mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 01:22:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/internal/web/web.go

140 lines
6.9 KiB
Go
Raw Normal View History

[chore] Improve copyright header handling (#1608) * [chore] Remove years from all license headers Years or year ranges aren't required in license headers. Many projects have removed them in recent years and it avoids a bit of yearly toil. In many cases our copyright claim was also a bit dodgy since we added the 2021-2023 header to files created after 2021 but you can't claim copyright into the past that way. * [chore] Add license header check This ensures a license header is always added to any new file. This avoids maintainers/reviewers needing to remember to check for and ask for it in case a contribution doesn't include it. * [chore] Add missing license headers * [chore] Further updates to license header * Use the more common // indentend comment format * Remove the hack we had for the linter now that we use the // format * Add SPDX license identifier
2023-03-12 16:00:57 +01:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
package web
import (
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
"context"
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
"net/http"
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
"net/url"
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
[feature] Move to code.superseriousbusiness.org
2025-04-26 15:34:10 +02:00
apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
"code.superseriousbusiness.org/gotosocial/internal/db"
"code.superseriousbusiness.org/gotosocial/internal/middleware"
"code.superseriousbusiness.org/gotosocial/internal/processing"
"code.superseriousbusiness.org/gotosocial/internal/router"
"code.superseriousbusiness.org/gotosocial/internal/uris"
[chore] update database caching library (#1040) * convert most of the caches to use result.Cache{} * add caching of emojis * fix issues causing failing tests * update go-cache/v2 instances with v3 * fix getnotification * add a note about the left-in StatusCreate comment * update EmojiCategory db access to use new result.Cache{} * fix possible panic in getstatusparents * further proof that kim is not stinky
2022-11-15 18:45:15 +00:00
"codeberg.org/gruf/go-cache/v3"
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
"github.com/gin-gonic/gin"
)
const (
[feature] Add global instance CSS customization setting (#3352) Allow instance admins to add custom CSS that will affect every page of their instance. This is done with a new CustomCSS instance setting that works pretty much exactly like the Users CustomCSS property. This custom CSS is then requested for every page load. User styles/themes take precedence over this CSS. Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-12-02 06:24:48 -05:00
confirmEmailPath = "/" + uris.ConfirmEmailPath
profileGroupPath = "/@:username"
statusPath = "/statuses/:" + apiutil.WebStatusIDKey // leave out the '/@:username' prefix as this will be served within the profile group
tagsPath = "/tags/:" + apiutil.TagNameKey
customCSSPath = profileGroupPath + "/custom.css"
instanceCustomCSSPath = "/custom.css"
rssFeedPath = profileGroupPath + "/feed.rss"
assetsPathPrefix = "/assets"
distPathPrefix = assetsPathPrefix + "/dist"
themesPathPrefix = assetsPathPrefix + "/themes"
settingsPathPrefix = "/settings"
settingsPanelGlob = settingsPathPrefix + "/*panel"
userPanelPath = settingsPathPrefix + "/user"
adminPanelPath = settingsPathPrefix + "/admin"
signupPath = "/signup"
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
