go-ssb-room/web/handlers/http.go

// SPDX-License-Identifier: MIT

package handlers

import (
	"errors"
	"fmt"
	"net/http"
	"time"

	"github.com/gorilla/csrf"
	"github.com/gorilla/sessions"
	"go.mindeco.de/http/auth"
	"go.mindeco.de/http/render"
	"go.mindeco.de/logging"

	"github.com/ssb-ngi-pointer/go-ssb-room/admindb"
	"github.com/ssb-ngi-pointer/go-ssb-room/internal/repo"
	"github.com/ssb-ngi-pointer/go-ssb-room/roomstate"
	"github.com/ssb-ngi-pointer/go-ssb-room/web"
	"github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/admin"
	roomsAuth "github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/auth"
	"github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/news"
	"github.com/ssb-ngi-pointer/go-ssb-room/web/i18n"
	"github.com/ssb-ngi-pointer/go-ssb-room/web/router"
)

var HTMLTempaltes = []string{
	"landing/index.tmpl",
	"landing/about.tmpl",
	"notice/list.tmpl",
	"notice/show.tmpl",
	"error.tmpl",
}

// New initializes the whole web stack for rooms, with all the sub-modules and routing.
func New(
	logger logging.Interface,
	repo repo.Interface,
	roomState *roomstate.Manager,
	as admindb.AuthWithSSBService,
	fs admindb.AuthFallbackService,
	al admindb.AllowListService,
	ns admindb.NoticesService,
	ps admindb.PinnedNoticesService,
) (http.Handler, error) {
	m := router.CompleteApp()

	locHelper, err := i18n.New(repo)
	if err != nil {
		return nil, err
	}

	var a *auth.Handler

	r, err := render.New(web.Templates,
		render.SetLogger(logger),
		render.BaseTemplates("base.tmpl", "menu.tmpl"),
		render.AddTemplates(concatTemplates(
			HTMLTempaltes,
			news.HTMLTemplates,
			roomsAuth.HTMLTemplates,
			admin.HTMLTemplates,
		)...),
		render.ErrorTemplate("error.tmpl"),
		render.FuncMap(web.TemplateFuncs(m)),
		// TODO: move these to the i18n helper pkg
		render.InjectTemplateFunc("i18npl", func(r *http.Request) interface{} {
			loc := i18n.LocalizerFromRequest(locHelper, r)
			return loc.LocalizePlurals
		}),
		render.InjectTemplateFunc("i18n", func(r *http.Request) interface{} {
			loc := i18n.LocalizerFromRequest(locHelper, r)
			return loc.LocalizeSimple
		}),
		render.InjectTemplateFunc("current_page_is", func(r *http.Request) interface{} {
			return func(routeName string) bool {
				url, err := router.CompleteApp().Get(routeName).URLPath()
				if err != nil {
					return false
				}
				return r.RequestURI == url.Path
			}
		}),
		render.InjectTemplateFunc("is_logged_in", func(r *http.Request) interface{} {
			no := func() *admindb.User { return nil }

			v, err := a.AuthenticateRequest(r)
			if err != nil {
				return no
			}

			uid, ok := v.(int64)
			if !ok {
				panic(fmt.Sprintf("warning: not the expected ID type from authenticated session: %T\n", v))
			}

			user, err := fs.GetByID(r.Context(), uid)
			if err != nil {
				return no
			}

			yes := func() *admindb.User { return user }
			return yes
		}),
	)
	if err != nil {
		return nil, fmt.Errorf("web Handler: failed to create renderer: %w", err)
	}

	cookieCodec, err := web.LoadOrCreateCookieSecrets(repo)
	if err != nil {
		return nil, err
	}

	store := &sessions.CookieStore{
		Codecs: cookieCodec,
		Options: &sessions.Options{
			Path:   "/",
			MaxAge: 2 * 60 * 60, // two hours in seconds  // TODO: configure
		},
	}

