Jan Dittberner
47092bfa9b
- configure session cookie security - setup flash message handling in newTemplateData - show flash message in base.html - add flash message for new motion
100 lines
4 KiB
Go
100 lines
4 KiB
Go
/*
|
|
Copyright 2017-2022 CAcert Inc.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"io/fs"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/csrf"
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/justinas/alice"
|
|
"github.com/vearutop/statigz"
|
|
"github.com/vearutop/statigz/brotli"
|
|
|
|
"git.cacert.org/cacert-boardvoting/ui"
|
|
)
|
|
|
|
func (app *application) routes() http.Handler {
|
|
staticDir, _ := fs.Sub(ui.Files, "static")
|
|
|
|
staticData, ok := staticDir.(fs.ReadDirFS)
|
|
if !ok {
|
|
app.errorLog.Fatal("could not use uiStaticDir as fs.ReadDirFS")
|
|
}
|
|
|
|
fileServer := statigz.FileServer(staticData, brotli.AddEncoding, statigz.EncodeOnInit)
|
|
|
|
router := httprouter.New()
|
|
|
|
router.NotFound = http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { app.notFound(w) })
|
|
router.PanicHandler = func(w http.ResponseWriter, _ *http.Request, err interface{}) {
|
|
w.Header().Set("Connection", "close")
|
|
app.serverError(w, fmt.Errorf("%s", err))
|
|
}
|
|
|
|
router.Handler(
|
|
http.MethodGet,
|
|
"/",
|
|
http.RedirectHandler("/motions/", http.StatusMovedPermanently),
|
|
)
|
|
router.Handler(
|
|
http.MethodGet,
|
|
"/favicon.ico",
|
|
http.RedirectHandler("/static/images/favicon.ico", http.StatusMovedPermanently),
|
|
)
|
|
router.Handler(http.MethodGet, "/static/*filepath", http.StripPrefix("/static", fileServer))
|
|
|
|
csrfHandler := csrf.Protect(app.csrfKey, csrf.SameSite(csrf.SameSiteStrictMode))
|
|
|
|
dynamic := alice.New(
|
|
app.sessionManager.LoadAndSave,
|
|
app.tryAuthenticate,
|
|
)
|
|
|
|
canVote := dynamic.Append(app.userCanVote, csrfHandler)
|
|
canEditVote := dynamic.Append(app.userCanEditVote, csrfHandler)
|
|
canManageUsers := dynamic.Append(app.userCanChangeVoters, csrfHandler)
|
|
|
|
router.Handler(http.MethodGet, "/motions/", dynamic.ThenFunc(app.motionList))
|
|
router.Handler(http.MethodGet, "/motions/:tag", dynamic.ThenFunc(app.motionDetails))
|
|
router.Handler(http.MethodGet, "/motions/:tag/edit", canEditVote.ThenFunc(app.editMotionForm))
|
|
router.Handler(http.MethodPost, "/motions/:tag/edit", canEditVote.ThenFunc(app.editMotionSubmit))
|
|
router.Handler(http.MethodGet, "/motions/:tag/withdraw", canEditVote.ThenFunc(app.withdrawMotionForm))
|
|
router.Handler(http.MethodPost, "/motions/:tag/withdraw", canEditVote.ThenFunc(app.withdrawMotionSubmit))
|
|
router.Handler(http.MethodGet, "/vote/:tag/:choice", canVote.ThenFunc(app.voteForm))
|
|
router.Handler(http.MethodPost, "/vote/:tag/:choice", canVote.ThenFunc(app.voteSubmit))
|
|
router.Handler(http.MethodGet, "/proxy/:tag", canVote.ThenFunc(app.proxyVoteForm))
|
|
router.Handler(http.MethodPost, "/proxy/:tag", canVote.ThenFunc(app.proxyVoteSubmit))
|
|
router.Handler(http.MethodGet, "/newmotion/", canEditVote.ThenFunc(app.newMotionForm))
|
|
router.Handler(http.MethodPost, "/newmotion/", canEditVote.ThenFunc(app.newMotionSubmit))
|
|
|
|
router.Handler(http.MethodGet, "/users/", canManageUsers.ThenFunc(app.userList))
|
|
router.Handler(http.MethodPost, "/users/", canManageUsers.ThenFunc(app.submitUserRoles))
|
|
router.Handler(http.MethodGet, "/users/:id/", canManageUsers.ThenFunc(app.editUserForm))
|
|
router.Handler(http.MethodPost, "/users/:id/", canManageUsers.ThenFunc(app.editUserSubmit))
|
|
router.Handler(http.MethodGet, "/users/:id/add-mail", canManageUsers.ThenFunc(app.userAddEmailForm))
|
|
router.Handler(http.MethodPost, "/users/:id/add-mail", canManageUsers.ThenFunc(app.userAddEmailSubmit))
|
|
router.Handler(http.MethodGet, "/users/:id/delete", canManageUsers.ThenFunc(app.deleteUserForm))
|
|
router.Handler(http.MethodPost, "/users/:id/delete", canManageUsers.ThenFunc(app.deletetUserSubmit))
|
|
|
|
standard := alice.New(app.logRequest, secureHeaders)
|
|
|
|
return standard.Then(router)
|
|
}
|