No OneTemporary
Actions

Size

29 KB

Subscribers

None

View Options

	diff --git a/app.go b/app.go
	index 9fc04a9..af7fa72 100644
	--- a/app.go
	+++ b/app.go
	@@ -1,596 +1,597 @@
	/*
	* Copyright © 2018 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"database/sql"
	"flag"
	"fmt"
	"html/template"
	"net/http"
	"net/url"
	"os"
	"os/signal"
	+ "path/filepath"
	"regexp"
	"strings"
	"syscall"
	"time"

	_ "github.com/go-sql-driver/mysql"

	"github.com/gorilla/mux"
	"github.com/gorilla/schema"
	"github.com/gorilla/sessions"
	"github.com/manifoldco/promptui"
	"github.com/writeas/go-strip-markdown"
	"github.com/writeas/web-core/auth"
	"github.com/writeas/web-core/converter"
	"github.com/writeas/web-core/log"
	"github.com/writeas/writefreely/author"
	"github.com/writeas/writefreely/config"
	"github.com/writeas/writefreely/migrations"
	"github.com/writeas/writefreely/page"
	)

	const (
	- staticDir = "static/"
	+ staticDir = "static"
	assumedTitleLen = 80
	postsPerPage = 10

	serverSoftware = "WriteFreely"
	softwareURL = "https://writefreely.org"
	)

	var (
	debugging bool

	// Software version can be set from git env using -ldflags
	softwareVer = "0.7.1"

	// DEPRECATED VARS
	// TODO: pass app.cfg into GetCollection* calls so we can get these values
	// from Collection methods and we no longer need these.
	hostName string
	isSingleUser bool
	)

	type app struct {
	router *mux.Router
	db *datastore
	cfg *config.Config
	cfgFile string
	keys *keychain
	sessionStore *sessions.CookieStore
	formDecoder *schema.Decoder

	timeline *localTimeline
	}

	// handleViewHome shows page at root path. Will be the Pad if logged in and the
	// catch-all landing page otherwise.
	func handleViewHome(app app, w http.ResponseWriter, r http.Request) error {
	if app.cfg.App.SingleUser {
	// Render blog index
	return handleViewCollection(app, w, r)
	}

	// Multi-user instance
	u := getUserSession(app, r)
	if u != nil {
	// User is logged in, so show the Pad
	return handleViewPad(app, w, r)
	}

	p := struct {
	page.StaticPage
	Flashes []template.HTML
	}{
	StaticPage: pageForReq(app, r),
	}

	// Get error messages
	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	// Ignore this
	log.Error("Unable to get session in handleViewHome; ignoring: %v", err)
	}
	flashes, _ := getSessionFlashes(app, w, r, session)
	for _, flash := range flashes {
	p.Flashes = append(p.Flashes, template.HTML(flash))
	}

	// Show landing page
	return renderPage(w, "landing.tmpl", p)
	}

	func handleTemplatedPage(app app, w http.ResponseWriter, r http.Request, t *template.Template) error {
	p := struct {
	page.StaticPage
	Content template.HTML
	PlainContent string
	Updated string

	AboutStats *InstanceStats
	}{
	StaticPage: pageForReq(app, r),
	}
	if r.URL.Path == "/about" \|\| r.URL.Path == "/privacy" {
	var c string
	var updated *time.Time
	var err error

	if r.URL.Path == "/about" {
	c, err = getAboutPage(app)

	// Fetch stats
	p.AboutStats = &InstanceStats{}
	p.AboutStats.NumPosts, _ = app.db.GetTotalPosts()
	p.AboutStats.NumBlogs, _ = app.db.GetTotalCollections()
	} else {
	c, updated, err = getPrivacyPage(app)
	}

	if err != nil {
	return err
	}
	p.Content = template.HTML(applyMarkdown([]byte(c)))
	p.PlainContent = shortPostDescription(stripmd.Strip(c))
	if updated != nil {
	p.Updated = updated.Format("January 2, 2006")
	}
	}