	// TODO: this is just the error handler for http/auth, not render
	authErrH := func(rw http.ResponseWriter, req *http.Request, err error, code int) {
		var ih = i18n.LocalizerFromRequest(locHelper, req)

		// default, unlocalized message
		msg := err.Error()

		// localize some specific error messages
		var (
			aa admindb.ErrAlreadyAdded
		)
		switch {
		case err == auth.ErrBadLogin:
			msg = ih.LocalizeSimple("AuthErrorBadLogin")

		case errors.Is(err, admindb.ErrNotFound):
			msg = ih.LocalizeSimple("ErrorNotFound")

		case errors.As(err, &aa):
			msg = ih.LocalizeSimple("ErrorAlreadyAdded")
		}

		r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
			return errorTemplateData{
				Err: msg,
				// TODO: localize?
				Status:     http.StatusText(code),
				StatusCode: code,
			}, nil
		}).ServeHTTP(rw, req)
	}

	notAuthorizedH := r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
		statusCode := http.StatusUnauthorized
		rw.WriteHeader(statusCode)
		return errorTemplateData{
			statusCode,
			"Unauthorized",
			"you are not authorized to access the requested site",
		}, nil
	})

	a, err = auth.NewHandler(fs,
		auth.SetStore(store),
		auth.SetErrorHandler(authErrH),
		auth.SetNotAuthorizedHandler(notAuthorizedH),
		auth.SetLifetime(2*time.Hour), // TODO: configure
	)
	if err != nil {
		return nil, fmt.Errorf("web Handler: failed to init fallback auth system: %w", err)
	}

	// Cross Site Request Forgery prevention middleware
	csrfKey, err := web.LoadOrCreateCSRFSecret(repo)
	if err != nil {
		return nil, err
	}

	CSRF := csrf.Protect(csrfKey,
		csrf.ErrorHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
			err := csrf.FailureReason(req)
			// TODO: localize error?
			r.Error(w, req, http.StatusForbidden, err)
		})),
	)

	// this router is a bit of a qurik
	// TODO: explain problem between gorilla/mux named routers and authentication
	mainMux := &http.ServeMux{}

	// hookup handlers to the router
	news.Handler(m, r)
	roomsAuth.Handler(m, r, a)

	adminHandler := a.Authenticate(admin.Handler(r, roomState, al, ns, ps))
	mainMux.Handle("/admin/", adminHandler)

	m.Get(router.CompleteIndex).Handler(r.StaticHTML("landing/index.tmpl"))
	m.Get(router.CompleteAbout).Handler(r.StaticHTML("landing/about.tmpl"))

	var nr noticeHandler
	nr.notices = ns
	nr.pinned = ps
	m.Get(router.CompleteNoticeList).Handler(r.HTML("notice/list.tmpl", nr.list))
	m.Get(router.CompleteNoticeShow).Handler(r.HTML("notice/show.tmpl", nr.show))

	m.PathPrefix("/assets/").Handler(http.StripPrefix("/assets/", http.FileServer(web.Assets)))

	m.NotFoundHandler = r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
		rw.WriteHeader(http.StatusNotFound)
		msg := i18n.LocalizerFromRequest(locHelper, req).LocalizeSimple("PageNotFound")
		return errorTemplateData{http.StatusNotFound, "Not Found", msg}, nil
	})

	mainMux.Handle("/", m)

	// apply middleware
	var finalHandler http.Handler = mainMux
	finalHandler = logging.InjectHandler(logger)(finalHandler)
	finalHandler = CSRF(finalHandler)

	if web.Production {
		return finalHandler, nil
	}

	return r.GetReloader()(finalHandler), nil
}

// utils

type errorTemplateData struct {
	StatusCode int
	Status     string
	Err        string
}

func concatTemplates(lst ...[]string) []string {
	var catted []string

	for _, tpls := range lst {
		for _, t := range tpls {
			catted = append(catted, t)
		}

