web/notify.moe
Code Issues Pull Requests Activity

Moved server packages to a separate folder

Browse Source
This commit is contained in:
Eduard Urbach
2019-11-18 18:39:59 +09:00
parent db366360c7
commit f3c14a4ed6
37 changed files with 28 additions and 23 deletions

1
server/Main.go

@ -1,5 +1,6 @@
package server
// Main runs the main loop of the web server.
func Main() {
app := New()
app.Run()

9
server/New.go

@ -9,15 +9,16 @@ import (
"github.com/akyoto/color"
"github.com/animenotifier/notify.moe/arn"
"github.com/animenotifier/notify.moe/assets"
"github.com/animenotifier/notify.moe/auth"
"github.com/animenotifier/notify.moe/graphql"
"github.com/animenotifier/notify.moe/middleware"
"github.com/animenotifier/notify.moe/pages"
"github.com/animenotifier/notify.moe/server/auth"
"github.com/animenotifier/notify.moe/server/graphql"
"github.com/animenotifier/notify.moe/server/https"
"github.com/animenotifier/notify.moe/server/middleware"
"github.com/animenotifier/notify.moe/utils/htmlemail"
"github.com/animenotifier/notify.moe/utils/https"
"github.com/animenotifier/notify.moe/utils/routetests"
)
// New creates a new web server.
func New() *aero.Application {
app := aero.New()

178
server/auth/Facebook.go Normal file

@ -0,0 +1,178 @@
package auth
import (
"context"
"errors"
"io/ioutil"
"net/http"
"strings"
"github.com/aerogo/aero"
"github.com/aerogo/log"
"github.com/animenotifier/notify.moe/arn"
"github.com/animenotifier/notify.moe/assets"
jsoniter "github.com/json-iterator/go"
"golang.org/x/oauth2"
"golang.org/x/oauth2/facebook"
)
// FacebookUser is the user data we receive from Facebook
type FacebookUser struct {
ID string `json:"id"`
Email string `json:"email"`
FirstName string `json:"first_name"`
LastName string `json:"last_name"`
Gender string `json:"gender"`
}
// Facebook enables Facebook login for the app.
func Facebook(app *aero.Application, authLog *log.Log) {
// OAuth2 configuration defines the API keys,
// scopes of required data and the redirect URL
// that Facebook should send the user to after
// a successful login on their pages.
config := &oauth2.Config{
ClientID: arn.APIKeys.Facebook.ID,
ClientSecret: arn.APIKeys.Facebook.Secret,
RedirectURL: "https://" + assets.Domain + "/auth/facebook/callback",
Scopes: []string{
"public_profile",
"email",
},
Endpoint: facebook.Endpoint,
}
// When a user visits /auth/facebook, we ask OAuth2 config for a URL
// to redirect the user to. Once the user has logged in on that page,
// he'll be redirected back to our servers to the callback page.
app.Get("/auth/facebook", func(ctx aero.Context) error {
state := ctx.Session().ID()
url := config.AuthCodeURL(state)
return ctx.Redirect(http.StatusTemporaryRedirect, url)
})
// This is the redirect URL that we specified in the OAuth2 config.
// The user has successfully completed the login on Facebook servers.
// Now we have to check for fraud requests and request user information.
