadTemplate(p); err == nil { + name := filepath.Base(p) + http.ServeContent(w, r, name, time.Now(), bytes.NewReader(b)) + } + })) + // Authed routes r.Group(func(r chi.Router) { r.Use(jwtauth.Verifier(tokenAuth)) r.Use(userCtx) - r.Get(logoutURL, func(w http.ResponseWriter, r *http.Request) { - http.SetCookie(w, &http.Cookie{ - Name: "jwt", - Value: "", - HttpOnly: true, - Path: "/", - //Secure: true, - Expires: time.Time{}, - }) - r = flashSet(r, flashSuccess, "de-authenticated successfully") - http.Redirect(w, r, flashURL(r, "/"), http.StatusSeeOther) - }) + r.Get(logoutURL, handleLogout(renderer)) r.Route("/sites", func(r chi.Router) { r.Get("/", handleSites(st, renderer)) r.Route("/{siteID}", func(r chi.Router) { @@ -182,32 +187,6 @@ func main() { // Example r.Get("/test.html", handleExample(renderer)) - authHandler := handleAuth(st, renderer) - - // Public routes - r.Route("/", func(r chi.Router) { - r.Get("/", handleIndex(renderer)) - r.Get(loginURL, func(w http.ResponseWriter, r *http.Request) { - flash := flashGet(r) - if err := renderer.Render(w, "login", map[string]interface{}{ - "Flash": flash, - }); err != nil { - httpError(w, 500, err.Error()) - return - } - return - }) - r.Post(loginURL, authHandler) - - r.Get("/*", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - p := strings.TrimPrefix(r.URL.Path, "/") - if b, err := StaticLoadTemplate(p); err == nil { - name := filepath.Base(p) - http.ServeContent(w, r, name, time.Now(), bytes.NewReader(b)) - } - })) - }) - log("listening at", *addr) http.ListenAndServe(*addr, r) } diff --git a/cmd/server/sites.go b/cmd/server/sites.go index cf78fda..f7e7793 100644 --- a/cmd/server/sites.go +++ b/cmd/server/sites.go @@ -66,7 +66,7 @@ func handleSite(db sws.SiteStore, rndr Renderer) http.HandlerFunc { payload := newTemplateData(r) payload.Site = site - payload.Pages = &pageSet + payload.PageSet = &pageSet payload.Browsers = &browserSet payload.Hits = hitSet diff --git a/templates/home.tmpl b/templates/home.tmpl index 7920916..956c589 100644 --- a/templates/home.tmpl +++ b/templates/home.tmpl @@ -1,4 +1,5 @@ {{ define "content" }} + <!-- home --> <main> home page </main> diff --git a/templates/login.tmpl b/templates/login.tmpl index 13a942c..f4bf395 100644 --- a/templates/login.tmpl +++ b/templates/login.tmpl @@ -1,7 +1,8 @@ {{ define "content" }} + <!-- login --> <main> <h2>Login</h2> - <form method="post"> + <form method="post" action="/login"> <div class="field"> <input type="email" name="email" placeholder="your email" /> </div> diff --git a/templates/navbar.tmpl b/templates/navbar.tmpl index 3c2733c..99dba68 100644 --- a/templates/navbar.tmpl +++ b/templates/navbar.tmpl @@ -1,6 +1,6 @@ {{ define "navbar" }} <header class="site"> - <a class="logo" href="/"><img /></a> + <a class="logo" href="/">Logo</a> {{ if .User }} <a href="/sites">Sites</a> <a class="logout" href="/logout">Logout</a> diff --git a/templates/site.tmpl b/templates/site.tmpl index 236f7f4..3a2b198 100644 --- a/templates/site.tmpl +++ b/templates/site.tmpl @@ -12,12 +12,12 @@ <h2>Popular pages</h2> <fig> - {{ template "barChartHorizontal" .Pages }} + {{ template "barChartHorizontal" .PageSet }} </fig> <ul class="pages"> - {{ $pages := .Pages }} - {{ range .Pages }} + {{ $pages := .PageSet }} + {{ range .PageSet }} {{ template "pageForList" . }} <fig> {{ $pathHits := $pages.Page .Path }} |