statping/handlers/handlers.go

package handlers

import (
	"encoding/json"
	"fmt"
	"github.com/statping/statping/types/errors"
	"html/template"
	"net/http"
	"path"
	"time"

	"github.com/statping/statping/source"
	"github.com/statping/statping/utils"
)

const (
	cookieName = "statping_auth"

	timeout = time.Second * 30
)

var (
	jwtKey     []byte
	httpServer *http.Server
	usingSSL   bool
	mainTmpl   = `{{define "main" }} {{ template "base" . }} {{ end }}`
	templates  = []string{"base.gohtml"}
)

func StopHTTPServer(err error) {
	log.Infoln("Stopping HTTP Server")
}

// RunHTTPServer will start a HTTP server on a specific IP and port
func RunHTTPServer() error {
	if utils.Params.GetBool("DISABLE_HTTP") {
		return nil
	}

	ip := utils.Params.GetString("SERVER_IP")
	host := fmt.Sprintf("%v:%v", ip, utils.Params.GetInt("SERVER_PORT"))
	key := utils.FileExists(utils.Directory + "/server.key")
	cert := utils.FileExists(utils.Directory + "/server.crt")

	if key && cert {
		log.Infoln("server.cert and server.key was found in root directory! Starting in SSL mode.")
		log.Infoln(fmt.Sprintf("Statping Secure HTTPS Server running on https://%v:%v", ip, 443))
		usingSSL = true
	} else {
		log.Infoln("Statping HTTP Server running on http://" + host + basePath)
	}

	router = Router()
	resetCookies()

	if utils.Params.GetBool("LETSENCRYPT_ENABLE") {
		return startLetsEncryptServer(ip)
	} else if usingSSL {
		return startSSLServer(ip)
	} else {
		return startServer(host)
	}
}

// IsReadAuthenticated will allow Read Only authentication for some routes
func IsReadAuthenticated(r *http.Request) bool {
	if ok := hasSetupEnv(); ok {
		return true
	}
	if ok := hasAPIQuery(r); ok {
		return true
	}
	if ok := hasAuthorizationHeader(r); ok {
		return true
	}
	return IsFullAuthenticated(r)
}

// IsFullAuthenticated returns true if the HTTP request is authenticated. You can set the environment variable GO_ENV=test
// to bypass the admin authenticate to the dashboard features.
func IsFullAuthenticated(r *http.Request) bool {
	if ok := hasSetupEnv(); ok {
		return true
	}
	if ok := hasAPIQuery(r); ok {
		return true
	}
	if ok := hasAuthorizationHeader(r); ok {
		return true
	}
	claim, err := getJwtToken(r)
	if err != nil {
		return false
	}
	return claim.Admin
}

// ScopeName will show private JSON fields in the API.
// It will return "admin" if request has valid admin authentication.
func ScopeName(r *http.Request) string {
	if ok := hasAPIQuery(r); ok {
		return "admin"
	}
	if ok := hasAuthorizationHeader(r); ok {
		return "admin"
	}
	claim, err := getJwtToken(r)
	if err != nil {
		return ""
	}
	if claim.Admin {
		return "admin"
	}
	return "user"
}

// IsAdmin returns true if the user session is an administrator
func IsAdmin(r *http.Request) bool {
	claim, err := getJwtToken(r)
	if err != nil {
		return false
	}
	return claim.Admin
}

// IsUser returns true if the user is registered
func IsUser(r *http.Request) bool {
	if ok := hasSetupEnv(); ok {
		return true
	}
	tk, err := getJwtToken(r)
	if err != nil {
		return false
	}
	if err := tk.Valid(); err != nil {
		return false
	}
	return true
}

func loadTemplate(w http.ResponseWriter, r *http.Request) (*template.Template, error) {
	var err error
	mainTemplate := template.New("main")
	mainTemplate, err = mainTemplate.Parse(mainTmpl)
	if err != nil {
		log.Errorln(err)
		return nil, err
	}
	mainTemplate.Funcs(handlerFuncs(w, r))
	// render all templates
	for _, temp := range templates {
		tmp, _ := source.TmplBox.String(temp)
		mainTemplate, err = mainTemplate.Parse(tmp)
		if err != nil {
			log.Errorln(err)
			return nil, err
		}
	}
	return mainTemplate, err
}