	// Serve templated page
	err := t.ExecuteTemplate(w, "base", p)
	if err != nil {
	log.Error("Unable to render page: %v", err)
	}
	return nil
	}

	func pageForReq(app app, r http.Request) page.StaticPage {
	p := page.StaticPage{
	AppCfg: app.cfg.App,
	Path: r.URL.Path,
	Version: "v" + softwareVer,
	}

	// Add user information, if given
	var u *User
	accessToken := r.FormValue("t")
	if accessToken != "" {
	userID := app.db.GetUserID(accessToken)
	if userID != -1 {
	var err error
	u, err = app.db.GetUserByID(userID)
	if err == nil {
	p.Username = u.Username
	}
	}
	} else {
	u = getUserSession(app, r)
	if u != nil {
	p.Username = u.Username
	}
	}

	return p
	}

	var shttp = http.NewServeMux()
	var fileRegex = regexp.MustCompile("/([^/]\\.[^/])$")

	func Serve() {
	debugPtr := flag.Bool("debug", false, "Enables debug logging.")
	createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")
	doConfig := flag.Bool("config", false, "Run the configuration process")
	genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")
	createSchema := flag.Bool("init-db", false, "Initialize app database")
	migrate := flag.Bool("migrate", false, "Migrate the database")
	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")
	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")
	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")
	configFile := flag.String("c", "config.ini", "The configuration file to use")
	outputVersion := flag.Bool("v", false, "Output the current version")
	flag.Parse()

	debugging = *debugPtr

	app := &app{
	cfgFile: *configFile,
	}

	if *outputVersion {
	fmt.Println(serverSoftware + " " + softwareVer)
	os.Exit(0)
	} else if *createConfig {
	log.Info("Creating configuration...")
	c := config.New()
	log.Info("Saving configuration %s...", app.cfgFile)
	err := config.Save(c, app.cfgFile)
	if err != nil {
	log.Error("Unable to save configuration: %v", err)
	os.Exit(1)
	}
	os.Exit(0)
	} else if *doConfig {
	d, err := config.Configure(app.cfgFile)
	if err != nil {
	log.Error("Unable to configure: %v", err)
	os.Exit(1)
	}
	if d.User != nil {
	app.cfg = d.Config
	connectToDatabase(app)
	defer shutdown(app)

	if !app.db.DatabaseInitialized() {
	adminInitDatabase(app)
	}

	u := &User{
	Username: d.User.Username,
	HashedPass: d.User.HashedPass,
	Created: time.Now().Truncate(time.Second).UTC(),
	}

	// Create blog
	log.Info("Creating user %s...\n", u.Username)
	err = app.db.CreateUser(u, app.cfg.App.SiteName)
	if err != nil {
	log.Error("Unable to create user: %s", err)
	os.Exit(1)
	}
	log.Info("Done!")
	}
	os.Exit(0)
	} else if *genKeys {
	errStatus := 0

	err := generateKey(emailKeyPath)
	if err != nil {
	errStatus = 1
	}
	err = generateKey(cookieAuthKeyPath)
	if err != nil {
	errStatus = 1
	}
	err = generateKey(cookieKeyPath)
	if err != nil {
	errStatus = 1
	}

	os.Exit(errStatus)
	} else if *createSchema {
	loadConfig(app)
	connectToDatabase(app)
	defer shutdown(app)
	adminInitDatabase(app)
	} else if *createAdmin != "" {
	adminCreateUser(app, *createAdmin, true)
	} else if *createUser != "" {
	adminCreateUser(app, *createUser, false)
	} else if *resetPassUser != "" {
	// Connect to the database
	loadConfig(app)
	connectToDatabase(app)
	defer shutdown(app)

	// Fetch user
	u, err := app.db.GetUserForAuth(*resetPassUser)
	if err != nil {
	log.Error("Get user: %s", err)
	os.Exit(1)
	}

	// Prompt for new password
	prompt := promptui.Prompt{
	Templates: &promptui.PromptTemplates{
	Success: "{{ . \| bold \| faint }}: ",
	},
	Label: "New password",
	Mask: '*',
	}
	newPass, err := prompt.Run()
	if err != nil {
	log.Error("%s", err)
	os.Exit(1)
	}

