gotosocial/internal/api/security/security.go

/*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package security

import (
	"net/http"

	"github.com/superseriousbusiness/gotosocial/internal/api"
	"github.com/superseriousbusiness/gotosocial/internal/db"
	"github.com/superseriousbusiness/gotosocial/internal/oauth"
	"github.com/superseriousbusiness/gotosocial/internal/router"
)

const robotsPath = "/robots.txt"

// Module implements the ClientAPIModule interface for security middleware
type Module struct {
	db     db.DB
	server oauth.Server
}

// New returns a new security module
func New(db db.DB, server oauth.Server) api.ClientModule {
	return &Module{
		db:     db,
		server: server,
	}
}

// Route attaches security middleware to the given router
func (m *Module) Route(s router.Router) error {
	s.AttachMiddleware(m.SignatureCheck)
	s.AttachMiddleware(m.FlocBlock)
	s.AttachMiddleware(m.ExtraHeaders)
	s.AttachMiddleware(m.UserAgentBlock)
	s.AttachMiddleware(m.TokenCheck)
	s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)
	return nil
}
bits n bobs 2021-03-01 15:41:43 +01:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 19:42:19 +02:00			`package security`

			`import (`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`"net/http"`

Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/api"`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/db"`
Require confirmed email when checking oauth token (#332) * move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token 2021-11-27 14:53:34 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/oauth"`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 19:42:19 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/router"`
			`)`

Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`const robotsPath = "/robots.txt"`

linting + organizing 2021-04-20 18:14:23 +02:00			`// Module implements the ClientAPIModule interface for security middleware`
			`type Module struct {`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`db db.DB`
Require confirmed email when checking oauth token (#332) * move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token 2021-11-27 14:53:34 +01:00			`server oauth.Server`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 19:42:19 +02:00			`}`

			`// New returns a new security module`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`func New(db db.DB, server oauth.Server) api.ClientModule {`
linting + organizing 2021-04-20 18:14:23 +02:00			`return &Module{`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`db: db,`
Require confirmed email when checking oauth token (#332) * move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token 2021-11-27 14:53:34 +01:00			`server: server,`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 19:42:19 +02:00			`}`
			`}`

linting + organizing 2021-04-20 18:14:23 +02:00			`// Route attaches security middleware to the given router`
			`func (m *Module) Route(s router.Router) error {`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`s.AttachMiddleware(m.SignatureCheck)`
linting + organizing 2021-04-20 18:14:23 +02:00			`s.AttachMiddleware(m.FlocBlock)`
Inbox post (#22) Inbox POST from federated servers now working for statuses and follow requests. Follow request client API added. Start work on federating outgoing messages. Other fixes and changes/tidying up. 2021-05-15 11:58:11 +02:00			`s.AttachMiddleware(m.ExtraHeaders)`
Follows and relationships (#27) * Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions. 2021-05-21 15:48:26 +02:00			`s.AttachMiddleware(m.UserAgentBlock)`
Require confirmed email when checking oauth token (#332) * move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token 2021-11-27 14:53:34 +01:00			`s.AttachMiddleware(m.TokenCheck)`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 19:42:19 +02:00			`return nil`
			`}`