[feature] Add opt-in RSS feed for account's latest Public posts (#897) * start adding rss functionality * add gorilla/feeds dependency * first bash at building rss feed still needs work, this is an interim commit * tidy up a bit * add publicOnly option to GetAccountLastPosted * implement rss endpoint * fix test * add initial user docs for rss * update rss logo * docs update * add rssFeed to frontend * feed -> feed.rss * enableRSS * increase rss logo size a lil bit * add rss toggle * move emojify to text package * fiddle with rss feed formatting * add Text field to test statuses * move status to rss item to typeconverter * update bun schema for enablerss * simplify 304 checking * assume account not rss * update tests * update swagger docs * allow more characters in title, trim nicer * update last posted to be more consistent
2022-10-08 14:00:39 +02:00
cacheControlHeader = "Cache-Control" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
cacheControlNoCache = "no-cache" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#response_directives
ifModifiedSinceHeader = "If-Modified-Since" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
ifNoneMatchHeader = "If-None-Match" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match
eTagHeader = "ETag" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
lastModifiedHeader = "Last-Modified" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified
[chore] Refactor HTML templates and CSS (#2480) * [chore] Refactor HTML templates and CSS * eslint * ignore "Local" * rss tests * fiddle with OG just a tiny bit * dick around with polls a bit more so SR stops saying "clickable" * remove break * oh lord * don't lazy load avatar * fix ogmeta tests * clean up some cruft * catch remaining calls to c.HTML * fix error rendering + stack overflow in tag * allow templating attributes * fix indent * set aria-hidden on status complementary content, since it's already present in the label anyway * tidy up templating calls a little * try to make styling a bit more consistent + readable * fix up some remaining CSS issues * fix up reports
2023-12-27 11:23:52 +01:00
[feature] Allow user to choose "gallery" style layout for web view of profile (#3917) * [feature] Allow user to choose "gallery" style web layout * find a bug and squish it up and all day long you'll have good luck * just a sec * [performance] reindex public timeline + tinker with query a bit * fiddling * should be good now * last bit of finagling, i'm done now i prommy * panic normally
2025-03-26 16:59:39 +01:00
cssFA = assetsPathPrefix + "/Fork-Awesome/css/fork-awesome.min.css"
cssAbout = distPathPrefix + "/about.css"
cssIndex = distPathPrefix + "/index.css"
cssLoginInfo = distPathPrefix + "/login-info.css"
cssStatus = distPathPrefix + "/status.css"
cssThread = distPathPrefix + "/thread.css"
cssProfile = distPathPrefix + "/profile.css"
cssProfileGallery = distPathPrefix + "/profile-gallery.css"
cssSettings = distPathPrefix + "/settings-style.css"
cssTag = distPathPrefix + "/tag.css"
[chore] Refactor HTML templates and CSS (#2480) * [chore] Refactor HTML templates and CSS * eslint * ignore "Local" * rss tests * fiddle with OG just a tiny bit * dick around with polls a bit more so SR stops saying "clickable" * remove break * oh lord * don't lazy load avatar * fix ogmeta tests * clean up some cruft * catch remaining calls to c.HTML * fix error rendering + stack overflow in tag * allow templating attributes * fix indent * set aria-hidden on status complementary content, since it's already present in the label anyway * tidy up templating calls a little * try to make styling a bit more consistent + readable * fix up some remaining CSS issues * fix up reports
2023-12-27 11:23:52 +01:00
[chore/frontend] Reorder JS a little bit to avoid visible text changes (#4039)
2025-04-22 12:20:54 +02:00
jsFrontend = distPathPrefix + "/frontend.js" // Progressive enhancement frontend JS.
jsFrontendPrerender = distPathPrefix + "/frontend_prerender.js" // Frontend JS that should run before page renders.
jsSettings = distPathPrefix + "/settings.js" // Settings panel React application.
