github.com/decred/politeia@v1.4.0/politeiawww/legacy/www.go (about)

     1  // Copyright (c) 2017-2020 The Decred developers
     2  // Use of this source code is governed by an ISC
     3  // license that can be found in the LICENSE file.
     4  
     5  package legacy
     6  
     7  import (
     8  	"encoding/hex"
     9  	"encoding/json"
    10  	"net/http"
    11  
    12  	"github.com/decred/politeia/politeiad/api/v1/mime"
    13  	v1 "github.com/decred/politeia/politeiawww/api/www/v1"
    14  	"github.com/decred/politeia/util"
    15  	"github.com/gorilla/csrf"
    16  )
    17  
    18  // version is an HTTP GET to determine the lowest API route version that this
    19  // backend supports.  Additionally it is used to obtain a CSRF token.
    20  func (p *Politeiawww) handleVersion(w http.ResponseWriter, r *http.Request) {
    21  	log.Tracef("handleVersion")
    22  
    23  	versionReply := v1.VersionReply{
    24  		Version:      v1.PoliteiaWWWAPIVersion,
    25  		Route:        v1.PoliteiaWWWAPIRoute,
    26  		BuildVersion: p.cfg.Version,
    27  		PubKey:       hex.EncodeToString(p.cfg.Identity.Key[:]),
    28  		TestNet:      p.cfg.TestNet,
    29  		Mode:         p.cfg.Mode,
    30  	}
    31  
    32  	_, err := p.sessions.GetSessionUser(w, r)
    33  	if err == nil {
    34  		versionReply.ActiveUserSession = true
    35  	}
    36  
    37  	vr, err := json.Marshal(versionReply)
    38  	if err != nil {
    39  		RespondWithError(w, r, 0, "handleVersion: Marshal %v", err)
    40  		return
    41  	}
    42  
    43  	w.Header().Set("Strict-Transport-Security",
    44  		"max-age=63072000; includeSubDomains")
    45  	w.Header().Set("X-Content-Type-Options", "nosniff")
    46  	w.Header().Set("Referrer-Policy", "same-origin")
    47  	w.Header().Set("X-Frame-Options", "DENY")
    48  	w.Header().Set("X-XSS-Protection", "1; mode=block")
    49  	w.Header().Set("Content-Type", "application/json; charset=utf-8")
    50  	w.Header().Set(v1.CsrfToken, csrf.Token(r))
    51  
    52  	w.WriteHeader(http.StatusOK)
    53  	w.Write(vr)
    54  }
    55  
    56  func (p *Politeiawww) handlePolicy(w http.ResponseWriter, r *http.Request) {
    57  	// Get the policy command.
    58  	log.Tracef("handlePolicy")
    59  
    60  	reply := &v1.PolicyReply{
    61  		MinPasswordLength:          v1.PolicyMinPasswordLength,
    62  		MinUsernameLength:          v1.PolicyMinUsernameLength,
    63  		MaxUsernameLength:          v1.PolicyMaxUsernameLength,
    64  		UsernameSupportedChars:     v1.PolicyUsernameSupportedChars,
    65  		ProposalListPageSize:       v1.ProposalListPageSize,
    66  		UserListPageSize:           v1.UserListPageSize,
    67  		MaxImages:                  v1.PolicyMaxImages,
    68  		MaxImageSize:               v1.PolicyMaxImageSize,
    69  		MaxMDs:                     v1.PolicyMaxMDs,
    70  		MaxMDSize:                  v1.PolicyMaxMDSize,
    71  		PaywallEnabled:             p.paywallIsEnabled(),
    72  		ValidMIMETypes:             mime.ValidMimeTypes(),
    73  		MinProposalNameLength:      v1.PolicyMinProposalNameLength,
    74  		MaxProposalNameLength:      v1.PolicyMaxProposalNameLength,
    75  		ProposalNameSupportedChars: v1.PolicyProposalNameSupportedChars,
    76  		MaxCommentLength:           v1.PolicyMaxCommentLength,
    77  		TokenPrefixLength:          v1.TokenPrefixLength,
    78  		BuildInformation:           []string{p.cfg.Version},
    79  		IndexFilename:              v1.PolicyIndexFilename,
    80  		MinLinkByPeriod:            0,
    81  		MaxLinkByPeriod:            0,
    82  		MinVoteDuration:            0,
    83  		MaxVoteDuration:            0,
    84  		PaywallConfirmations:       p.cfg.MinConfirmationsRequired,
    85  	}
    86  
    87  	util.RespondWithJSON(w, http.StatusOK, reply)
    88  }