2020-09-18 13:11:21 +02:00
|
|
|
package webserver
|
2020-05-31 16:46:41 +02:00
|
|
|
|
|
|
|
import (
|
2020-09-12 12:42:48 +02:00
|
|
|
"context"
|
2021-02-24 20:01:48 +01:00
|
|
|
"crypto/tls"
|
2020-05-31 16:46:41 +02:00
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"html"
|
|
|
|
"io"
|
|
|
|
"log"
|
2022-08-04 18:36:07 +02:00
|
|
|
"net"
|
2020-05-31 16:46:41 +02:00
|
|
|
"net/http"
|
2020-05-31 20:03:22 +02:00
|
|
|
"net/url"
|
2020-05-31 16:46:41 +02:00
|
|
|
"os"
|
2020-05-31 20:03:22 +02:00
|
|
|
"path"
|
2020-05-31 16:46:41 +02:00
|
|
|
"path/filepath"
|
2020-10-08 13:32:50 +02:00
|
|
|
"sort"
|
2020-05-31 16:46:41 +02:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/gorilla/websocket"
|
2020-09-13 11:56:35 +02:00
|
|
|
|
2021-08-19 23:46:04 +02:00
|
|
|
"github.com/jech/cert"
|
2020-12-19 17:37:48 +01:00
|
|
|
"github.com/jech/galene/diskwriter"
|
|
|
|
"github.com/jech/galene/group"
|
|
|
|
"github.com/jech/galene/rtpconn"
|
2020-05-31 16:46:41 +02:00
|
|
|
)
|
|
|
|
|
2024-04-14 02:12:46 +02:00
|
|
|
var server *http.Server
|
2020-09-12 12:42:48 +02:00
|
|
|
|
2020-09-18 13:11:21 +02:00
|
|
|
var StaticRoot string
|
|
|
|
|
2020-12-24 14:44:16 +01:00
|
|
|
var Insecure bool
|
|
|
|
|
2020-09-18 14:14:26 +02:00
|
|
|
func Serve(address string, dataDir string) error {
|
2020-09-18 13:12:39 +02:00
|
|
|
http.Handle("/", &fileHandler{http.Dir(StaticRoot)})
|
2020-09-10 13:39:38 +02:00
|
|
|
http.HandleFunc("/group/", groupHandler)
|
2020-05-31 20:03:22 +02:00
|
|
|
http.HandleFunc("/recordings",
|
|
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
http.Redirect(w, r,
|
|
|
|
"/recordings/", http.StatusPermanentRedirect)
|
|
|
|
})
|
|
|
|
http.HandleFunc("/recordings/", recordingsHandler)
|
2020-05-31 16:46:41 +02:00
|
|
|
http.HandleFunc("/ws", wsHandler)
|
|
|
|
http.HandleFunc("/public-groups.json", publicHandler)
|
2024-01-04 19:47:12 +01:00
|
|
|
http.HandleFunc("/galene-api/", apiHandler)
|
2020-05-31 16:46:41 +02:00
|
|
|
|
2020-10-01 19:47:04 +02:00
|
|
|
s := &http.Server{
|
2020-09-18 13:11:21 +02:00
|
|
|
Addr: address,
|
2020-09-12 21:19:40 +02:00
|
|
|
ReadHeaderTimeout: 60 * time.Second,
|
|
|
|
IdleTimeout: 120 * time.Second,
|
|
|
|
}
|
2021-02-24 20:01:48 +01:00
|
|
|
if !Insecure {
|
2021-08-19 23:46:04 +02:00
|
|
|
certificate := cert.New(
|
|
|
|
filepath.Join(dataDir, "cert.pem"),
|
|
|
|
filepath.Join(dataDir, "key.pem"),
|
|
|
|
)
|
2021-02-24 20:01:48 +01:00
|
|
|
s.TLSConfig = &tls.Config{
|
|
|
|
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
2021-08-19 23:46:04 +02:00
|
|
|
return certificate.Get()
|
2021-02-24 20:01:48 +01:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
2020-10-01 19:47:04 +02:00
|
|
|
s.RegisterOnShutdown(func() {
|
2021-09-11 15:42:14 +02:00
|
|
|
group.Shutdown("server is shutting down")
|
2020-09-12 21:19:40 +02:00
|
|
|
})
|
2020-09-18 14:14:26 +02:00
|
|
|
|
2024-04-14 02:12:46 +02:00
|
|
|
server = s
|
2020-10-01 19:47:04 +02:00
|
|
|
|
2022-08-04 18:36:07 +02:00
|
|
|
proto := "tcp"
|
|
|
|
if strings.HasPrefix(address, "/") {
|
|
|
|
proto = "unix"
|
|
|
|
}
|
|
|
|
|
|
|
|
listener, err := net.Listen(proto, address)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2024-04-14 02:12:46 +02:00
|
|
|
go func() {
|
|
|
|
defer listener.Close()
|
|
|
|
if !Insecure {
|
|
|
|
err = s.ServeTLS(listener, "", "")
|
|
|
|
} else {
|
|
|
|