	// Do the update
	log.Info("Updating...")
	err = adminResetPassword(app, u, newPass)
	if err != nil {
	log.Error("%s", err)
	os.Exit(1)
	}
	log.Info("Success.")
	os.Exit(0)
	} else if *migrate {
	loadConfig(app)
	connectToDatabase(app)
	defer shutdown(app)

	err := migrations.Migrate(migrations.NewDatastore(app.db.DB, app.db.driverName))
	if err != nil {
	log.Error("migrate: %s", err)
	os.Exit(1)
	}

	os.Exit(0)
	}

	log.Info("Initializing...")

	loadConfig(app)

	hostName = app.cfg.App.Host
	isSingleUser = app.cfg.App.SingleUser
	app.cfg.Server.Dev = *debugPtr

	- initTemplates()
	+ initTemplates(app.cfg)

	// Load keys
	log.Info("Loading encryption keys...")
	err := initKeys(app)
	if err != nil {
	log.Error("\n%s\n", err)
	}

	// Initialize modules
	app.sessionStore = initSession(app)
	app.formDecoder = schema.NewDecoder()
	app.formDecoder.RegisterConverter(converter.NullJSONString{}, converter.ConvertJSONNullString)
	app.formDecoder.RegisterConverter(converter.NullJSONBool{}, converter.ConvertJSONNullBool)
	app.formDecoder.RegisterConverter(sql.NullString{}, converter.ConvertSQLNullString)
	app.formDecoder.RegisterConverter(sql.NullBool{}, converter.ConvertSQLNullBool)
	app.formDecoder.RegisterConverter(sql.NullInt64{}, converter.ConvertSQLNullInt64)
	app.formDecoder.RegisterConverter(sql.NullFloat64{}, converter.ConvertSQLNullFloat64)

	// Check database configuration
	if app.cfg.Database.Type == driverMySQL && (app.cfg.Database.User == "" \|\| app.cfg.Database.Password == "") {
	log.Error("Database user or password not set.")
	os.Exit(1)
	}
	if app.cfg.Database.Host == "" {
	app.cfg.Database.Host = "localhost"
	}
	if app.cfg.Database.Database == "" {
	app.cfg.Database.Database = "writefreely"
	}

	connectToDatabase(app)
	defer shutdown(app)

	// Test database connection
	err = app.db.Ping()
	if err != nil {
	log.Error("Database ping failed: %s", err)
	}

	r := mux.NewRouter()
	handler := NewHandler(app)
	handler.SetErrorPages(&ErrorPages{
	NotFound: pages["404-general.tmpl"],
	Gone: pages["410.tmpl"],
	InternalServerError: pages["500.tmpl"],
	Blank: pages["blank.tmpl"],
	})

	// Handle app routes
	initRoutes(handler, r, app.cfg, app.db)

	// Handle local timeline, if enabled
	if app.cfg.App.LocalTimeline {
	log.Info("Initializing local timeline...")
	initLocalTimeline(app)
	}

	// Handle static files
	- fs := http.FileServer(http.Dir(staticDir))
	+ fs := http.FileServer(http.Dir(filepath.Join(app.cfg.Server.StaticParentDir, staticDir)))
	shttp.Handle("/", fs)
	r.PathPrefix("/").Handler(fs)

	// Handle shutdown
	c := make(chan os.Signal, 2)
	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
	go func() {
	<-c
	log.Info("Shutting down...")
	shutdown(app)
	log.Info("Done.")
	os.Exit(0)
	}()

	http.Handle("/", r)