// If both Facebook ID and email can't be found in our DB, register a new user.
// Otherwise, log in the user with the given Facebook ID or email.
app.Get("/auth/facebook/callback", func(ctx aero.Context) error {
if !ctx.HasSession() {
return ctx.Error(http.StatusUnauthorized, "Facebook login failed", errors.New("Session does not exist"))
}
session := ctx.Session()
if session.ID() != ctx.Query("state") {
return ctx.Error(http.StatusUnauthorized, "Facebook login failed", errors.New("Incorrect state"))
}
// Handle the exchange code to initiate a transport
token, err := config.Exchange(context.Background(), ctx.Query("code"))
if err != nil {
return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
}
// Construct the OAuth client
client := config.Client(context.Background(), token)
// Fetch user data from Facebook
response, err := client.Get("https://graph.facebook.com/me?fields=email,first_name,last_name,gender")
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Facebook", err)
}
defer response.Body.Close()
body, _ := ioutil.ReadAll(response.Body)
// Construct a FacebookUser object
fbUser := FacebookUser{}
err = jsoniter.Unmarshal(body, &fbUser)
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
}
// Change googlemail.com to gmail.com
fbUser.Email = strings.Replace(fbUser.Email, "googlemail.com", "gmail.com", 1)
// Is this an existing user connecting another social account?
user := arn.GetUserFromContext(ctx)
if user != nil {
// Add FacebookToUser reference
user.ConnectFacebook(fbUser.ID)
// Save in DB
user.Save()
// Log
authLog.Info("Added Facebook ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
var getErr error
// Try to find an existing user via the Facebook user ID
user, getErr = arn.GetUserByFacebookID(fbUser.ID)
if getErr == nil && user != nil {
authLog.Info("User logged in via Facebook ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Add FacebookToUser reference
user.ConnectFacebook(fbUser.ID)
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Try to find an existing user via the associated e-mail address
user, getErr = arn.GetUserByEmail(fbUser.Email)
if getErr == nil && user != nil {
authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Register new user
user = arn.NewUser()
user.Nick = "fb" + fbUser.ID
user.Email = fbUser.Email
user.FirstName = fbUser.FirstName
user.LastName = fbUser.LastName
user.Gender = fbUser.Gender
user.LastLogin = arn.DateTimeUTC()
// Save basic user info already to avoid data inconsistency problems
user.Save()
// Register user
arn.RegisterUser(user)
// Connect account to a Facebook account
user.ConnectFacebook(fbUser.ID)
// Save user object again with updated data
user.Save()
// Login
session.Set("userId", user.ID)
// Log
authLog.Info("Registered new user via Facebook | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Redirect to starting page for new users
return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
})
}