err = s.Serve(listener)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
return nil
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
|
|
|
|
2024-11-17 15:28:42 +01:00
|
|
|
func cspHeader(w http.ResponseWriter, connect string, unsafeEval bool) {
|
|
|
|
c := "connect-src ws: wss: 'self'; "
|
2021-10-29 23:37:05 +02:00
|
|
|
if connect != "" {
|
2024-11-17 15:28:42 +01:00
|
|
|
c = "connect-src " + connect + " ws: wss: 'self'; "
|
|
|
|
}
|
|
|
|
s := "script-src 'self'; "
|
|
|
|
if unsafeEval {
|
|
|
|
s = "script-src 'unsafe-eval' 'self'; "
|
2021-10-29 23:37:05 +02:00
|
|
|
}
|
2020-05-31 16:46:41 +02:00
|
|
|
w.Header().Add("Content-Security-Policy",
|
2024-11-17 15:28:42 +01:00
|
|
|
c+s+"img-src data: 'self'; media-src blob: 'self'; default-src 'self'")
|
2022-12-30 10:35:13 +01:00
|
|
|
|
|
|
|
// Make browser stop sending referrer information
|
|
|
|
w.Header().Add("Referrer-Policy", "no-referrer")
|
|
|
|
|
|
|
|
// Require correct MIME type to load CSS and JS
|
|
|
|
w.Header().Add("X-Content-Type-Options", "nosniff")
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
|
|
|
|
2020-09-11 17:37:35 +02:00
|
|
|
func notFound(w http.ResponseWriter) {
|
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
w.WriteHeader(http.StatusNotFound)
|
|
|
|
|
2020-09-18 13:11:21 +02:00
|
|
|
f, err := os.Open(path.Join(StaticRoot, "404.html"))
|
2020-09-11 17:37:35 +02:00
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintln(w, "<p>Not found</p>")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
io.Copy(w, f)
|
|
|
|
}
|
|
|
|
|
2020-09-18 13:12:39 +02:00
|
|
|
var ErrIsDirectory = errors.New("is a directory")
|
|
|
|
|
|
|
|
func httpError(w http.ResponseWriter, err error) {
|
2024-04-14 13:33:52 +02:00
|
|
|
if errors.Is(err, os.ErrNotExist) {
|
2020-09-18 13:12:39 +02:00
|
|
|
notFound(w)
|
|
|
|
return
|
|
|
|
}
|
2024-11-08 17:07:11 +01:00
|
|
|
if errors.Is(err, group.ErrUnknownPermission) {
|
|
|
|
http.Error(w, "unknown permission", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2024-03-03 13:34:18 +01:00
|
|
|
var autherr *group.NotAuthorisedError
|
|
|
|
if errors.As(err, &autherr) {
|
|
|
|
log.Printf("HTTP server error: %v", err)
|
|
|
|
http.Error(w, "not authorised", http.StatusUnauthorized)
|
2023-12-09 15:51:35 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
var mberr *http.MaxBytesError
|
|
|
|
if errors.As(err, &mberr) {
|
|
|
|
http.Error(w, "Request body too large",
|
|
|
|
http.StatusRequestEntityTooLarge)
|
2020-09-18 13:12:39 +02:00
|
|
|
return
|
|
|
|
}
|
2021-08-18 18:30:19 +02:00
|
|
|
log.Printf("HTTP server error: %v", err)
|
2023-12-09 15:51:35 +01:00
|
|
|
http.Error(w, "Internal server error",
|
2020-09-18 13:12:39 +02:00
|
|
|
http.StatusInternalServerError)
|
|
|
|
}
|
|
|
|
|
2024-04-10 14:39:52 +02:00
|
|
|
func methodNotAllowed(w http.ResponseWriter, methods ...string) {
|
|
|
|
ms := ""
|
|
|
|
for _, m := range methods {
|
|
|
|
if ms != "" {
|
|
|
|
ms = ms + ", "
|
|
|
|
}
|
|
|
|
ms = ms + m
|
|
|
|
}
|
|
|
|
w.Header().Set("Allow", ms)
|
|
|
|
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
|
|
|
}
|
|
|
|
|
2020-09-18 13:43:30 +02:00
|
|
|
const (
|
|
|
|
normalCacheControl = "max-age=1800"
|
|
|
|
veryCachableCacheControl = "max-age=86400"
|
|
|
|
)
|
|
|
|
|
2020-12-07 02:43:51 +01:00
|
|
|
func redirect(w http.ResponseWriter, r *http.Request) bool {
|
2021-10-26 20:24:10 +02:00
|
|
|
conf, err := group.GetConfiguration()
