Home Explore Help
Register Sign In
mro
/
ShaarliGo
mirror of https://code.mro.name/mro/ShaarliGo
Watch 1
Star 0
Fork 0
Files Issues
Branch: master
Branches Tags
ShaarliGo
/
config.go

config.go 4.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. //
    2. 

  2. // Copyright (C) 2017-2021 Marcus Rohrmoser, http://purl.mro.name/ShaarliGo
    3. 

  3. //
    4. 

  4. // This program is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // This program is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU General Public License
    15. 

  15. // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. //
    17. 

  17. 

  18. package main
    19. 

  19. 

  20. import (
    21. 

  21. 	"encoding/xml"
    22. 

  22. 	"html/template"
    23. 

  23. 	"io"
    24. 

  24. 	"log"
    25. 

  25. 	"net/http"
    26. 

  26. 	"path"
    27. 

  27. 	"strings"
    28. 

  28. 	"time"
    29. 

  29. 

  30. 	"golang.org/x/crypto/bcrypt"
    31. 

  31. )
    32. 

  32. 

  33. func mustParseRFC3339(str string) time.Time {
    34. 

  34. 	if ret, err := time.Parse(time.RFC3339, str); err != nil {
    35. 

  35. 		panic(err)
    36. 

  36. 	} else {
    37. 

  37. 		return ret
    38. 

  38. 	}
    39. 

  39. }
    40. 

  40. 

  41. func (app *Server) handleSettings() http.HandlerFunc {
    42. 

  42. 	return func(w http.ResponseWriter, r *http.Request) {
    43. 

  43. 		now := time.Now()
    44. 

  44. 		if app.cfg.IsConfigured() && !app.IsLoggedIn(now) {
    45. 

  45. 			http.Error(w, "double check failed.", http.StatusInternalServerError)
    46. 

  46. 			return
    47. 

  47. 		}
    48. 

  48. 

  49. 		if err := r.ParseForm(); err != nil {
    50. 

  50. 			http.Error(w, "couldn't parse form: "+err.Error(), http.StatusInternalServerError)
    51. 

  51. 			return
    52. 

  52. 		}
    53. 

  53. 

  54. 		switch r.Method {
    55. 

  55. 		case http.MethodPost:
    56. 

  56. 			uid := strings.TrimSpace(r.FormValue("setlogin"))
    57. 

  57. 			pwd := strings.TrimSpace(r.FormValue("setpassword"))
    58. 

  58. 			title := strings.TrimSpace(r.FormValue("title"))
    59. 

  59. 			// https://astaxie.gitbooks.io/build-web-application-with-golang/en/09.5.html
    60. 

  60. 			// $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
    61. 

  61. 			// original shaarli did $hash = sha1($password.$login.$GLOBALS['salt']);
    62. 

  62. 			if pwdBcrypt, err := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.DefaultCost); err != nil {
    63. 

  63. 				http.Error(w, "couldn't crypt pwd: "+err.Error(), http.StatusInternalServerError)
    64. 

  64. 				return
    65. 

  65. 			} else {
    66. 

  66. 				if len(uid) < 1 || len([]rune(pwd)) < 12 {
    67. 

  67. 					app.cfg.renderSettingsPage(w, http.StatusBadRequest)
    68. 

  68. 					return
    69. 

  69. 				}
    70. 

  70. 				app.cfg.Title = title
    71. 

  71. 				app.cfg.Uid = uid
    72. 

  72. 				app.cfg.PwdBcrypt = string(pwdBcrypt)
    73. 

  73. 				err = app.cfg.Save()
    74. 

  74. 			}
    75. 

  75. 

  76. 			if feed, err := LoadFeed(); err != nil {
    77. 

  77. 				http.Error(w, "couldn't load seed feed feeds: "+err.Error(), http.StatusInternalServerError)
    78. 

  78. 				return
    79. 

  79. 			} else {
    80. 

  80. 				feed.XmlBase = Iri(app.url.String())
    81. 

  81. 				feed.Id = Id(feed.XmlBase) // expand XmlBase as required by https://validator.w3.org/feed/check.cgi?url=
    82. 

  82. 				feed.Title = HumanText{Body: title}
    83. 

  83. 				feed.Authors = []Person{{Name: uid}}
    84. 

  84. 				feed.Links = []Link{
    85. 

  85. 					{Rel: relEdit, Href: path.Join(cgiName, uriPub, uriPosts), Title: "PostURI, maybe better a app:collection https://tools.ietf.org/html/rfc5023#section-8.3.3"},
    86. 

  86. 				}
    87. 

  87. 

  88. 				if err := app.SaveFeed(feed); err != nil {
    89. 

  89. 					http.Error(w, "couldn't store feed data: "+err.Error(), http.StatusInternalServerError)
    90. 

  90. 					return
    91. 

  91. 				}
    92. 

  92. 				if err := app.PublishFeedsForModifiedEntries(feed, feed.Entries); err != nil {
    93. 

  93. 					log.Println("couldn't write feeds: ", err.Error())
    94. 

  94. 					http.Error(w, "couldn't write feeds: "+err.Error(), http.StatusInternalServerError)
    95. 

  95. 					return
    96. 

  96. 				}
    97. 

  97. 

  98. 				app.startSession(w, r, now)
    99. 

  99. 				http.Redirect(w, r, path.Join("..", "..", uriPub, uriPosts)+"/", http.StatusFound)
    100. 

  100. 			}
    101. 

  101. 		case http.MethodGet:
    102. 

  102. 			app.cfg.renderSettingsPage(w, http.StatusOK)
    103. 

  103. 		default:
    104. 

  104. 			http.Error(w, "MethodNotAllowed", http.StatusMethodNotAllowed)
    105. 

  105. 		}
    106. 

  106. 	}
    107. 

  107. }
    108. 

  108. 

  109. func (cfg Config) renderSettingsPage(w http.ResponseWriter, code int) {
    110. 

  110. 	byt, _ := tplConfigformHtmlBytes()
    111. 

  111. 	tmpl, err := template.New("configform").Parse(string(byt))
    112. 

  112. 	if err == nil {
    113. 

  113. 		w.Header().Set("Content-Type", "text/xml; charset=utf-8")
    114. 

  114. 		w.WriteHeader(code)
    115. 

  115. 

  116. 		io.WriteString(w, xml.Header+
    117. 

  117. 			"<?xml-stylesheet type='text/xsl' href='"+path.Join("..", "..", "themes", "current", "config.xslt")+"'?>\n")
    118. 

  118. 		io.WriteString(w, `<!--
    119. 

  119.   The html you see here is for compatibility with vanilla shaarli.
    120. 

  120. 

  121.   The main reason is backward compatibility for e.g. http://app.mro.name/ShaarliOS and
    122. 

  122.   https://github.com/dimtion/Shaarlier as tested via
    123. 

  123.   https://code.mro.name/mro/Shaarli-API-test
    124. 

  124. -->
    125. 

  125. `)
    126. 

  126. 		err = tmpl.Execute(w, map[string]string{
    127. 

  127. 			"title":    cfg.Title,
    128. 

  128. 			"setlogin": cfg.Uid,
    129. 

  129. 		})
    130. 

  130. 	}
    131. 

  131. 	if err != nil {
    132. 

  132. 		http.Error(w, "couldn't restore assets: "+err.Error(), http.StatusInternalServerError)
    133. 

  133. 	}
    134. 

  134. }
    135. 

  135.