	}
	return catted
}
add missing license headers 2021-02-09 11:53:33 +00:00			`// SPDX-License-Identifier: MIT`

start http and html skelleton 2021-02-04 10:36:02 +00:00			`package handlers`

			`import (`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`"errors"`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`"fmt"`
			`"net/http"`
fix session lifetime 2021-02-16 11:18:01 +00:00			`"time"`
start http and html skelleton 2021-02-04 10:36:02 +00:00
add CSRF protection updates #14 2021-02-16 10:20:38 +00:00			`"github.com/gorilla/csrf"`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`"github.com/gorilla/sessions"`
			`"go.mindeco.de/http/auth"`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`"go.mindeco.de/http/render"`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`"go.mindeco.de/logging"`
start http and html skelleton 2021-02-04 10:36:02 +00:00
change name to go-ssb-room It has been brought to my attention that "gossb" reads like "gossip..?" to the untrained eye. That's just confusing. Also the project hosts a single room so the plural was just wrong. 2021-02-09 16:38:51 +00:00			`"github.com/ssb-ngi-pointer/go-ssb-room/admindb"`
			`"github.com/ssb-ngi-pointer/go-ssb-room/internal/repo"`
seperate room state from muxrpc handler There is a new roomstate package now with a Manager which is shared between muxrpc and the http handler(s). Also adds a list of peers in the room to admin dashboard. 2021-02-10 14:50:36 +00:00			`"github.com/ssb-ngi-pointer/go-ssb-room/roomstate"`
change name to go-ssb-room It has been brought to my attention that "gossb" reads like "gossip..?" to the untrained eye. That's just confusing. Also the project hosts a single room so the plural was just wrong. 2021-02-09 16:38:51 +00:00			`"github.com/ssb-ngi-pointer/go-ssb-room/web"`
			`"github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/admin"`
			`roomsAuth "github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/auth"`
			`"github.com/ssb-ngi-pointer/go-ssb-room/web/handlers/news"`
			`"github.com/ssb-ngi-pointer/go-ssb-room/web/i18n"`
			`"github.com/ssb-ngi-pointer/go-ssb-room/web/router"`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`)`

(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00			`var HTMLTempaltes = []string{`
			`"landing/index.tmpl",`
			`"landing/about.tmpl",`
list, set and get pinned notices 2021-02-23 19:23:50 +00:00			`"notice/list.tmpl",`
			`"notice/show.tmpl",`
(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00			`"error.tmpl",`
			`}`

embedded templates 2021-02-04 16:21:21 +00:00			`// New initializes the whole web stack for rooms, with all the sub-modules and routing.`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`func New(`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`logger logging.Interface,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`repo repo.Interface,`
seperate room state from muxrpc handler There is a new roomstate package now with a Manager which is shared between muxrpc and the http handler(s). Also adds a list of peers in the room to admin dashboard. 2021-02-10 14:50:36 +00:00			`roomState *roomstate.Manager,`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`as admindb.AuthWithSSBService,`
			`fs admindb.AuthFallbackService,`
allow list interface 2021-02-11 15:43:19 +00:00			`al admindb.AllowListService,`
(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00			`ns admindb.NoticesService,`
list, set and get pinned notices 2021-02-23 19:23:50 +00:00			`ps admindb.PinnedNoticesService,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`) (http.Handler, error) {`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`m := router.CompleteApp()`
start http and html skelleton 2021-02-04 10:36:02 +00:00
add i18n support TODO: default files once embedded assets are there 2021-02-04 15:52:55 +00:00			`locHelper, err := i18n.New(repo)`
			`if err != nil {`
			`return nil, err`
			`}`

add simple authenticated navigation {{is_logged_in}} returns a *admindb.User value or nil depending on their state. This can be used to build conditional rendering. 2021-02-09 11:39:57 +00:00			`var a *auth.Handler`