|
|
|
|
if err != nil || conf.CanonicalHost == "" {
|
2020-12-07 02:43:51 +01:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-10-30 19:25:18 +02:00
|
|
|
if strings.EqualFold(r.Host, conf.CanonicalHost) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-12-07 02:43:51 +01:00
|
|
|
u := url.URL{
|
|
|
|
Scheme: "https",
|
2021-10-26 20:24:10 +02:00
|
|
|
Host: conf.CanonicalHost,
|
2020-12-07 02:43:51 +01:00
|
|
|
Path: r.URL.Path,
|
|
|
|
}
|
|
|
|
http.Redirect(w, r, u.String(), http.StatusMovedPermanently)
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
func makeCachable(w http.ResponseWriter, p string, fi os.FileInfo, cachable bool) {
|
|
|
|
etag := fmt.Sprintf("\"%v-%v\"", fi.Size(), fi.ModTime().UnixNano())
|
|
|
|
w.Header().Set("ETag", etag)
|
|
|
|
if !cachable {
|
|
|
|
w.Header().Set("cache-control", "no-cache")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
cc := normalCacheControl
|
2024-11-16 18:12:15 +01:00
|
|
|
if strings.HasPrefix(p, "/third-party/") {
|
2020-09-19 11:39:03 +02:00
|
|
|
cc = veryCachableCacheControl
|
|
|
|
}
|
|
|
|
|
|
|
|
w.Header().Set("Cache-Control", cc)
|
|
|
|
}
|
|
|
|
|
|
|
|
// fileHandler is our custom reimplementation of http.FileServer
|
|
|
|
type fileHandler struct {
|
|
|
|
root http.FileSystem
|
2020-09-18 13:43:30 +02:00
|
|
|
}
|
|
|
|
|
2020-09-18 13:12:39 +02:00
|
|
|
func (fh *fileHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
2020-12-07 02:43:51 +01:00
|
|
|
if redirect(w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-11-17 15:28:42 +01:00
|
|
|
cspHeader(w, "", r.URL.Path == "/blur-background-worker.js")
|
2020-09-18 13:12:39 +02:00
|
|
|
p := r.URL.Path
|
|
|
|
// this ensures any leading .. are removed by path.Clean below
|
|
|
|
if !strings.HasPrefix(p, "/") {
|
|
|
|
p = "/" + p
|
|
|
|
r.URL.Path = p
|
|
|
|
}
|
|
|
|
p = path.Clean(p)
|
|
|
|
|
|
|
|
f, err := fh.root.Open(p)
|
|
|
|
if err != nil {
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
2020-09-19 11:39:03 +02:00
|
|
|
fi, err := f.Stat()
|
2020-09-18 13:12:39 +02:00
|
|
|
if err != nil {
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
if fi.IsDir() {
|
2020-09-18 13:12:39 +02:00
|
|
|
u := r.URL.Path
|
|
|
|
if u[len(u)-1] != '/' {
|
|
|
|
http.Redirect(w, r, u+"/", http.StatusPermanentRedirect)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
index := path.Join(p, "index.html")
|
|
|
|
ff, err := fh.root.Open(index)
|
|
|
|
if err != nil {
|
2021-08-18 18:30:19 +02:00
|
|
|
// return 403 if index.html doesn't exist
|
2024-04-14 13:33:52 +02:00
|
|
|
if errors.Is(err, os.ErrNotExist) {
|
2024-03-03 13:34:18 +01:00
|
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
|
|
return
|
2020-09-18 13:12:39 +02:00
|
|
|
}
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer ff.Close()
|
|
|
|
dd, err := ff.Stat()
|
|
|
|
if err != nil {
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if dd.IsDir() {
|
|
|
|
httpError(w, ErrIsDirectory)
|
|
|
|
return
|
|
|
|
}
|
2020-09-19 11:39:03 +02:00
|
|
|
f, fi = ff, dd
|
2020-09-18 13:12:39 +02:00
|
|
|
p = index
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
makeCachable(w, p, fi, true)
|
|
|
|
http.ServeContent(w, r, fi.Name(), fi.ModTime(), f)
|
2020-09-18 13:43:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// serveFile is similar to http.ServeFile, except that it doesn't check
|
|
|
|
// for .. and adds cachability headers.