// ExecuteResponse will render a HTTP response for the front end user
func ExecuteResponse(w http.ResponseWriter, r *http.Request, file string, data interface{}, redirect interface{}) {
	if url, ok := redirect.(string); ok {
		http.Redirect(w, r, path.Join(basePath, url), http.StatusSeeOther)
		return
	}
	if usingSSL {
		w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
	}
	mainTemplate, err := loadTemplate(w, r)
	if err != nil {
		log.Errorln(err)
	}
	render, err := source.TmplBox.String(file)
	if err != nil {
		log.Errorln(err)
	}
	// render the page requested
	if _, err := mainTemplate.Parse(render); err != nil {
		log.Errorln(err)
	}
	// execute the template
	if err := mainTemplate.Execute(w, data); err != nil {
		log.Errorln(err)
	}
}

func returnJson(d interface{}, w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "application/json")
	if e, ok := d.(errors.Error); ok {
		w.WriteHeader(e.Status())
		json.NewEncoder(w).Encode(e)
		return
	}
	if e, ok := d.(error); ok {
		w.WriteHeader(500)
		json.NewEncoder(w).Encode(errors.New(e.Error()))
		return
	}
	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(d)
}

// error404Handler is a HTTP handler for 404 error pages
func error404Handler(w http.ResponseWriter, r *http.Request) {
	if usingSSL {
		w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
	}
	w.WriteHeader(http.StatusNotFound)
	ExecuteResponse(w, r, "base.gohtml", nil, nil)
}
new 2 2018-06-30 00:57:05 +00:00			`package handlers`

			`import (`
json http handler - improved sample chart data 2019-03-02 01:33:41 +00:00			`"encoding/json"`
core updates - sql migrations 2018-07-04 09:00:16 +00:00			`"fmt"`
error handling, tests, fixes 2020-04-17 03:21:17 +00:00			`"github.com/statping/statping/types/errors"`
new 2 2018-06-30 00:57:05 +00:00			`"html/template"`
			`"net/http"`
BASE_PATH 2020-01-13 08:20:23 +00:00			`"path"`
new 2 2018-06-30 00:57:05 +00:00			`"time"`
Fixed potential timing attack 2019-12-15 15:22:02 +00:00
vue 2020-03-09 18:17:55 +00:00			`"github.com/statping/statping/source"`
			`"github.com/statping/statping/utils"`
new 2 2018-06-30 00:57:05 +00:00			`)`

			`const (`
custom notifier JSON/text, codemirror custom designs for variables, JWT updates 2020-06-15 04:46:28 +00:00			`cookieName = "statping_auth"`
PR merges, version bump, removed internal cache, removed unused http server complexities 2020-12-15 08:40:26 +00:00
			`timeout = time.Second * 30`
new 2 2018-06-30 00:57:05 +00:00			`)`

			`var (`
oauth fixes, login cookies fixes 2020-06-26 00:15:59 +00:00			`jwtKey []byte`
updates 2020-01-26 21:01:43 +00:00			`httpServer *http.Server`
			`usingSSL bool`
			mainTmpl = `{{define "main" }} {{ template "base" . }} {{ end }}`
updates 2020-02-19 08:13:09 +00:00			`templates = []string{"base.gohtml"}`
new 2 2018-06-30 00:57:05 +00:00			`)`

code cleanup 2020-06-05 03:47:35 +00:00			`func StopHTTPServer(err error) {`
			`log.Infoln("Stopping HTTP Server")`
			`}`