add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`r, err := render.New(web.Templates,`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`render.SetLogger(logger),`
new route "menu" that is accessible on mobile only 2021-02-23 18:22:21 +00:00			`render.BaseTemplates("base.tmpl", "menu.tmpl"),`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`render.AddTemplates(concatTemplates(`
(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00			`HTMLTempaltes,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`news.HTMLTemplates,`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`roomsAuth.HTMLTemplates,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`admin.HTMLTemplates,`
			`)...),`
update http/render 2021-02-22 15:20:26 +00:00			`render.ErrorTemplate("error.tmpl"),`
examples for the news/ section 2021-02-04 11:00:12 +00:00			`render.FuncMap(web.TemplateFuncs(m)),`
embedded templates 2021-02-04 16:21:21 +00:00			`// TODO: move these to the i18n helper pkg`
seperate room state from muxrpc handler There is a new roomstate package now with a Manager which is shared between muxrpc and the http handler(s). Also adds a list of peers in the room to admin dashboard. 2021-02-10 14:50:36 +00:00			`render.InjectTemplateFunc("i18npl", func(r *http.Request) interface{} {`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`loc := i18n.LocalizerFromRequest(locHelper, r)`
seperate room state from muxrpc handler There is a new roomstate package now with a Manager which is shared between muxrpc and the http handler(s). Also adds a list of peers in the room to admin dashboard. 2021-02-10 14:50:36 +00:00			`return loc.LocalizePlurals`
			`}),`
add i18n support TODO: default files once embedded assets are there 2021-02-04 15:52:55 +00:00			`render.InjectTemplateFunc("i18n", func(r *http.Request) interface{} {`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`loc := i18n.LocalizerFromRequest(locHelper, r)`
add i18n support TODO: default files once embedded assets are there 2021-02-04 15:52:55 +00:00			`return loc.LocalizeSimple`
			`}),`
highlight active menu item with current_page_is 2021-02-23 16:33:49 +00:00			`render.InjectTemplateFunc("current_page_is", func(r *http.Request) interface{} {`
			`return func(routeName string) bool {`
			`url, err := router.CompleteApp().Get(routeName).URLPath()`
			`if err != nil {`
			`return false`
			`}`
			`return r.RequestURI == url.Path`
			`}`
			`}),`
add simple authenticated navigation {{is_logged_in}} returns a *admindb.User value or nil depending on their state. This can be used to build conditional rendering. 2021-02-09 11:39:57 +00:00			`render.InjectTemplateFunc("is_logged_in", func(r *http.Request) interface{} {`
			`no := func() *admindb.User { return nil }`

			`v, err := a.AuthenticateRequest(r)`
			`if err != nil {`
			`return no`
			`}`
eliminate global state in handlers/http_test.go 2021-02-11 14:15:56 +00:00
add simple authenticated navigation {{is_logged_in}} returns a *admindb.User value or nil depending on their state. This can be used to build conditional rendering. 2021-02-09 11:39:57 +00:00			`uid, ok := v.(int64)`
			`if !ok {`
turn template evaluation error fatal this shouldn't just be logged and discarded as "not logged in" 2021-02-22 15:29:05 +00:00			`panic(fmt.Sprintf("warning: not the expected ID type from authenticated session: %T\n", v))`
add simple authenticated navigation {{is_logged_in}} returns a *admindb.User value or nil depending on their state. This can be used to build conditional rendering. 2021-02-09 11:39:57 +00:00			`}`

			`user, err := fs.GetByID(r.Context(), uid)`
			`if err != nil {`
			`return no`
			`}`

