mirror of
https://github.com/1f349/lavender.git
synced 2025-01-21 22:26:25 +00:00
91 lines
2.0 KiB
Go
91 lines
2.0 KiB
Go
|
package web
|
||
|
|
||
|
import (
|
||
|
"embed"
|
||
|
"errors"
|
||
|
"github.com/1f349/lavender/logger"
|
||
|
"github.com/1f349/lavender/utils"
|
||
|
"github.com/1f349/overlapfs"
|
||
|
"html/template"
|
||
|
"io"
|
||
|
"io/fs"
|
||
|
"net/http"
|
||
|
"os"
|
||
|
"path/filepath"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
//go:embed dist
|
||
|
webBuild embed.FS
|
||
|
|
||
|
webCombinedDir fs.FS
|
||
|
pageTemplates *template.Template
|
||
|
loadOnce utils.Once[error]
|
||
|
)
|
||
|
|
||
|
func LoadPages(wd string) error {
|
||
|
return loadOnce.Do(func() (err error) {
|
||
|
webCombinedDir, err = fs.Sub(webBuild, "dist")
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
if wd != "" {
|
||
|
webDir := filepath.Join(wd, "web")
|
||
|
|
||
|
err = os.Mkdir(webDir, os.ModePerm)
|
||
|
if err != nil && !errors.Is(err, fs.ErrExist) {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
wdFs := os.DirFS(webDir)
|
||
|
webCombinedDir = overlapfs.OverlapFS{A: webBuild, B: wdFs}
|
||
|
}
|
||
|
|
||
|
pageTemplates, err = template.New("web").Delims("[[", "]]").Funcs(template.FuncMap{
|
||
|
"emailHide": utils.EmailHide,
|
||
|
}).ParseFS(webCombinedDir, "*.html")
|
||
|
|
||
|
return err
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func RenderPageTemplate(wr io.Writer, name string, data any) {
|
||
|
err := pageTemplates.ExecuteTemplate(wr, name+".html", data)
|
||
|
if err != nil {
|
||
|
logger.Logger.Warn("Failed to render page", "name", name, "err", err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func RenderWebAsset(rw http.ResponseWriter, req *http.Request) {
|
||
|
name := req.URL.Path
|
||
|
|
||
|
// Disallow paths containing ".." - directory traversal is a security issue.
|
||
|
// Disallow paths ending in ".html" - these should only be processed by HTML
|
||
|
// template.
|
||
|
if containsDotDot(name) || strings.HasSuffix(name, ".html") {
|
||
|
http.Error(rw, "404 Not Found", http.StatusNotFound)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
// Enjoy the power of Go stdlib
|
||
|
http.ServeFileFS(rw, req, webCombinedDir, name)
|
||
|
}
|
||
|
|
||
|
// Go stdlib net/http/fs.go (containsDotDot)
|
||
|
func containsDotDot(v string) bool {
|
||
|
if !strings.Contains(v, "..") {
|
||
|
return false
|
||
|
}
|
||
|
for _, ent := range strings.FieldsFunc(v, isSlashRune) {
|
||
|
if ent == ".." {
|
||
|
return true
|
||
|
}
|
||
|
}
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
// Go stdlib net/http/fs.go (isSlashRune)
|
||
|
func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
|