diff --git a/srv/src/api/api.go b/srv/src/api/api.go index 8d54d46..b0948ac 100644 --- a/srv/src/api/api.go +++ b/srv/src/api/api.go @@ -152,57 +152,63 @@ func (a *api) handler() http.Handler { staticHandler = httputil.NewSingleHostReverseProxy(a.params.StaticProxy) } - staticHandler = setCSRFMiddleware(staticHandler) - // sugar + requirePow := func(h http.Handler) http.Handler { return a.requirePowMiddleware(h) } + postFormMiddleware := func(h http.Handler) http.Handler { + h = checkCSRFMiddleware(h) + h = postOnlyMiddleware(h) + h = logReqMiddleware(h) + h = addResponseHeaders(map[string]string{ + "Cache-Control": "no-store, max-age=0", + "Pragma": "no-cache", + "Expires": "0", + }, h) + return h + } + mux := http.NewServeMux() mux.Handle("/", staticHandler) - apiMux := http.NewServeMux() - apiMux.Handle("/pow/challenge", a.newPowChallengeHandler()) - apiMux.Handle("/pow/check", - requirePow( - http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}), - ), - ) - - apiMux.Handle("/mailinglist/subscribe", requirePow(a.mailingListSubscribeHandler())) - apiMux.Handle("/mailinglist/finalize", a.mailingListFinalizeHandler()) - apiMux.Handle("/mailinglist/unsubscribe", a.mailingListUnsubscribeHandler()) - - apiMux.Handle("/chat/global/", http.StripPrefix("/chat/global", newChatHandler( - a.params.GlobalRoom, - a.params.UserIDCalculator, - a.requirePowMiddleware, - ))) - - var apiHandler http.Handler = apiMux - apiHandler = checkCSRFMiddleware(apiHandler) - apiHandler = postOnlyMiddleware(apiHandler) - apiHandler = logReqMiddleware(apiHandler) - apiHandler = addResponseHeaders(map[string]string{ - "Cache-Control": "no-store, max-age=0", - "Pragma": "no-cache", - "Expires": "0", - }, apiHandler) - - mux.Handle("/api/", http.StripPrefix("/api", apiHandler)) - - // TODO need to setCSRFMiddleware on all these rendering endpoints - mux.Handle("/v2/follow.html", a.renderDumbHandler("follow.html")) - mux.Handle("/v2/posts/", a.renderPostHandler()) - mux.Handle("/v2/", a.renderIndexHandler()) - - mux.Handle("/v2/assets/", a.servePostAssetHandler()) - - mux.Handle("/v2/admin/assets.html", a.renderAdminAssets()) + { + apiMux := http.NewServeMux() + apiMux.Handle("/pow/challenge", a.newPowChallengeHandler()) + apiMux.Handle("/pow/check", + requirePow( + http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}), + ), + ) + + apiMux.Handle("/mailinglist/subscribe", requirePow(a.mailingListSubscribeHandler())) + apiMux.Handle("/mailinglist/finalize", a.mailingListFinalizeHandler()) + apiMux.Handle("/mailinglist/unsubscribe", a.mailingListUnsubscribeHandler()) + + apiMux.Handle("/chat/global/", http.StripPrefix("/chat/global", newChatHandler( + a.params.GlobalRoom, + a.params.UserIDCalculator, + a.requirePowMiddleware, + ))) + + mux.Handle("/api/", http.StripPrefix("/api", postFormMiddleware(apiMux))) + } + + { + v2Mux := http.NewServeMux() + v2Mux.Handle("/follow.html", a.renderDumbHandler("follow.html")) + v2Mux.Handle("/posts/", a.renderPostHandler()) + v2Mux.Handle("/assets", a.renderPostAssetsIndexHandler()) + v2Mux.Handle("/assets/", a.servePostAssetHandler()) + v2Mux.Handle("/", a.renderIndexHandler()) + + mux.Handle("/v2/", http.StripPrefix("/v2", v2Mux)) + } var globalHandler http.Handler = mux + globalHandler = setCSRFMiddleware(globalHandler) globalHandler = setLoggerMiddleware(a.params.Logger, globalHandler) return globalHandler diff --git a/srv/src/api/render.go b/srv/src/api/render.go index 8fc2cb6..dfa665f 100644 --- a/srv/src/api/render.go +++ b/srv/src/api/render.go @@ -197,9 +197,9 @@ func (a *api) renderDumbHandler(tplName string) http.Handler { }) } -func (a *api) renderAdminAssets() http.Handler { +func (a *api) renderPostAssetsIndexHandler() http.Handler { - tpl := a.mustParseTpl("admin/assets.html") + tpl := a.mustParseTpl("admin-assets.html") return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { diff --git a/srv/src/api/tpl/admin/assets.html b/srv/src/api/tpl/admin-assets.html similarity index 100% rename from srv/src/api/tpl/admin/assets.html rename to srv/src/api/tpl/admin-assets.html