rushlink/handlers.go

package rushlink

import (
	"crypto/subtle"
	"encoding/base64"
	"fmt"
	"log"
	"net/http"
	"net/url"
	"time"

	"github.com/gorilla/mux"
	"github.com/pkg/errors"
	bolt "go.etcd.io/bbolt"
)

type viewPaste uint

const (
	_ viewPaste = 1 << iota
	viewNoRedirect
	viewShowMeta
)

const CookieDeleteToken = "owner_token"

// These keys are designated reserved, and will not be randomly chosen
var ReservedPasteKeys = []string{"xd42", "example"}

// Base64 encoding and decoding
var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
var base64Encoder = base64.RawURLEncoding.WithPadding(base64.NoPadding)

func (t pasteType) String() string {
	switch t {
	case typeUndef:
		return "unknown"
	case typePaste:
		return "paste"
	case typeRedirect:
		return "redirect"
	default:
		return "invalid"
	}
}

func (t pasteState) String() string {
	switch t {
	case stateUndef:
		return "unknown"
	case statePresent:
		return "present"
	case stateDeleted:
		return "deleted"
	default:
		return "invalid"
	}
}

func indexGetHandler(w http.ResponseWriter, r *http.Request) {
	render(w, r, "index", map[string]interface{}{})
}

func viewPasteHandler(w http.ResponseWriter, r *http.Request) {
	viewPasteHandlerInner(w, r, 0)
}

func viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) {
	viewPasteHandlerInner(w, r, viewNoRedirect)
}

func viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) {
	viewPasteHandlerInner(w, r, viewShowMeta)
}

func viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste) {
	vars := mux.Vars(r)
	key := vars["key"]
	var p *paste
	if err := DB.View(func(tx *bolt.Tx) error {
		var err error
		p, err = getPaste(tx, key)
		return err
	}); err != nil {
		panic(err)
		return
	}
	if p == nil {
		renderError(w, r, http.StatusNotFound, "url key not found in the database")
		return
	}

	if flags&viewShowMeta != 0 {
		canDelete := struct {
			Bool   bool
			String string
		}{Bool: false}
		deleteToken := getDeleteTokenFromRequest(r)
		if deleteToken == "" {
			canDelete.String = "undefined"
		} else {
			if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {
				canDelete.Bool = true
				canDelete.String = "correct"
			} else {
				canDelete.String = "invalid"
			}
		}

		data := map[string]interface{}{
			"Paste":     p,
			"CanDelete": canDelete,
		}
		render(w, r, "pasteMeta", data)
		return
	}

	switch p.State {
	case statePresent:
		if flags&viewNoRedirect == 0 {
			rawurl := string(p.Content)
			urlParse, err := url.Parse(rawurl)
			if err != nil {
				panic(errors.Wrapf(err, "invalid URL ('%v') in database for key '%v'", rawurl, p.Key))
			}
			http.Redirect(w, r, urlParse.String(), http.StatusSeeOther)
		}
		w.Write(p.Content)
	case stateDeleted:
		renderError(w, r, http.StatusGone, "paste has been deleted")
	default:
		panic(errors.Errorf("invalid paste.State (%v) for key '%v'", p.State, p.Key))
	}
}

func newPasteHandler(w http.ResponseWriter, r *http.Request) {
	if err := r.ParseMultipartForm(50 * 1000 * 1000); err != nil {
		panic(err)
	}

	// Determine what kind of post this is, currently only `shorten=...`
	if len(r.PostForm) == 0 {
		renderError(w, r, http.StatusBadRequest, "empty body in POST request\n")
		return
	}
	shorten_values, prs := r.PostForm["shorten"]
	if !prs {
		renderError(w, r, http.StatusBadRequest, "no 'shorten' param given\n")
		return
	}
	if len(shorten_values) != 1 {
		renderError(w, r, http.StatusBadRequest, "only one 'shorten' param is allowed per request\n")
		return
	}