189
server/auth/Google.go Normal file

@ -0,0 +1,189 @@
package auth
import (
"context"
"errors"
"io/ioutil"
"net/http"
"strings"
"github.com/aerogo/aero"
"github.com/aerogo/log"
"github.com/animenotifier/notify.moe/arn"
"github.com/animenotifier/notify.moe/assets"
jsoniter "github.com/json-iterator/go"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
// GoogleUser is the user data we receive from Google
type GoogleUser struct {
Sub string `json:"sub"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Email string `json:"email"`
Gender string `json:"gender"`
// Name string `json:"name"`
// Profile string `json:"profile"`
// Picture string `json:"picture"`
// EmailVerified bool `json:"email_verified"`
}
// Google enables Google login for the app.
func Google(app *aero.Application, authLog *log.Log) {
// OAuth2 configuration defines the API keys,
// scopes of required data and the redirect URL
// that Google should send the user to after
// a successful login on their pages.
config := &oauth2.Config{
ClientID: arn.APIKeys.Google.ID,
ClientSecret: arn.APIKeys.Google.Secret,
RedirectURL: "https://" + assets.Domain + "/auth/google/callback",
Scopes: []string{
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
// "https://www.googleapis.com/auth/plus.me",
// "https://www.googleapis.com/auth/plus.login",
},
Endpoint: google.Endpoint,
}
// When a user visits /auth/google, we ask OAuth2 config for a URL
// to redirect the user to. Once the user has logged in on that page,
// he'll be redirected back to our servers to the callback page.
app.Get("/auth/google", func(ctx aero.Context) error {
state := ctx.Session().ID()
url := config.AuthCodeURL(state)
return ctx.Redirect(http.StatusTemporaryRedirect, url)
})
// This is the redirect URL that we specified in the OAuth2 config.
// The user has successfully completed the login on Google servers.
// Now we have to check for fraud requests and request user information.
// If both Google ID and email can't be found in our DB, register a new user.
// Otherwise, log in the user with the given Google ID or email.
app.Get("/auth/google/callback", func(ctx aero.Context) error {
if !ctx.HasSession() {
return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Session does not exist"))
}
session := ctx.Session()
if session.ID() != ctx.Query("state") {
return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Incorrect state"))
}
// Handle the exchange code to initiate a transport
token, err := config.Exchange(context.Background(), ctx.Query("code"))
if err != nil {
return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
}
// Construct the OAuth client
client := config.Client(context.Background(), token)
// Fetch user data from Google
response, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)
}
defer response.Body.Close()
data, _ := ioutil.ReadAll(response.Body)
// Construct a GoogleUser object
var googleUser GoogleUser
err = jsoniter.Unmarshal(data, &googleUser)
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
}
if googleUser.Sub == "" {
return ctx.Error(http.StatusBadRequest, "Failed retrieving Google data", errors.New("Empty ID"))
}
// Change googlemail.com to gmail.com
googleUser.Email = strings.Replace(googleUser.Email, "googlemail.com", "gmail.com", 1)
// Is this an existing user connecting another social account?
user := arn.GetUserFromContext(ctx)
if user != nil {
// Add GoogleToUser reference
user.ConnectGoogle(googleUser.Sub)
// Save in DB
user.Save()
// Log
authLog.Info("Added Google ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
var getErr error
// Try to find an existing user via the Google user ID
user, getErr = arn.GetUserByGoogleID(googleUser.Sub)
if getErr == nil && user != nil {
authLog.Info("User logged in via Google ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Try to find an existing user via the associated e-mail address
user, getErr = arn.GetUserByEmail(googleUser.Email)
if getErr == nil && user != nil {
authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Add GoogleToUser reference
user.ConnectGoogle(googleUser.Sub)
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Register new user
user = arn.NewUser()
user.Nick = "g" + googleUser.Sub
user.Email = googleUser.Email
user.FirstName = googleUser.GivenName
user.LastName = googleUser.FamilyName
user.Gender = googleUser.Gender
user.LastLogin = arn.DateTimeUTC()
// Save basic user info already to avoid data inconsistency problems
user.Save()
// Register user
arn.RegisterUser(user)
// Connect account to a Google account
user.ConnectGoogle(googleUser.Sub)
// Save user object again with updated data
user.Save()
// Login
session.Set("userId", user.ID)
// Log
authLog.Info("Registered new user via Google | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Redirect to starting page for new users
return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
})
}

25
server/auth/Install.go Normal file

@ -0,0 +1,25 @@
package auth
import (
"os"
"github.com/aerogo/aero"
"github.com/aerogo/log"
)
const newUserStartRoute = "/welcome"
// Install installs all authentication routes in the application.
func Install(app *aero.Application) {
authLog := log.New()
authLog.AddWriter(os.Stdout)
authLog.AddWriter(log.File("logs/auth.log"))
// Login
Google(app, authLog)
Facebook(app, authLog)
Twitter(app, authLog)
// Logout
Logout(app, authLog)
}

27
server/auth/Logout.go Normal file

@ -0,0 +1,27 @@
package auth
import (
"net/http"
"github.com/aerogo/aero"
"github.com/aerogo/log"
"github.com/animenotifier/notify.moe/arn"
)
// Logout is called when the user clicks the logout button.
// It deletes the "userId" from the session.
func Logout(app *aero.Application, authLog *log.Log) {
app.Get("/logout", func(ctx aero.Context) error {
if ctx.HasSession() {
user := arn.GetUserFromContext(ctx)
if user != nil {
authLog.Info("%s logged out | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
}
ctx.Session().Delete("userId")
}
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
})
}