|
|
|
|
func serveFile(w http.ResponseWriter, r *http.Request, p string) {
|
|
|
|
f, err := os.Open(p)
|
|
|
|
if err != nil {
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
2020-09-19 11:39:03 +02:00
|
|
|
fi, err := f.Stat()
|
2020-09-18 13:43:30 +02:00
|
|
|
if err != nil {
|
|
|
|
httpError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
if fi.IsDir() {
|
2020-09-18 13:43:30 +02:00
|
|
|
httpError(w, ErrIsDirectory)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
makeCachable(w, p, fi, true)
|
|
|
|
http.ServeContent(w, r, fi.Name(), fi.ModTime(), f)
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
|
|
|
|
2021-02-07 01:42:31 +01:00
|
|
|
func parseGroupName(prefix string, p string) string {
|
|
|
|
if !strings.HasPrefix(p, prefix) {
|
2020-09-10 13:39:38 +02:00
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-08-18 18:30:19 +02:00
|
|
|
name := p[len(prefix):]
|
2020-09-10 13:39:38 +02:00
|
|
|
if name == "" {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-10-28 20:01:11 +02:00
|
|
|
if name[0] == '.' {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-02-07 01:42:31 +01:00
|
|
|
if filepath.Separator != '/' &&
|
|
|
|
strings.ContainsRune(name, filepath.Separator) {
|
|
|
|
return ""
|
2020-09-10 13:39:38 +02:00
|
|
|
}
|
2021-02-07 01:42:31 +01:00
|
|
|
|
|
|
|
name = path.Clean("/" + name)
|
|
|
|
return name[1:]
|
2020-09-10 13:39:38 +02:00
|
|
|
}
|
|
|
|
|
2024-01-17 22:12:22 +01:00
|
|
|
func splitPath(pth string) (string, string, string) {
|
|
|
|
index := strings.Index(pth, "/.")
|
|
|
|
if index < 0 {
|
|
|
|
return pth, "", ""
|
|
|
|
}
|
|
|
|
|
|
|
|
index2 := strings.Index(pth[index+1:], "/")
|
|
|
|
if index2 < 0 {
|
|
|
|
return pth[:index], pth[index+1:], ""
|
|
|
|
}
|
|
|
|
return pth[:index], pth[index+1 : index+1+index2], pth[index+1+index2:]
|
|
|
|
}
|
|
|
|
|
2020-09-10 13:39:38 +02:00
|
|
|
func groupHandler(w http.ResponseWriter, r *http.Request) {
|
2020-12-07 02:43:51 +01:00
|
|
|
if redirect(w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-17 22:17:54 +01:00
|
|
|
dir, kind, rest := splitPath(r.URL.Path)
|
|
|
|
if kind == ".status" && rest == "" {
|
2021-10-26 22:22:48 +02:00
|
|
|
groupStatusHandler(w, r)
|
|
|
|
return
|
2024-01-17 22:17:54 +01:00
|
|
|
} else if kind == ".status.json" && rest == "" {
|
|
|
|
http.Redirect(w, r, dir+"/"+".status",
|
|
|
|
http.StatusPermanentRedirect)
|
|
|
|
return
|
2024-01-17 22:12:22 +01:00
|
|
|
} else if kind == ".whip" {
|
|
|
|
if rest == "" {
|
2023-07-10 16:24:30 +02:00
|
|
|
whipEndpointHandler(w, r)
|
|
|
|
} else {
|
|
|
|
whipResourceHandler(w, r)
|
|
|
|
}
|
|
|
|
return
|
2024-01-17 22:12:22 +01:00
|
|
|
} else if kind != "" {
|
|
|
|
notFound(w)
|
|
|
|
return
|
2023-07-10 16:24:30 +02:00
|
|
|
}
|
|
|
|
|
2021-02-07 01:42:31 +01:00
|
|
|
name := parseGroupName("/group/", r.URL.Path)
|
2020-09-10 13:39:38 +02:00
|
|
|
if name == "" {
|
2020-09-11 17:37:35 +02:00
|
|
|
notFound(w)
|
2020-09-10 13:39:38 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-09-13 11:56:35 +02:00
|
|
|
g, err := group.Add(name, nil)
|
2020-09-10 13:39:38 +02:00
|
|
|
if err != nil {
|
2024-01-11 23:10:15 +01:00
|
|
|
httpError(w, err)
|
2020-09-10 13:39:38 +02:00
|
|
|
return
|
|
|
|
}
|
2020-09-10 13:55:57 +02:00
|
|
|
|
2021-10-28 19:55:40 +02:00
|
|
|
if r.URL.Path != "/group/"+name+"/" {
|
|
|
|
http.Redirect(w, r, "/group/"+name+"/",
|
|
|
|
http.StatusPermanentRedirect)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-10-30 18:32:49 +02:00
|
|
|
if redirect := g.Description().Redirect; redirect != "" {
|
2021-08-18 18:30:19 +02:00
|
|
|
http.Redirect(w, r, redirect, http.StatusPermanentRedirect)
|
2020-09-10 13:55:57 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-24 12:09:10 +01:00
