2019-02-09 12:30:49 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
2022-12-05 04:08:22 +00:00
|
|
|
"bytes"
|
2019-02-09 12:30:49 +00:00
|
|
|
"context"
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2022-12-05 04:08:22 +00:00
|
|
|
"io"
|
2021-09-22 03:08:34 +00:00
|
|
|
"io/fs"
|
2019-08-21 04:07:25 +00:00
|
|
|
"net/http"
|
2021-09-27 00:55:23 +00:00
|
|
|
"os"
|
2019-08-21 04:07:25 +00:00
|
|
|
"path"
|
2023-02-08 04:02:23 +00:00
|
|
|
"regexp"
|
2019-08-21 04:07:25 +00:00
|
|
|
"runtime/debug"
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2021-02-23 02:03:02 +00:00
|
|
|
"time"
|
2019-08-21 04:07:25 +00:00
|
|
|
|
2021-05-31 03:58:32 +00:00
|
|
|
gqlHandler "github.com/99designs/gqlgen/graphql/handler"
|
|
|
|
|
gqlExtension "github.com/99designs/gqlgen/graphql/handler/extension"
|
|
|
|
|
gqlLru "github.com/99designs/gqlgen/graphql/handler/lru"
|
|
|
|
|
gqlTransport "github.com/99designs/gqlgen/graphql/handler/transport"
|
|
|
|
|
gqlPlayground "github.com/99designs/gqlgen/graphql/playground"
|
2019-02-09 12:30:49 +00:00
|
|
|
"github.com/go-chi/chi"
|
|
|
|
|
"github.com/go-chi/chi/middleware"
|
2019-02-11 22:44:13 +00:00
|
|
|
"github.com/gorilla/websocket"
|
2022-03-17 00:33:59 +00:00
|
|
|
"github.com/vearutop/statigz"
|
2022-02-03 00:20:34 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
"github.com/go-chi/cors"
|
2022-02-03 00:20:34 +00:00
|
|
|
"github.com/go-chi/httplog"
|
2022-08-12 02:21:46 +00:00
|
|
|
"github.com/stashapp/stash/internal/api/loaders"
|
2022-03-17 00:33:59 +00:00
|
|
|
"github.com/stashapp/stash/internal/manager"
|
|
|
|
|
"github.com/stashapp/stash/internal/manager/config"
|
|
|
|
|
"github.com/stashapp/stash/pkg/fsutil"
|
2019-02-14 23:42:52 +00:00
|
|
|
"github.com/stashapp/stash/pkg/logger"
|
2022-12-05 04:08:22 +00:00
|
|
|
"github.com/stashapp/stash/pkg/plugin"
|
2023-04-19 03:01:32 +00:00
|
|
|
"github.com/stashapp/stash/pkg/utils"
|
2022-03-17 00:33:59 +00:00
|
|
|
"github.com/stashapp/stash/ui"
|
2019-02-09 12:30:49 +00:00
|
|
|
)
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
const (
|
|
|
|
|
loginEndpoint = "/login"
|
|
|
|
|
logoutEndpoint = "/logout"
|
|
|
|
|
gqlEndpoint = "/graphql"
|
|
|
|
|
playgroundEndpoint = "/playground"
|
|
|
|
|
)
|
|
|
|
|
|
2020-04-29 02:13:08 +00:00
|
|
|
var version string
|
|
|
|
|
var buildstamp string
|
|
|
|
|
var githash string
|
2019-08-21 04:07:25 +00:00
|
|
|
|
2022-03-17 00:33:59 +00:00
|
|
|
var uiBox = ui.UIBox
|
|
|
|
|
var loginUIBox = ui.LoginUIBox
|
|
|
|
|
|
2022-05-04 00:37:32 +00:00
|
|
|
func Start() error {
|
2019-08-24 07:17:25 +00:00
|
|
|
initialiseImages()
|
2019-11-17 21:41:08 +00:00
|
|
|
|
2019-02-09 12:30:49 +00:00
|
|
|
r := chi.NewRouter()
|
|
|
|
|
|
2021-04-09 00:06:02 +00:00
|
|
|
r.Use(middleware.Heartbeat("/healthz"))
|
2023-04-19 03:01:32 +00:00
|
|
|
r.Use(cors.AllowAll().Handler)
|
2019-07-28 09:36:52 +00:00
|
|
|
r.Use(authenticateHandler())
|
2021-06-11 07:24:58 +00:00
|
|
|
visitedPluginHandler := manager.GetInstance().SessionStore.VisitedPluginHandler()
|
|
|
|
|
r.Use(visitedPluginHandler)
|
|
|
|
|
|
2019-02-09 12:30:49 +00:00
|
|
|
r.Use(middleware.Recoverer)
|
2019-10-25 00:13:44 +00:00
|
|
|
|
2021-04-11 23:31:33 +00:00
|
|
|
c := config.GetInstance()