	// Start web application server
	var bindAddress = app.cfg.Server.Bind
	if bindAddress == "" {
	bindAddress = "localhost"
	}
	if app.cfg.IsSecureStandalone() {
	log.Info("Serving redirects on http://%s:80", bindAddress)
	go func() {
	err = http.ListenAndServe(
	fmt.Sprintf("%s:80", bindAddress), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, app.cfg.App.Host, http.StatusMovedPermanently)
	}))
	log.Error("Unable to start redirect server: %v", err)
	}()

	log.Info("Serving on https://%s:443", bindAddress)
	log.Info("---")
	err = http.ListenAndServeTLS(
	fmt.Sprintf("%s:443", bindAddress), app.cfg.Server.TLSCertPath, app.cfg.Server.TLSKeyPath, nil)
	} else {
	log.Info("Serving on http://%s:%d\n", bindAddress, app.cfg.Server.Port)
	log.Info("---")
	err = http.ListenAndServe(fmt.Sprintf("%s:%d", bindAddress, app.cfg.Server.Port), nil)
	}
	if err != nil {
	log.Error("Unable to start: %v", err)
	os.Exit(1)
	}
	}

	func loadConfig(app *app) {
	log.Info("Loading %s configuration...", app.cfgFile)
	cfg, err := config.Load(app.cfgFile)
	if err != nil {
	log.Error("Unable to load configuration: %v", err)
	os.Exit(1)
	}
	app.cfg = cfg
	}

	func connectToDatabase(app *app) {
	log.Info("Connecting to %s database...", app.cfg.Database.Type)

	var db *sql.DB
	var err error
	if app.cfg.Database.Type == driverMySQL {
	db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String())))
	db.SetMaxOpenConns(50)
	} else if app.cfg.Database.Type == driverSQLite {
	if !SQLiteEnabled {
	log.Error("Invalid database type '%s'. Binary wasn't compiled with SQLite3 support.", app.cfg.Database.Type)
	os.Exit(1)
	}
	if app.cfg.Database.FileName == "" {
	log.Error("SQLite database filename value in config.ini is empty.")
	os.Exit(1)
	}
	db, err = sql.Open("sqlite3_with_regex", app.cfg.Database.FileName+"?parseTime=true&cached=shared")
	db.SetMaxOpenConns(1)
	} else {
	log.Error("Invalid database type '%s'. Only 'mysql' and 'sqlite3' are supported right now.", app.cfg.Database.Type)
	os.Exit(1)
	}
	if err != nil {
	log.Error("%s", err)
	os.Exit(1)
	}
	app.db = &datastore{db, app.cfg.Database.Type}
	}

	func shutdown(app *app) {
	log.Info("Closing database connection...")
	app.db.Close()
	}

	func adminCreateUser(app *app, credStr string, isAdmin bool) {
	// Create an admin user with --create-admin
	creds := strings.Split(credStr, ":")
	if len(creds) != 2 {
	log.Error("usage: writefreely --create-admin username:password")
	os.Exit(1)
	}

	loadConfig(app)
	connectToDatabase(app)
	defer shutdown(app)

	// Ensure an admin / first user doesn't already exist
	firstUser, _ := app.db.GetUserByID(1)
	if isAdmin {
	// Abort if trying to create admin user, but one already exists
	if firstUser != nil {
	log.Error("Admin user already exists (%s). Create a regular user with: writefreely --create-user", firstUser.Username)
	os.Exit(1)
	}
	} else {
	// Abort if trying to create regular user, but no admin exists yet
	if firstUser == nil {
	log.Error("No admin user exists yet. Create an admin first with: writefreely --create-admin")
	os.Exit(1)
	}
	}

	// Create the user
	username := creds[0]
	password := creds[1]

	// Normalize and validate username
	desiredUsername := username
	username = getSlug(username, "")

	usernameDesc := username
	if username != desiredUsername {
	usernameDesc += " (originally: " + desiredUsername + ")"
	}

	if !author.IsValidUsername(app.cfg, username) {
	log.Error("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)
	os.Exit(1)
	}