|
|
|
status := g.Status(false, nil)
|
2024-11-17 15:28:42 +01:00
|
|
|
cspHeader(w, status.AuthServer, false)
|
2020-12-06 19:43:17 +01:00
|
|
|
serveFile(w, r, filepath.Join(StaticRoot, "galene.html"))
|
2020-09-10 13:39:38 +02:00
|
|
|
}
|
|
|
|
|
2024-02-24 12:09:10 +01:00
|
|
|
func baseURL(r *http.Request) (*url.URL, error) {
|
2022-10-21 13:28:11 +02:00
|
|
|
conf, err := group.GetConfiguration()
|
|
|
|
if err != nil {
|
2024-02-24 12:09:10 +01:00
|
|
|
return nil, err
|
2022-10-21 13:28:11 +02:00
|
|
|
}
|
2024-02-24 12:09:10 +01:00
|
|
|
var pu *url.URL
|
2022-10-21 13:28:11 +02:00
|
|
|
if conf.ProxyURL != "" {
|
2024-02-24 12:09:10 +01:00
|
|
|
pu, err = url.Parse(conf.ProxyURL)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-10-21 13:28:11 +02:00
|
|
|
}
|
2022-10-09 12:37:13 +02:00
|
|
|
scheme := "https"
|
|
|
|
if r.TLS == nil {
|
|
|
|
scheme = "http"
|
|
|
|
}
|
2024-02-24 12:09:10 +01:00
|
|
|
host := r.Host
|
|
|
|
path := ""
|
|
|
|
if pu != nil {
|
|
|
|
if pu.Scheme != "" {
|
|
|
|
scheme = pu.Scheme
|
|
|
|
}
|
|
|
|
if pu.Host != "" {
|
|
|
|
host = pu.Host
|
|
|
|
}
|
|
|
|
path = pu.Path
|
|
|
|
}
|
2022-09-01 15:38:29 +02:00
|
|
|
base := url.URL{
|
2022-10-09 12:37:13 +02:00
|
|
|
Scheme: scheme,
|
2024-02-24 12:09:10 +01:00
|
|
|
Host: host,
|
|
|
|
Path: path,
|
2022-09-01 15:38:29 +02:00
|
|
|
}
|
2024-02-24 12:09:10 +01:00
|
|
|
return &base, nil
|
2022-09-01 15:38:29 +02:00
|
|
|
}
|
|
|
|
|
2021-10-26 22:22:48 +02:00
|
|
|
func groupStatusHandler(w http.ResponseWriter, r *http.Request) {
|
2024-01-17 22:12:22 +01:00
|
|
|
pth, kind, rest := splitPath(r.URL.Path)
|
2024-01-17 22:17:54 +01:00
|
|
|
if kind != ".status" || rest != "" {
|
2024-01-17 22:12:22 +01:00
|
|
|
http.Error(w, "Internal server error",
|
|
|
|
http.StatusInternalServerError)
|
|
|
|
}
|
2022-09-01 15:38:29 +02:00
|
|
|
name := parseGroupName("/group/", pth)
|
2021-10-26 22:22:48 +02:00
|
|
|
if name == "" {
|
|
|
|
notFound(w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
g, err := group.Add(name, nil)
|
|
|
|
if err != nil {
|
2024-01-18 01:02:56 +01:00
|
|
|
httpError(w, err)
|
2021-10-26 22:22:48 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-24 12:09:10 +01:00
|
|
|
base, err := baseURL(r)
|
2022-10-21 13:28:11 +02:00
|
|
|
if err != nil {
|
2024-02-24 12:09:10 +01:00
|
|
|
log.Printf("Parse ProxyURL: %v", err)
|
|
|
|
http.Error(w, "Internal server error",
|
|
|
|
http.StatusInternalServerError)
|
2022-10-21 13:28:11 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
d := g.Status(false, base)
|
2021-10-26 22:22:48 +02:00
|
|
|
w.Header().Set("content-type", "application/json")
|
|
|
|
w.Header().Set("cache-control", "no-cache")
|
|
|
|
|
|
|
|
if r.Method == "HEAD" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
e := json.NewEncoder(w)
|
|
|
|
e.Encode(d)
|
|
|
|
}
|
|
|
|
|
2020-05-31 16:46:41 +02:00
|
|
|
func publicHandler(w http.ResponseWriter, r *http.Request) {
|
2024-02-24 12:09:10 +01:00
|
|
|
base, err := baseURL(r)
|
2022-10-21 13:28:11 +02:00
|
|
|
if err != nil {
|
2022-10-21 19:05:37 +02:00
|
|
|
log.Printf("couldn't determine group base: %v", err)
|
2024-01-18 01:02:56 +01:00
|
|
|
httpError(w, err)
|
2022-10-21 13:28:11 +02:00
|
|
|
return
|
|
|
|
}
|
2020-05-31 16:46:41 +02:00
|
|
|
w.Header().Set("content-type", "application/json")
|
|
|
|
w.Header().Set("cache-control", "no-cache")
|
|
|
|
|
|
|
|
if r.Method == "HEAD" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-10-21 13:28:11 +02:00
|
|
|
g := group.GetPublic(base)
|
2020-05-31 16:46:41 +02:00
|
|
|
e := json.NewEncoder(w)
|
|
|
|
e.Encode(g)
|
|
|
|
}
|
|
|
|
|
2021-10-26 20:10:24 +02:00
|
|
|
func adminMatch(username, password string) (bool, error) {
|
|
|
|
