hmn/src/website/common.go

package website

import (
	"errors"
	"net/http"
	"net/url"
	"strings"

	"git.handmade.network/hmn/hmn/src/auth"
	"git.handmade.network/hmn/hmn/src/config"
	"git.handmade.network/hmn/hmn/src/db"
	"git.handmade.network/hmn/hmn/src/hmndata"
	"git.handmade.network/hmn/hmn/src/hmnurl"
	"git.handmade.network/hmn/hmn/src/logging"
	"git.handmade.network/hmn/hmn/src/models"
	"git.handmade.network/hmn/hmn/src/oops"
	"git.handmade.network/hmn/hmn/src/templates"
)

func loadCommonData(h Handler) Handler {
	return func(c *RequestContext) ResponseData {
		c.Perf.StartBlock("MIDDLEWARE", "Load common website data")
		{
			// get user
			{
				sessionCookie, err := c.Req.Cookie(auth.SessionCookieName)
				if err == nil {
					user, session, err := getCurrentUserAndSession(c, sessionCookie.Value)
					if err != nil {
						return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to get current user"))
					}

					c.CurrentUser = user
					c.CurrentSession = session
				}
				// http.ErrNoCookie is the only error Cookie ever returns, so no further handling to do here.
			}

			// get current official project (HMN or otherwise, by subdomain)
			{
				hostPrefix := strings.TrimSuffix(c.Req.Host, hmnurl.GetBaseHost())
				slug := strings.TrimRight(hostPrefix, ".")
				var owners []*models.User

				if len(slug) > 0 {
					dbProject, err := hmndata.FetchProjectBySlug(c, c.Conn, c.CurrentUser, slug, hmndata.ProjectsQuery{
						Lifecycles:    models.AllProjectLifecycles,
						IncludeHidden: true,
					})
					if err == nil {
						c.CurrentProject = &dbProject.Project
						c.CurrentProjectLogoUrl = templates.ProjectLogoUrl(&dbProject.Project, dbProject.LogoLightAsset, dbProject.LogoDarkAsset, c.Theme)
						owners = dbProject.Owners
					} else {
						if errors.Is(err, db.NotFound) {
							// do nothing, this is fine
						} else {
							return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch current project"))
						}
					}
				}

				if c.CurrentProject == nil {
					dbProject, err := hmndata.FetchProject(c, c.Conn, c.CurrentUser, models.HMNProjectID, hmndata.ProjectsQuery{
						Lifecycles:    models.AllProjectLifecycles,
						IncludeHidden: true,
					})
					if err != nil {
						panic(oops.New(err, "failed to fetch HMN project"))
					}
					c.CurrentProject = &dbProject.Project
					c.CurrentProjectLogoUrl = templates.ProjectLogoUrl(&dbProject.Project, dbProject.LogoLightAsset, dbProject.LogoDarkAsset, c.Theme)
				}

				if c.CurrentProject == nil {
					panic("failed to load project data")
				}

				c.CurrentUserCanEditCurrentProject = CanEditProject(c.CurrentUser, owners)

				c.UrlContext = hmndata.UrlContextForProject(c.CurrentProject)
			}

			c.Theme = "light"
			if c.CurrentUser != nil && c.CurrentUser.DarkTheme {
				c.Theme = "dark"
			}
		}
		c.Perf.EndBlock()

		return h(c)
	}
}

// Given a session id, fetches user data from the database. Will return nil if
// the user cannot be found, and will only return an error if it's serious.
func getCurrentUserAndSession(c *RequestContext, sessionId string) (*models.User, *models.Session, error) {
	session, err := auth.GetSession(c, c.Conn, sessionId)
	if err != nil {
		if errors.Is(err, auth.ErrNoSession) {
			return nil, nil, nil
		} else {
			return nil, nil, oops.New(err, "failed to get current session")
		}
	}

	user, err := hmndata.FetchUserByUsername(c, c.Conn, nil, session.Username, hmndata.UsersQuery{
		AnyStatus: true,
	})
	if err != nil {
		if errors.Is(err, db.NotFound) {
			logging.Debug().Str("username", session.Username).Msg("returning no current user for this request because the user for the session couldn't be found")
			return nil, nil, nil // user was deleted or something
		} else {
			return nil, nil, oops.New(err, "failed to get user for session")
		}
	}

	return user, session, nil
}

func addCORSHeaders(c *RequestContext, res *ResponseData) {
	parsed, err := url.Parse(config.Config.BaseUrl)
	if err != nil {
		c.Logger.Error().Str("Config.BaseUrl", config.Config.BaseUrl).Msg("Config.BaseUrl cannot be parsed. Skipping CORS headers")
		return
	}
	origin := ""
	origins, found := c.Req.Header["Origin"]
	if found {
		origin = origins[0]
	}
	if strings.HasSuffix(origin, parsed.Host) {
		res.Header().Add("Access-Control-Allow-Origin", origin)
		res.Header().Add("Access-Control-Allow-Credentials", "true")
		res.Header().Add("Vary", "Origin")
	}
}
Rework requests and middleware (#57) o boy Resolves #10 (hopefully!) Co-authored-by: Ben Visness <bvisness@gmail.com> Reviewed-on: https://git.handmade.network/hmn/hmn/pulls/57 2022-06-24 21:38:11 +00:00			`package website`