remove unused 2018-09-25 07:03:49 +00:00			`// RunHTTPServer will start a HTTP server on a specific IP and port`
code cleanup 2020-06-05 03:47:35 +00:00			`func RunHTTPServer() error {`
			`if utils.Params.GetBool("DISABLE_HTTP") {`
			`return nil`
			`}`
ssl - forms 2018-12-06 23:20:20 +00:00
CLI fixes for PORT and IP/HOST 2020-06-14 01:39:47 +00:00			`ip := utils.Params.GetString("SERVER_IP")`
			`host := fmt.Sprintf("%v:%v", ip, utils.Params.GetInt("SERVER_PORT"))`
ssl - forms 2018-12-06 23:20:20 +00:00			`key := utils.FileExists(utils.Directory + "/server.key")`
			`cert := utils.FileExists(utils.Directory + "/server.crt")`

			`if key && cert {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Infoln("server.cert and server.key was found in root directory! Starting in SSL mode.")`
			`log.Infoln(fmt.Sprintf("Statping Secure HTTPS Server running on https://%v:%v", ip, 443))`
ssl - forms 2018-12-06 23:20:20 +00:00			`usingSSL = true`
			`} else {`
viper/cobra configs, psql updates 2020-04-16 09:57:00 +00:00			`log.Infoln("Statping HTTP Server running on http://" + host + basePath)`
new 2 2018-06-30 00:57:05 +00:00			`}`
ssl - forms 2018-12-06 23:20:20 +00:00
			`router = Router()`
sass fix 2018-08-16 20:55:30 +00:00			`resetCookies()`
ssl - forms 2018-12-06 23:20:20 +00:00
letsencrypt enable ENV var 2020-07-15 17:09:00 +00:00			`if utils.Params.GetBool("LETSENCRYPT_ENABLE") {`
PR merges, version bump, removed internal cache, removed unused http server complexities 2020-12-15 08:40:26 +00:00			`return startLetsEncryptServer(ip)`
LetsEncrypt SSL cert process with ENVs, JWT token key from API secret SHA256 2020-07-15 04:26:54 +00:00			`} else if usingSSL {`
PR merges, version bump, removed internal cache, removed unused http server complexities 2020-12-15 08:40:26 +00:00			`return startSSLServer(ip)`
ssl - forms 2018-12-06 23:20:20 +00:00			`} else {`
PR merges, version bump, removed internal cache, removed unused http server complexities 2020-12-15 08:40:26 +00:00			`return startServer(host)`
ssl - forms 2018-12-06 23:20:20 +00:00			`}`
new 2 2018-06-30 00:57:05 +00:00			`}`

read only routes with api key - push notification update 2018-12-14 09:19:55 +00:00			`// IsReadAuthenticated will allow Read Only authentication for some routes`
			`func IsReadAuthenticated(r *http.Request) bool {`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasSetupEnv(); ok {`
			`return true`
core config var changes, log changes 2019-12-30 08:08:51 +00:00			`}`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasAPIQuery(r); ok {`
read only routes with api key - push notification update 2018-12-14 09:19:55 +00:00			`return true`
			`}`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasAuthorizationHeader(r); ok {`
			`return true`
read only routes with api key - push notification update 2018-12-14 09:19:55 +00:00			`}`
			`return IsFullAuthenticated(r)`
			`}`

			`// IsFullAuthenticated returns true if the HTTP request is authenticated. You can set the environment variable GO_ENV=test`
comments - godoc in dev folder - cleaned 2018-10-06 06:38:33 +00:00			`// to bypass the admin authenticate to the dashboard features.`
read only routes with api key - push notification update 2018-12-14 09:19:55 +00:00			`func IsFullAuthenticated(r *http.Request) bool {`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasSetupEnv(); ok {`
new 2 2018-06-30 00:57:05 +00:00			`return true`
			`}`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasAPIQuery(r); ok {`
api auth fix 2018-11-30 18:36:13 +00:00			`return true`
new 2 2018-06-30 00:57:05 +00:00			`}`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasAuthorizationHeader(r); ok {`
			`return true`
new 2 2018-06-30 00:57:05 +00:00			`}`
oauth fixes, login cookies fixes 2020-06-26 00:15:59 +00:00			`claim, err := getJwtToken(r)`
			`if err != nil {`
			`return false`
			`}`
			`return claim.Admin`
non-admin user permissions - http fixes 2018-12-18 05:25:33 +00:00			`}`