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
)
type Module struct {
[chore] Deinterface processor and subprocessors (#1501) * [chore] Deinterface processor and subprocessors * expose subprocessors via function calls * missing license header
2023-02-22 16:05:26 +01:00
processor *processing.Processor
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
eTagCache cache.Cache[string, eTagCacheEntry]
[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
cookiePolicy apiutil.CookiePolicy
[performance] retry db queries on busy errors (#2025) * catch SQLITE_BUSY errors, wrap bun.DB to use our own busy retrier, remove unnecessary db.Error type Signed-off-by: kim <grufwub@gmail.com> * remove dead code Signed-off-by: kim <grufwub@gmail.com> * remove more dead code, add missing error arguments Signed-off-by: kim <grufwub@gmail.com> * update sqlite to use maxOpenConns() Signed-off-by: kim <grufwub@gmail.com> * add uncommitted changes Signed-off-by: kim <grufwub@gmail.com> * use direct calls-through for the ConnIface to make sure we don't double query hook Signed-off-by: kim <grufwub@gmail.com> * expose underlying bun.DB better Signed-off-by: kim <grufwub@gmail.com> * retry on the correct busy error Signed-off-by: kim <grufwub@gmail.com> * use longer possible maxRetries for db retry-backoff Signed-off-by: kim <grufwub@gmail.com> * remove the note regarding max-open-conns only applying to postgres Signed-off-by: kim <grufwub@gmail.com> * improved code commenting Signed-off-by: kim <grufwub@gmail.com> * remove unnecessary infof call (just use info) Signed-off-by: kim <grufwub@gmail.com> * rename DBConn to WrappedDB to better follow sql package name conventions Signed-off-by: kim <grufwub@gmail.com> * update test error string checks Signed-off-by: kim <grufwub@gmail.com> * shush linter Signed-off-by: kim <grufwub@gmail.com> * update backoff logic to be more transparent Signed-off-by: kim <grufwub@gmail.com> --------- Signed-off-by: kim <grufwub@gmail.com>
2023-07-25 09:34:05 +01:00
isURIBlocked func(context.Context, *url.URL) (bool, error)
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
}
[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
func New(db db.DB, processor *processing.Processor, cookiePolicy apiutil.CookiePolicy) *Module {
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
return &Module{
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
processor: processor,
eTagCache: newETagCache(),
[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
cookiePolicy: cookiePolicy,
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
isURIBlocked: db.IsURIBlocked,
[feature] Set default header and avatar for API accounts to GtS ones (#799) * validate web-asset-base-dir * move default icons into converter * always ensure avatar + header on api accounts * update tests * add default header * don't return error from web module creation anymore * tidy a bit * use pngs for default avatars rather than svgs
2022-09-04 14:41:42 +02:00
}
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
}
[feature] Use maintenance router to serve 503 while server is starting/migrating (#3705) * [feature] Use maintenance router to serve 503 while server is starting/migrating * love you linter, kissies
2025-01-29 16:57:04 +01:00
// ETagCache implements withETagCache.
func (m *Module) ETagCache() cache.Cache[string, eTagCacheEntry] {
return m.eTagCache
}
// Route attaches the assets filesystem and profile,
// status, and other web handlers to the router.
[feature/performance] Wrap incoming HTTP requests in timeout handler (#2353) * deinterface router, start messing about with deadlines * weeeee * thanks linter (thinter) * write Connection: close when timing out requests * update wording * don't replace req * don't bother with fancy Cause functions (I'll use them one day...)
2023-11-13 19:48:51 +01:00
func (m *Module) Route(r *router.Router, mi ...gin.HandlerFunc) {
[feature] Use maintenance router to serve 503 while server is starting/migrating (#3705) * [feature] Use maintenance router to serve 503 while server is starting/migrating * love you linter, kissies
2025-01-29 16:57:04 +01:00
// Route static assets.
routeAssets(m, r, mi...)
[feature] Add opt-in RSS feed for account's latest Public posts (#897) * start adding rss functionality * add gorilla/feeds dependency * first bash at building rss feed still needs work, this is an interim commit * tidy up a bit * add publicOnly option to GetAccountLastPosted * implement rss endpoint * fix test * add initial user docs for rss * update rss logo * docs update * add rssFeed to frontend * feed -> feed.rss * enableRSS * increase rss logo size a lil bit * add rss toggle * move emojify to text package * fiddle with rss feed formatting * add Text field to test statuses * move status to rss item to typeconverter * update bun schema for enablerss * simplify 304 checking * assume account not rss * update tests * update swagger docs * allow more characters in title, trim nicer * update last posted to be more consistent
2022-10-08 14:00:39 +02:00
[feature] Use maintenance router to serve 503 while server is starting/migrating (#3705) * [feature] Use maintenance router to serve 503 while server is starting/migrating * love you linter, kissies
2025-01-29 16:57:04 +01:00
// Handlers that serve profiles and statuses should use
// the SignatureCheck middleware, so that requests with
[feature] proof of work scraper deterrence (#4043) This adds a proof-of-work based scraper deterrence to GoToSocial's middleware stack on profile and status web pages. Heavily inspired by https://github.com/TecharoHQ/anubis, but massively stripped back for our own usecase. Todo: - ~~add configuration option so this is disabled by default~~ - ~~fix whatever weirdness is preventing this working with CSP (even in debug)~~ - ~~use our standard templating mechanism going through apiutil helper func~~ - ~~probably some absurdly small performance improvements to be made in pooling re-used hex encode / hash encode buffers~~ the web endpoints aren't as hot a path as API / ActivityPub, will leave as-is for now as it is already very minimal and well optimized - ~~verify the cryptographic assumptions re: using a portion of token as challenge data~~ this isn't a serious application of cryptography, if it turns out to be a problem we'll fix it, but it definitely should not be easily possible to guess a SHA256 hash from the first 1/4 of it even if mathematically it might make it a bit easier - ~~theme / make look nice??~~ - ~~add a spinner~~ - ~~add entry in example configuration~~ - ~~add documentation~~ Verification page originally based on https://github.com/LucienV1/powtect Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4043 Reviewed-by: tobi <tsmethurst@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-28 20:12:27 +00:00
// content-type application/activity+json can be served,
// and (if enabled) the nollamas middleware, to protect
// against scraping by shitty LLM bullshit.
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
profileGroup := r.AttachGroup(profileGroupPath)
profileGroup.Use(mi...)
[bugfix] Set Vary header correctly on cache-control (#1988) * [bugfix] Set Vary header correctly on cache-control * Prefer activitypub types on AP endpoints * use immutable on file server, vary by range * vary auth on Accept
2023-07-13 21:27:25 +02:00
profileGroup.Use(middleware.SignatureCheck(m.isURIBlocked), middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"no-store"},
}))
[chore] tweak NoLLaMas proof-of-work algorithm (#4090) # Description - tweaks the NoLLaMas proof-of-work algorithm to further granularity on time spent computing solutions - standardizes GoToSocial cookie security directive setting in a CookiePolicy{} type ## Checklist - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [ ] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4090 Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-29 13:57:26 +00:00
nollamas := middleware.NoLLaMas(m.cookiePolicy, m.processor.InstanceGetV1)
[feature] proof of work scraper deterrence (#4043) This adds a proof-of-work based scraper deterrence to GoToSocial's middleware stack on profile and status web pages. Heavily inspired by https://github.com/TecharoHQ/anubis, but massively stripped back for our own usecase. Todo: - ~~add configuration option so this is disabled by default~~ - ~~fix whatever weirdness is preventing this working with CSP (even in debug)~~ - ~~use our standard templating mechanism going through apiutil helper func~~ - ~~probably some absurdly small performance improvements to be made in pooling re-used hex encode / hash encode buffers~~ the web endpoints aren't as hot a path as API / ActivityPub, will leave as-is for now as it is already very minimal and well optimized - ~~verify the cryptographic assumptions re: using a portion of token as challenge data~~ this isn't a serious application of cryptography, if it turns out to be a problem we'll fix it, but it definitely should not be easily possible to guess a SHA256 hash from the first 1/4 of it even if mathematically it might make it a bit easier - ~~theme / make look nice??~~ - ~~add a spinner~~ - ~~add entry in example configuration~~ - ~~add documentation~~ Verification page originally based on https://github.com/LucienV1/powtect Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4043 Reviewed-by: tobi <tsmethurst@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-04-28 20:12:27 +00:00
profileGroup.Use(nollamas)
[bugfix] Use SignatureCheck middleware for web profile endpoints too (#1451)
2023-02-07 14:57:09 +01:00
profileGroup.Handle(http.MethodGet, "", m.profileGETHandler) // use empty path here since it's the base of the group
profileGroup.Handle(http.MethodGet, statusPath, m.threadGETHandler)
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
[feature] Use `X-Robots-Tag` headers to instruct scrapers/crawlers (#3737) * [feature] Use `X-Robots-Tag` headers to instruct scrapers/crawlers * use switch for RobotsHeaders
2025-02-05 12:47:13 +01:00
// Group for all other web handlers.