|
|
|
|
|
if c.GetLogAccess() {
|
2022-02-03 00:20:34 +00:00
|
|
|
httpLogger := httplog.NewLogger("Stash", httplog.Options{
|
|
|
|
|
Concise: true,
|
|
|
|
|
})
|
|
|
|
|
r.Use(httplog.RequestLogger(httpLogger))
|
2019-10-25 00:13:44 +00:00
|
|
|
}
|
2021-12-13 03:54:19 +00:00
|
|
|
r.Use(SecurityHeadersMiddleware)
|
2022-11-07 01:33:15 +00:00
|
|
|
r.Use(middleware.DefaultCompress)
|
|
|
|
|
r.Use(middleware.StripSlashes)
|
2019-02-09 12:30:49 +00:00
|
|
|
r.Use(BaseURLMiddleware)
|
|
|
|
|
|
2021-05-31 03:58:32 +00:00
|
|
|
recoverFunc := func(ctx context.Context, err interface{}) error {
|
2019-02-09 12:30:49 +00:00
|
|
|
logger.Error(err)
|
|
|
|
|
debug.PrintStack()
|
|
|
|
|
|
|
|
|
|
message := fmt.Sprintf("Internal system error. Error <%v>", err)
|
|
|
|
|
return errors.New(message)
|
2021-05-31 03:58:32 +00:00
|
|
|
}
|
2021-01-18 01:23:20 +00:00
|
|
|
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager := manager.GetInstance().Repository
|
2022-08-12 02:21:46 +00:00
|
|
|
|
|
|
|
|
dataloaders := loaders.Middleware{
|
|
|
|
|
DatabaseProvider: txnManager,
|
|
|
|
|
Repository: txnManager,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r.Use(dataloaders.Middleware)
|
|
|
|
|
|
2021-06-11 07:24:58 +00:00
|
|
|
pluginCache := manager.GetInstance().PluginCache
|
2022-07-13 06:30:54 +00:00
|
|
|
sceneService := manager.GetInstance().SceneService
|
|
|
|
|
imageService := manager.GetInstance().ImageService
|
|
|
|
|
galleryService := manager.GetInstance().GalleryService
|
2021-01-18 01:23:20 +00:00
|
|
|
resolver := &Resolver{
|
2022-07-13 06:30:54 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
repository: txnManager,
|
|
|
|
|
sceneService: sceneService,
|
|
|
|
|
imageService: imageService,
|
|
|
|
|
galleryService: galleryService,
|
|
|
|
|
hookExecutor: pluginCache,
|
2021-01-18 01:23:20 +00:00
|
|
|
}
|
2021-02-23 02:03:02 +00:00
|
|
|
|
2022-04-25 05:55:05 +00:00
|
|
|
gqlSrv := gqlHandler.New(NewExecutableSchema(Config{Resolvers: resolver}))
|
2021-05-31 03:58:32 +00:00
|
|
|
gqlSrv.SetRecoverFunc(recoverFunc)
|
|
|
|
|
gqlSrv.AddTransport(gqlTransport.Websocket{
|
|
|
|
|
Upgrader: websocket.Upgrader{
|
|
|
|
|
CheckOrigin: func(r *http.Request) bool {
|
|
|
|
|
return true
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
KeepAlivePingInterval: 10 * time.Second,
|
|
|
|
|
})
|
|
|
|
|
gqlSrv.AddTransport(gqlTransport.Options{})
|
|
|
|
|
gqlSrv.AddTransport(gqlTransport.GET{})
|
|
|
|
|
gqlSrv.AddTransport(gqlTransport.POST{})
|
|
|
|
|
gqlSrv.AddTransport(gqlTransport.MultipartForm{
|
|
|
|
|
MaxUploadSize: c.GetMaxUploadSize(),
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
gqlSrv.SetQueryCache(gqlLru.New(1000))
|
|
|
|
|
gqlSrv.Use(gqlExtension.Introspection{})
|
|
|
|
|
|
2023-04-17 05:27:25 +00:00
|
|
|
gqlSrv.SetErrorPresenter(gqlErrorHandler)
|
|
|
|
|
|
2021-05-31 03:58:32 +00:00
|
|
|
gqlHandlerFunc := func(w http.ResponseWriter, r *http.Request) {
|
2023-04-19 03:01:32 +00:00
|
|
|
w.Header().Set("Cache-Control", "no-store")
|
2021-05-31 03:58:32 +00:00
|
|
|
gqlSrv.ServeHTTP(w, r)
|
|
|
|
|
}
|
2019-02-09 12:30:49 +00:00
|
|
|
|
2021-05-26 04:17:53 +00:00
|
|
|
// register GQL handler with plugin cache
|
2021-06-11 07:24:58 +00:00
|
|
|
