mirror of
https://gitea.phreedom.club/localhost_frssoft/bloat.git
synced 2024-11-22 23:13:00 +00:00
Merge remote-tracking branch 'upstream/master' into localhost_custom
This commit is contained in:
commit
ab58d8a900
@ -38,5 +38,4 @@ post_formats=PlainText:text/plain,HTML:text/html,Markdown:text/markdown,BBCode:t
|
|||||||
# single_instance=pl.mydomain.com
|
# single_instance=pl.mydomain.com
|
||||||
|
|
||||||
# Path to custom CSS. Value can be a file path relative to the static directory.
|
# Path to custom CSS. Value can be a file path relative to the static directory.
|
||||||
# or a URL starting with either "http://" or "https://".
|
|
||||||
# custom_css=custom.css
|
# custom_css=custom.css
|
||||||
|
9
main.go
9
main.go
@ -8,7 +8,6 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"bloat/config"
|
"bloat/config"
|
||||||
"bloat/renderer"
|
"bloat/renderer"
|
||||||
@ -47,14 +46,8 @@ func main() {
|
|||||||
errExit(err)
|
errExit(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
customCSS := config.CustomCSS
|
|
||||||
if len(customCSS) > 0 && !strings.HasPrefix(customCSS, "http://") &&
|
|
||||||
!strings.HasPrefix(customCSS, "https://") {
|
|
||||||
customCSS = "/static/" + customCSS
|
|
||||||
}
|
|
||||||
|
|
||||||
s := service.NewService(config.ClientName, config.ClientScope,
|
s := service.NewService(config.ClientName, config.ClientScope,
|
||||||
config.ClientWebsite, customCSS, config.SingleInstance,
|
config.ClientWebsite, config.CustomCSS, config.SingleInstance,
|
||||||
config.PostFormats, renderer)
|
config.PostFormats, renderer)
|
||||||
handler := service.NewHandler(s, *verbose, config.StaticDirectory)
|
handler := service.NewHandler(s, *verbose, config.StaticDirectory)
|
||||||
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
package model
|
package model
|
||||||
|
|
||||||
type Session struct {
|
type Session struct {
|
||||||
ID string `json:"id,omitempty"`
|
|
||||||
UserID string `json:"uid,omitempty"`
|
UserID string `json:"uid,omitempty"`
|
||||||
Instance string `json:"ins,omitempty"`
|
Instance string `json:"ins,omitempty"`
|
||||||
ClientID string `json:"cid,omitempty"`
|
ClientID string `json:"cid,omitempty"`
|
||||||
@ -30,6 +29,7 @@ type Settings struct {
|
|||||||
InstanceEmojiFilter string `json:"iemojfilter,omitempty"`
|
InstanceEmojiFilter string `json:"iemojfilter,omitempty"`
|
||||||
AddReactionsFilter string `json:"reactionfilter,omitempty"`
|
AddReactionsFilter string `json:"reactionfilter,omitempty"`
|
||||||
CSS string `json:"css,omitempty"`
|
CSS string `json:"css,omitempty"`
|
||||||
|
CSSHash string `json:"cssh,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSettings() *Settings {
|
func NewSettings() *Settings {
|
||||||
@ -48,5 +48,6 @@ func NewSettings() *Settings {
|
|||||||
InstanceEmojiFilter: "",
|
InstanceEmojiFilter: "",
|
||||||
AddReactionsFilter: "",
|
AddReactionsFilter: "",
|
||||||
CSS: "",
|
CSS: "",
|
||||||
|
CSSHash: "",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -34,6 +34,8 @@ func (c *client) setSession(sess *model.Session) error {
|
|||||||
}
|
}
|
||||||
http.SetCookie(c.w, &http.Cookie{
|
http.SetCookie(c.w, &http.Cookie{
|
||||||
Name: "session",
|
Name: "session",
|
||||||
|
Path: "/",
|
||||||
|
HttpOnly: true,
|
||||||
Value: sb.String(),
|
Value: sb.String(),
|
||||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||||
})
|
})
|
||||||
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
|
|||||||
func (c *client) unsetSession() {
|
func (c *client) unsetSession() {
|
||||||
http.SetCookie(c.w, &http.Cookie{
|
http.SetCookie(c.w, &http.Cookie{
|
||||||
Name: "session",
|
Name: "session",
|
||||||
|
Path: "/",
|
||||||
Value: "",
|
Value: "",
|
||||||
Expires: time.Now(),
|
Expires: time.Now(),
|
||||||
})
|
})
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
package service
|
package service
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
@ -936,10 +938,6 @@ func (s *service) NewSession(c *client, instance string) (rurl string, sess *mod
|
|||||||
instanceURL = "https://" + instance
|
instanceURL = "https://" + instance
|
||||||
}
|
}
|
||||||
|
|
||||||
sid, err := util.NewSessionID()
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
csrf, err := util.NewCSRFToken()
|
csrf, err := util.NewCSRFToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
@ -955,28 +953,14 @@ func (s *service) NewSession(c *client, instance string) (rurl string, sess *mod
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
rurl = app.AuthURI
|
||||||
sess = &model.Session{
|
sess = &model.Session{
|
||||||
ID: sid,
|
|
||||||
Instance: instance,
|
Instance: instance,
|
||||||
ClientID: app.ClientID,
|
ClientID: app.ClientID,
|
||||||
ClientSecret: app.ClientSecret,
|
ClientSecret: app.ClientSecret,
|
||||||
CSRFToken: csrf,
|
CSRFToken: csrf,
|
||||||
Settings: *model.NewSettings(),
|
Settings: *model.NewSettings(),
|
||||||
}
|
}
|
||||||
|
|
||||||
u, err := url.Parse("/oauth/authorize")
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
q := make(url.Values)
|
|
||||||
q.Set("scope", "read write follow")
|
|
||||||
q.Set("client_id", app.ClientID)
|
|
||||||
q.Set("response_type", "code")
|
|
||||||
q.Set("redirect_uri", s.cwebsite+"/oauth_callback")
|
|
||||||
u.RawQuery = q.Encode()
|
|
||||||
|
|
||||||
rurl = instanceURL + u.String()
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1213,9 +1197,19 @@ func (s *service) SaveSettings(c *client, settings *model.Settings) (err error)
|
|||||||
default:
|
default:
|
||||||
return errInvalidArgument
|
return errInvalidArgument
|
||||||
}
|
}
|
||||||
|
if len(settings.CSS) > 0 {
|
||||||
if len(settings.CSS) > 1<<20 {
|
if len(settings.CSS) > 1<<20 {
|
||||||
return errInvalidArgument
|
return errInvalidArgument
|
||||||
}
|
}
|
||||||
|
// For some reason, browsers convert CRLF to LF before calculating
|
||||||
|
// the hash of the inline resources.