	newRedirectPasteHandler(w, r)
}

func newRedirectPasteHandler(w http.ResponseWriter, r *http.Request) {
	rawurl := r.PostForm.Get("shorten")
	userURL, err := url.ParseRequestURI(rawurl)
	if err != nil {
		msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl)
		renderError(w, r, http.StatusBadRequest, msg)
		return
	}
	if userURL.Scheme == "" {
		renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)")
		return
	}
	if userURL.Host == "" {
		renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)")
		return
	}

	var paste *paste
	if err := DB.Update(func(tx *bolt.Tx) error {
		// Generate a new delete token for this paste
		var err error
		paste, err = shortenURL(tx, userURL)
		return err
	}); err != nil {
		panic(err)
	}
	data := map[string]interface{}{"Paste": paste}
	render(w, r, "newRedirectPasteSuccess", data)
}

// Delete a URL from the database
func deletePasteHandler(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	key := vars["key"]

	deleteToken := getDeleteTokenFromRequest(r)
	if deleteToken == "" {
		renderError(w, r, http.StatusBadRequest, "no delete token provided")
		return
	}

	var errorCode int
	if err := DB.Update(func(tx *bolt.Tx) error {
		p, err := getPaste(tx, key)
		if err != nil {
			errorCode = http.StatusNotFound
			return err
		}
		if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {
			p.delete(tx)
		}
		errorCode = http.StatusForbidden
		return errors.New("invalid delete token")
	}); err != nil {
		log.Printf("error: %v\n", err)
		renderError(w, r, errorCode, fmt.Sprintf("error: %v", err))
		return
	}
}

// Add a new URL to the database
//
// Returns the new ID if the url was successfully shortened
func shortenURL(tx *bolt.Tx, userURL *url.URL) (*paste, error) {
	pasteKey, err := generatePasteKey(tx)
	if err != nil {
		return nil, errors.Wrap(err, "generating paste key")
	}

	// Also generate a deleteToken
	deleteToken, err := generateDeleteToken()
	if err != nil {
		return nil, errors.Wrap(err, "generating delete token")
	}

	// Store the new key
	p := paste{
		Type:        typeRedirect,
		State:       statePresent,
		Content:     []byte(userURL.String()),
		Key:         pasteKey,
		DeleteToken: deleteToken,
		TimeCreated: time.Now().UTC(),
	}
	if err := p.save(tx); err != nil {
		return nil, err
	}
	return &p, nil
}

func getDeleteTokenFromRequest(r *http.Request) string {
	return r.URL.Query().Get("deleteToken")
}
Move several packages to root package 2019-11-09 15:50:12 +01:00			`package rushlink`
Initial commit 2019-08-25 21:33:56 +02:00
			`import (`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`"crypto/subtle"`
			`"encoding/base64"`
Initial commit 2019-08-25 21:33:56 +02:00			`"fmt"`
			`"log"`
			`"net/http"`
			`"net/url"`
			`"time"`

Add a small prometheus exporter 2019-08-29 23:40:24 +02:00			`"github.com/gorilla/mux"`
			`"github.com/pkg/errors"`
Initial commit 2019-08-25 21:33:56 +02:00			`bolt "go.etcd.io/bbolt"`
			`)`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`type viewPaste uint`

			`const (`
			`_ viewPaste = 1 << iota`
			`viewNoRedirect`
			`viewShowMeta`
			`)`

			`const CookieDeleteToken = "owner_token"`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00
Add reserved keys 2019-09-01 12:04:43 +02:00			`// These keys are designated reserved, and will not be randomly chosen`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`var ReservedPasteKeys = []string{"xd42", "example"}`
Add reserved keys 2019-09-01 12:04:43 +02:00
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`// Base64 encoding and decoding`
			`var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"`
Use base64.RawURLEncoding as base64 encoder Fixes #1 2019-09-11 00:12:31 +02:00			`var base64Encoder = base64.RawURLEncoding.WithPadding(base64.NoPadding)`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func (t pasteType) String() string {`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`switch t {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case typeUndef:`
			`return "unknown"`
			`case typePaste:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "paste"`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case typeRedirect:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "redirect"`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`default:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "invalid"`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`
			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func (t pasteState) String() string {`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`switch t {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case stateUndef:`
			`return "unknown"`
			`case statePresent:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "present"`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case stateDeleted:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "deleted"`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`default:`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`return "invalid"`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`
			`}`

