package service
import (
"encoding/json"
"errors"
"log"
"net/http"
"strconv"
"time"
"bloat/mastodon"
"bloat/model"
"github.com/gorilla/mux"
)
var (
errInvalidSession = errors.New("invalid session")
errInvalidCSRFToken = errors.New("invalid csrf token")
)
const (
sessionExp = 365 * 24 * time.Hour
)
type respType int
const (
HTML respType = iota
JSON
)
type authType int
const (
NOAUTH authType = iota
SESSION
CSRF
)
type client struct {
*mastodon.Client
http.ResponseWriter
Req *http.Request
CSRFToken string
Session model.Session
}
func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
http.SetCookie(w, &http.Cookie{
Name: "session_id",
Value: sid,
Expires: time.Now().Add(exp),
})
}
func writeJson(c *client, data interface{}) error {
return json.NewEncoder(c).Encode(map[string]interface{}{
"data": data,
})
}
func redirect(c *client, url string) {
c.Header().Add("Location", url)
c.WriteHeader(http.StatusFound)
}
func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
r := mux.NewRouter()
writeError := func(c *client, err error, t respType) {
switch t {
case HTML:
c.WriteHeader(http.StatusInternalServerError)
s.ErrorPage(c, err)
case JSON:
c.WriteHeader(http.StatusInternalServerError)
json.NewEncoder(c).Encode(map[string]string{
"error": err.Error(),
})
}
}
authenticate := func(c *client, t authType) error {
if t >= SESSION {
cookie, err := c.Req.Cookie("session_id")
if err != nil || len(cookie.Value) < 1 {
return errInvalidSession
}
c.Session, err = s.sessionRepo.Get(cookie.Value)
if err != nil {
return errInvalidSession
}
app, err := s.appRepo.Get(c.Session.InstanceDomain)
if err != nil {
return err
}
c.Client = mastodon.NewClient(&mastodon.Config{
Server: app.InstanceURL,
ClientID: app.ClientID,
ClientSecret: app.ClientSecret,
AccessToken: c.Session.AccessToken,
})
}
if t >= CSRF {
c.CSRFToken = c.Req.FormValue("csrf_token")
if len(c.CSRFToken) < 1 || c.CSRFToken != c.Session.CSRFToken {
return errInvalidCSRFToken
}
}
return nil
}
handle := func(f func(c *client) error, at authType, rt respType) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) {
var err error
c := &client{Req: req, ResponseWriter: w}
defer func(begin time.Time) {
logger.Printf("path=%s, err=%v, took=%v\n",
req.URL.Path, err, time.Since(begin))
}(time.Now())
var ct string
switch rt {
case HTML:
ct = "text/html; charset=utf-8"
case JSON:
ct = "application/json"
}
c.Header().Add("Content-Type", ct)
err = authenticate(c, at)
if err != nil {
writeError(c, err, rt)
return
}
err = f(c)
if err != nil {
writeError(c, err, rt)
return
}
}
}
rootPage := handle(func(c *client) error {
sid, _ := c.Req.Cookie("session_id")
if sid == nil || len(sid.Value) < 0 {
redirect(c, "/signin")
return nil
}
session, err := s.sessionRepo.Get(sid.Value)
if err != nil {
if err == errInvalidSession {
redirect(c, "/signin")
return nil
}
return err
}
if len(session.AccessToken) < 1 {
redirect(c, "/signin")
return nil
}
return s.RootPage(c)
}, NOAUTH, HTML)
navPage := handle(func(c *client) error {
return s.NavPage(c)
}, SESSION, HTML)
signinPage := handle(func(c *client) error {
instance, ok := s.SingleInstance()
if !ok {
return s.SigninPage(c)
}
url, sid, err := s.NewSession(instance)
if err != nil {
return err
}
setSessionCookie(c, sid, sessionExp)
redirect(c, url)
return nil
}, NOAUTH, HTML)
timelinePage := handle(func(c *client) error {
tType, _ := mux.Vars(c.Req)["type"]
q := c.Req.URL.Query()
maxID := q.Get("max_id")
minID := q.Get("min_id")
instance := q.Get("instance")
return s.TimelinePage(c, tType, maxID, minID, instance)
}, SESSION, HTML)
defaultTimelinePage := handle(func(c *client) error {
redirect(c, "/timeline/home")
return nil
}, SESSION, HTML)
threadPage := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
q := c.Req.URL.Query()
reply := q.Get("reply")
return s.ThreadPage(c, id, len(reply) > 1)
}, SESSION, HTML)
likedByPage := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
return s.LikedByPage(c, id)
}, SESSION, HTML)
retweetedByPage := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
return s.RetweetedByPage(c, id)
}, SESSION, HTML)
notificationsPage := handle(func(c *client) error {
q := c.Req.URL.Query()
maxID := q.Get("max_id")
minID := q.Get("min_id")
return s.NotificationPage(c, maxID, minID)
}, SESSION, HTML)
userPage := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
pageType, _ := mux.Vars(c.Req)["type"]
q := c.Req.URL.Query()
maxID := q.Get("max_id")
minID := q.Get("min_id")
return s.UserPage(c, id, pageType, maxID, minID)
}, SESSION, HTML)
userSearchPage := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
q := c.Req.URL.Query()
sq := q.Get("q")
offset, _ := strconv.Atoi(q.Get("offset"))
return s.UserSearchPage(c, id, sq, offset)
}, SESSION, HTML)
aboutPage := handle(func(c *client) error {
return s.AboutPage(c)
}, SESSION, HTML)
emojisPage := handle(func(c *client) error {
return s.EmojiPage(c)
}, SESSION, HTML)
searchPage := handle(func(c *client) error {
q := c.Req.URL.Query()
sq := q.Get("q")
qType := q.Get("type")
offset, _ := strconv.Atoi(q.Get("offset"))
return s.SearchPage(c, sq, qType, offset)
}, SESSION, HTML)
settingsPage := handle(func(c *client) error {
return s.SettingsPage(c)
}, SESSION, HTML)
signin := handle(func(c *client) error {
instance := c.Req.FormValue("instance")
url, sid, err := s.NewSession(instance)
if err != nil {
return err
}
setSessionCookie(c, sid, sessionExp)
redirect(c, url)
return nil
}, NOAUTH, HTML)
oauthCallback := handle(func(c *client) error {
q := c.Req.URL.Query()
token := q.Get("code")
token, userID, err := s.Signin(c, token)
if err != nil {
return err
}
c.Session.AccessToken = token
c.Session.UserID = userID
err = s.sessionRepo.Add(c.Session)
if err != nil {
return err
}
redirect(c, "/")
return nil
}, SESSION, HTML)
post := handle(func(c *client) error {
content := c.Req.FormValue("content")
replyToID := c.Req.FormValue("reply_to_id")
format := c.Req.FormValue("format")
visibility := c.Req.FormValue("visibility")
isNSFW := c.Req.FormValue("is_nsfw") == "on"
files := c.Req.MultipartForm.File["attachments"]
id, err := s.Post(c, content, replyToID, format, visibility, isNSFW, files)
if err != nil {
return err
}
location := c.Req.Header.Get("Referer")
if len(replyToID) > 0 {
location = "/thread/" + replyToID + "#status-" + id
}
redirect(c, location)
return nil
}, CSRF, HTML)
like := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
_, err := s.Like(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
unlike := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
_, err := s.UnLike(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
retweet := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
_, err := s.Retweet(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
unretweet := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
_, err := s.UnRetweet(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
vote := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
statusID := c.Req.FormValue("status_id")
choices, _ := c.Req.PostForm["choices"]
err := s.Vote(c, id, choices)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+statusID)
return nil
}, CSRF, HTML)
follow := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
q := c.Req.URL.Query()
var reblogs *bool
if r, ok := q["reblogs"]; ok && len(r) > 0 {
reblogs = new(bool)
*reblogs = r[0] == "true"
}
err := s.Follow(c, id, reblogs)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
unfollow := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.UnFollow(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
mute := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.Mute(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
unMute := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.UnMute(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
block := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.Block(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
unBlock := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.UnBlock(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
subscribe := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.Subscribe(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
unSubscribe := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.UnSubscribe(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
settings := handle(func(c *client) error {
visibility := c.Req.FormValue("visibility")
format := c.Req.FormValue("format")
copyScope := c.Req.FormValue("copy_scope") == "true"
threadInNewTab := c.Req.FormValue("thread_in_new_tab") == "true"
hideAttachments := c.Req.FormValue("hide_attachments") == "true"
maskNSFW := c.Req.FormValue("mask_nsfw") == "true"
ni, _ := strconv.Atoi(c.Req.FormValue("notification_interval"))
fluorideMode := c.Req.FormValue("fluoride_mode") == "true"
darkMode := c.Req.FormValue("dark_mode") == "true"
antiDopamineMode := c.Req.FormValue("anti_dopamine_mode") == "true"
settings := &model.Settings{
DefaultVisibility: visibility,
DefaultFormat: format,
CopyScope: copyScope,
ThreadInNewTab: threadInNewTab,
HideAttachments: hideAttachments,
MaskNSFW: maskNSFW,
NotificationInterval: ni,
FluorideMode: fluorideMode,
DarkMode: darkMode,
AntiDopamineMode: antiDopamineMode,
}
err := s.SaveSettings(c, settings)
if err != nil {
return err
}
redirect(c, "/")
return nil
}, CSRF, HTML)
muteConversation := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.MuteConversation(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