conf, err := group.GetConfiguration()
|
2020-05-31 16:46:41 +02:00
|
|
|
if err != nil {
|
2021-10-26 20:10:24 +02:00
|
|
|
return false, err
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
|
|
|
|
2024-01-02 18:36:09 +01:00
|
|
|
u, found := conf.Users[username]
|
|
|
|
if found {
|
|
|
|
ok, err := u.Password.Match(password)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if !ok {
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
perms := u.Permissions.Permissions(nil)
|
|
|
|
for _, p := range perms {
|
|
|
|
if p == "admin" {
|
2021-10-26 20:10:24 +02:00
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
}
|
2024-01-02 18:36:09 +01:00
|
|
|
return false, nil
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
2024-01-02 18:36:09 +01:00
|
|
|
|
2021-10-26 20:10:24 +02:00
|
|
|
return false, nil
|
2020-05-31 16:46:41 +02:00
|
|
|
}
|
|
|
|
|
2020-05-31 20:03:22 +02:00
|
|
|
func failAuthentication(w http.ResponseWriter, realm string) {
|
|
|
|
w.Header().Set("www-authenticate",
|
|
|
|
fmt.Sprintf("basic realm=\"%v\"", realm))
|
|
|
|
http.Error(w, "Haha!", http.StatusUnauthorized)
|
|
|
|
}
|
2020-05-31 16:46:41 +02:00
|
|
|
|
2021-02-24 20:01:48 +01:00
|
|
|
var wsUpgrader = websocket.Upgrader{
|
2021-01-04 18:02:50 +01:00
|
|
|
HandshakeTimeout: 30 * time.Second,
|
|
|
|
}
|
2020-05-31 16:46:41 +02:00
|
|
|
|
2023-07-10 20:40:42 +02:00
|
|
|
var wsPublicUpgrader = websocket.Upgrader{
|
|
|
|
HandshakeTimeout: 30 * time.Second,
|
|
|
|
CheckOrigin: func(r *http.Request) bool {
|
|
|
|
return true
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-31 16:46:41 +02:00
|
|
|
func wsHandler(w http.ResponseWriter, r *http.Request) {
|
2023-07-10 20:40:42 +02:00
|
|
|
conf, err := group.GetConfiguration()
|
|
|
|
if err != nil {
|
2024-01-18 01:02:56 +01:00
|
|
|
httpError(w, err)
|
2023-07-10 20:40:42 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
upgrader := wsUpgrader
|
|
|
|
if conf.PublicServer {
|
|
|
|
upgrader = wsPublicUpgrader
|
|
|
|
}
|
|
|
|
|
|
|
|
conn, err := upgrader.Upgrade(w, r, nil)
|
2020-05-31 16:46:41 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Printf("Websocket upgrade: %v", err)
|
|
|
|
return
|
|
|
|
}
|
2024-04-30 18:18:32 +02:00
|
|
|
|
|
|
|
var addr net.Addr
|
|
|
|
tcpaddr, err := net.ResolveTCPAddr("tcp", r.RemoteAddr)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("ResolveTCPAddr: %v", err)
|
|
|
|
} else {
|
|
|
|
addr = tcpaddr
|
|
|
|
}
|
|
|
|
|
2020-05-31 16:46:41 +02:00
|
|
|
go func() {
|
2024-04-30 18:18:32 +02:00
|
|
|
err := rtpconn.StartClient(conn, addr)
|
2020-05-31 16:46:41 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Printf("client: %v", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
2020-05-31 20:03:22 +02:00
|
|
|
|
|
|
|
func recordingsHandler(w http.ResponseWriter, r *http.Request) {
|
2020-12-07 02:43:51 +01:00
|
|
|
if redirect(w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-05-31 20:03:22 +02:00
|
|
|
if len(r.URL.Path) < 12 || r.URL.Path[:12] != "/recordings/" {
|
|
|
|
http.Error(w, "server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
p := "/" + r.URL.Path[12:]
|
|
|
|
|
|
|
|
if filepath.Separator != '/' &&
|
|
|
|
strings.ContainsRune(p, filepath.Separator) {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Bad character in filename",
|
2020-09-19 11:39:03 +02:00
|
|
|
http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2020-05-31 20:03:22 +02:00
|
|
|
|
2021-08-18 18:30:19 +02:00
|
|
|
p = path.Clean(p)
|
|
|
|
|
2020-09-19 11:39:03 +02:00
|
|
|
if p == "/" {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Nothing here", http.StatusForbidden)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-10-04 19:01:06 +02:00
|
|
|
f, err := os.Open(filepath.Join(diskwriter.Directory, p))
|
2020-05-31 20:03:22 +02:00
|
|
|
if err != nil {
|
2020-09-19 11:39:03 +02:00
|
|
|
httpError(w, err)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
fi, err := f.Stat()
|
|
|
|
if err != nil {
|
2020-09-19 11:39:03 +02:00
|
|
|
httpError(w, err)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-08-23 20:41:24 +02:00
|
|
|
var group, filename string
|
2020-05-31 20:03:22 +02:00
|
|
|
if fi.IsDir() {
|
2021-08-23 20:41:24 +02:00
|
|
|
for len(p) > 0 && p[len(p)-1] == '/' {
|
|
|
|
p = p[:len(p)-1]
|
|
|
|
}
|
|
|
|
group = parseGroupName("/", p)
|
|
|
|
if group == "" {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Bad group name", http.StatusBadRequest)
|
2021-08-23 20:41:24 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if p[len(p)-1] == '/' {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Bad group name", http.StatusBadRequest)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
2021-08-23 20:41:24 +02:00
|
|
|
group, filename = path.Split(p)
|
|
|
|
group = parseGroupName("/", group)
|
|
|
|
if group == "" {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Bad group name", http.StatusBadRequest)
|
2021-08-23 20:41:24 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
u := "/recordings/" + group + "/" + filename
|
|
|
|
if r.URL.Path != u {
|
|
|
|
http.Redirect(w, r, u, http.StatusPermanentRedirect)
|
|
|
|
return
|
2020-09-19 11:39:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
ok := checkGroupPermissions(w, r, group)
|
|
|
|
if !ok {
|
|
|
|
failAuthentication(w, "recordings/"+group)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-08-23 20:41:24 +02:00
|
|
|
if filename == "" {
|
2020-05-31 20:03:22 +02:00
|
|
|
if r.Method == "POST" {
|
2020-09-19 11:39:03 +02:00
|
|
|
handleGroupAction(w, r, group)
|
2020-05-31 20:03:22 +02:00
|
|
|
} else {
|
2020-09-19 11:39:03 +02:00
|
|
|
serveGroupRecordings(w, r, f, group)
|
2020-05-31 20:03:22 +02:00
|
|
|
}
|
2020-09-19 11:39:03 +02:00
|
|
|
return
|
2020-05-31 20:03:22 +02:00
|
|
|
}
|
2020-09-19 11:39:03 +02:00
|
|
|
|
|
|
|
// Ensure the file is uncachable if it's still recording
|
|
|
|
cachable := time.Since(fi.ModTime()) > time.Minute
|
|
|
|
makeCachable(w, path.Join("/recordings/", p), fi, cachable)
|
|
|
|
http.ServeContent(w, r, fi.Name(), fi.ModTime(), f)
|
2020-05-31 20:03:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) {
|
|
|
|
if r.Method != "POST" {
|
2024-04-10 14:39:52 +02:00
|
|
|
methodNotAllowed(w, "POST")
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err := r.ParseForm()
|
|
|
|
if err != nil {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Couldn't parse request", http.StatusBadRequest)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
q := r.Form.Get("q")
|
|
|
|
|
|
|
|
switch q {
|
|
|
|
case "delete":
|
|
|
|
filename := r.Form.Get("filename")
|
|
|
|
if group == "" || filename == "" {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "No filename provided",
|
2020-05-31 20:03:22 +02:00
|
|
|
http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2020-09-19 11:39:03 +02:00
|
|
|
if strings.ContainsRune(filename, '/') ||
|
|
|
|
strings.ContainsRune(filename, filepath.Separator) {
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Bad character in filename",
|
2020-09-19 11:39:03 +02:00
|
|
|
http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2020-05-31 20:03:22 +02:00
|
|
|
err := os.Remove(
|
2020-10-04 19:01:06 +02:00
|
|
|
filepath.Join(diskwriter.Directory,
|
2020-09-19 11:39:03 +02:00
|
|
|
filepath.Join(group,
|
|
|
|
path.Clean("/"+filename),
|
|
|
|
),
|
|
|
|
),
|
2020-05-31 20:03:22 +02:00
|
|
|
)
|
|
|
|
if err != nil {
|
2020-09-19 11:39:03 +02:00
|
|
|
httpError(w, err)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