194
server/auth/Twitter.go Normal file

@ -0,0 +1,194 @@
package auth
import (
"errors"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"strings"
"github.com/aerogo/aero"
"github.com/aerogo/log"
"github.com/animenotifier/notify.moe/arn"
"github.com/animenotifier/notify.moe/assets"
"github.com/gomodule/oauth1/oauth"
jsoniter "github.com/json-iterator/go"
)
// TwitterUser is the user data we receive from Twitter
type TwitterUser struct {
ID string `json:"id_str"`
Email string `json:"email"`
Name string `json:"name"`
Description string `json:"description"`
ScreenName string `json:"screen_name"`
}
// Twitter enables Twitter login for the app.
func Twitter(app *aero.Application, authLog *log.Log) {
// oauth1 configuration defines the API keys,
// the url for the request token, the access token and the authorisation.
config := &oauth.Client{
TemporaryCredentialRequestURI: "https://api.twitter.com/oauth/request_token",
ResourceOwnerAuthorizationURI: "https://api.twitter.com/oauth/authenticate",
TokenRequestURI: "https://api.twitter.com/oauth/access_token",
Credentials: oauth.Credentials{
Token: arn.APIKeys.Twitter.ID,
Secret: arn.APIKeys.Twitter.Secret,
},
}
// When a user visits /auth/twitter, we ask OAuth1 to give us
// a request token and give us a URL to redirect the user to.
// Once the user has approved the application on that page,
// he'll be redirected back to our servers to the callback page.
app.Get("/auth/twitter", func(ctx aero.Context) error {
callback := "https://" + assets.Domain + "/auth/twitter/callback"
tempCred, err := config.RequestTemporaryCredentials(nil, callback, nil)
if err != nil {
fmt.Printf("Error: %s", err)
}
ctx.Session().Set("tempCred", tempCred)
url := config.AuthorizationURL(tempCred, nil)
return ctx.Redirect(http.StatusTemporaryRedirect, url)
})
// This is the redirect URL that we specified in /auth/twitter.
// The user has allowed the application to have access to his data.
// Now we have to check for fraud requests and request user information.
// If both Twitter ID and email can't be found in our DB, register a new user.
// Otherwise, log in the user with the given Twitter ID or email.
app.Get("/auth/twitter/callback", func(ctx aero.Context) error {
if !ctx.HasSession() {
return ctx.Error(http.StatusUnauthorized, "Twitter login failed", errors.New("Session does not exist"))
}
session := ctx.Session()
// Get back the request token to get the access token
tempCred, _ := session.Get("tempCred").(*oauth.Credentials)
session.Delete("tempCred")
if tempCred == nil || tempCred.Token != ctx.Query("oauth_token") {
return ctx.Error(http.StatusBadRequest, "Unknown OAuth request token", nil)
}
// Get the request token from twitter
tokenCred, _, err := config.RequestToken(nil, tempCred, ctx.Query("oauth_verifier"))
if err != nil {
return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth access token", err)
}
// Fetch user data from Twitter
params := url.Values{
"include_email": {"true"},
"skip_status": {"true"},
}
response, err := config.Get(nil, tokenCred, "https://api.twitter.com/1.1/account/verify_credentials.json", params)
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Twitter", err)
}
defer response.Body.Close()
body, _ := ioutil.ReadAll(response.Body)
fmt.Println(string(body))
// Construct a TwitterUser object
twUser := TwitterUser{}
err = jsoniter.Unmarshal(body, &twUser)
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
}
// Change googlemail.com to gmail.com
twUser.Email = strings.Replace(twUser.Email, "googlemail.com", "gmail.com", 1)
// Is this an existing user connecting another social account?
user := arn.GetUserFromContext(ctx)
if user != nil {
// Add TwitterToUser reference
user.ConnectTwitter(twUser.ID)
// Save in DB
user.Accounts.Twitter.Nick = twUser.ScreenName
user.Save()
// Log
authLog.Info("Added Twitter ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
var getErr error
// Try to find an existing user via the Twitter user ID
user, getErr = arn.GetUserByTwitterID(twUser.ID)
if getErr == nil && user != nil {
authLog.Info("User logged in via Twitter ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Try to find an existing user via the associated e-mail address
user, getErr = arn.GetUserByEmail(twUser.Email)
if getErr == nil && user != nil {
authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Add TwitterToUser reference
user.ConnectTwitter(twUser.ID)
user.Accounts.Twitter.Nick = twUser.ScreenName
user.LastLogin = arn.DateTimeUTC()
user.Save()
session.Set("userId", user.ID)
return ctx.Redirect(http.StatusTemporaryRedirect, "/")
}
// Register new user
user = arn.NewUser()
user.Nick = "tw" + twUser.ID
user.Email = twUser.Email
user.LastLogin = arn.DateTimeUTC()
user.FirstName = twUser.Name
// Save basic user info already to avoid data inconsistency problems
user.Save()
// Register user
arn.RegisterUser(user)
// Connect account to a Twitter account
user.ConnectTwitter(twUser.ID)
// Copy fields
user.Accounts.Twitter.Nick = twUser.ScreenName
user.Introduction = twUser.Description
// Save user object again with updated data
user.Save()
// Login
session.Set("userId", user.ID)
// Log
authLog.Info("Registered new user via Twitter | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
// Redirect to starting page for new users
return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
})
}

