github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/utils/api.go

github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/utils/api.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package utils
     5  
     6  import (
     7  	"crypto"
     8  	"crypto/rand"
     9  	"encoding/base64"
    10  	"fmt"
    11  	"html/template"
    12  	"net/http"
    13  	"net/url"
    14  	"strings"
    15  
    16  	"github.com/mattermost/mattermost-server/model"
    17  )
    18  
    19  func CheckOrigin(r *http.Request, allowedOrigins string) bool {
    20  	origin := r.Header.Get("Origin")
    21  	if allowedOrigins == "*" {
    22  		return true
    23  	}
    24  	for _, allowed := range strings.Split(allowedOrigins, " ") {
    25  		if allowed == origin {
    26  			return true
    27  		}
    28  	}
    29  	return false
    30  }
    31  
    32  func OriginChecker(allowedOrigins string) func(*http.Request) bool {
    33  	return func(r *http.Request) bool {
    34  		return CheckOrigin(r, allowedOrigins)
    35  	}
    36  }
    37  
    38  func RenderWebAppError(w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) {
    39  	RenderWebError(w, r, err.StatusCode, url.Values{
    40  		"message": []string{err.Message},
    41  	}, s)
    42  }
    43  
    44  func RenderWebError(w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) {
    45  	queryString := params.Encode()
    46  
    47  	h := crypto.SHA256
    48  	sum := h.New()
    49  	sum.Write([]byte("/error?" + queryString))
    50  	signature, err := s.Sign(rand.Reader, sum.Sum(nil), h)
    51  	if err != nil {
    52  		http.Error(w, "", http.StatusInternalServerError)
    53  		return
    54  	}
    55  	destination := "/error?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature)
    56  
    57  	if status >= 300 && status < 400 {
    58  		http.Redirect(w, r, destination, status)
    59  		return
    60  	}
    61  
    62  	w.Header().Set("Content-Type", "text/html")
    63  	w.WriteHeader(status)
    64  	fmt.Fprintln(w, `<!DOCTYPE html><html><head></head>`)
    65  	fmt.Fprintln(w, `<body onload="window.location = '`+template.HTMLEscapeString(template.JSEscapeString(destination))+`'">`)
    66  	fmt.Fprintln(w, `<noscript><meta http-equiv="refresh" content="0; url=`+template.HTMLEscapeString(destination)+`"></noscript>`)
    67  	fmt.Fprintln(w, `<a href="`+template.HTMLEscapeString(destination)+`" style="color: #c0c0c0;">...</a>`)
    68  	fmt.Fprintln(w, `</body></html>`)
    69  }