comments and organization 2020-05-02 00:53:35 +00:00			`// ScopeName will show private JSON fields in the API.`
			`// It will return "admin" if request has valid admin authentication.`
updates 2020-01-20 05:02:15 +00:00			`func ScopeName(r *http.Request) string {`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasAPIQuery(r); ok {`
			`return "admin"`
			`}`
			`if ok := hasAuthorizationHeader(r); ok {`
			`return "admin"`
			`}`
updates 2020-01-20 05:02:15 +00:00			`claim, err := getJwtToken(r)`
			`if err != nil {`
			`return ""`
			`}`
			`if claim.Admin {`
			`return "admin"`
			`}`
			`return "user"`
updates 2020-01-16 09:29:49 +00:00			`}`

non-admin user permissions - http fixes 2018-12-18 05:25:33 +00:00			`// IsAdmin returns true if the user session is an administrator`
			`func IsAdmin(r *http.Request) bool {`
updates 2020-01-20 05:02:15 +00:00			`claim, err := getJwtToken(r)`
			`if err != nil {`
non-admin user permissions - http fixes 2018-12-18 05:25:33 +00:00			`return false`
			`}`
updates 2020-01-20 05:02:15 +00:00			`return claim.Admin`
non-admin user permissions - http fixes 2018-12-18 05:25:33 +00:00			`}`

			`// IsUser returns true if the user is registered`
			`func IsUser(r *http.Request) bool {`
comments and organization 2020-05-02 00:53:35 +00:00			`if ok := hasSetupEnv(); ok {`
non-admin user permissions - http fixes 2018-12-18 07:20:03 +00:00			`return true`
			`}`
travis 2020-03-29 01:21:32 +00:00			`tk, err := getJwtToken(r)`
updates 2020-01-20 05:02:15 +00:00			`if err != nil {`
			`return false`
			`}`
travis 2020-03-29 01:21:32 +00:00			`if err := tk.Valid(); err != nil {`
			`return false`
			`}`
updates 2020-01-20 05:02:15 +00:00			`return true`
new 2 2018-06-30 00:57:05 +00:00			`}`

setting up for basePath 2020-01-13 07:11:53 +00:00			`func loadTemplate(w http.ResponseWriter, r http.Request) (template.Template, error) {`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`var err error`
setting up for basePath 2020-01-13 07:11:53 +00:00			`mainTemplate := template.New("main")`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`mainTemplate, err = mainTemplate.Parse(mainTmpl)`
refactor types - cypress testing docker image 2018-08-20 07:20:05 +00:00			`if err != nil {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Errorln(err)`
setting up for basePath 2020-01-13 07:11:53 +00:00			`return nil, err`
refactor types - cypress testing docker image 2018-08-20 07:20:05 +00:00			`}`
setting up for basePath 2020-01-13 07:11:53 +00:00			`mainTemplate.Funcs(handlerFuncs(w, r))`
go templates - service chart data API 2018-10-02 06:21:14 +00:00			`// render all templates`
			`for _, temp := range templates {`
			`tmp, _ := source.TmplBox.String(temp)`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`mainTemplate, err = mainTemplate.Parse(tmp)`
go templates - service chart data API 2018-10-02 06:21:14 +00:00			`if err != nil {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Errorln(err)`
setting up for basePath 2020-01-13 07:11:53 +00:00			`return nil, err`
go templates - service chart data API 2018-10-02 06:21:14 +00:00			`}`
refactor types - cypress testing docker image 2018-08-20 07:20:05 +00:00			`}`
setting up for basePath 2020-01-13 07:11:53 +00:00			`return mainTemplate, err`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`}`
go templates - service chart data API 2018-10-02 06:21:14 +00:00
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`// ExecuteResponse will render a HTTP response for the front end user`
			`func ExecuteResponse(w http.ResponseWriter, r *http.Request, file string, data interface{}, redirect interface{}) {`
			`if url, ok := redirect.(string); ok {`
BASE_PATH 2020-01-13 08:20:23 +00:00			`http.Redirect(w, r, path.Join(basePath, url), http.StatusSeeOther)`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`return`
			`}`
			`if usingSSL {`
			`w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")`
			`}`
setting up for basePath 2020-01-13 07:11:53 +00:00			`mainTemplate, err := loadTemplate(w, r)`
			`if err != nil {`
			`log.Errorln(err)`
			`}`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`render, err := source.TmplBox.String(file)`
			`if err != nil {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Errorln(err)`
response time fixes - cache fixes - apexcharts 2019-02-01 04:48:18 +00:00			`}`
go templates - service chart data API 2018-10-02 06:21:14 +00:00			`// render the page requested`
http server refactor - tests 2019-03-05 20:13:25 +00:00			`if _, err := mainTemplate.Parse(render); err != nil {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Errorln(err)`
service api data - charts js updates (ajax rendering 2018-09-30 13:39:52 +00:00			`}`
go templates - service chart data API 2018-10-02 06:21:14 +00:00			`// execute the template`
http server refactor - tests 2019-03-05 20:13:25 +00:00			`if err := mainTemplate.Execute(w, data); err != nil {`
better logging (logrus), verbose (-v) mode, index page show create service btn, install.sh script, Dockerfile go version to 1.13, UI fixes 2019-12-28 09:01:07 +00:00			`log.Errorln(err)`
refactor types - cypress testing docker image 2018-08-20 07:20:05 +00:00			`}`
new 2 2018-06-30 00:57:05 +00:00			`}`

error handling, tests, fixes 2020-04-17 03:21:17 +00:00			`func returnJson(d interface{}, w http.ResponseWriter, r *http.Request) {`
json http handler - improved sample chart data 2019-03-02 01:33:41 +00:00			`w.Header().Set("Content-Type", "application/json")`
error handling, tests, fixes 2020-04-17 03:21:17 +00:00			`if e, ok := d.(errors.Error); ok {`
			`w.WriteHeader(e.Status())`
			`json.NewEncoder(w).Encode(e)`
			`return`
vue 2020-03-10 05:24:35 +00:00			`}`
additional testing 2020-04-19 08:03:50 +00:00			`if e, ok := d.(error); ok {`
			`w.WriteHeader(500)`
			`json.NewEncoder(w).Encode(errors.New(e.Error()))`
			`return`
			`}`
error handling, tests, fixes 2020-04-17 03:21:17 +00:00			`w.WriteHeader(http.StatusOK)`
json http handler - improved sample chart data 2019-03-02 01:33:41 +00:00			`json.NewEncoder(w).Encode(d)`
			`}`

remove unused 2018-09-25 07:03:49 +00:00			`// error404Handler is a HTTP handler for 404 error pages`
time to UTC - timezone added - comments - remove unused - lint 2018-09-16 07:48:34 +00:00			`func error404Handler(w http.ResponseWriter, r *http.Request) {`
ssl - forms 2018-12-06 23:20:20 +00:00			`if usingSSL {`
			`w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")`
			`}`
testing - dockerfile version 2018-08-16 02:22:10 +00:00			`w.WriteHeader(http.StatusNotFound)`
error handling, tests, fixes 2020-04-17 03:21:17 +00:00			`ExecuteResponse(w, r, "base.gohtml", nil, nil)`
testing - dockerfile version 2018-08-16 02:22:10 +00:00			`}`