Refactor main into subdirs 2019-09-19 21:29:25 +02:00			`func indexGetHandler(w http.ResponseWriter, r *http.Request) {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`render(w, r, "index", map[string]interface{}{})`
Initial commit 2019-08-25 21:33:56 +02:00			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func viewPasteHandler(w http.ResponseWriter, r *http.Request) {`
			`viewPasteHandlerInner(w, r, 0)`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) {`
			`viewPasteHandlerInner(w, r, viewNoRedirect)`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) {`
			`viewPasteHandlerInner(w, r, viewShowMeta)`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste) {`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`vars := mux.Vars(r)`
			`key := vars["key"]`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`var p *paste`
Move several packages to root package 2019-11-09 15:50:12 +01:00			`if err := DB.View(func(tx *bolt.Tx) error {`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`var err error`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`p, err = getPaste(tx, key)`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`return err`
			`}); err != nil {`
Allow internal server error using panic() 2019-10-15 23:19:45 +02:00			`panic(err)`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`return`
			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`if p == nil {`
refactor: Make view logic private 2019-09-19 21:42:01 +02:00			`renderError(w, r, http.StatusNotFound, "url key not found in the database")`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`return`
			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`if flags&viewShowMeta != 0 {`
			`canDelete := struct {`
			`Bool bool`
			`String string`
			`}{Bool: false}`
Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`deleteToken := getDeleteTokenFromRequest(r)`
			`if deleteToken == "" {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`canDelete.String = "undefined"`
			`} else {`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`canDelete.Bool = true`
			`canDelete.String = "correct"`
			`} else {`
			`canDelete.String = "invalid"`
			`}`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`

Put existing pages in templates 2019-09-15 22:54:07 +02:00			`data := map[string]interface{}{`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`"Paste": p,`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`"CanDelete": canDelete,`
Put existing pages in templates 2019-09-15 22:54:07 +02:00			`}`
refactor: Make view logic private 2019-09-19 21:42:01 +02:00			`render(w, r, "pasteMeta", data)`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`return`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`}`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`switch p.State {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case statePresent:`
			`if flags&viewNoRedirect == 0 {`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`rawurl := string(p.Content)`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`urlParse, err := url.Parse(rawurl)`
			`if err != nil {`
Allow internal server error using panic() 2019-10-15 23:19:45 +02:00			`panic(errors.Wrapf(err, "invalid URL ('%v') in database for key '%v'", rawurl, p.Key))`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`}`
			`http.Redirect(w, r, urlParse.String(), http.StatusSeeOther)`
			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`w.Write(p.Content)`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`case stateDeleted:`
Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`renderError(w, r, http.StatusGone, "paste has been deleted")`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`default:`
Allow internal server error using panic() 2019-10-15 23:19:45 +02:00			`panic(errors.Errorf("invalid paste.State (%v) for key '%v'", p.State, p.Key))`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`}`
			`}`

Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`func newPasteHandler(w http.ResponseWriter, r *http.Request) {`
			`if err := r.ParseMultipartForm(50 * 1000 * 1000); err != nil {`
Allow internal server error using panic() 2019-10-15 23:19:45 +02:00			`panic(err)`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`}`

			// Determine what kind of post this is, currently only `shorten=...`
			`if len(r.PostForm) == 0 {`
			`renderError(w, r, http.StatusBadRequest, "empty body in POST request\n")`
			`return`
			`}`
			`shorten_values, prs := r.PostForm["shorten"]`
			`if !prs {`
			`renderError(w, r, http.StatusBadRequest, "no 'shorten' param given\n")`
			`return`
			`}`
			`if len(shorten_values) != 1 {`
			`renderError(w, r, http.StatusBadRequest, "only one 'shorten' param is allowed per request\n")`
			`return`
			`}`