// chain the visited plugin handler
|
2022-10-18 00:09:54 +00:00
|
|
|
// also requires the dataloader middleware
|
|
|
|
|
gqlHandler := visitedPluginHandler(dataloaders.Middleware(http.HandlerFunc(gqlHandlerFunc)))
|
|
|
|
|
manager.GetInstance().PluginCache.RegisterGQLHandler(gqlHandler)
|
2021-05-26 04:17:53 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
r.HandleFunc(gqlEndpoint, gqlHandlerFunc)
|
|
|
|
|
r.HandleFunc(playgroundEndpoint, func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
setPageSecurityHeaders(w, r)
|
|
|
|
|
endpoint := getProxyPrefix(r) + gqlEndpoint
|
|
|
|
|
gqlPlayground.Handler("GraphQL playground", endpoint)(w, r)
|
|
|
|
|
})
|
2020-04-08 02:51:12 +00:00
|
|
|
|
2021-01-18 01:23:20 +00:00
|
|
|
r.Mount("/performer", performerRoutes{
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
performerFinder: txnManager.Performer,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
|
|
|
|
r.Mount("/scene", sceneRoutes{
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
sceneFinder: txnManager.Scene,
|
2022-09-01 07:54:34 +00:00
|
|
|
fileFinder: txnManager.File,
|
2022-07-13 06:30:54 +00:00
|
|
|
captionFinder: txnManager.File,
|
2022-05-19 07:49:32 +00:00
|
|
|
sceneMarkerFinder: txnManager.SceneMarker,
|
|
|
|
|
tagFinder: txnManager.Tag,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
|
|
|
|
r.Mount("/image", imageRoutes{
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
imageFinder: txnManager.Image,
|
2022-09-01 07:54:34 +00:00
|
|
|
fileFinder: txnManager.File,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
|
|
|
|
r.Mount("/studio", studioRoutes{
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
studioFinder: txnManager.Studio,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
|
|
|
|
r.Mount("/movie", movieRoutes{
|
2022-05-19 07:49:32 +00:00
|
|
|
txnManager: txnManager,
|
|
|
|
|
movieFinder: txnManager.Movie,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
|
|
|
|
r.Mount("/tag", tagRoutes{
|
|
|
|
|
txnManager: txnManager,
|
2022-05-19 07:49:32 +00:00
|
|
|
tagFinder: txnManager.Tag,
|
2021-01-18 01:23:20 +00:00
|
|
|
}.Routes())
|
2020-09-15 07:28:53 +00:00
|
|
|
r.Mount("/downloads", downloadsRoutes{}.Routes())
|
2019-02-09 12:30:49 +00:00
|
|
|
|
2022-12-05 04:08:22 +00:00
|
|
|
r.HandleFunc("/css", cssHandler(c, pluginCache))
|
|
|
|
|
r.HandleFunc("/javascript", javascriptHandler(c, pluginCache))
|
2023-04-19 03:01:32 +00:00
|
|
|
r.HandleFunc("/customlocales", customLocalesHandler(c))
|
2019-08-22 22:24:14 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
staticLoginUI := statigz.FileServer(loginUIBox.(fs.ReadDirFS))
|
2021-10-09 06:32:43 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
r.Get(loginEndpoint, handleLogin(loginUIBox))
|
|
|
|
|
r.Post(loginEndpoint, handleLoginPost(loginUIBox))
|
|
|
|
|
r.Get(logoutEndpoint, handleLogout())
|
|
|
|
|
r.HandleFunc(loginEndpoint+"/*", func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
r.URL.Path = strings.TrimPrefix(r.URL.Path, loginEndpoint)
|
|
|
|
|
w.Header().Set("Cache-Control", "no-cache")
|
|
|
|
|
staticLoginUI.ServeHTTP(w, r)
|
2020-04-08 02:51:12 +00:00
|
|
|
})
|
2019-02-11 10:49:39 +00:00
|
|
|
|
2020-06-21 12:25:13 +00:00
|
|
|
// Serve static folders