	// Hash the password
	hashedPass, err := auth.HashPass([]byte(password))
	if err != nil {
	log.Error("Unable to hash password: %v", err)
	os.Exit(1)
	}

	u := &User{
	Username: username,
	HashedPass: hashedPass,
	Created: time.Now().Truncate(time.Second).UTC(),
	}

	userType := "user"
	if isAdmin {
	userType = "admin"
	}
	log.Info("Creating %s %s...", userType, usernameDesc)
	err = app.db.CreateUser(u, desiredUsername)
	if err != nil {
	log.Error("Unable to create user: %s", err)
	os.Exit(1)
	}
	log.Info("Done!")
	os.Exit(0)
	}

	func adminInitDatabase(app *app) {
	schemaFileName := "schema.sql"
	if app.cfg.Database.Type == driverSQLite {
	schemaFileName = "sqlite.sql"
	}

	schema, err := Asset(schemaFileName)
	if err != nil {
	log.Error("Unable to load schema file: %v", err)
	os.Exit(1)
	}

	tblReg := regexp.MustCompile("CREATE TABLE (IF NOT EXISTS )?`([a-z_]+)`")

	queries := strings.Split(string(schema), ";\n")
	for _, q := range queries {
	if strings.TrimSpace(q) == "" {
	continue
	}
	parts := tblReg.FindStringSubmatch(q)
	if len(parts) >= 3 {
	log.Info("Creating table %s...", parts[2])
	} else {
	log.Info("Creating table ??? (Weird query) No match in: %v", parts)
	}
	_, err = app.db.Exec(q)
	if err != nil {
	log.Error("%s", err)
	} else {
	log.Info("Created.")
	}
	}
	os.Exit(0)
	}
	diff --git a/config/config.go b/config/config.go
	index 2acf763..ffecc72 100644
	--- a/config/config.go
	+++ b/config/config.go
	@@ -1,157 +1,162 @@
	/*
	* Copyright © 2018-2019 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	// Package config holds and assists in the configuration of a writefreely instance.
	package config

	import (
	"gopkg.in/ini.v1"
	)

	const (
	// FileName is the default configuration file name
	FileName = "config.ini"
	)

	type (
	// ServerCfg holds values that affect how the HTTP server runs
	ServerCfg struct {
	HiddenHost string `ini:"hidden_host"`
	Port int `ini:"port"`
	Bind string `ini:"bind"`

	TLSCertPath string `ini:"tls_cert_path"`
	TLSKeyPath string `ini:"tls_key_path"`

	+ TemplatesParentDir string `ini:"templates_parent_dir"`
	+ StaticParentDir string `ini:"static_parent_dir"`
	+ PagesParentDir string `ini:"pages_parent_dir"`
	+ KeysParentDir string `ini:"keys_parent_dir"`
	+
	Dev bool `ini:"-"`
	}

	// DatabaseCfg holds values that determine how the application connects to a datastore
	DatabaseCfg struct {
	Type string `ini:"type"`
	FileName string `ini:"filename"`
	User string `ini:"username"`
	Password string `ini:"password"`
	Database string `ini:"database"`
	Host string `ini:"host"`
	Port int `ini:"port"`
	}

	// AppCfg holds values that affect how the application functions
	AppCfg struct {
	SiteName string `ini:"site_name"`
	SiteDesc string `ini:"site_description"`
	Host string `ini:"host"`

	// Site appearance
	Theme string `ini:"theme"`
	JSDisabled bool `ini:"disable_js"`
	WebFonts bool `ini:"webfonts"`

	// Users
	SingleUser bool `ini:"single_user"`
	OpenRegistration bool `ini:"open_registration"`
	MinUsernameLen int `ini:"min_username_len"`
	MaxBlogs int `ini:"max_blogs"`

	// Federation
	Federation bool `ini:"federation"`
	PublicStats bool `ini:"public_stats"`
	Private bool `ini:"private"`

	// Additional functions
	LocalTimeline bool `ini:"local_timeline"`
	}

	// Config holds the complete configuration for running a writefreely instance
	Config struct {
	Server ServerCfg `ini:"server"`
	Database DatabaseCfg `ini:"database"`
	App AppCfg `ini:"app"`
	}
	)

	// New creates a new Config with sane defaults
	func New() *Config {
	c := &Config{
	Server: ServerCfg{
	Port: 8080,
	Bind: "localhost", /* IPV6 support when not using localhost? */
	},
	App: AppCfg{
	Host: "http://localhost:8080",
	Theme: "write",
	WebFonts: true,
	SingleUser: true,
	MinUsernameLen: 3,
	MaxBlogs: 1,
	Federation: true,
	PublicStats: true,
	},
	}
	c.UseMySQL(true)
	return c
	}