			`yes := func() *admindb.User { return user }`
			`return yes`
			`}),`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`)`
			`if err != nil {`
			`return nil, fmt.Errorf("web Handler: failed to create renderer: %w", err)`
			`}`

sqlite and auth setup 2021-02-08 16:47:42 +00:00			`cookieCodec, err := web.LoadOrCreateCookieSecrets(repo)`
			`if err != nil {`
			`return nil, err`
			`}`

basic auth middleware setup 2021-02-08 11:57:14 +00:00			`store := &sessions.CookieStore{`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`Codecs: cookieCodec,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`Options: &sessions.Options{`
			`Path: "/",`
fix session lifetime 2021-02-16 11:18:01 +00:00			`MaxAge: 2 * 60 * 60, // two hours in seconds // TODO: configure`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`},`
			`}`

cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`// TODO: this is just the error handler for http/auth, not render`
use new auth.SetErrorHandler option 2021-02-09 12:40:57 +00:00			`authErrH := func(rw http.ResponseWriter, req *http.Request, err error, code int) {`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`var ih = i18n.LocalizerFromRequest(locHelper, req)`

			`// default, unlocalized message`
use new auth.SetErrorHandler option 2021-02-09 12:40:57 +00:00			`msg := err.Error()`

			`// localize some specific error messages`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`var (`
			`aa admindb.ErrAlreadyAdded`
			`)`
			`switch {`
			`case err == auth.ErrBadLogin:`
			`msg = ih.LocalizeSimple("AuthErrorBadLogin")`

			`case errors.Is(err, admindb.ErrNotFound):`
			`msg = ih.LocalizeSimple("ErrorNotFound")`

			`case errors.As(err, &aa):`
			`msg = ih.LocalizeSimple("ErrorAlreadyAdded")`
use new auth.SetErrorHandler option 2021-02-09 12:40:57 +00:00			`}`

add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {`
use new auth.SetErrorHandler option 2021-02-09 12:40:57 +00:00			`return errorTemplateData{`
			`Err: msg,`
			`// TODO: localize?`
			`Status: http.StatusText(code),`
			`StatusCode: code,`
			`}, nil`
			`}).ServeHTTP(rw, req)`
			`}`

add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`notAuthorizedH := r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`statusCode := http.StatusUnauthorized`
			`rw.WriteHeader(statusCode)`
			`return errorTemplateData{`
			`statusCode,`
			`"Unauthorized",`
			`"you are not authorized to access the requested site",`
			`}, nil`
			`})`

add simple authenticated navigation {{is_logged_in}} returns a *admindb.User value or nil depending on their state. This can be used to build conditional rendering. 2021-02-09 11:39:57 +00:00			`a, err = auth.NewHandler(fs,`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`auth.SetStore(store),`
use new auth.SetErrorHandler option 2021-02-09 12:40:57 +00:00			`auth.SetErrorHandler(authErrH),`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`auth.SetNotAuthorizedHandler(notAuthorizedH),`
fix session lifetime 2021-02-16 11:18:01 +00:00			`auth.SetLifetime(2*time.Hour), // TODO: configure`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`)`
			`if err != nil {`
			`return nil, fmt.Errorf("web Handler: failed to init fallback auth system: %w", err)`
			`}`

add CSRF protection updates #14 2021-02-16 10:20:38 +00:00			`// Cross Site Request Forgery prevention middleware`
			`csrfKey, err := web.LoadOrCreateCSRFSecret(repo)`
			`if err != nil {`
			`return nil, err`
			`}`

			`CSRF := csrf.Protect(csrfKey,`
			`csrf.ErrorHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`err := csrf.FailureReason(req)`
			`// TODO: localize error?`
			`r.Error(w, req, http.StatusForbidden, err)`
			`})),`
			`)`

allow list interface 2021-02-11 15:43:19 +00:00			`// this router is a bit of a qurik`
			`// TODO: explain problem between gorilla/mux named routers and authentication`
			`mainMux := &http.ServeMux{}`

start http and html skelleton 2021-02-04 10:36:02 +00:00			`// hookup handlers to the router`
eliminate global state in handlers/http_test.go 2021-02-11 14:15:56 +00:00			`news.Handler(m, r)`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`roomsAuth.Handler(m, r, a)`