|
||||||
|
settings.CSS = strings.Replace(settings.CSS, "\x0d\x0a", "\x0a", -1)
|
||||||
|
|
||||||
|
h := sha256.Sum256([]byte(settings.CSS))
|
||||||
|
settings.CSSHash = base64.StdEncoding.EncodeToString(h[:])
|
||||||
|
} else {
|
||||||
|
settings.CSSHash = ""
|
||||||
|
}
|
||||||
c.s.Settings = *settings
|
c.s.Settings = *settings
|
||||||
return c.setSession(c.s)
|
return c.setSession(c.s)
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,15 @@ const (
|
|||||||
CSRF
|
CSRF
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const csp = "default-src 'none';" +
|
||||||
|
" img-src *;" +
|
||||||
|
" media-src *;" +
|
||||||
|
" font-src *;" +
|
||||||
|
" child-src *;" +
|
||||||
|
" connect-src 'self';" +
|
||||||
|
" script-src 'self';" +
|
||||||
|
" style-src 'self'"
|
||||||
|
|
||||||
func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
||||||
r := mux.NewRouter()
|
r := mux.NewRouter()
|
||||||
|
|
||||||
@ -58,14 +67,14 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
|||||||
}(time.Now())
|
}(time.Now())
|
||||||
}
|
}
|
||||||
|
|
||||||
var ct string
|
h := c.w.Header()
|
||||||
switch rt {
|
switch rt {
|
||||||
case HTML:
|
case HTML:
|
||||||
ct = "text/html; charset=utf-8"
|
h.Set("Content-Type", "text/html; charset=utf-8")
|
||||||
|
h.Set("Content-Security-Policy", csp)
|
||||||
case JSON:
|
case JSON:
|
||||||
ct = "application/json"
|
h.Set("Content-Type", "application/json")
|
||||||
}
|
}
|
||||||
c.w.Header().Add("Content-Type", ct)
|
|
||||||
|
|
||||||
err = c.authenticate(at, s.instance)
|
err = c.authenticate(at, s.instance)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -73,6 +82,13 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Override the CSP header to allow custom CSS
|
||||||
|
if rt == HTML && len(c.s.Settings.CSS) > 0 &&
|
||||||
|
len(c.s.Settings.CSSHash) > 0 {
|
||||||
|
v := fmt.Sprintf("%s 'sha256-%s'", csp, c.s.Settings.CSSHash)
|
||||||
|
h.Set("Content-Security-Policy", v)
|
||||||
|
}
|
||||||
|
|
||||||
err = f(c)
|
err = f(c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeError(c, err, rt, req.Method == http.MethodGet)
|
writeError(c, err, rt, req.Method == http.MethodGet)
|
||||||
|
@ -326,7 +326,7 @@ document.addEventListener("DOMContentLoaded", function() {
|
|||||||
links[j].target = "_blank";
|
links[j].target = "_blank";
|
||||||
}
|
}
|
||||||
|
|
||||||
var links = document.querySelectorAll(".status-media-container .img-link");
|
var links = document.querySelectorAll(".status-media-container .img-link, .user-profile-img-container .img-link");
|
||||||
for (var j = 0; j < links.length; j++) {
|
for (var j = 0; j < links.length; j++) {
|
||||||
handleImgPreview(links[j]);
|
handleImgPreview(links[j]);
|
||||||
}
|
}
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
|
<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
|
||||||
<link rel="stylesheet" href="/static/style.css">
|
<link rel="stylesheet" href="/static/style.css">
|
||||||
{{if .CustomCSS}}
|
{{if .CustomCSS}}
|
||||||
<link rel="stylesheet" href="{{.CustomCSS}}">
|
<link rel="stylesheet" href="/static/{{.CustomCSS}}">
|
||||||
{{end}}
|
{{end}}
|
||||||
{{if $.Ctx.FluorideMode}}
|
{{if $.Ctx.FluorideMode}}
|
||||||
<script src="/static/fluoride.js"></script>
|
<script src="/static/fluoride.js"></script>
|
||||||
|
@ -16,10 +16,6 @@ func NewRandID(n int) (string, error) {
|
|||||||
return enc.EncodeToString(data), nil
|
return enc.EncodeToString(data), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSessionID() (string, error) {
|
|
||||||
return NewRandID(24)
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewCSRFToken() (string, error) {
|
func NewCSRFToken() (string, error) {
|
||||||
return NewRandID(24)
|
return NewRandID(24)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user