	// UseMySQL resets the Config's Database to use default values for a MySQL setup.
	func (cfg *Config) UseMySQL(fresh bool) {
	cfg.Database.Type = "mysql"
	if fresh {
	cfg.Database.Host = "localhost"
	cfg.Database.Port = 3306
	}
	}

	// UseSQLite resets the Config's Database to use default values for a SQLite setup.
	func (cfg *Config) UseSQLite(fresh bool) {
	cfg.Database.Type = "sqlite3"
	if fresh {
	cfg.Database.FileName = "writefreely.db"
	}
	}

	// IsSecureStandalone returns whether or not the application is running as a
	// standalone server with TLS enabled.
	func (cfg *Config) IsSecureStandalone() bool {
	return cfg.Server.Port == 443 && cfg.Server.TLSCertPath != "" && cfg.Server.TLSKeyPath != ""
	}

	// Load reads the given configuration file, then parses and returns it as a Config.
	func Load(fname string) (*Config, error) {
	if fname == "" {
	fname = FileName
	}
	cfg, err := ini.Load(fname)
	if err != nil {
	return nil, err
	}

	// Parse INI file
	uc := &Config{}
	err = cfg.MapTo(uc)
	if err != nil {
	return nil, err
	}
	return uc, nil
	}

	// Save writes the given Config to the given file.
	func Save(uc *Config, fname string) error {
	cfg := ini.Empty()
	err := ini.ReflectFrom(cfg, uc)
	if err != nil {
	return err
	}

	if fname == "" {
	fname = FileName
	}
	return cfg.SaveTo(fname)
	}
	diff --git a/keys.go b/keys.go
	index 92a9ad5..ccc872e 100644
	--- a/keys.go
	+++ b/keys.go
	@@ -1,93 +1,105 @@
	/*
	* Copyright © 2018 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"crypto/rand"
	"github.com/writeas/web-core/log"
	"io/ioutil"
	"os"
	"path/filepath"
	)

	const (
	keysDir = "keys"

	encKeysBytes = 32
	)

	var (
	emailKeyPath = filepath.Join(keysDir, "email.aes256")
	cookieAuthKeyPath = filepath.Join(keysDir, "cookies_auth.aes256")
	cookieKeyPath = filepath.Join(keysDir, "cookies_enc.aes256")
	)

	type keychain struct {
	emailKey, cookieAuthKey, cookieKey []byte
	}

	func initKeys(app *app) error {
	var err error
	app.keys = &keychain{}

	+ emailKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, emailKeyPath)
	+ if debugging {
	+ log.Info(" %s", emailKeyPath)
	+ }
	app.keys.emailKey, err = ioutil.ReadFile(emailKeyPath)
	if err != nil {
	return err
	}

	+ cookieAuthKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieAuthKeyPath)
	+ if debugging {
	+ log.Info(" %s", cookieAuthKeyPath)
	+ }
	app.keys.cookieAuthKey, err = ioutil.ReadFile(cookieAuthKeyPath)
	if err != nil {
	return err
	}

	+ cookieKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieKeyPath)
	+ if debugging {
	+ log.Info(" %s", cookieKeyPath)
	+ }
	app.keys.cookieKey, err = ioutil.ReadFile(cookieKeyPath)
	if err != nil {
	return err
	}

	return nil
	}

	// generateKey generates a key at the given path used for the encryption of
	// certain user data. Because user data becomes unrecoverable without these
	// keys, this won't overwrite any existing key, and instead outputs a message.
	func generateKey(path string) error {
	// Check if key file exists
	if _, err := os.Stat(path); !os.IsNotExist(err) {
	log.Info("%s already exists. rm the file if you understand the consquences.", path)
	return nil
	}

	log.Info("Generating %s.", path)
	b, err := generateBytes(encKeysBytes)
	if err != nil {
	log.Error("FAILED. %s. Run writefreely --gen-keys again.", err)
	return err
	}
	err = ioutil.WriteFile(path, b, 0600)
	if err != nil {
	log.Error("FAILED writing file: %s", err)
	return err
	}
	log.Info("Success.")
	return nil
	}