79
server/graphql/graphql.go Normal file

@ -0,0 +1,79 @@
package graphql
import (
"fmt"
"strings"
"github.com/aerogo/aero"
"github.com/aerogo/graphql"
"github.com/animenotifier/notify.moe/arn"
)
func Install(app *aero.Application) {
api := graphql.New(arn.DB)
// Block private collections
api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
typeName := strings.TrimPrefix(name, "all")
typeName = strings.TrimPrefix(typeName, "like")
if arn.IsPrivateType(typeName) {
return nil, fmt.Errorf("Type '%s' is private", typeName), true
}
return nil, nil, false
})
// Like objects
// api.AddRootResolver(func(name string, arguments graphql.Map) (interface{}, error, bool) {
// if !strings.HasPrefix(name, "like") {
// return nil, nil, false
// }
// id, ok := arguments["ID"].(string)
// if !ok {
// return nil, fmt.Errorf("'%s' needs to specify an ID", name), true
// }
// typeName := strings.TrimPrefix(name, "like")
// obj, err := arn.DB.Get(typeName, id)
// if err != nil {
// return nil, err, true
// }
// field := reflect.ValueOf(obj).Elem().FieldByName("IsDraft")
// if field.IsValid() && field.Bool() {
// return nil, errors.New("Drafts need to be published before they can be liked"), true
// }
// likeable, ok := obj.(arn.Likeable)
// if !ok {
// return nil, fmt.Errorf("'%s' does not implement the Likeable interface", name), true
// }
// // TODO: Authentication
// // user := GetUserFromContext(ctx)
// // if user == nil {
// // return errors.New("Not logged in")
// // }
// // likeable.Like(user.ID)
// // Call OnLike if the object implements it
// // receiver, ok := likeable.(LikeEventReceiver)
// // if ok {
// // receiver.OnLike(user)
// // }
// likeable.Save()
// return obj, nil, true
// })
app.Post("/graphql", api.Handler())
}