re-use edit template for new translation 2021-02-25 10:13:48 +00:00			`adminHandler := a.Authenticate(admin.Handler(r, roomState, al, ns, ps))`
allow list interface 2021-02-11 15:43:19 +00:00			`mainMux.Handle("/admin/", adminHandler)`
start http and html skelleton 2021-02-04 10:36:02 +00:00
add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`m.Get(router.CompleteIndex).Handler(r.StaticHTML("landing/index.tmpl"))`
			`m.Get(router.CompleteAbout).Handler(r.StaticHTML("landing/about.tmpl"))`
start http and html skelleton 2021-02-04 10:36:02 +00:00
list, set and get pinned notices 2021-02-23 19:23:50 +00:00			`var nr noticeHandler`
(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00			`nr.notices = ns`
list, set and get pinned notices 2021-02-23 19:23:50 +00:00			`nr.pinned = ps`
			`m.Get(router.CompleteNoticeList).Handler(r.HTML("notice/list.tmpl", nr.list))`
			`m.Get(router.CompleteNoticeShow).Handler(r.HTML("notice/show.tmpl", nr.show))`
(Pinned)Notices Notices are pages that admins can fill with their content to describe and customize the room. Pinned notices are common notices that each room has. Like a description and privacy policy. * update models * simple crud test for basic notices * edit and save notices as admin 2021-02-22 16:55:12 +00:00
add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`m.PathPrefix("/assets/").Handler(http.StripPrefix("/assets/", http.FileServer(web.Assets)))`
add embedded assets server 2021-02-04 16:46:51 +00:00
add back dev build tag for local file access without embedding 2021-02-22 14:26:51 +00:00			`m.NotFoundHandler = r.HTML("error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`rw.WriteHeader(http.StatusNotFound)`
cleanup internal sqlite error 2021-02-15 16:21:06 +00:00			`msg := i18n.LocalizerFromRequest(locHelper, req).LocalizeSimple("PageNotFound")`
route with query params instead of named routers Since we don't use the web/router through and through to setup handler functions, accessing the named route varaibles doesn't work inside those handler functions. Since I dont find it acceptable to juggle two concepts here I switch the url generation to classical get query paramters (route?varA=xyz&varB=2). 2021-02-15 11:08:33 +00:00			`return errorTemplateData{http.StatusNotFound, "Not Found", msg}, nil`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`})`
add i18n support TODO: default files once embedded assets are there 2021-02-04 15:52:55 +00:00
allow list interface 2021-02-11 15:43:19 +00:00			`mainMux.Handle("/", m)`

add CSRF protection updates #14 2021-02-16 10:20:38 +00:00			`// apply middleware`
allow list interface 2021-02-11 15:43:19 +00:00			`var finalHandler http.Handler = mainMux`
			`finalHandler = logging.InjectHandler(logger)(finalHandler)`
add CSRF protection updates #14 2021-02-16 10:20:38 +00:00			`finalHandler = CSRF(finalHandler)`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`if web.Production {`
setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`return finalHandler, nil`
basic auth middleware setup 2021-02-08 11:57:14 +00:00			`}`

setup logging in http handlers (fixes #10) in a http.Handler you can now do the following to log events: logger := logging.FromContext(req.Context()) level.Info(logger).Log("event", "happend", ...) 2021-02-11 15:23:22 +00:00			`return r.GetReloader()(finalHandler), nil`
start http and html skelleton 2021-02-04 10:36:02 +00:00			`}`
basic auth middleware setup 2021-02-08 11:57:14 +00:00
			`// utils`

			`type errorTemplateData struct {`
			`StatusCode int`
			`Status string`
			`Err string`
			`}`

			`func concatTemplates(lst ...[]string) []string {`
			`var catted []string`

			`for _, tpls := range lst {`
			`for _, t := range tpls {`
			`catted = append(catted, t)`
			`}`

			`}`
			`return catted`
			`}`