everythingElseGroup := r.AttachGroup("")
everythingElseGroup.Use(mi...)
everythingElseGroup.Handle(http.MethodGet, "/", m.indexHandler) // front-page
everythingElseGroup.Handle(http.MethodGet, settingsPathPrefix, m.SettingsPanelHandler)
everythingElseGroup.Handle(http.MethodGet, settingsPanelGlob, m.SettingsPanelHandler)
everythingElseGroup.Handle(http.MethodGet, customCSSPath, m.customCSSGETHandler)
everythingElseGroup.Handle(http.MethodGet, instanceCustomCSSPath, m.instanceCustomCSSGETHandler)
everythingElseGroup.Handle(http.MethodGet, rssFeedPath, m.rssFeedGETHandler)
everythingElseGroup.Handle(http.MethodGet, confirmEmailPath, m.confirmEmailGETHandler)
everythingElseGroup.Handle(http.MethodPost, confirmEmailPath, m.confirmEmailPOSTHandler)
everythingElseGroup.Handle(http.MethodGet, aboutPath, m.aboutGETHandler)
everythingElseGroup.Handle(http.MethodGet, loginPath, m.loginGETHandler)
everythingElseGroup.Handle(http.MethodGet, domainBlockListPath, m.domainBlockListGETHandler)
everythingElseGroup.Handle(http.MethodGet, tagsPath, m.tagGETHandler)
everythingElseGroup.Handle(http.MethodGet, signupPath, m.signupGETHandler)
everythingElseGroup.Handle(http.MethodPost, signupPath, m.signupPOSTHandler)
[feature] Public list of suspended domains (#1362) * basic rendered domain blocklist (unauthenticated!) * style basic domain block list * better formatting for domain blocklist * add opt-in config option for showing suspended domains * format/linter * re-use InstancePeersGet for web-accessible domain blocklist * reword explanation, border styling * always attach blocklist handler, update error message * domain blocklist error message grammar
2023-01-25 18:06:41 +01:00
[feature] Use `X-Robots-Tag` headers to instruct scrapers/crawlers (#3737) * [feature] Use `X-Robots-Tag` headers to instruct scrapers/crawlers * use switch for RobotsHeaders
2025-02-05 12:47:13 +01:00
// Redirects from old endpoints for back compat.
[chore] The Big Middleware and API Refactor (tm) (#1250) * interim commit: start refactoring middlewares into package under router * another interim commit, this is becoming a big job * another fucking massive interim commit * refactor bookmarks to new style * ambassador, wiz zeze commits you are spoiling uz * she compiles, we're getting there * we're just normal men; we're just innocent men * apiutil * whoopsie * i'm glad noone reads commit msgs haha :blob_sweat: * use that weirdo go-bytesize library for maxMultipartMemory * fix media module paths
2023-01-02 13:10:50 +01:00
r.AttachHandler(http.MethodGet, "/auth/edit", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelPath) })
r.AttachHandler(http.MethodGet, "/user", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelPath) })
r.AttachHandler(http.MethodGet, "/admin", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, adminPanelPath) })
[feature] Implement `cache-control` and etags for static assets (#711) * start working on etag stuff * add + use cache middleware * generate etags on the fly * remove unused field * clean up filepath * add license headers to cache files * add attachgroup function to router interface * move cache into web module * rename a couple things * remove attachStaticFS function from router * rename + tidy up a few things * mount assets filesystem * create assetsFileInfoCache * update comment * simplify hash * fix string fmt * skip last mod chk, prefer strong etags w/long cache * move base handler to its own file this matches the modules in the api folder * generate new etag if file was modified * wrap strong etag in quotation marks as per spec * clarify logic in avatar search * make hashing a little niftier
2022-07-18 12:55:06 +02:00
}
Reference in a new issue Copy permalink