43
server/https/Configure.go Normal file

@ -0,0 +1,43 @@
package https
import (
"os"
"path"
"github.com/aerogo/aero"
"github.com/akyoto/color"
"github.com/animenotifier/notify.moe/arn"
)
// Configure loads the certificates.
func Configure(app *aero.Application) {
fullCertPath := path.Join(arn.Root, "security", "fullchain.pem")
fullKeyPath := path.Join(arn.Root, "security", "privkey.pem")
if _, err := os.Stat(fullCertPath); os.IsNotExist(err) {
defaultCertPath := path.Join(arn.Root, "security", "default", "server.crt")
err := os.Link(defaultCertPath, fullCertPath)
if err != nil {
// Do not panic here, multiple tests could be running this in parallel.
// Therefore, races can occur (which test writes the link first).
// Simply log the error and continue as the file should be present.
color.Red(err.Error())
}
}
if _, err := os.Stat(fullKeyPath); os.IsNotExist(err) {
defaultKeyPath := path.Join(arn.Root, "security", "default", "server.key")
err := os.Link(defaultKeyPath, fullKeyPath)
if err != nil {
// Do not panic here, multiple tests could be running this in parallel.
// Therefore, races can occur (which test writes the link first).
// Simply log the error and continue as the file should be present.
color.Red(err.Error())
}
}
// HTTPS
app.Security.Load(fullCertPath, fullKeyPath)
}

23
server/middleware/HTTPSRedirect.go Normal file

@ -0,0 +1,23 @@
package middleware
import (
"net/http"
"github.com/aerogo/aero"
)
// HTTPSRedirect middleware redirects to HTTPS if needed.
func HTTPSRedirect(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
request := ctx.Request()
userAgent := request.Header("User-Agent")
isBrowser := userAgent != ""
if isBrowser && request.Scheme() != "https" {
return ctx.Redirect(http.StatusPermanentRedirect, "https://"+request.Host()+request.Path())
}
// Handle the request
return next(ctx)
}
}

43
server/middleware/IPToHost.go Normal file

@ -0,0 +1,43 @@
package middleware
import (
"net"
"time"
"github.com/akyoto/cache"
)
var ipToHosts = cache.New(60 * time.Minute)
// GetHostsForIP returns all host names for the given IP (if cached).
func GetHostsForIP(ip string) ([]string, bool) {
hosts, found := ipToHosts.Get(ip)
if !found {
hosts = findHostsForIP(ip)
}
if hosts == nil {
return nil, found
}
return hosts.([]string), found
}
// Finds all host names for the given IP
func findHostsForIP(ip string) []string {
hosts, err := net.LookupAddr(ip)
if err != nil {
return nil
}
if len(hosts) == 0 {
return nil
}
// Cache host names
ipToHosts.Set(ip, hosts, 60*time.Minute)
return hosts
}

49
server/middleware/Layout.go Normal file

@ -0,0 +1,49 @@
package middleware
import (
"sort"
"github.com/aerogo/aero"
"github.com/akyoto/stringutils/unsafe"
"github.com/animenotifier/notify.moe/arn"
"github.com/animenotifier/notify.moe/components"
)
// Layout middleware modifies the response body
// to be wrapped around the general layout.
func Layout(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
ctx.AddModifier(func(content []byte) []byte {
user := arn.GetUserFromContext(ctx)
customCtx := ctx.(*OpenGraphContext)
openGraph := customCtx.OpenGraph
// Make output order deterministic to profit from Aero caching.
// To do this, we need to create slices and sort the tags.
var meta []string
var tags []string
if openGraph != nil {
for name := range openGraph.Meta {
meta = append(meta, name)
}
sort.Strings(meta)
for name := range openGraph.Tags {
tags = append(tags, name)
}
sort.Strings(tags)
}
// Assure that errors are formatted as HTML
ctx.Response().SetHeader("Content-Type", "text/html; charset=utf-8")
html := components.Layout(ctx, user, openGraph, meta, tags, unsafe.BytesToString(content))
return unsafe.StringToBytes(html)
})
return next(ctx)
}
}

90
server/middleware/Log.go Normal file

@ -0,0 +1,90 @@
package middleware
import (
"net/http"
"os"
"strconv"
"strings"
"time"
"github.com/aerogo/aero"
"github.com/aerogo/log"
"github.com/animenotifier/notify.moe/arn"
)
var (
requestLog = log.New()
errorLog = log.New()
ipLog = log.New()
)
// Initialize log files
func init() {
// The request log contains every single request to the server
requestLog.AddWriter(log.File("logs/request.log"))
// The IP log contains the IPs accessing the server
ipLog.AddWriter(log.File("logs/ip.log"))
// The error log contains all failed requests
errorLog.AddWriter(log.File("logs/error.log"))
errorLog.AddWriter(os.Stderr)
}
// Log middleware logs every request into logs/request.log and errors into logs/error.log.
func Log(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
start := time.Now()
err := next(ctx)
responseTime := time.Since(start)
logRequest(ctx, responseTime)
return err
}
}
// Logs a single request
func logRequest(ctx aero.Context, responseTime time.Duration) {
responseTimeString := strconv.Itoa(int(responseTime.Nanoseconds()/1000000)) + " ms"
repeatSpaceCount := 8 - len(responseTimeString)
if repeatSpaceCount < 0 {
repeatSpaceCount = 0
}
responseTimeString = strings.Repeat(" ", repeatSpaceCount) + responseTimeString
user := arn.GetUserFromContext(ctx)
ip := ctx.IP()
hostNames, cached := GetHostsForIP(ip)
if !cached && len(hostNames) > 0 {
ipLog.Info("%s = %s", ip, strings.Join(hostNames, ", "))
}
// Log every request
id := "id"
nick := "guest"
if user != nil {
id = user.ID
nick = user.Nick
}
requestLog.Info("%s | %s | %s | %s | %d | %s", nick, id, ip, responseTimeString, ctx.Status(), ctx.Path())
// Log all requests that failed
switch ctx.Status() {
case http.StatusOK, http.StatusTemporaryRedirect, http.StatusPermanentRedirect:
// Ok.
default:
errorLog.Error("%s | %s | %s | %s | %d | %s", nick, id, ip, responseTimeString, ctx.Status(), ctx.Path())
}
// Notify us about long requests.
// However ignore requests under /auth/ because those depend on 3rd party servers.
if responseTime >= 500*time.Millisecond && !strings.HasPrefix(ctx.Path(), "/auth/") && !strings.HasPrefix(ctx.Path(), "/sitemap/") && !strings.HasPrefix(ctx.Path(), "/api/sse/") {
errorLog.Error("%s | %s | %s | %s | %d | %s (long response time)", nick, id, ip, responseTimeString, ctx.Status(), ctx.Path())
}
}

24
server/middleware/OpenGraph.go Normal file

@ -0,0 +1,24 @@
package middleware
import (
"github.com/aerogo/aero"
"github.com/animenotifier/notify.moe/arn"
)
// OpenGraphContext is a context with open graph data.
type OpenGraphContext struct {
aero.Context
*arn.OpenGraph
}
// OpenGraph middleware modifies the context to be an OpenGraphContext.
func OpenGraph(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
openGraphCtx := &OpenGraphContext{
Context: ctx,
OpenGraph: nil,
}
return next(openGraphCtx)
}
}

59
server/middleware/Recover.go Normal file

@ -0,0 +1,59 @@
package middleware
import (
"fmt"
"net/http"
"os"
"runtime"
"strings"
"github.com/aerogo/aero"
"github.com/animenotifier/notify.moe/arn"
)
// Recover recovers from panics and shows them as the response body.
func Recover(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
defer func() {
r := recover()
if r == nil {
return
}
err, ok := r.(error)
if !ok {
err = fmt.Errorf("%v", r)
}
stack := make([]byte, 4096)
length := runtime.Stack(stack, false)
stackString := string(stack[:length])
fmt.Fprint(os.Stderr, stackString)
// Save crash in database
crash := &arn.Crash{
Error: err.Error(),
Stack: stackString,
Path: ctx.Path(),
}
crash.ID = arn.GenerateID("Crash")
crash.Created = arn.DateTimeUTC()
user := arn.GetUserFromContext(ctx)
if user != nil {
crash.CreatedBy = user.ID
}
crash.Save()
// Send HTML
message := "<div class='crash'>" + err.Error() + "<br><br>" + strings.ReplaceAll(stackString, "\n", "<br>") + "</div>"
_ = ctx.Error(http.StatusInternalServerError, message)
}()
return next(ctx)
}
}

18
server/middleware/Session.go Normal file

@ -0,0 +1,18 @@
package middleware
import "github.com/aerogo/aero"
// Session middleware saves an existing session if it has been modified.
func Session(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
// Handle the request first
err := next(ctx)
// Update session if it has been modified
if ctx.HasSession() && ctx.Session().Modified() {
_ = ctx.App().Sessions.Store.Set(ctx.Session().ID(), ctx.Session())
}
return err
}
}

122
server/middleware/UserInfo.go Normal file

@ -0,0 +1,122 @@
package middleware
import (
"net/http"
"strconv"
"strings"
"github.com/aerogo/aero"
"github.com/aerogo/http/client"
"github.com/akyoto/color"
"github.com/animenotifier/notify.moe/arn"
"github.com/mssola/user_agent"
)
// UserInfo updates user related information after each request.
func UserInfo(next aero.Handler) aero.Handler {
return func(ctx aero.Context) error {
err := next(ctx)
// Ignore non-HTML requests
contentType := ctx.Response().Header("Content-Type")
if !strings.HasPrefix(contentType, "text/html") {
return nil
}
user := arn.GetUserFromContext(ctx)
// When there's no user logged in, nothing to update
if user == nil {
return nil
}
// Bind local variables and start a coroutine
ip := ctx.IP()
userAgent := ctx.Request().Header("User-Agent")
go updateUserInfo(ip, userAgent, user)
return err
}
}
// Update browser and OS data
func updateUserInfo(ip string, userAgent string, user *arn.User) {
if user.UserAgent != userAgent {
user.UserAgent = userAgent
// Parse user agent
parsed := user_agent.New(user.UserAgent)
// Browser
user.Browser.Name, user.Browser.Version = parsed.Browser()
// OS
os := parsed.OSInfo()
user.OS.Name = os.Name
user.OS.Version = os.Version
}
user.LastSeen = arn.DateTimeUTC()
user.Save()
if user.IP == ip {
return
}
updateUserLocation(user, ip)
}
// Updates the location of the user.
func updateUserLocation(user *arn.User, newIP string) {
user.IP = newIP
if arn.APIKeys.IPInfoDB.ID == "" {
if arn.IsProduction() {
color.Red("IPInfoDB key not defined")
}
return
}
locationAPI := "https://api.ipinfodb.com/v3/ip-city/?key=" + arn.APIKeys.IPInfoDB.ID + "&ip=" + user.IP + "&format=json"
response, err := client.Get(locationAPI).End()
if err != nil {
color.Red("Couldn't fetch location data | Error: %s | IP: %s", err.Error(), user.IP)
return
}
if response.StatusCode() != http.StatusOK {
color.Red("Couldn't fetch location data | Status: %d | IP: %s", response.StatusCode, user.IP)
return
}
newLocation := arn.IPInfoDBLocation{}
err = response.Unmarshal(&newLocation)
if err != nil {
color.Red("Couldn't deserialize location data | Status: %d | IP: %s", response.StatusCode, user.IP)
return
}
if newLocation.CountryName == "" || newLocation.CountryName == "-" {
return
}
user.Location.CountryName = newLocation.CountryName
user.Location.CountryCode = newLocation.CountryCode
user.Location.Latitude, _ = strconv.ParseFloat(newLocation.Latitude, 64)
user.Location.Longitude, _ = strconv.ParseFloat(newLocation.Longitude, 64)
user.Location.CityName = newLocation.CityName
user.Location.RegionName = newLocation.RegionName
user.Location.TimeZone = newLocation.TimeZone
user.Location.ZipCode = newLocation.ZipCode
// Make South Korea easier to read
if user.Location.CountryName == "Korea, Republic of" {
user.Location.CountryName = "South Korea"
}
user.Save()
}