Compare commits
10 Commits
81bdc7c705
...
f4881e7267
Author | SHA1 | Date |
---|---|---|
r | f4881e7267 | |
r | 597cfc6b1e | |
r | 9b053e32ec | |
r | 67b13c71ba | |
r | ed521dd33d | |
r | 927072e26a | |
r | c7f40c1e15 | |
r | d297eb5658 | |
r | b83a00aa2c | |
r | df031d5edd |
|
@ -38,5 +38,4 @@ post_formats=PlainText:text/plain,HTML:text/html,Markdown:text/markdown,BBCode:t
|
|||
# single_instance=pl.mydomain.com
|
||||
|
||||
# Path to custom CSS. Value can be a file path relative to the static directory.
|
||||
# or a URL starting with either "http://" or "https://".
|
||||
# custom_css=custom.css
|
||||
|
|
9
main.go
9
main.go
|
@ -8,7 +8,6 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"bloat/config"
|
||||
"bloat/renderer"
|
||||
|
@ -47,14 +46,8 @@ func main() {
|
|||
errExit(err)
|
||||
}
|
||||
|
||||
customCSS := config.CustomCSS
|
||||
if len(customCSS) > 0 && !strings.HasPrefix(customCSS, "http://") &&
|
||||
!strings.HasPrefix(customCSS, "https://") {
|
||||
customCSS = "/static/" + customCSS
|
||||
}
|
||||
|
||||
s := service.NewService(config.ClientName, config.ClientScope,
|
||||
config.ClientWebsite, customCSS, config.SingleInstance,
|
||||
config.ClientWebsite, config.CustomCSS, config.SingleInstance,
|
||||
config.PostFormats, renderer)
|
||||
handler := service.NewHandler(s, *verbose, config.StaticDirectory)
|
||||
|
||||
|
|
|
@ -2,18 +2,14 @@
|
|||
package mastodon
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"mime/multipart"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/tomnomnom/linkheader"
|
||||
|
@ -61,83 +57,6 @@ func (c *Client) doAPI(ctx context.Context, method string, uri string, params in
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else if file, ok := params.(string); ok {
|
||||
f, err := os.Open(file)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
var buf bytes.Buffer
|
||||
mw := multipart.NewWriter(&buf)
|
||||
part, err := mw.CreateFormFile("file", filepath.Base(file))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = io.Copy(part, f)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = mw.Close()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req, err = http.NewRequest(method, u.String(), &buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ct = mw.FormDataContentType()
|
||||
} else if file, ok := params.(*multipart.FileHeader); ok {
|
||||
f, err := file.Open()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
var buf bytes.Buffer
|
||||
mw := multipart.NewWriter(&buf)
|
||||
fname := filepath.Base(file.Filename)
|
||||
err = mw.WriteField("description", fname)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
part, err := mw.CreateFormFile("file", fname)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = io.Copy(part, f)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = mw.Close()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req, err = http.NewRequest(method, u.String(), &buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ct = mw.FormDataContentType()
|
||||
} else if reader, ok := params.(io.Reader); ok {
|
||||
var buf bytes.Buffer
|
||||
mw := multipart.NewWriter(&buf)
|
||||
part, err := mw.CreateFormFile("file", "upload")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = io.Copy(part, reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = mw.Close()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req, err = http.NewRequest(method, u.String(), &buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ct = mw.FormDataContentType()
|
||||
} else if mr, ok := params.(*multipartRequest); ok {
|
||||
req, err = http.NewRequest(method, u.String(), mr.Data)
|
||||
if err != nil {
|
||||
|
@ -219,6 +138,16 @@ func (c *Client) AuthenticateToken(ctx context.Context, authCode, redirectURI st
|
|||
return c.authenticate(ctx, params)
|
||||
}
|
||||
|
||||
func (c *Client) RevokeToken(ctx context.Context) error {
|
||||
params := url.Values{
|
||||
"client_id": {c.config.ClientID},
|
||||
"client_secret": {c.config.ClientSecret},
|
||||
"token": {c.GetAccessToken(ctx)},
|
||||
}
|
||||
|
||||
return c.doAPI(ctx, http.MethodPost, "/oauth/revoke", params, nil, nil)
|
||||
}
|
||||
|
||||
func (c *Client) authenticate(ctx context.Context, params url.Values) error {
|
||||
u, err := url.Parse(c.config.Server)
|
||||
if err != nil {
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
package mastodon
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"mime/multipart"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path/filepath"
|
||||
"time"
|
||||
)
|
||||
|
||||
|
@ -293,30 +295,35 @@ func (c *Client) Search(ctx context.Context, q string, qType string, limit int,
|
|||
return &results, nil
|
||||
}
|
||||
|
||||
// UploadMedia upload a media attachment from a file.
|
||||
func (c *Client) UploadMedia(ctx context.Context, file string) (*Attachment, error) {
|
||||
var attachment Attachment
|
||||
err := c.doAPI(ctx, http.MethodPost, "/api/v1/media", file, &attachment, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &attachment, nil
|
||||
}
|
||||
|
||||
// UploadMediaFromReader uploads a media attachment from a io.Reader.
|
||||
func (c *Client) UploadMediaFromReader(ctx context.Context, reader io.Reader) (*Attachment, error) {
|
||||
var attachment Attachment
|
||||
err := c.doAPI(ctx, http.MethodPost, "/api/v1/media", reader, &attachment, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &attachment, nil
|
||||
}
|
||||
|
||||
// UploadMediaFromReader uploads a media attachment from a io.Reader.
|
||||
func (c *Client) UploadMediaFromMultipartFileHeader(ctx context.Context, fh *multipart.FileHeader) (*Attachment, error) {
|
||||
f, err := fh.Open()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
var buf bytes.Buffer
|
||||
mw := multipart.NewWriter(&buf)
|
||||
fname := filepath.Base(fh.Filename)
|
||||
err = mw.WriteField("description", fname)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
part, err := mw.CreateFormFile("file", fname)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
_, err = io.Copy(part, f)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = mw.Close()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
params := &multipartRequest{Data: &buf, ContentType: mw.FormDataContentType()}
|
||||
var attachment Attachment
|
||||
err := c.doAPI(ctx, http.MethodPost, "/api/v1/media", fh, &attachment, nil)
|
||||
err = c.doAPI(ctx, http.MethodPost, "/api/v1/media", params, &attachment, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package model
|
||||
|
||||
type Session struct {
|
||||
ID string `json:"id,omitempty"`
|
||||
UserID string `json:"uid,omitempty"`
|
||||
Instance string `json:"ins,omitempty"`
|
||||
ClientID string `json:"cid,omitempty"`
|
||||
|
@ -28,6 +27,7 @@ type Settings struct {
|
|||
AntiDopamineMode bool `json:"adm,omitempty"`
|
||||
HideUnsupportedNotifs bool `json:"hun,omitempty"`
|
||||
CSS string `json:"css,omitempty"`
|
||||
CSSHash string `json:"cssh,omitempty"`
|
||||
}
|
||||
|
||||
func NewSettings() *Settings {
|
||||
|
@ -44,5 +44,6 @@ func NewSettings() *Settings {
|
|||
AntiDopamineMode: false,
|
||||
HideUnsupportedNotifs: false,
|
||||
CSS: "",
|
||||
CSSHash: "",
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,6 +34,8 @@ func (c *client) setSession(sess *model.Session) error {
|
|||
}
|
||||
http.SetCookie(c.w, &http.Cookie{
|
||||
Name: "session",
|
||||
Path: "/",
|
||||
HttpOnly: true,
|
||||
Value: sb.String(),
|
||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||
})
|
||||
|
@ -53,6 +55,7 @@ func (c *client) getSession() (sess *model.Session, err error) {
|
|||
func (c *client) unsetSession() {
|
||||
http.SetCookie(c.w, &http.Cookie{
|
||||
Name: "session",
|
||||
Path: "/",
|
||||
Value: "",
|
||||
Expires: time.Now(),
|
||||
})
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
package service
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"mime/multipart"
|
||||
|
@ -840,10 +842,6 @@ func (s *service) NewSession(c *client, instance string) (rurl string, sess *mod
|
|||
instanceURL = "https://" + instance
|
||||
}
|
||||
|
||||
sid, err := util.NewSessionID()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
csrf, err := util.NewCSRFToken()
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -859,28 +857,14 @@ func (s *service) NewSession(c *client, instance string) (rurl string, sess *mod
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
rurl = app.AuthURI
|
||||
sess = &model.Session{
|
||||
ID: sid,
|
||||
Instance: instance,
|
||||
ClientID: app.ClientID,
|
||||
ClientSecret: app.ClientSecret,
|
||||
CSRFToken: csrf,
|
||||
Settings: *model.NewSettings(),
|
||||
}
|
||||
|
||||
u, err := url.Parse("/oauth/authorize")
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
q := make(url.Values)
|
||||
q.Set("scope", "read write follow")
|
||||
q.Set("client_id", app.ClientID)
|
||||
q.Set("response_type", "code")
|
||||
q.Set("redirect_uri", s.cwebsite+"/oauth_callback")
|
||||
u.RawQuery = q.Encode()
|
||||
|
||||
rurl = instanceURL + u.String()
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -902,6 +886,10 @@ func (s *service) Signin(c *client, code string) (err error) {
|
|||
return c.setSession(c.s)
|
||||
}
|
||||
|
||||
func (s *service) Signout(c *client) (err error) {
|
||||
return c.RevokeToken(c.ctx)
|
||||
}
|
||||
|
||||
func (s *service) Post(c *client, content string, replyToID string,
|
||||
format string, visibility string, isNSFW bool,
|
||||
files []*multipart.FileHeader) (id string, err error) {
|
||||
|
@ -1028,9 +1016,19 @@ func (s *service) SaveSettings(c *client, settings *model.Settings) (err error)
|
|||
default:
|
||||
return errInvalidArgument
|
||||
}
|
||||
if len(settings.CSS) > 0 {
|
||||
if len(settings.CSS) > 1<<20 {
|
||||
return errInvalidArgument
|
||||
}
|
||||
// For some reason, browsers convert CRLF to LF before calculating
|
||||
// the hash of the inline resources.
|
||||
settings.CSS = strings.Replace(settings.CSS, "\x0d\x0a", "\x0a", -1)
|
||||
|
||||
h := sha256.Sum256([]byte(settings.CSS))
|
||||
settings.CSSHash = base64.StdEncoding.EncodeToString(h[:])
|
||||
} else {
|
||||
settings.CSSHash = ""
|
||||
}
|
||||
c.s.Settings = *settings
|
||||
return c.setSession(c.s)
|
||||
}
|
||||
|
|
|
@ -26,6 +26,15 @@ const (
|
|||
CSRF
|
||||
)
|
||||
|
||||
const csp = "default-src 'none';" +
|
||||
" img-src *;" +
|
||||
" media-src *;" +
|
||||
" font-src *;" +
|
||||
" child-src *;" +
|
||||
" connect-src 'self';" +
|
||||
" script-src 'self';" +
|
||||
" style-src 'self'"
|
||||
|
||||
func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
||||
r := mux.NewRouter()
|
||||
|
||||
|
@ -58,14 +67,14 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
|||
}(time.Now())
|
||||
}
|
||||
|
||||
var ct string
|
||||
h := c.w.Header()
|
||||
switch rt {
|
||||
case HTML:
|
||||
ct = "text/html; charset=utf-8"
|
||||
h.Set("Content-Type", "text/html; charset=utf-8")
|
||||
h.Set("Content-Security-Policy", csp)
|
||||
case JSON:
|
||||
ct = "application/json"
|
||||
h.Set("Content-Type", "application/json")
|
||||
}
|
||||
c.w.Header().Add("Content-Type", ct)
|
||||
|
||||
err = c.authenticate(at, s.instance)
|
||||
if err != nil {
|
||||
|
@ -73,6 +82,13 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
// Override the CSP header to allow custom CSS
|
||||
if rt == HTML && len(c.s.Settings.CSS) > 0 &&
|
||||
len(c.s.Settings.CSSHash) > 0 {
|
||||
v := fmt.Sprintf("%s 'sha256-%s'", csp, c.s.Settings.CSSHash)
|
||||
h.Set("Content-Security-Policy", v)
|
||||
}
|
||||
|
||||
err = f(c)
|
||||
if err != nil {
|
||||
writeError(c, err, rt, req.Method == http.MethodGet)
|
||||
|
@ -676,6 +692,10 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
|||
}, CSRF, HTML)
|
||||
|
||||
signout := handle(func(c *client) error {
|
||||
err := s.Signout(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
c.unsetSession()
|
||||
c.redirect("/")
|
||||
return nil
|
||||
|
|
|
@ -325,7 +325,7 @@ document.addEventListener("DOMContentLoaded", function() {
|
|||
links[j].target = "_blank";
|
||||
}
|
||||
|
||||
var links = document.querySelectorAll(".status-media-container .img-link");
|
||||
var links = document.querySelectorAll(".status-media-container .img-link, .user-profile-img-container .img-link");
|
||||
for (var j = 0; j < links.length; j++) {
|
||||
handleImgPreview(links[j]);
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
|
||||
<link rel="stylesheet" href="/static/style.css">
|
||||
{{if .CustomCSS}}
|
||||
<link rel="stylesheet" href="{{.CustomCSS}}">
|
||||
<link rel="stylesheet" href="/static/{{.CustomCSS}}">
|
||||
{{end}}
|
||||
{{if $.Ctx.FluorideMode}}
|
||||
<script src="/static/fluoride.js"></script>
|
||||
|
|
|
@ -16,10 +16,6 @@ func NewRandID(n int) (string, error) {
|
|||
return enc.EncodeToString(data), nil
|
||||
}
|
||||
|
||||
func NewSessionID() (string, error) {
|
||||
return NewRandID(24)
|
||||
}
|
||||
|
||||
func NewCSRFToken() (string, error) {
|
||||
return NewRandID(24)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue