2024-11-28 00:16:07 +00:00
|
|
|
package web
|
|
|
|
|
|
|
|
import (
|
|
|
|
"embed"
|
|
|
|
"errors"
|
|
|
|
"github.com/1f349/lavender/logger"
|
|
|
|
"github.com/1f349/lavender/utils"
|
|
|
|
"github.com/1f349/overlapfs"
|
2025-01-10 00:37:43 +00:00
|
|
|
"html"
|
2024-11-28 00:16:07 +00:00
|
|
|
"html/template"
|
|
|
|
"io"
|
|
|
|
"io/fs"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
//go:embed dist
|
|
|
|
webBuild embed.FS
|
|
|
|
|
|
|
|
webCombinedDir fs.FS
|
|
|
|
pageTemplates *template.Template
|
|
|
|
loadOnce utils.Once[error]
|
|
|
|
)
|
|
|
|
|
|
|
|
func LoadPages(wd string) error {
|
|
|
|
return loadOnce.Do(func() (err error) {
|
2025-01-10 00:37:43 +00:00
|
|
|
webCombinedDir = webBuild
|
2024-11-28 00:16:07 +00:00
|
|
|
|
|
|
|
if wd != "" {
|
|
|
|
webDir := filepath.Join(wd, "web")
|
|
|
|
|
|
|
|
err = os.Mkdir(webDir, os.ModePerm)
|
|
|
|
if err != nil && !errors.Is(err, fs.ErrExist) {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
wdFs := os.DirFS(webDir)
|
|
|
|
webCombinedDir = overlapfs.OverlapFS{A: webBuild, B: wdFs}
|
|
|
|
}
|
|
|
|
|
2025-01-10 00:37:43 +00:00
|
|
|
// TODO(melon): figure this out layer
|
|
|
|
webCombinedDir = webBuild
|
|
|
|
|
2024-11-28 00:16:07 +00:00
|
|
|
pageTemplates, err = template.New("web").Delims("[[", "]]").Funcs(template.FuncMap{
|
2025-01-10 00:37:43 +00:00
|
|
|
"emailHide": utils.EmailHide,
|
|
|
|
"renderOptionTag": renderOptionTag,
|
|
|
|
"renderCheckboxTag": renderCheckboxTag,
|
|
|
|
}).ParseFS(webCombinedDir, "dist/*.html")
|
2024-11-28 00:16:07 +00:00
|
|
|
|
|
|
|
return err
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2025-01-10 00:37:43 +00:00
|
|
|
func renderOptionTag(value, display string, selectedValue string) template.HTML {
|
|
|
|
var selectedParam string
|
|
|
|
if value == selectedValue {
|
|
|
|
selectedParam = " selected"
|
|
|
|
}
|
|
|
|
return template.HTML("<option value=\"" + html.EscapeString(value) + "\"" + selectedParam + ">" + html.EscapeString(display) + "</option>")
|
|
|
|
}
|
|
|
|
|
|
|
|
func renderCheckboxTag(name, id string, checked bool) template.HTML {
|
|
|
|
var checkedParam string
|
|
|
|
if checked {
|
|
|
|
checkedParam = " checked"
|
|
|
|
}
|
|
|
|
return template.HTML("<input type=\"checkbox\" name=\"" + html.EscapeString(name) + "\" id=\"" + html.EscapeString(id) + "\"" + checkedParam + " />")
|
2024-12-09 18:40:18 +00:00
|
|
|
}
|
|
|
|
|
2024-11-28 00:16:07 +00:00
|
|
|
func RenderPageTemplate(wr io.Writer, name string, data any) {
|
2025-01-10 00:37:43 +00:00
|
|
|
p := name + ".html"
|
2024-12-09 18:40:18 +00:00
|
|
|
err := pageTemplates.ExecuteTemplate(wr, p, data)
|
2024-11-28 00:16:07 +00:00
|
|
|
if err != nil {
|
|
|
|
logger.Logger.Warn("Failed to render page", "name", name, "err", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-12-02 00:40:19 +00:00
|
|
|
func RenderWebAsset(rw http.ResponseWriter, req *http.Request, name string) {
|
2024-11-28 00:16:07 +00:00
|
|
|
// Disallow paths containing ".." - directory traversal is a security issue.
|
2024-12-02 00:40:19 +00:00
|
|
|
if containsDotDot(name) {
|
|
|
|
http.Error(rw, "400 Bad Request", http.StatusBadRequest)
|
|
|
|
}
|
|
|
|
|
2024-11-28 00:16:07 +00:00
|
|
|
// Disallow paths ending in ".html" - these should only be processed by HTML
|
|
|
|
// template.
|
2024-12-02 00:40:19 +00:00
|
|
|
if strings.HasSuffix(name, ".html") {
|
2024-11-28 00:16:07 +00:00
|
|
|
http.Error(rw, "404 Not Found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Enjoy the power of Go stdlib
|
|
|
|
http.ServeFileFS(rw, req, webCombinedDir, name)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Go stdlib net/http/fs.go (containsDotDot)
|
|
|
|
func containsDotDot(v string) bool {
|
|
|
|
if !strings.Contains(v, "..") {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, ent := range strings.FieldsFunc(v, isSlashRune) {
|
|
|
|
if ent == ".." {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// Go stdlib net/http/fs.go (isSlashRune)
|
|
|
|
func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
|