	// generateBytes returns securely generated random bytes.
	func generateBytes(n int) ([]byte, error) {
	b := make([]byte, n)
	_, err := rand.Read(b)
	if err != nil {
	return nil, err
	}

	return b, nil
	}
	diff --git a/templates.go b/templates.go
	index d03fb0d..802856f 100644
	--- a/templates.go
	+++ b/templates.go
	@@ -1,193 +1,193 @@
	/*
	* Copyright © 2018 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	- "fmt"
	"github.com/dustin/go-humanize"
	"github.com/writeas/web-core/l10n"
	"github.com/writeas/web-core/log"
	+ "github.com/writeas/writefreely/config"
	"html/template"
	"io"
	"io/ioutil"
	"net/http"
	"os"
	"path/filepath"
	"strings"
	)

	var (
	templates = map[string]*template.Template{}
	pages = map[string]*template.Template{}
	userPages = map[string]*template.Template{}
	funcMap = template.FuncMap{
	"largeNumFmt": largeNumFmt,
	"pluralize": pluralize,
	"isRTL": isRTL,
	"isLTR": isLTR,
	"localstr": localStr,
	"localhtml": localHTML,
	"tolower": strings.ToLower,
	}
	)

	const (
	templatesDir = "templates"
	pagesDir = "pages"
	)

	func showUserPage(w http.ResponseWriter, name string, obj interface{}) {
	if obj == nil {
	log.Error("showUserPage: data is nil!")
	return
	}
	if err := userPages[filepath.Join("user", name+".tmpl")].ExecuteTemplate(w, name, obj); err != nil {
	log.Error("Error parsing %s: %v", name, err)
	}
	}

	-func initTemplate(name string) {
	+func initTemplate(parentDir, name string) {
	if debugging {
	- log.Info(" %s%s%s.tmpl", templatesDir, string(filepath.Separator), name)
	+ log.Info(" " + filepath.Join(parentDir, templatesDir, name+".tmpl"))
	}

	files := []string{
	- filepath.Join(templatesDir, name+".tmpl"),
	- filepath.Join(templatesDir, "include", "footer.tmpl"),
	- filepath.Join(templatesDir, "base.tmpl"),
	+ filepath.Join(parentDir, templatesDir, name+".tmpl"),
	+ filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
	+ filepath.Join(parentDir, templatesDir, "base.tmpl"),
	}
	if name == "collection" \|\| name == "collection-tags" {
	// These pages list out collection posts, so we also parse templatesDir + "include/posts.tmpl"
	- files = append(files, filepath.Join(templatesDir, "include", "posts.tmpl"))
	+ files = append(files, filepath.Join(parentDir, templatesDir, "include", "posts.tmpl"))
	}
	if name == "collection" \|\| name == "collection-tags" \|\| name == "collection-post" \|\| name == "post" {
	- files = append(files, filepath.Join(templatesDir, "include", "post-render.tmpl"))
	+ files = append(files, filepath.Join(parentDir, templatesDir, "include", "post-render.tmpl"))
	}
	templates[name] = template.Must(template.New("").Funcs(funcMap).ParseFiles(files...))
	}

	-func initPage(path, key string) {
	+func initPage(parentDir, path, key string) {
	if debugging {
	- log.Info(" %s", key)
	+ log.Info(" [%s] %s", key, path)
	}

	pages[key] = template.Must(template.New("").Funcs(funcMap).ParseFiles(
	path,
	- filepath.Join(templatesDir, "include", "footer.tmpl"),
	- filepath.Join(templatesDir, "base.tmpl"),
	+ filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
	+ filepath.Join(parentDir, templatesDir, "base.tmpl"),
	))
	}

