mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
a63684fcb5
* Consistent license message for all the go files * Fixing the last set of unconsistencies with the license headers * Addressing PR review comments * Fixing busy.go and busy_test.go license header
76 lines
2.1 KiB
Go
76 lines
2.1 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package utils
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"html/template"
|
|
"net/http"
|
|
"net/url"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/mattermost/mattermost-server/v5/model"
|
|
)
|
|
|
|
func CheckOrigin(r *http.Request, allowedOrigins string) bool {
|
|
origin := r.Header.Get("Origin")
|
|
if origin == "" {
|
|
return true
|
|
}
|
|
|
|
if allowedOrigins == "*" {
|
|
return true
|
|
}
|
|
for _, allowed := range strings.Split(allowedOrigins, " ") {
|
|
if allowed == origin {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func OriginChecker(allowedOrigins string) func(*http.Request) bool {
|
|
return func(r *http.Request) bool {
|
|
return CheckOrigin(r, allowedOrigins)
|
|
}
|
|
}
|
|
|
|
func RenderWebAppError(config *model.Config, w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) {
|
|
RenderWebError(config, w, r, err.StatusCode, url.Values{
|
|
"message": []string{err.Message},
|
|
}, s)
|
|
}
|
|
|
|
func RenderWebError(config *model.Config, w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) {
|
|
queryString := params.Encode()
|
|
|
|
subpath, _ := GetSubpathFromConfig(config)
|
|
|
|
h := crypto.SHA256
|
|
sum := h.New()
|
|
sum.Write([]byte(path.Join(subpath, "error") + "?" + queryString))
|
|
signature, err := s.Sign(rand.Reader, sum.Sum(nil), h)
|
|
if err != nil {
|
|
http.Error(w, "", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
destination := path.Join(subpath, "error") + "?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature)
|
|
|
|
if status >= 300 && status < 400 {
|
|
http.Redirect(w, r, destination, status)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
w.WriteHeader(status)
|
|
fmt.Fprintln(w, `<!DOCTYPE html><html><head></head>`)
|
|
fmt.Fprintln(w, `<body onload="window.location = '`+template.HTMLEscapeString(template.JSEscapeString(destination))+`'">`)
|
|
fmt.Fprintln(w, `<noscript><meta http-equiv="refresh" content="0; url=`+template.HTMLEscapeString(destination)+`"></noscript>`)
|
|
fmt.Fprintln(w, `<a href="`+template.HTMLEscapeString(destination)+`" style="color: #c0c0c0;">...</a>`)
|
|
fmt.Fprintln(w, `</body></html>`)
|
|
}
|