unMuteConversation := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.UnMuteConversation(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
delete := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
err := s.Delete(c, id)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
readNotifications := handle(func(c *client) error {
q := c.Req.URL.Query()
maxID := q.Get("max_id")
err := s.ReadNotifications(c, maxID)
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
return nil
}, CSRF, HTML)
bookmark := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
err := s.Bookmark(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
unBookmark := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
rid := c.Req.FormValue("retweeted_by_id")
err := s.UnBookmark(c, id)
if err != nil {
return err
}
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
return nil
}, CSRF, HTML)
signout := handle(func(c *client) error {
s.Signout(c)
setSessionCookie(c, "", 0)
redirect(c, "/")
return nil
}, CSRF, HTML)
fLike := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
count, err := s.Like(c, id)
if err != nil {
return err
}
return writeJson(c, count)
}, CSRF, JSON)
fUnlike := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
count, err := s.UnLike(c, id)
if err != nil {
return err
}
return writeJson(c, count)
}, CSRF, JSON)
fRetweet := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
count, err := s.Retweet(c, id)
if err != nil {
return err
}
return writeJson(c, count)
}, CSRF, JSON)
fUnretweet := handle(func(c *client) error {
id, _ := mux.Vars(c.Req)["id"]
count, err := s.UnRetweet(c, id)
if err != nil {
return err
}
return writeJson(c, count)
}, CSRF, JSON)
r.HandleFunc("/", rootPage).Methods(http.MethodGet)
r.HandleFunc("/nav", navPage).Methods(http.MethodGet)
r.HandleFunc("/signin", signinPage).Methods(http.MethodGet)
r.HandleFunc("/timeline/{type}", timelinePage).Methods(http.MethodGet)
r.HandleFunc("/timeline", defaultTimelinePage).Methods(http.MethodGet)
r.HandleFunc("/thread/{id}", threadPage).Methods(http.MethodGet)
r.HandleFunc("/likedby/{id}", likedByPage).Methods(http.MethodGet)
r.HandleFunc("/retweetedby/{id}", retweetedByPage).Methods(http.MethodGet)
r.HandleFunc("/notifications", notificationsPage).Methods(http.MethodGet)
r.HandleFunc("/user/{id}", userPage).Methods(http.MethodGet)
r.HandleFunc("/user/{id}/{type}", userPage).Methods(http.MethodGet)
r.HandleFunc("/usersearch/{id}", userSearchPage).Methods(http.MethodGet)
r.HandleFunc("/about", aboutPage).Methods(http.MethodGet)
r.HandleFunc("/emojis", emojisPage).Methods(http.MethodGet)
r.HandleFunc("/search", searchPage).Methods(http.MethodGet)
r.HandleFunc("/settings", settingsPage).Methods(http.MethodGet)
r.HandleFunc("/signin", signin).Methods(http.MethodPost)
r.HandleFunc("/oauth_callback", oauthCallback).Methods(http.MethodGet)
r.HandleFunc("/post", post).Methods(http.MethodPost)
r.HandleFunc("/like/{id}", like).Methods(http.MethodPost)
r.HandleFunc("/unlike/{id}", unlike).Methods(http.MethodPost)
r.HandleFunc("/retweet/{id}", retweet).Methods(http.MethodPost)
r.HandleFunc("/unretweet/{id}", unretweet).Methods(http.MethodPost)
r.HandleFunc("/vote/{id}", vote).Methods(http.MethodPost)
r.HandleFunc("/follow/{id}", follow).Methods(http.MethodPost)
r.HandleFunc("/unfollow/{id}", unfollow).Methods(http.MethodPost)
r.HandleFunc("/mute/{id}", mute).Methods(http.MethodPost)
r.HandleFunc("/unmute/{id}", unMute).Methods(http.MethodPost)
r.HandleFunc("/block/{id}", block).Methods(http.MethodPost)
r.HandleFunc("/unblock/{id}", unBlock).Methods(http.MethodPost)
r.HandleFunc("/subscribe/{id}", subscribe).Methods(http.MethodPost)
r.HandleFunc("/unsubscribe/{id}", unSubscribe).Methods(http.MethodPost)
r.HandleFunc("/settings", settings).Methods(http.MethodPost)
r.HandleFunc("/muteconv/{id}", muteConversation).Methods(http.MethodPost)
r.HandleFunc("/unmuteconv/{id}", unMuteConversation).Methods(http.MethodPost)
r.HandleFunc("/delete/{id}", delete).Methods(http.MethodPost)
r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost)
r.HandleFunc("/bookmark/{id}", bookmark).Methods(http.MethodPost)
r.HandleFunc("/unbookmark/{id}", unBookmark).Methods(http.MethodPost)
r.HandleFunc("/signout", signout).Methods(http.MethodPost)
r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost)
r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost)
r.HandleFunc("/fluoride/retweet/{id}", fRetweet).Methods(http.MethodPost)
r.HandleFunc("/fluoride/unretweet/{id}", fUnretweet).Methods(http.MethodPost)
r.PathPrefix("/static").Handler(http.StripPrefix("/static",
http.FileServer(http.Dir(staticDir))))
return r
}