lavender/web/web.go

91 lines
2.0 KiB
Go
Raw Normal View History

2024-11-28 00:16:07 +00:00
package web
import (
"embed"
"errors"
"github.com/1f349/lavender/logger"
"github.com/1f349/lavender/utils"
"github.com/1f349/overlapfs"
"html/template"
"io"
"io/fs"
"net/http"
"os"
"path/filepath"
"strings"
)
var (
//go:embed dist
webBuild embed.FS
webCombinedDir fs.FS
pageTemplates *template.Template
loadOnce utils.Once[error]
)
func LoadPages(wd string) error {
return loadOnce.Do(func() (err error) {
webCombinedDir, err = fs.Sub(webBuild, "dist")
if err != nil {
return err
}
if wd != "" {
webDir := filepath.Join(wd, "web")
err = os.Mkdir(webDir, os.ModePerm)
if err != nil && !errors.Is(err, fs.ErrExist) {
return err
}
wdFs := os.DirFS(webDir)
webCombinedDir = overlapfs.OverlapFS{A: webBuild, B: wdFs}
}
pageTemplates, err = template.New("web").Delims("[[", "]]").Funcs(template.FuncMap{
"emailHide": utils.EmailHide,
}).ParseFS(webCombinedDir, "*.html")
return err
})
}
func RenderPageTemplate(wr io.Writer, name string, data any) {
err := pageTemplates.ExecuteTemplate(wr, name+".html", data)
if err != nil {
logger.Logger.Warn("Failed to render page", "name", name, "err", err)
}
}
func RenderWebAsset(rw http.ResponseWriter, req *http.Request) {
name := req.URL.Path
// Disallow paths containing ".." - directory traversal is a security issue.
// Disallow paths ending in ".html" - these should only be processed by HTML
// template.
if containsDotDot(name) || strings.HasSuffix(name, ".html") {
http.Error(rw, "404 Not Found", http.StatusNotFound)
return
}
// Enjoy the power of Go stdlib
http.ServeFileFS(rw, req, webCombinedDir, name)
}
// Go stdlib net/http/fs.go (containsDotDot)
func containsDotDot(v string) bool {
if !strings.Contains(v, "..") {
return false
}
for _, ent := range strings.FieldsFunc(v, isSlashRune) {
if ent == ".." {
return true
}
}
return false
}
// Go stdlib net/http/fs.go (isSlashRune)
func isSlashRune(r rune) bool { return r == '/' || r == '\\' }