			`newRedirectPasteHandler(w, r)`
			`}`

			`func newRedirectPasteHandler(w http.ResponseWriter, r *http.Request) {`
Initial commit 2019-08-25 21:33:56 +02:00			`rawurl := r.PostForm.Get("shorten")`
			`userURL, err := url.ParseRequestURI(rawurl)`
			`if err != nil {`
Extract error rendering 2019-09-15 21:34:41 +02:00			`msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl)`
refactor: Make view logic private 2019-09-19 21:42:01 +02:00			`renderError(w, r, http.StatusBadRequest, msg)`
Initial commit 2019-08-25 21:33:56 +02:00			`return`
			`}`
			`if userURL.Scheme == "" {`
refactor: Make view logic private 2019-09-19 21:42:01 +02:00			`renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)")`
Initial commit 2019-08-25 21:33:56 +02:00			`return`
			`}`
			`if userURL.Host == "" {`
refactor: Make view logic private 2019-09-19 21:42:01 +02:00			`renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)")`
Initial commit 2019-08-25 21:33:56 +02:00			`return`
			`}`

refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`var paste *paste`
Move several packages to root package 2019-11-09 15:50:12 +01:00			`if err := DB.Update(func(tx *bolt.Tx) error {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`// Generate a new delete token for this paste`
Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`var err error`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`paste, err = shortenURL(tx, userURL)`
Initial commit 2019-08-25 21:33:56 +02:00			`return err`
			`}); err != nil {`
Allow internal server error using panic() 2019-10-15 23:19:45 +02:00			`panic(err)`
Initial commit 2019-08-25 21:33:56 +02:00			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`data := map[string]interface{}{"Paste": paste}`
Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`render(w, r, "newRedirectPasteSuccess", data)`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`}`

			`// Delete a URL from the database`
			`func deletePasteHandler(w http.ResponseWriter, r *http.Request) {`
			`vars := mux.Vars(r)`
			`key := vars["key"]`

Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`deleteToken := getDeleteTokenFromRequest(r)`
			`if deleteToken == "" {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`renderError(w, r, http.StatusBadRequest, "no delete token provided")`
			`return`
			`}`

			`var errorCode int`
Move several packages to root package 2019-11-09 15:50:12 +01:00			`if err := DB.Update(func(tx *bolt.Tx) error {`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`p, err := getPaste(tx, key)`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`if err != nil {`
			`errorCode = http.StatusNotFound`
			`return err`
			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {`
			`p.delete(tx)`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`}`
			`errorCode = http.StatusForbidden`
			`return errors.New("invalid delete token")`
			`}); err != nil {`
			`log.Printf("error: %v\n", err)`
			`renderError(w, r, errorCode, fmt.Sprintf("error: %v", err))`
			`return`
			`}`
Implement retrieval of redirects 2019-08-29 00:50:26 +02:00			`}`

Initial commit 2019-08-25 21:33:56 +02:00			`// Add a new URL to the database`
			`//`
			`// Returns the new ID if the url was successfully shortened`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`func shortenURL(tx bolt.Tx, userURL url.URL) (*paste, error) {`
			`pasteKey, err := generatePasteKey(tx)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "generating paste key")`
Initial commit 2019-08-25 21:33:56 +02:00			`}`

Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`// Also generate a deleteToken`
			`deleteToken, err := generateDeleteToken()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "generating delete token")`
			`}`

Initial commit 2019-08-25 21:33:56 +02:00			`// Store the new key`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`p := paste{`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`Type: typeRedirect,`
			`State: statePresent,`
Rename main bucket to "pastes" and add /nr 2019-08-31 00:02:01 +02:00			`Content: []byte(userURL.String()),`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`Key: pasteKey,`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`DeleteToken: deleteToken,`
Initial commit 2019-08-25 21:33:56 +02:00			`TimeCreated: time.Now().UTC(),`
			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`if err := p.save(tx); err != nil {`
Implement deleting of pastes 2019-09-21 13:11:38 +02:00			`return nil, err`
			`}`
refactor: Put paste model in separate file 2019-09-22 14:03:27 +02:00			`return &p, nil`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`

Make deleteTokens strings 2019-09-21 21:03:31 +02:00			`func getDeleteTokenFromRequest(r *http.Request) string {`
			`return r.URL.Query().Get("deleteToken")`
Add meta viewer and owner tokens 2019-09-01 01:41:01 +02:00			`}`