mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
4589005a54
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Waiting to run
Web App CI / check-types (push) Waiting to run
Web App CI / test (push) Waiting to run
Web App CI / build (push) Waiting to run
* Add Entra ID token authentication and Intune MAM config exposure * Add Intune MAM toggle to Mobile Security admin console * Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration Include Admin console changes switch from /oauth/entra to /oauth/intune endpoint * openAPI documentation --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
113 lines
3.4 KiB
Go
113 lines
3.4 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package web
|
|
|
|
import (
|
|
"net/http"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/avct/uasurfer"
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
|
"github.com/mattermost/mattermost/server/v8/channels/app"
|
|
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
|
)
|
|
|
|
type Web struct {
|
|
srv *app.Server
|
|
MainRouter *mux.Router
|
|
}
|
|
|
|
func New(srv *app.Server) *Web {
|
|
mlog.Debug("Initializing web routes")
|
|
|
|
web := &Web{
|
|
srv: srv,
|
|
MainRouter: srv.Router,
|
|
}
|
|
|
|
web.InitOAuth()
|
|
web.InitWebhooks()
|
|
web.InitSaml()
|
|
web.InitMagicLink()
|
|
web.InitStatic()
|
|
|
|
return web
|
|
}
|
|
|
|
// Due to the complexities of UA detection and the ramifications of a misdetection
|
|
// only older Safari and IE browsers throw incompatibility errors.
|
|
// Map should be of minimum required browser version.
|
|
// -1 means that the browser is not supported in any version.
|
|
var browserMinimumSupported = map[string]int{
|
|
"BrowserIE": 12,
|
|
"BrowserSafari": 12,
|
|
}
|
|
|
|
func CheckClientCompatibility(agentString string) bool {
|
|
ua := uasurfer.Parse(agentString)
|
|
|
|
if version, exist := browserMinimumSupported[ua.Browser.Name.String()]; exist && (ua.Browser.Version.Major < version || version < 0) {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func Handle404(a *app.App, w http.ResponseWriter, r *http.Request) {
|
|
err := model.NewAppError("Handle404", "api.context.404.app_error", nil, "", http.StatusNotFound)
|
|
ipAddress := utils.GetIPAddress(r, a.Config().ServiceSettings.TrustedProxyIPHeader)
|
|
mlog.Debug("not found handler triggered", mlog.String("path", r.URL.Path), mlog.Int("code", 404), mlog.String("ip", ipAddress))
|
|
if IsAPICall(a, r) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(err.StatusCode)
|
|
err.DetailedError = "There doesn't appear to be an api call for the url='" + r.URL.Path + "'. Typo? are you missing a team_id or user_id as part of the url?"
|
|
if _, writeErr := w.Write([]byte(err.ToJSON())); writeErr != nil {
|
|
mlog.Warn("Error writing 404 response", mlog.Err(writeErr))
|
|
}
|
|
} else if *a.Config().ServiceSettings.WebserverMode == "disabled" {
|
|
http.NotFound(w, r)
|
|
} else {
|
|
utils.RenderWebAppError(a.Config(), w, r, err, a.AsymmetricSigningKey())
|
|
}
|
|
}
|
|
|
|
func IsAPICall(a *app.App, r *http.Request) bool {
|
|
subpath, _ := utils.GetSubpathFromConfig(a.Config())
|
|
|
|
return strings.HasPrefix(r.URL.Path, path.Join(subpath, "api")+"/")
|
|
}
|
|
|
|
func IsWebhookCall(a *app.App, r *http.Request) bool {
|
|
subpath, _ := utils.GetSubpathFromConfig(a.Config())
|
|
|
|
return strings.HasPrefix(r.URL.Path, path.Join(subpath, "hooks")+"/")
|
|
}
|
|
|
|
func IsOAuthAPICall(a *app.App, r *http.Request) bool {
|
|
subpath, _ := utils.GetSubpathFromConfig(a.Config())
|
|
|
|
if r.Method == "POST" && r.URL.Path == path.Join(subpath, "oauth", "authorize") {
|
|
return true
|
|
}
|
|
|
|
if r.URL.Path == path.Join(subpath, "oauth", "apps", "authorized") ||
|
|
r.URL.Path == path.Join(subpath, "oauth", "deauthorize") ||
|
|
r.URL.Path == path.Join(subpath, "oauth", "access_token") ||
|
|
r.URL.Path == path.Join(subpath, "oauth", "intune") {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
func ReturnStatusOK(w http.ResponseWriter) {
|
|
m := make(map[string]string)
|
|
m[model.STATUS] = model.StatusOk
|
|
if _, err := w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
mlog.Warn("Error writing status OK response", mlog.Err(err))
|
|
}
|
|
}
|