			`import (`
			`"errors"`
			`"net/http"`
			`"net/url"`
			`"strings"`

			`"git.handmade.network/hmn/hmn/src/auth"`
			`"git.handmade.network/hmn/hmn/src/config"`
			`"git.handmade.network/hmn/hmn/src/db"`
			`"git.handmade.network/hmn/hmn/src/hmndata"`
			`"git.handmade.network/hmn/hmn/src/hmnurl"`
			`"git.handmade.network/hmn/hmn/src/logging"`
			`"git.handmade.network/hmn/hmn/src/models"`
			`"git.handmade.network/hmn/hmn/src/oops"`
			`"git.handmade.network/hmn/hmn/src/templates"`
			`)`

			`func loadCommonData(h Handler) Handler {`
			`return func(c *RequestContext) ResponseData {`
			`c.Perf.StartBlock("MIDDLEWARE", "Load common website data")`
			`{`
			`// get user`
			`{`
			`sessionCookie, err := c.Req.Cookie(auth.SessionCookieName)`
			`if err == nil {`
			`user, session, err := getCurrentUserAndSession(c, sessionCookie.Value)`
			`if err != nil {`
			`return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to get current user"))`
			`}`

			`c.CurrentUser = user`
			`c.CurrentSession = session`
			`}`
			`// http.ErrNoCookie is the only error Cookie ever returns, so no further handling to do here.`
			`}`

			`// get current official project (HMN or otherwise, by subdomain)`
			`{`
			`hostPrefix := strings.TrimSuffix(c.Req.Host, hmnurl.GetBaseHost())`
			`slug := strings.TrimRight(hostPrefix, ".")`
			`var owners []*models.User`

			`if len(slug) > 0 {`
			`dbProject, err := hmndata.FetchProjectBySlug(c, c.Conn, c.CurrentUser, slug, hmndata.ProjectsQuery{`
			`Lifecycles: models.AllProjectLifecycles,`
			`IncludeHidden: true,`
			`})`
			`if err == nil {`
			`c.CurrentProject = &dbProject.Project`
			`c.CurrentProjectLogoUrl = templates.ProjectLogoUrl(&dbProject.Project, dbProject.LogoLightAsset, dbProject.LogoDarkAsset, c.Theme)`
			`owners = dbProject.Owners`
			`} else {`
			`if errors.Is(err, db.NotFound) {`
			`// do nothing, this is fine`
			`} else {`
			`return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch current project"))`
			`}`
			`}`
			`}`

			`if c.CurrentProject == nil {`
			`dbProject, err := hmndata.FetchProject(c, c.Conn, c.CurrentUser, models.HMNProjectID, hmndata.ProjectsQuery{`
			`Lifecycles: models.AllProjectLifecycles,`
			`IncludeHidden: true,`
			`})`
			`if err != nil {`
			`panic(oops.New(err, "failed to fetch HMN project"))`
			`}`
			`c.CurrentProject = &dbProject.Project`
			`c.CurrentProjectLogoUrl = templates.ProjectLogoUrl(&dbProject.Project, dbProject.LogoLightAsset, dbProject.LogoDarkAsset, c.Theme)`
			`}`

			`if c.CurrentProject == nil {`
			`panic("failed to load project data")`
			`}`

			`c.CurrentUserCanEditCurrentProject = CanEditProject(c.CurrentUser, owners)`

			`c.UrlContext = hmndata.UrlContextForProject(c.CurrentProject)`
			`}`

			`c.Theme = "light"`
			`if c.CurrentUser != nil && c.CurrentUser.DarkTheme {`
			`c.Theme = "dark"`
			`}`
			`}`
			`c.Perf.EndBlock()`

			`return h(c)`
			`}`
			`}`

			`// Given a session id, fetches user data from the database. Will return nil if`
			`// the user cannot be found, and will only return an error if it's serious.`
			`func getCurrentUserAndSession(c RequestContext, sessionId string) (models.User, *models.Session, error) {`
			`session, err := auth.GetSession(c, c.Conn, sessionId)`
			`if err != nil {`
			`if errors.Is(err, auth.ErrNoSession) {`
			`return nil, nil, nil`
			`} else {`
			`return nil, nil, oops.New(err, "failed to get current session")`
			`}`
			`}`

			`user, err := hmndata.FetchUserByUsername(c, c.Conn, nil, session.Username, hmndata.UsersQuery{`
			`AnyStatus: true,`
			`})`
			`if err != nil {`
			`if errors.Is(err, db.NotFound) {`
			`logging.Debug().Str("username", session.Username).Msg("returning no current user for this request because the user for the session couldn't be found")`
			`return nil, nil, nil // user was deleted or something`
			`} else {`
			`return nil, nil, oops.New(err, "failed to get user for session")`
			`}`
			`}`

			`return user, session, nil`
			`}`

			`func addCORSHeaders(c RequestContext, res ResponseData) {`
			`parsed, err := url.Parse(config.Config.BaseUrl)`
			`if err != nil {`
			`c.Logger.Error().Str("Config.BaseUrl", config.Config.BaseUrl).Msg("Config.BaseUrl cannot be parsed. Skipping CORS headers")`
			`return`
			`}`
			`origin := ""`
			`origins, found := c.Req.Header["Origin"]`
			`if found {`
			`origin = origins[0]`
			`}`
			`if strings.HasSuffix(origin, parsed.Host) {`
			`res.Header().Add("Access-Control-Allow-Origin", origin)`
			`res.Header().Add("Access-Control-Allow-Credentials", "true")`
			`res.Header().Add("Vary", "Origin")`
			`}`
			`}`