[chore] The Big Middleware and API Refactor (tm) (#1250)

* interim commit: start refactoring middlewares into package under router * another interim commit, this is becoming a big job * another fucking massive interim commit * refactor bookmarks to new style * ambassador, wiz zeze commits you are spoiling uz * she compiles, we're getting there * we're just normal men; we're just innocent men * apiutil * whoopsie * i'm glad noone reads commit msgs haha :blob_sweat: * use that weirdo go-bytesize library for maxMultipartMemory * fix media module paths
2025-10-29 07:22:24 -05:00 · 2023-01-02 13:10:50 +01:00 · 2023-01-02 13:10:50 +01:00 · 941893a774
commit 941893a774
parent 560ff1209d
228 changed files with 3188 additions and 3047 deletions
--- a/internal/web/assets.go
+++ b/internal/web/assets.go
@ -22,11 +22,9 @@ import (
 	"fmt"
 	"net/http"
 	"path"
-	"path/filepath"
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 )

@ -53,22 +51,6 @@ func (fs fileSystem) Open(path string) (http.File, error) {
 	return f, nil
 }

-func (m *Module) mountAssetsFilesystem(group *gin.RouterGroup) {
-	webAssetsAbsFilePath, err := filepath.Abs(config.GetWebAssetBaseDir())
-	if err != nil {
-		log.Panicf("mountAssetsFilesystem: error getting absolute path of assets dir: %s", err)
-	}
-
-	fs := fileSystem{http.Dir(webAssetsAbsFilePath)}
-
-	// use the cache middleware on all handlers in this group
-	group.Use(m.assetsCacheControlMiddleware(fs))
-
-	// serve static file system in the root of this group,
-	// will end up being something like "/assets/"
-	group.StaticFS("/", fs)
-}
-
 // getAssetFileInfo tries to fetch the ETag for the given filePath from the module's
 // assetsETagCache. If it can't be found there, it uses the provided http.FileSystem
 // to generate a new ETag to go in the cache, which it then returns.
@ -115,6 +97,9 @@ func (m *Module) getAssetETag(filePath string, fs http.FileSystem) (string, erro
 //
 // See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match
 // and: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+//
+// todo: move this middleware out of the 'web' package and into the 'middleware'
+// package along with the other middlewares
 func (m *Module) assetsCacheControlMiddleware(fs http.FileSystem) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// set this Cache-Control header to instruct clients to validate the response with us
--- a/internal/web/base.go
+++ b/internal/web/base.go
@ -23,7 +23,7 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 )
@ -39,7 +39,7 @@ func (m *Module) baseHandler(c *gin.Context) {
 	host := config.GetHost()
 	instance, err := m.processor.InstanceGet(c.Request.Context(), host)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 		return
 	}

--- a/internal/web/confirmemail.go
+++ b/internal/web/confirmemail.go
@ -23,7 +23,7 @@ import (
 	"net/http"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 )
@ -34,20 +34,20 @@ func (m *Module) confirmEmailGETHandler(c *gin.Context) {
 	// if there's no token in the query, just serve the 404 web handler
 	token := c.Query(tokenParam)
 	if token == "" {
-		api.ErrorHandler(c, gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))), m.processor.InstanceGet)
 		return
 	}

 	user, errWithCode := m.processor.UserConfirmEmail(ctx, token)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 		return
 	}

 	host := config.GetHost()
 	instance, err := m.processor.InstanceGet(ctx, host)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 		return
 	}

--- a/internal/web/customcss.go
+++ b/internal/web/customcss.go
@ -24,22 +24,22 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 )

-const textCSSUTF8 = string(api.TextCSS + "; charset=utf-8")
+const textCSSUTF8 = string(apiutil.TextCSS + "; charset=utf-8")

 func (m *Module) customCSSGETHandler(c *gin.Context) {
 	if !config.GetAccountsAllowCustomCSS() {
 		err := errors.New("accounts-allow-custom-css is not enabled on this instance")
-		api.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGet)
 		return
 	}

-	if _, err := api.NegotiateAccept(c, api.TextCSS); err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet)
+	if _, err := apiutil.NegotiateAccept(c, apiutil.TextCSS); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

@ -47,13 +47,13 @@ func (m *Module) customCSSGETHandler(c *gin.Context) {
 	username := strings.ToLower(c.Param(usernameKey))
 	if username == "" {
 		err := errors.New("no account username specified")
-		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

 	customCSS, errWithCode := m.processor.AccountGetCustomCSSForUsername(c.Request.Context(), username)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 		return
 	}

--- a/internal/web/profile.go
+++ b/internal/web/profile.go
@ -28,8 +28,8 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
@ -45,21 +45,21 @@ func (m *Module) profileGETHandler(c *gin.Context) {

 	authed, err := oauth.Authed(c, false, false, false, false)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

 	username := strings.ToLower(c.Param(usernameKey))
 	if username == "" {
 		err := errors.New("no account username specified")
-		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

 	host := config.GetHost()
 	instance, err := m.processor.InstanceGet(ctx, host)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 		return
 	}

@ -69,14 +69,14 @@ func (m *Module) profileGETHandler(c *gin.Context) {

 	account, errWithCode := m.processor.AccountGetLocalByUsername(ctx, authed, username)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, instanceGet)
+		apiutil.ErrorHandler(c, errWithCode, instanceGet)
 		return
 	}

 	// if we're getting an AP request on this endpoint we
 	// should render the account's AP representation instead
-	accept := c.NegotiateFormat(string(api.TextHTML), string(api.AppActivityJSON), string(api.AppActivityLDJSON))
-	if accept == string(api.AppActivityJSON) || accept == string(api.AppActivityLDJSON) {
+	accept := c.NegotiateFormat(string(apiutil.TextHTML), string(apiutil.AppActivityJSON), string(apiutil.AppActivityLDJSON))
+	if accept == string(apiutil.AppActivityJSON) || accept == string(apiutil.AppActivityLDJSON) {
 		m.returnAPProfile(ctx, c, username, accept)
 		return
 	}
@ -89,7 +89,7 @@ func (m *Module) profileGETHandler(c *gin.Context) {
 	// only allow search engines / robots to view this page if account is discoverable
 	var robotsMeta string
 	if account.Discoverable {
-		robotsMeta = robotsAllowSome
+		robotsMeta = robotsMetaAllowSome
 	}

 	// we should only show the 'back to top' button if the
@ -105,7 +105,7 @@ func (m *Module) profileGETHandler(c *gin.Context) {

 	statusResp, errWithCode := m.processor.AccountWebStatusesGet(ctx, account.ID, maxStatusID)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, instanceGet)
+		apiutil.ErrorHandler(c, errWithCode, instanceGet)
 		return
 	}

@ -145,14 +145,14 @@ func (m *Module) returnAPProfile(ctx context.Context, c *gin.Context, username s

 	user, errWithCode := m.processor.GetFediUser(ctx, username, c.Request.URL)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) //nolint:contextcheck
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet) //nolint:contextcheck
 		return
 	}

 	b, mErr := json.Marshal(user)
 	if mErr != nil {
 		err := fmt.Errorf("could not marshal json: %s", mErr)
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet) //nolint:contextcheck
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet) //nolint:contextcheck
 		return
 	}

--- a/internal/web/robots.go
+++ b/internal/web/robots.go
@ -18,7 +18,45 @@

 package web

-// https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag#robotsmeta
-const (
-	robotsAllowSome = "nofollow, noarchive, nositelinkssearchbox, max-image-preview:standard"
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
 )
+
+const (
+	robotsPath          = "/robots.txt"
+	robotsMetaAllowSome = "nofollow, noarchive, nositelinkssearchbox, max-image-preview:standard" // https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag#robotsmeta
+	robotsTxt           = `# GoToSocial robots.txt -- to edit, see internal/web/robots.go
+# more info @ https://developers.google.com/search/docs/crawling-indexing/robots/intro
+User-agent: *
+Crawl-delay: 500
+# api stuff
+Disallow: /api/
+# auth/login stuff
+Disallow: /auth/
+Disallow: /oauth/
+Disallow: /check_your_email
+Disallow: /wait_for_approval
+Disallow: /account_disabled
+# well known stuff
+Disallow: /.well-known/
+# files
+Disallow: /fileserver/
+# s2s AP stuff
+Disallow: /users/
+Disallow: /emoji/
+# panels
+Disallow: /admin
+Disallow: /user
+Disallow: /settings/`
+)
+
+// robotsGETHandler returns a decent robots.txt that prevents crawling
+// the api, auth pages, settings pages, etc.
+//
+// More granular robots meta tags are then applied for web pages
+// depending on user preferences (see internal/web).
+func (m *Module) robotsGETHandler(c *gin.Context) {
+	c.String(http.StatusOK, robotsTxt)
+}
--- a/internal/web/rss.go
+++ b/internal/web/rss.go
@ -27,12 +27,12 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 )

-const appRSSUTF8 = string(api.AppRSSXML + "; charset=utf-8")
+const appRSSUTF8 = string(apiutil.AppRSSXML + "; charset=utf-8")

 func (m *Module) GetRSSETag(urlPath string, lastModified time.Time, getRSSFeed func() (string, gtserror.WithCode)) (string, error) {
 	if cachedETag, ok := m.eTagCache.Get(urlPath); ok && !lastModified.After(cachedETag.lastModified) {
@ -81,8 +81,8 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) {
 	c.Header(cacheControlHeader, cacheControlNoCache)
 	ctx := c.Request.Context()

-	if _, err := api.NegotiateAccept(c, api.AppRSSXML); err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet)
+	if _, err := apiutil.NegotiateAccept(c, apiutil.AppRSSXML); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

@ -90,7 +90,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) {
 	username := strings.ToLower(c.Param(usernameKey))
 	if username == "" {
 		err := errors.New("no account username specified")
-		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

@ -99,7 +99,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) {

 	getRssFeed, accountLastPostedPublic, errWithCode := m.processor.AccountGetRSSFeedForUsername(ctx, username)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 		return
 	}

@ -111,13 +111,13 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) {
 		// we either have no cache entry for this, or we have an expired cache entry; generate a new one
 		rssFeed, errWithCode = getRssFeed()
 		if errWithCode != nil {
-			api.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
+			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 			return
 		}

 		eTag, err := generateEtag(bytes.NewBufferString(rssFeed))
 		if err != nil {
-			api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+			apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 			return
 		}

@ -145,7 +145,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) {
 		// we had a cache entry already so we didn't call to get the rss feed yet
 		rssFeed, errWithCode = getRssFeed()
 		if errWithCode != nil {
-			api.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
+			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 			return
 		}
 	}
--- a/internal/web/settings-panel.go
+++ b/internal/web/settings-panel.go
@ -22,7 +22,7 @@ import (
 	"net/http"

 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 )
@ -31,7 +31,7 @@ func (m *Module) SettingsPanelHandler(c *gin.Context) {
 	host := config.GetHost()
 	instance, err := m.processor.InstanceGet(c.Request.Context(), host)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 		return
 	}

--- a/internal/web/thread.go
+++ b/internal/web/thread.go
@ -28,8 +28,8 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
@ -40,7 +40,7 @@ func (m *Module) threadGETHandler(c *gin.Context) {

 	authed, err := oauth.Authed(c, false, false, false, false)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

@ -48,7 +48,7 @@ func (m *Module) threadGETHandler(c *gin.Context) {
 	username := strings.ToLower(c.Param(usernameKey))
 	if username == "" {
 		err := errors.New("no account username specified")
-		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

@ -56,14 +56,14 @@ func (m *Module) threadGETHandler(c *gin.Context) {
 	statusID := strings.ToUpper(c.Param(statusIDKey))
 	if statusID == "" {
 		err := errors.New("no status id specified")
-		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}

 	host := config.GetHost()
 	instance, err := m.processor.InstanceGet(ctx, host)
 	if err != nil {
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet)
 		return
 	}

@ -74,33 +74,33 @@ func (m *Module) threadGETHandler(c *gin.Context) {
 	// do this check to make sure the status is actually from a local account,
 	// we shouldn't render threads from statuses that don't belong to us!
 	if _, errWithCode := m.processor.AccountGetLocalByUsername(ctx, authed, username); errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, instanceGet)
+		apiutil.ErrorHandler(c, errWithCode, instanceGet)
 		return
 	}

 	status, errWithCode := m.processor.StatusGet(ctx, authed, statusID)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, instanceGet)
+		apiutil.ErrorHandler(c, errWithCode, instanceGet)
 		return
 	}

 	if !strings.EqualFold(username, status.Account.Username) {
 		err := gtserror.NewErrorNotFound(errors.New("path username not equal to status author username"))
-		api.ErrorHandler(c, gtserror.NewErrorNotFound(err), instanceGet)
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), instanceGet)
 		return
 	}

 	// if we're getting an AP request on this endpoint we
 	// should render the status's AP representation instead
-	accept := c.NegotiateFormat(string(api.TextHTML), string(api.AppActivityJSON), string(api.AppActivityLDJSON))
-	if accept == string(api.AppActivityJSON) || accept == string(api.AppActivityLDJSON) {
+	accept := c.NegotiateFormat(string(apiutil.TextHTML), string(apiutil.AppActivityJSON), string(apiutil.AppActivityLDJSON))
+	if accept == string(apiutil.AppActivityJSON) || accept == string(apiutil.AppActivityLDJSON) {
 		m.returnAPStatus(ctx, c, username, statusID, accept)
 		return
 	}

 	context, errWithCode := m.processor.StatusGetContext(ctx, authed, statusID)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, instanceGet)
+		apiutil.ErrorHandler(c, errWithCode, instanceGet)
 		return
 	}

@ -135,14 +135,14 @@ func (m *Module) returnAPStatus(ctx context.Context, c *gin.Context, username st

 	status, errWithCode := m.processor.GetFediStatus(ctx, username, statusID, c.Request.URL)
 	if errWithCode != nil {
-		api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) //nolint:contextcheck
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet) //nolint:contextcheck
 		return
 	}

 	b, mErr := json.Marshal(status)
 	if mErr != nil {
 		err := fmt.Errorf("could not marshal json: %s", mErr)
-		api.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet) //nolint:contextcheck
+		apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGet) //nolint:contextcheck
 		return
 	}

--- a/internal/web/web.go
+++ b/internal/web/web.go
@ -19,28 +19,30 @@
 package web

 import (
-	"errors"
 	"net/http"
+	"path/filepath"

 	"codeberg.org/gruf/go-cache/v3"
 	"github.com/gin-gonic/gin"
-	"github.com/superseriousbusiness/gotosocial/internal/api"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 	"github.com/superseriousbusiness/gotosocial/internal/router"
 	"github.com/superseriousbusiness/gotosocial/internal/uris"
 )

 const (
-	confirmEmailPath = "/" + uris.ConfirmEmailPath
-	profilePath      = "/@:" + usernameKey
-	customCSSPath    = profilePath + "/custom.css"
-	rssFeedPath      = profilePath + "/feed.rss"
-	statusPath       = profilePath + "/statuses/:" + statusIDKey
-	assetsPathPrefix = "/assets"
-	distPathPrefix   = assetsPathPrefix + "/dist"
-	userPanelPath    = "/settings/user"
-	adminPanelPath   = "/settings/admin"
+	confirmEmailPath   = "/" + uris.ConfirmEmailPath
+	profilePath        = "/@:" + usernameKey
+	customCSSPath      = profilePath + "/custom.css"
+	rssFeedPath        = profilePath + "/feed.rss"
+	statusPath         = profilePath + "/statuses/:" + statusIDKey
+	assetsPathPrefix   = "/assets"
+	distPathPrefix     = assetsPathPrefix + "/dist"
+	settingsPathPrefix = "/settings"
+	settingsPanelGlob  = settingsPathPrefix + "/*panel"
+	userPanelPath      = settingsPathPrefix + "/user"
+	adminPanelPath     = settingsPathPrefix + "/admin"

 	tokenParam  = "token"
 	usernameKey = "username"
@ -54,67 +56,54 @@ const (
 	lastModifiedHeader    = "Last-Modified"     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified
 )

-// Module implements the api.ClientModule interface for web pages.
 type Module struct {
 	processor processing.Processor
 	eTagCache cache.Cache[string, eTagCacheEntry]
 }

-// New returns a new api.ClientModule for web pages.
-func New(processor processing.Processor) api.ClientModule {
+func New(processor processing.Processor) *Module {
 	return &Module{
 		processor: processor,
 		eTagCache: newETagCache(),
 	}
 }

-// Route satisfies the RESTAPIModule interface
-func (m *Module) Route(s router.Router) error {
+func (m *Module) Route(r router.Router) {
 	// serve static files from assets dir at /assets
-	assetsGroup := s.AttachGroup(assetsPathPrefix)
-	m.mountAssetsFilesystem(assetsGroup)
+	assetsGroup := r.AttachGroup(assetsPathPrefix)
+	webAssetsAbsFilePath, err := filepath.Abs(config.GetWebAssetBaseDir())
+	if err != nil {
+		log.Panicf("error getting absolute path of assets dir: %s", err)
+	}

-	s.AttachHandler(http.MethodGet, "/settings", m.SettingsPanelHandler)
-	s.AttachHandler(http.MethodGet, "/settings/*panel", m.SettingsPanelHandler)
+	fs := fileSystem{http.Dir(webAssetsAbsFilePath)}

-	// User panel redirects
-	// used by clients
-	s.AttachHandler(http.MethodGet, "/auth/edit", func(c *gin.Context) {
-		c.Redirect(http.StatusMovedPermanently, userPanelPath)
-	})
+	// use the cache middleware on all handlers in this group
+	assetsGroup.Use(m.assetsCacheControlMiddleware(fs))

-	// old version of settings panel
-	s.AttachHandler(http.MethodGet, "/user", func(c *gin.Context) {
-		c.Redirect(http.StatusMovedPermanently, userPanelPath)
-	})
+	// serve static file system in the root of this group,
+	// will end up being something like "/assets/"
+	assetsGroup.StaticFS("/", fs)

-	// Admin panel redirects
-	// old version of settings panel
-	s.AttachHandler(http.MethodGet, "/admin", func(c *gin.Context) {
-		c.Redirect(http.StatusMovedPermanently, adminPanelPath)
-	})
+	/*
+		Attach individual web handlers which require no specific middlewares
+	*/

-	// serve front-page
-	s.AttachHandler(http.MethodGet, "/", m.baseHandler)
+	r.AttachHandler(http.MethodGet, "/", m.baseHandler) // front-page
+	r.AttachHandler(http.MethodGet, settingsPathPrefix, m.SettingsPanelHandler)
+	r.AttachHandler(http.MethodGet, settingsPanelGlob, m.SettingsPanelHandler)
+	r.AttachHandler(http.MethodGet, profilePath, m.profileGETHandler)
+	r.AttachHandler(http.MethodGet, customCSSPath, m.customCSSGETHandler)
+	r.AttachHandler(http.MethodGet, rssFeedPath, m.rssFeedGETHandler)
+	r.AttachHandler(http.MethodGet, statusPath, m.threadGETHandler)
+	r.AttachHandler(http.MethodGet, confirmEmailPath, m.confirmEmailGETHandler)
+	r.AttachHandler(http.MethodGet, robotsPath, m.robotsGETHandler)

-	// serve profile pages at /@username
-	s.AttachHandler(http.MethodGet, profilePath, m.profileGETHandler)
+	/*
+		Attach redirects from old endpoints to current ones for backwards compatibility
+	*/

-	// serve custom css at /@username/custom.css
-	s.AttachHandler(http.MethodGet, customCSSPath, m.customCSSGETHandler)
-
-	s.AttachHandler(http.MethodGet, rssFeedPath, m.rssFeedGETHandler)
-
-	// serve statuses
-	s.AttachHandler(http.MethodGet, statusPath, m.threadGETHandler)
-
-	// serve email confirmation page at /confirm_email?token=whatever
-	s.AttachHandler(http.MethodGet, confirmEmailPath, m.confirmEmailGETHandler)
-
-	// 404 handler
-	s.AttachNoRouteHandler(func(c *gin.Context) {
-		api.ErrorHandler(c, gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))), m.processor.InstanceGet)
-	})
-
-	return nil
+	r.AttachHandler(http.MethodGet, "/auth/edit", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelPath) })
+	r.AttachHandler(http.MethodGet, "/user", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelPath) })
+	r.AttachHandler(http.MethodGet, "/admin", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, adminPanelPath) })
 }