http.Redirect(w, r, "/recordings/"+group+"/",
|
|
|
|
http.StatusSeeOther)
|
|
|
|
return
|
|
|
|
default:
|
2024-01-18 01:02:56 +01:00
|
|
|
http.Error(w, "Unknown query", http.StatusBadRequest)
|
2020-05-31 20:03:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-13 11:56:35 +02:00
|
|
|
func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool {
|
2022-09-08 20:55:05 +02:00
|
|
|
user, pass, ok := r.BasicAuth()
|
|
|
|
if !ok {
|
2020-05-31 20:03:22 +02:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-09-08 20:55:05 +02:00
|
|
|
g := group.Get(groupname)
|
|
|
|
if g == nil {
|
2020-05-31 20:03:22 +02:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-09-08 20:55:05 +02:00
|
|
|
_, p, err := g.GetPermission(
|
2021-10-27 04:15:44 +02:00
|
|
|
group.ClientCredentials{
|
2023-03-22 17:41:16 +01:00
|
|
|
Username: &user,
|
2021-10-27 04:15:44 +02:00
|
|
|
Password: pass,
|
|
|
|
},
|
|
|
|
)
|
2022-02-19 23:43:44 +01:00
|
|
|
record := false
|
|
|
|
if err == nil {
|
|
|
|
for _, v := range p {
|
|
|
|
if v == "record" {
|
|
|
|
record = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err != nil || !record {
|
2024-03-03 13:34:18 +01:00
|
|
|
var autherr *group.NotAuthorisedError
|
|
|
|
if errors.As(err, &autherr) {
|
2020-12-02 00:07:31 +01:00
|
|
|
time.Sleep(200 * time.Millisecond)
|
|
|
|
}
|
2020-05-31 20:03:22 +02:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
func serveGroupRecordings(w http.ResponseWriter, r *http.Request, f *os.File, group string) {
|
2021-08-18 18:30:19 +02:00
|
|
|
// read early, so we return permission errors to HEAD
|
2020-05-31 20:03:22 +02:00
|
|
|
fis, err := f.Readdir(-1)
|
|
|
|
if err != nil {
|
2024-01-18 01:02:56 +01:00
|
|
|
httpError(w, err)
|
2020-05-31 20:03:22 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-10-08 13:32:50 +02:00
|
|
|
sort.Slice(fis, func(i, j int) bool {
|
|
|
|
return fis[i].Name() < fis[j].Name()
|
|
|
|
})
|
|
|
|
|
2020-05-31 20:03:22 +02:00
|
|
|
w.Header().Set("content-type", "text/html; charset=utf-8")
|
|
|
|
w.Header().Set("cache-control", "no-cache")
|
|
|
|
|
|
|
|
if r.Method == "HEAD" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Fprintf(w, "<!DOCTYPE html>\n<html><head>\n")
|
|
|
|
fmt.Fprintf(w, "<title>Recordings for group %v</title>\n", group)
|
|
|
|
fmt.Fprintf(w, "<link rel=\"stylesheet\" type=\"text/css\" href=\"/common.css\"/>")
|
2020-09-19 11:39:03 +02:00
|
|
|
fmt.Fprintf(w, "</head><body>\n")
|
2020-05-31 20:03:22 +02:00
|
|
|
|
|
|
|
fmt.Fprintf(w, "<table>\n")
|
|
|
|
for _, fi := range fis {
|
|
|
|
if fi.IsDir() {
|
|
|
|
continue
|
|
|
|
}
|
2020-09-21 23:03:03 +02:00
|
|
|
fmt.Fprintf(w, "<tr><td><a href=\"./%v\">%v</a></td><td>%d</td>",
|
2020-05-31 20:03:22 +02:00
|
|
|
html.EscapeString(fi.Name()),
|
|
|
|
html.EscapeString(fi.Name()),
|
|
|
|
fi.Size(),
|
|
|
|
)
|
|
|
|
fmt.Fprintf(w,
|
2020-09-19 11:39:03 +02:00
|
|
|
"<td><form action=\"/recordings/%v/\" method=\"post\">"+
|
|
|
|
"<input type=\"hidden\" name=\"filename\" value=\"%v\">"+
|
|
|
|
"<button type=\"submit\" name=\"q\" value=\"delete\">Delete</button>"+
|
2020-05-31 20:03:22 +02:00
|
|
|
"</form></td></tr>\n",
|
|
|
|
url.PathEscape(group), fi.Name())
|
|
|
|
}
|
|
|
|
fmt.Fprintf(w, "</table>\n")
|
|
|
|
fmt.Fprintf(w, "</body></html>\n")
|
|
|
|
}
|
2020-09-12 12:42:48 +02:00
|
|
|
|
2020-09-18 13:11:21 +02:00
|
|
|
func Shutdown() {
|
2024-04-14 02:12:46 +02:00
|
|
|
if server == nil {
|
|
|
|
log.Printf("Shutting down nonexistent server")
|
2020-10-01 19:47:04 +02:00
|
|
|
}
|
2020-09-18 10:36:05 +02:00
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
|
|
|
|
defer cancel()
|
2024-04-14 02:12:46 +02:00
|
|
|
server.Shutdown(ctx)
|
|
|
|
server = nil
|
2020-09-12 12:42:48 +02:00
|
|
|
}
|