|
2021-04-11 23:31:33 +00:00
|
|
|
customServedFolders := c.GetCustomServedFolders()
|
2020-06-21 12:25:13 +00:00
|
|
|
if customServedFolders != nil {
|
2022-11-21 23:21:15 +00:00
|
|
|
r.Mount("/custom", customRoutes{
|
|
|
|
|
servedFolders: customServedFolders,
|
|
|
|
|
}.Routes())
|
2020-06-21 12:25:13 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-20 07:12:40 +00:00
|
|
|
customUILocation := c.GetCustomUILocation()
|
2023-04-19 03:01:32 +00:00
|
|
|
staticUI := statigz.FileServer(uiBox.(fs.ReadDirFS))
|
2021-04-20 07:12:40 +00:00
|
|
|
|
2019-04-11 17:55:58 +00:00
|
|
|
// Serve the web app
|
2019-02-09 12:30:49 +00:00
|
|
|
r.HandleFunc("/*", func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
ext := path.Ext(r.URL.Path)
|
2021-04-20 07:12:40 +00:00
|
|
|
|
|
|
|
|
if customUILocation != "" {
|
|
|
|
|
if r.URL.Path == "index.html" || ext == "" {
|
|
|
|
|
r.URL.Path = "/"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.FileServer(http.Dir(customUILocation)).ServeHTTP(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-14 22:53:32 +00:00
|
|
|
if ext == ".html" || ext == "" {
|
2022-03-09 21:24:13 +00:00
|
|
|
themeColor := c.GetThemeColor()
|
2023-04-19 03:01:32 +00:00
|
|
|
data, err := fs.ReadFile(uiBox, "index.html")
|
2021-09-22 03:08:34 +00:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
2023-04-19 03:01:32 +00:00
|
|
|
indexHtml := string(data)
|
|
|
|
|
|
|
|
|
|
prefix := getProxyPrefix(r)
|
|
|
|
|
indexHtml = strings.ReplaceAll(indexHtml, "%COLOR%", themeColor)
|
|
|
|
|
indexHtml = strings.Replace(indexHtml, `<base href="/"`, fmt.Sprintf(`<base href="%s/"`, prefix), 1)
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
|
|
|
setPageSecurityHeaders(w, r)
|
2021-09-21 04:12:10 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
utils.ServeStaticContent(w, r, []byte(indexHtml))
|
2019-02-09 12:30:49 +00:00
|
|
|
} else {
|
2023-04-19 03:01:32 +00:00
|
|
|
isStatic, _ := path.Match("/assets/*", r.URL.Path)
|
2020-01-31 22:20:14 +00:00
|
|
|
if isStatic {
|
2023-04-19 03:01:32 +00:00
|
|
|
w.Header().Set("Cache-Control", "public, max-age=31536000, immutable")
|
|
|
|
|
} else {
|
|
|
|
|
w.Header().Set("Cache-Control", "no-cache")
|
2020-01-31 22:20:14 +00:00
|
|
|
}
|
2021-11-19 02:30:21 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
staticUI.ServeHTTP(w, r)
|
2019-02-09 12:30:49 +00:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-11 23:31:33 +00:00
|
|
|
displayHost := c.GetHost()
|
2019-12-31 17:22:34 +00:00
|
|
|
if displayHost == "0.0.0.0" {
|
|
|
|
|
displayHost = "localhost"
|
|
|
|
|
}
|
2021-04-11 23:31:33 +00:00
|
|
|
displayAddress := displayHost + ":" + strconv.Itoa(c.GetPort())
|
2019-12-31 17:22:34 +00:00
|
|
|
|
2021-04-11 23:31:33 +00:00
|
|
|
address := c.GetHost() + ":" + strconv.Itoa(c.GetPort())
|
2021-08-31 09:37:45 +00:00
|
|
|
tlsConfig, err := makeTLSConfig(c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// assume we don't want to start with a broken TLS configuration
|
Errorlint sweep + minor linter tweaks (#1796)
* Replace error assertions with Go 1.13 style
Use `errors.As(..)` over type assertions. This enables better use of
wrapped errors in the future, and lets us pass some errorlint checks
in the process.
The rewrite is entirely mechanical, and uses a standard idiom for
doing so.
* Use Go 1.13's errors.Is(..)
Rather than directly checking for error equality, use errors.Is(..).
This protects against error wrapping issues in the future.
Even though something like sql.ErrNoRows doesn't need the wrapping, do
so anyway, for the sake of consistency throughout the code base.
The change almost lets us pass the `errorlint` Go checker except for
a missing case in `js.go` which is to be handled separately; it isn't
mechanical, like these changes are.
* Remove goconst
goconst isn't a useful linter in many cases, because it's false positive
rate is high. It's 100% for the current code base.
* Avoid direct comparison of errors in recover()
Assert that we are catching an error from recover(). If we are,
check that the error caught matches errStop.
* Enable the "errorlint" checker
Configure the checker to avoid checking for errorf wraps. These are
often false positives since the suggestion is to blanket wrap errors
with %w, and that exposes the underlying API which you might not want
to do.
The other warnings are good however, and with the current patch stack,
the code base passes all these checks as well.
* Configure rowserrcheck
The project uses sqlx. Configure rowserrcheck to include said package.
* Mechanically rewrite a large set of errors
Mechanically search for errors that look like
fmt.Errorf("...%s", err.Error())
and rewrite those into
fmt.Errorf("...%v", err)
The `fmt` package is error-aware and knows how to call err.Error()
itself.
The rationale is that this is more idiomatic Go; it paves the
way for using error wrapping later with %w in some sites.
This patch only addresses the entirely mechanical rewriting caught by
a project-side search/replace. There are more individual sites not
addressed by this patch.
2021-10-12 03:03:08 +00:00
|
|
|
panic(fmt.Errorf("error loading TLS config: %v", err))
|
2021-08-31 09:37:45 +00:00
|
|
|
}
|
2019-02-09 12:30:49 +00:00
|
|
|
|
2021-08-31 09:37:45 +00:00
|
|
|
server := &http.Server{
|
|
|
|
|
Addr: address,
|
|
|
|
|
Handler: r,
|
|
|
|
|
TLSConfig: tlsConfig,
|
2022-09-14 04:20:53 +00:00
|
|
|
// disable http/2 support by default
|
|
|
|
|
// when http/2 is enabled, we are unable to hijack and close
|
|
|
|
|
// the connection/request. This is necessary to stop running
|
|
|
|
|
// streams when deleting a scene file.
|
|
|
|
|
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
|
2021-08-31 09:37:45 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-03 00:20:34 +00:00
|
|
|
printVersion()
|
|
|
|
|
go printLatestVersion(context.TODO())
|
|
|
|
|
logger.Infof("stash is listening on " + address)
|
|
|
|
|
if tlsConfig != nil {
|
|
|
|
|
displayAddress = "https://" + displayAddress + "/"
|
|
|
|
|
} else {
|
|
|
|
|
displayAddress = "http://" + displayAddress + "/"
|
|
|
|
|
}
|
2019-02-09 12:30:49 +00:00
|
|
|
|
2022-05-04 00:37:32 +00:00
|
|
|
logger.Infof("stash is running at " + displayAddress)
|
|
|
|
|
if tlsConfig != nil {
|
|
|
|
|
err = server.ListenAndServeTLS("", "")
|
|
|
|
|
} else {
|
|
|
|
|
err = server.ListenAndServe()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
2019-02-09 12:30:49 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
func copyFile(w io.Writer, path string) error {
|
2022-12-05 04:08:22 +00:00
|
|
|
f, err := os.Open(path)
|
|
|
|
|
if err != nil {
|
2023-04-19 03:01:32 +00:00
|
|
|
return err
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
|
|
_, err = io.Copy(w, f)
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
return err
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
func serveFiles(w http.ResponseWriter, r *http.Request, paths []string) {
|
2022-12-05 04:08:22 +00:00
|
|
|
buffer := bytes.Buffer{}
|
|
|
|
|
|
|
|
|
|
for _, path := range paths {
|
2023-04-19 03:01:32 +00:00
|
|
|
err := copyFile(&buffer, path)
|
2022-12-05 04:08:22 +00:00
|
|
|
if err != nil {
|
|
|
|
|
logger.Errorf("error serving file %s: %v", path, err)
|
|
|
|
|
}
|
2023-04-19 03:01:32 +00:00
|
|
|
buffer.Write([]byte("\n"))
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
utils.ServeStaticContent(w, r, buffer.Bytes())
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func cssHandler(c *config.Instance, pluginCache *plugin.Cache) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// add plugin css files first
|
|
|
|
|
var paths []string
|
|
|
|
|
|
|
|
|
|
for _, p := range pluginCache.ListPlugins() {
|
|
|
|
|
paths = append(paths, p.UI.CSS...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if c.GetCSSEnabled() {
|
|
|
|
|
// search for custom.css in current directory, then $HOME/.stash
|
|
|
|
|
fn := c.GetCSSPath()
|
|
|
|
|
exists, _ := fsutil.FileExists(fn)
|
|
|
|
|
if exists {
|
|
|
|
|
paths = append(paths, fn)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
w.Header().Set("Content-Type", "text/css")
|
|
|
|
|
serveFiles(w, r, paths)
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func javascriptHandler(c *config.Instance, pluginCache *plugin.Cache) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// add plugin javascript files first
|
|
|
|
|
var paths []string
|
|
|
|
|
|
|
|
|
|
for _, p := range pluginCache.ListPlugins() {
|
|
|
|
|
paths = append(paths, p.UI.Javascript...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if c.GetJavascriptEnabled() {
|
|
|
|
|
// search for custom.js in current directory, then $HOME/.stash
|
|
|
|
|
fn := c.GetJavascriptPath()
|
|
|
|
|
exists, _ := fsutil.FileExists(fn)
|
|
|
|
|
if exists {
|
|
|
|
|
paths = append(paths, fn)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
w.Header().Set("Content-Type", "text/javascript")
|
|
|
|
|
serveFiles(w, r, paths)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func customLocalesHandler(c *config.Instance) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
buffer := bytes.Buffer{}
|
|
|
|
|
|
|
|
|
|
if c.GetCustomLocalesEnabled() {
|
|
|
|
|
// search for custom-locales.json in current directory, then $HOME/.stash
|
|
|
|
|
path := c.GetCustomLocalesPath()
|
|
|
|
|
exists, _ := fsutil.FileExists(path)
|
|
|
|
|
if exists {
|
|
|
|
|
err := copyFile(&buffer, path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Errorf("error serving file %s: %v", path, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if buffer.Len() == 0 {
|
|
|
|
|
buffer.Write([]byte("{}"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
utils.ServeStaticContent(w, r, buffer.Bytes())
|
2022-12-05 04:08:22 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-21 04:07:25 +00:00
|
|
|
func printVersion() {
|
2023-02-08 04:02:23 +00:00
|
|
|
var versionString string
|
|
|
|
|
switch {
|
|
|
|
|
case version != "":
|
|
|
|
|
if githash != "" && !IsDevelop() {
|
|
|
|
|
versionString = version + " (" + githash + ")"
|
|
|
|
|
} else {
|
|
|
|
|
versionString = version
|
|
|
|
|
}
|
|
|
|
|
case githash != "":
|
|
|
|
|
versionString = githash
|
|
|
|
|
default:
|
|
|
|
|
versionString = "unknown"
|
|
|
|
|
}
|
2022-02-03 00:20:34 +00:00
|
|
|
if config.IsOfficialBuild() {
|
2021-10-22 02:14:08 +00:00
|
|
|
versionString += " - Official Build"
|
|
|
|
|
} else {
|
|
|
|
|
versionString += " - Unofficial Build"
|
|
|
|
|
}
|
2023-02-08 04:02:23 +00:00
|
|
|
if buildstamp != "" {
|
|
|
|
|
versionString += " - " + buildstamp
|
2019-11-17 21:41:08 +00:00
|
|
|
}
|
2023-02-08 04:02:23 +00:00
|
|
|
logger.Infof("stash version: %s\n", versionString)
|
2019-08-21 04:07:25 +00:00
|
|
|
}
|
|
|
|
|
|
2019-11-17 21:41:08 +00:00
|
|
|
func GetVersion() (string, string, string) {
|
|
|
|
|
return version, githash, buildstamp
|
2019-08-21 04:47:48 +00:00
|
|
|
}
|
|
|
|
|
|
2023-02-08 04:02:23 +00:00
|
|
|
func IsDevelop() bool {
|
|
|
|
|
if githash == "" {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if the version is suffixed with -x-xxxx, then we are running a development build
|
|
|
|
|
develop := false
|
|
|
|
|
re := regexp.MustCompile(`-\d+-g\w+$`)
|
|
|
|
|
if re.MatchString(version) {
|
|
|
|
|
develop = true
|
|
|
|
|
}
|
|
|
|
|
return develop
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-31 09:37:45 +00:00
|
|
|
func makeTLSConfig(c *config.Instance) (*tls.Config, error) {
|
|
|
|
|
c.InitTLS()
|
|
|
|
|
certFile, keyFile := c.GetTLSFiles()
|
|
|
|
|
|
|
|
|
|
if certFile == "" && keyFile == "" {
|
|
|
|
|
// assume http configuration
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ensure both files are present
|
|
|
|
|
if certFile == "" {
|
|
|
|
|
return nil, errors.New("SSL certificate file must be present if key file is present")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if keyFile == "" {
|
|
|
|
|
return nil, errors.New("SSL key file must be present if certificate file is present")
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-27 00:55:23 +00:00
|
|
|
cert, err := os.ReadFile(certFile)
|
2019-04-11 17:55:58 +00:00
|
|
|
if err != nil {
|
2023-02-08 04:02:23 +00:00
|
|
|
return nil, fmt.Errorf("error reading SSL certificate file %s: %v", certFile, err)
|
2019-04-11 17:55:58 +00:00
|
|
|
}
|
|
|
|
|
|
2021-09-27 00:55:23 +00:00
|
|
|
key, err := os.ReadFile(keyFile)
|
2019-04-11 17:55:58 +00:00
|
|
|
if err != nil {
|
2023-02-08 04:02:23 +00:00
|
|
|
return nil, fmt.Errorf("error reading SSL key file %s: %v", keyFile, err)
|
2019-04-11 17:55:58 +00:00
|
|
|
}
|
2019-02-09 12:30:49 +00:00
|
|
|
|
|
|
|
|
certs := make([]tls.Certificate, 1)
|
|
|
|
|
certs[0], err = tls.X509KeyPair(cert, key)
|
|
|
|
|
if err != nil {
|
Errorlint sweep + minor linter tweaks (#1796)
* Replace error assertions with Go 1.13 style
Use `errors.As(..)` over type assertions. This enables better use of
wrapped errors in the future, and lets us pass some errorlint checks
in the process.
The rewrite is entirely mechanical, and uses a standard idiom for
doing so.
* Use Go 1.13's errors.Is(..)
Rather than directly checking for error equality, use errors.Is(..).
This protects against error wrapping issues in the future.
Even though something like sql.ErrNoRows doesn't need the wrapping, do
so anyway, for the sake of consistency throughout the code base.
The change almost lets us pass the `errorlint` Go checker except for
a missing case in `js.go` which is to be handled separately; it isn't
mechanical, like these changes are.
* Remove goconst
goconst isn't a useful linter in many cases, because it's false positive
rate is high. It's 100% for the current code base.
* Avoid direct comparison of errors in recover()
Assert that we are catching an error from recover(). If we are,
check that the error caught matches errStop.
* Enable the "errorlint" checker
Configure the checker to avoid checking for errorf wraps. These are
often false positives since the suggestion is to blanket wrap errors
with %w, and that exposes the underlying API which you might not want
to do.
The other warnings are good however, and with the current patch stack,
the code base passes all these checks as well.
* Configure rowserrcheck
The project uses sqlx. Configure rowserrcheck to include said package.
* Mechanically rewrite a large set of errors
Mechanically search for errors that look like
fmt.Errorf("...%s", err.Error())
and rewrite those into
fmt.Errorf("...%v", err)
The `fmt` package is error-aware and knows how to call err.Error()
itself.
The rationale is that this is more idiomatic Go; it paves the
way for using error wrapping later with %w in some sites.
This patch only addresses the entirely mechanical rewriting caught by
a project-side search/replace. There are more individual sites not
addressed by this patch.
2021-10-12 03:03:08 +00:00
|
|
|
return nil, fmt.Errorf("error parsing key pair: %v", err)
|
2019-02-09 12:30:49 +00:00
|
|
|
}
|
|
|
|
|
tlsConfig := &tls.Config{
|
|
|
|
|
Certificates: certs,
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-31 09:37:45 +00:00
|
|
|
return tlsConfig, nil
|
2019-02-09 12:30:49 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
func setPageSecurityHeaders(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c := config.GetInstance()
|
2019-02-14 22:53:32 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
defaultSrc := "data: 'self' 'unsafe-inline'"
|
|
|
|
|
connectSrc := "data: 'self'"
|
|
|
|
|
imageSrc := "data: *"
|
|
|
|
|
scriptSrc := "'self' 'unsafe-inline' 'unsafe-eval'"
|
|
|
|
|
styleSrc := "'self' 'unsafe-inline'"
|
|
|
|
|
mediaSrc := "blob: 'self'"
|
2019-02-14 22:53:32 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
// Workaround Safari bug https://bugs.webkit.org/show_bug.cgi?id=201591
|
|
|
|
|
// Allows websocket requests to any origin
|
|
|
|
|
connectSrc += " ws: wss:"
|
2021-12-15 10:07:12 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
// The graphql playground pulls its frontend from a cdn
|
|
|
|
|
if r.URL.Path == playgroundEndpoint {
|
|
|
|
|
connectSrc += " https://cdn.jsdelivr.net"
|
|
|
|
|
scriptSrc += " https://cdn.jsdelivr.net"
|
|
|
|
|
styleSrc += " https://cdn.jsdelivr.net"
|
|
|
|
|
}
|
2021-12-15 10:07:12 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
if !c.IsNewSystem() && c.GetHandyKey() != "" {
|
|
|
|
|
connectSrc += " https://www.handyfeeling.com"
|
|
|
|
|
}
|
2021-12-18 00:09:39 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
cspDirectives := fmt.Sprintf("default-src %s; connect-src %s; img-src %s; script-src %s; style-src %s; media-src %s;", defaultSrc, connectSrc, imageSrc, scriptSrc, styleSrc, mediaSrc)
|
|
|
|
|
cspDirectives += " worker-src blob:; child-src 'none'; object-src 'none'; form-action 'self';"
|
2021-12-13 03:54:19 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
w.Header().Set("Referrer-Policy", "same-origin")
|
|
|
|
|
w.Header().Set("Content-Security-Policy", cspDirectives)
|
|
|
|
|
}
|
2021-12-13 03:54:19 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
func SecurityHeadersMiddleware(next http.Handler) http.Handler {
|
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
2021-12-13 03:54:19 +00:00
|
|
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
|
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
}
|
|
|
|
|
return http.HandlerFunc(fn)
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
type contextKey struct {
|
|
|
|
|
name string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
BaseURLCtxKey = &contextKey{"BaseURL"}
|
|
|
|
|
)
|
|
|
|
|
|
2019-02-09 12:30:49 +00:00
|
|
|
func BaseURLMiddleware(next http.Handler) http.Handler {
|
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
ctx := r.Context()
|
|
|
|
|
|
2022-09-14 04:20:53 +00:00
|
|
|
scheme := "http"
|
2022-09-14 23:54:36 +00:00
|
|
|
if strings.Compare("https", r.URL.Scheme) == 0 || r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
|
2019-02-09 12:30:49 +00:00
|
|
|
scheme = "https"
|
|
|
|
|
}
|
2023-04-19 03:01:32 +00:00
|
|
|
prefix := getProxyPrefix(r)
|
2021-09-21 04:12:10 +00:00
|
|
|
|
2022-01-10 23:09:14 +00:00
|
|
|
baseURL := scheme + "://" + r.Host + prefix
|
2019-02-09 12:30:49 +00:00
|
|
|
|
2021-04-11 23:31:33 +00:00
|
|
|
externalHost := config.GetInstance().GetExternalHost()
|
2020-02-17 03:01:02 +00:00
|
|
|
if externalHost != "" {
|
2021-09-21 04:12:10 +00:00
|
|
|
baseURL = externalHost + prefix
|
2020-02-17 03:01:02 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-09 12:30:49 +00:00
|
|
|
r = r.WithContext(context.WithValue(ctx, BaseURLCtxKey, baseURL))
|
|
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
}
|
|
|
|
|
return http.HandlerFunc(fn)
|
2019-02-11 10:49:39 +00:00
|
|
|
}
|
2021-10-09 06:32:43 +00:00
|
|
|
|
2023-04-19 03:01:32 +00:00
|
|
|
func getProxyPrefix(r *http.Request) string {
|
|
|
|
|
return strings.TrimRight(r.Header.Get("X-Forwarded-Prefix"), "/")
|
2021-10-09 06:32:43 +00:00
|
|
|
}
|