	-func initUserPage(path, key string) {
	+func initUserPage(parentDir, path, key string) {
	if debugging {
	- log.Info(" %s", key)
	+ log.Info(" [%s] %s", key, path)
	}

	userPages[key] = template.Must(template.New(key).Funcs(funcMap).ParseFiles(
	path,
	- filepath.Join(templatesDir, "user", "include", "header.tmpl"),
	- filepath.Join(templatesDir, "user", "include", "footer.tmpl"),
	+ filepath.Join(parentDir, templatesDir, "user", "include", "header.tmpl"),
	+ filepath.Join(parentDir, templatesDir, "user", "include", "footer.tmpl"),
	))
	}

	-func initTemplates() error {
	+func initTemplates(cfg *config.Config) error {
	log.Info("Loading templates...")
	- tmplFiles, err := ioutil.ReadDir(templatesDir)
	+ tmplFiles, err := ioutil.ReadDir(filepath.Join(cfg.Server.TemplatesParentDir, templatesDir))
	if err != nil {
	return err
	}

	for _, f := range tmplFiles {
	if !f.IsDir() && !strings.HasPrefix(f.Name(), ".") {
	parts := strings.Split(f.Name(), ".")
	key := parts[0]
	- initTemplate(key)
	+ initTemplate(cfg.Server.TemplatesParentDir, key)
	}
	}

	log.Info("Loading pages...")
	// Initialize all static pages that use the base template
	- filepath.Walk(pagesDir, func(path string, i os.FileInfo, err error) error {
	+ filepath.Walk(filepath.Join(cfg.Server.PagesParentDir, pagesDir), func(path string, i os.FileInfo, err error) error {
	if !i.IsDir() && !strings.HasPrefix(i.Name(), ".") {
	- parts := strings.Split(path, string(filepath.Separator))
	key := i.Name()
	- if len(parts) > 2 {
	- key = fmt.Sprintf("%s%s%s", parts[1], string(filepath.Separator), i.Name())
	- }
	- initPage(path, key)
	+ initPage(cfg.Server.PagesParentDir, path, key)
	}

	return nil
	})

	log.Info("Loading user pages...")
	// Initialize all user pages that use base templates
	- filepath.Walk(filepath.Join(templatesDir, "user"), func(path string, f os.FileInfo, err error) error {
	+ filepath.Walk(filepath.Join(cfg.Server.TemplatesParentDir, templatesDir, "user"), func(path string, f os.FileInfo, err error) error {
	if !f.IsDir() && !strings.HasPrefix(f.Name(), ".") {
	- parts := strings.Split(path, string(filepath.Separator))
	+ corePath := path
	+ if cfg.Server.TemplatesParentDir != "" {
	+ corePath = corePath[len(cfg.Server.TemplatesParentDir)+1:]
	+ }
	+ parts := strings.Split(corePath, string(filepath.Separator))
	key := f.Name()
	if len(parts) > 2 {
	key = filepath.Join(parts[1], f.Name())
	}
	- initUserPage(path, key)
	+ initUserPage(cfg.Server.TemplatesParentDir, path, key)
	}

	return nil
	})

	return nil
	}

	// renderPage retrieves the given template and renders it to the given io.Writer.
	// If something goes wrong, the error is logged and returned.
	func renderPage(w io.Writer, tmpl string, data interface{}) error {
	err := pages[tmpl].ExecuteTemplate(w, "base", data)
	if err != nil {
	log.Error("%v", err)
	}
	return err
	}

	func largeNumFmt(n int64) string {
	return humanize.Comma(n)
	}

	func pluralize(singular, plural string, n int64) string {
	if n == 1 {
	return singular
	}
	return plural
	}

	func isRTL(d string) bool {
	return d == "rtl"
	}

	func isLTR(d string) bool {
	return d == "ltr" \|\| d == "auto"
	}

	func localStr(term, lang string) string {
	s := l10n.Strings(lang)[term]
	if s == "" {
	s = l10n.Strings("")[term]
	}
	return s
	}

	func localHTML(term, lang string) template.HTML {
	s := l10n.Strings(lang)[term]
	if s == "" {
	s = l10n.Strings("")[term]
	}
	s = strings.Replace(s, "write.as", "<a href=\"https://writefreely.org\">write freely</a>", 1)
	return template.HTML(s)
	}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Nov 23, 3:54 PM (22 h, 52 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3104635

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions