2024-01-01 10:31:45 +00:00
|
|
|
// Copyright (C) 2019 Nicola Murino
|
2022-07-17 18:16:00 +00:00
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published
|
|
|
|
// by the Free Software Foundation, version 3.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
2023-01-03 09:18:30 +00:00
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2022-07-17 18:16:00 +00:00
|
|
|
|
2019-10-07 16:19:01 +00:00
|
|
|
package httpd
|
|
|
|
|
|
|
|
import (
|
2023-12-10 15:40:13 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2023-11-25 17:30:56 +00:00
|
|
|
"net/http"
|
2019-10-07 16:19:01 +00:00
|
|
|
"strings"
|
2023-11-25 17:30:56 +00:00
|
|
|
|
2023-12-28 17:43:07 +00:00
|
|
|
"github.com/go-chi/render"
|
2023-11-25 17:30:56 +00:00
|
|
|
"github.com/unrolled/secure"
|
2023-12-10 15:40:13 +00:00
|
|
|
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/util"
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/version"
|
2019-10-07 16:19:01 +00:00
|
|
|
)
|
|
|
|
|
2021-01-25 20:31:33 +00:00
|
|
|
const (
|
2023-11-25 17:11:10 +00:00
|
|
|
pageMFATitle = "Two-factor authentication"
|
|
|
|
pageTwoFactorTitle = "Two-Factor authentication"
|
|
|
|
pageTwoFactorRecoveryTitle = "Two-Factor recovery"
|
|
|
|
webDateTimeFormat = "2006-01-02 15:04:05" // YYYY-MM-DD HH:MM:SS
|
|
|
|
redactedSecret = "[**redacted**]"
|
|
|
|
csrfFormToken = "_form_token"
|
|
|
|
csrfHeaderToken = "X-CSRF-TOKEN"
|
|
|
|
templateCommonDir = "common"
|
|
|
|
templateTwoFactor = "twofactor.html"
|
|
|
|
templateTwoFactorRecovery = "twofactor-recovery.html"
|
|
|
|
templateForgotPassword = "forgot-password.html"
|
|
|
|
templateResetPassword = "reset-password.html"
|
2024-01-18 18:18:57 +00:00
|
|
|
templateChangePwd = "changepassword.html"
|
|
|
|
templateMessage = "message.html"
|
2023-11-25 17:11:10 +00:00
|
|
|
templateCommonBase = "base.html"
|
2023-12-30 13:13:25 +00:00
|
|
|
templateCommonBaseLogin = "baselogin.html"
|
2023-12-30 18:12:22 +00:00
|
|
|
templateCommonLogin = "login.html"
|
2021-01-25 20:31:33 +00:00
|
|
|
)
|
|
|
|
|
2023-12-10 15:40:13 +00:00
|
|
|
var (
|
|
|
|
errInvalidTokenClaims = errors.New("invalid token claims")
|
|
|
|
)
|
|
|
|
|
2023-11-25 17:30:56 +00:00
|
|
|
type commonBasePage struct {
|
|
|
|
CSPNonce string
|
|
|
|
StaticURL string
|
2023-12-10 15:40:13 +00:00
|
|
|
Version string
|
2023-11-25 17:30:56 +00:00
|
|
|
}
|
|
|
|
|
2021-01-17 21:29:08 +00:00
|
|
|
type loginPage struct {
|
2023-11-25 17:30:56 +00:00
|
|
|
commonBasePage
|
2022-02-13 13:30:20 +00:00
|
|
|
CurrentURL string
|
2023-12-30 18:12:22 +00:00
|
|
|
Error *util.I18nError
|
2022-02-13 13:30:20 +00:00
|
|
|
CSRFToken string
|
|
|
|
AltLoginURL string
|
2022-05-15 05:30:36 +00:00
|
|
|
AltLoginName string
|
2022-02-13 13:30:20 +00:00
|
|
|
ForgotPwdURL string
|
|
|
|
OpenIDLoginURL string
|
2023-12-10 15:40:13 +00:00
|
|
|
Title string
|
2022-05-13 17:40:52 +00:00
|
|
|
Branding UIBranding
|
2022-07-19 20:25:00 +00:00
|
|
|
FormDisabled bool
|
2024-02-04 20:13:04 +00:00
|
|
|
CheckRedirect bool
|
2021-01-17 21:29:08 +00:00
|
|
|
}
|
|
|
|
|
2021-09-04 10:11:04 +00:00
|
|
|
type twoFactorPage struct {
|
2023-11-25 17:30:56 +00:00
|
|
|
commonBasePage
|
2021-09-04 10:11:04 +00:00
|
|
|
CurrentURL string
|
2023-12-30 18:12:22 +00:00
|
|
|
Error *util.I18nError
|
2021-09-04 10:11:04 +00:00
|
|
|
CSRFToken string
|
|
|
|
RecoveryURL string
|
2023-11-25 17:11:10 +00:00
|
|
|
Title string
|
2022-05-13 17:40:52 +00:00
|
|
|
Branding UIBranding
|
2021-09-04 10:11:04 +00:00
|
|
|
}
|
|
|
|
|
2021-11-13 12:25:43 +00:00
|
|
|
type forgotPwdPage struct {
|
2023-11-25 17:30:56 +00:00
|
|
|
commonBasePage
|
2021-11-13 12:25:43 +00:00
|
|
|
CurrentURL string
|
2023-12-30 18:12:22 +00:00
|
|
|
Error *util.I18nError
|
2021-11-13 12:25:43 +00:00
|
|
|
CSRFToken string
|
2023-11-04 09:54:52 +00:00
|
|
|
LoginURL string
|
2021-11-13 12:25:43 +00:00
|
|
|
Title string
|
2022-05-13 17:40:52 +00:00
|
|
|
Branding UIBranding
|
2021-11-13 12:25:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type resetPwdPage struct {
|
2023-11-25 17:30:56 +00:00
|
|
|
commonBasePage
|
2021-11-13 12:25:43 +00:00
|
|
|
CurrentURL string
|
2023-12-30 18:12:22 +00:00
|
|
|
Error *util.I18nError
|
2021-11-13 12:25:43 +00:00
|
|
|
CSRFToken string
|
2023-11-04 09:54:52 +00:00
|
|
|
LoginURL string
|
2021-11-13 12:25:43 +00:00
|
|
|
Title string
|
2022-05-13 17:40:52 +00:00
|
|
|
Branding UIBranding
|
2021-11-13 12:25:43 +00:00
|
|
|
}
|
|
|
|
|
2019-12-30 17:37:50 +00:00
|
|
|
func getSliceFromDelimitedValues(values, delimiter string) []string {
|
|
|
|
result := []string{}
|
|
|
|
for _, v := range strings.Split(values, delimiter) {
|
|
|
|
cleaned := strings.TrimSpace(v)
|
2021-01-25 20:31:33 +00:00
|
|
|
if cleaned != "" {
|
2019-12-30 17:37:50 +00:00
|
|
|
result = append(result, cleaned)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
2023-11-05 08:37:16 +00:00
|
|
|
|
|
|
|
func hasPrefixAndSuffix(key, prefix, suffix string) bool {
|
|
|
|
return strings.HasPrefix(key, prefix) && strings.HasSuffix(key, suffix)
|
|
|
|
}
|
2023-11-25 17:30:56 +00:00
|
|
|
|
|
|
|
func getCommonBasePage(r *http.Request) commonBasePage {
|
2023-12-10 15:40:13 +00:00
|
|
|
v := version.Get()
|
2023-11-25 17:30:56 +00:00
|
|
|
return commonBasePage{
|
|
|
|
CSPNonce: secure.CSPNonce(r.Context()),
|
|
|
|
StaticURL: webStaticFilesPath,
|
2023-12-10 15:40:13 +00:00
|
|
|
Version: fmt.Sprintf("v%v-%v", v.Version, v.CommitHash),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func i18nListDirMsg(status int) string {
|
|
|
|
if status == http.StatusForbidden {
|
|
|
|
return util.I18nErrorDirList403
|
|
|
|
}
|
|
|
|
return util.I18nErrorDirListGeneric
|
|
|
|
}
|
|
|
|
|
|
|
|
func i18nFsMsg(status int) string {
|
|
|
|
if status == http.StatusForbidden {
|
|
|
|
return util.I18nError403Message
|
|
|
|
}
|
|
|
|
return util.I18nErrorFsGeneric
|
|
|
|
}
|
|
|
|
|
|
|
|
func getI18NErrorString(err error, fallback string) string {
|
|
|
|
var errI18n *util.I18nError
|
|
|
|
if errors.As(err, &errI18n) {
|
2023-12-12 17:04:14 +00:00
|
|
|
return errI18n.Message
|
2023-11-25 17:30:56 +00:00
|
|
|
}
|
2023-12-10 15:40:13 +00:00
|
|
|
return fallback
|
2023-11-25 17:30:56 +00:00
|
|
|
}
|
2023-12-28 17:43:07 +00:00
|
|
|
|
2024-01-14 08:09:42 +00:00
|
|
|
func getI18nError(err error) *util.I18nError {
|
|
|
|
var errI18n *util.I18nError
|
|
|
|
if err != nil {
|
|
|
|
errI18n = util.NewI18nError(err, util.I18nError500Message)
|
|
|
|
}
|
|
|
|
return errI18n
|
|
|
|
}
|
|
|
|
|
2023-12-28 17:43:07 +00:00
|
|
|
func handlePingRequest(w http.ResponseWriter, r *http.Request) {
|
|
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
render.PlainText(w, r, "PONG")
|
|
|
|
}
|