/* WIP Under Construction */ package main import ( "bytes" "log" "os" "strconv" "strings" "text/template" ) type TmplVars struct { RouteList []*RouteImpl RouteGroups []*RouteGroup AllRouteNames []RouteName AllRouteMap map[string]int AllAgentNames []string AllAgentMap map[string]int AllAgentMarkNames []string AllAgentMarks map[string]string AllOSNames []string AllOSMap map[string]int } type RouteName struct { Plain string Short string } func main() { log.Println("Generating the router...") // Load all the routes... r := &Router{} routes(r) tmplVars := TmplVars{ RouteList: r.routeList, RouteGroups: r.routeGroups, } var allRouteNames []RouteName allRouteMap := make(map[string]int) var out string mapIt := func(name string) { allRouteNames = append(allRouteNames, RouteName{name, strings.Replace(name, "common.", "c.", -1)}) allRouteMap[name] = len(allRouteNames) - 1 } countToIndents := func(indent int) (indentor string) { for i := 0; i < indent; i++ { indentor += "\t" } return indentor } runBefore := func(runnables []Runnable, indent int) (out string) { indentor := countToIndents(indent) if len(runnables) > 0 { for _, runnable := range runnables { if runnable.Literal { out += "\n\t" + indentor + runnable.Contents } else { out += "\n" + indentor + "err = c." + runnable.Contents + "(w,req,user)\n" + indentor + "if err != nil {\n" + indentor + "\treturn err\n" + indentor + "}\n" + indentor } } } return out } for _, route := range r.routeList { mapIt(route.Name) end := len(route.Path) - 1 out += "\n\t\tcase \"" + route.Path[0:end] + "\":" out += runBefore(route.RunBefore, 4) out += "\n\t\t\tco.RouteViewCounter.Bump(" + strconv.Itoa(allRouteMap[route.Name]) + ")" if !route.Action && !route.NoHead { out += "\n\t\t\thead, err := c.UserCheck(w,req,&user)" out += "\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}" vcpy := route.Vars route.Vars = []string{"head"} route.Vars = append(route.Vars, vcpy...) } out += "\n\t\t\terr = " + strings.Replace(route.Name, "common.", "c.", -1) + "(w,req,user" for _, item := range route.Vars { out += "," + item } out += `)` } for _, group := range r.routeGroups { end := len(group.Path) - 1 out += "\n\t\tcase \"" + group.Path[0:end] + "\":" out += runBefore(group.RunBefore, 3) out += "\n\t\t\tswitch(req.URL.Path) {" defaultRoute := blankRoute() for _, route := range group.RouteList { if group.Path == route.Path { defaultRoute = route continue } mapIt(route.Name) out += "\n\t\t\t\tcase \"" + route.Path + "\":" if len(route.RunBefore) > 0 { skipRunnable: for _, runnable := range route.RunBefore { for _, gRunnable := range group.RunBefore { if gRunnable.Contents == runnable.Contents { continue } // TODO: Stop hard-coding these if gRunnable.Contents == "AdminOnly" && runnable.Contents == "MemberOnly" { continue skipRunnable } if gRunnable.Contents == "AdminOnly" && runnable.Contents == "SuperModOnly" { continue skipRunnable } if gRunnable.Contents == "SuperModOnly" && runnable.Contents == "MemberOnly" { continue skipRunnable } } if runnable.Literal { out += "\n\t\t\t\t\t" + runnable.Contents } else { out += ` err = c.` + runnable.Contents + `(w,req,user) if err != nil { return err } ` } } } out += "\n\t\t\t\t\tco.RouteViewCounter.Bump(" + strconv.Itoa(allRouteMap[route.Name]) + ")" if !route.Action && !route.NoHead && !group.NoHead { out += "\n\t\t\t\thead, err := c.UserCheck(w,req,&user)" out += "\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}" vcpy := route.Vars route.Vars = []string{"head"} route.Vars = append(route.Vars, vcpy...) } out += "\n\t\t\t\t\terr = " + strings.Replace(route.Name, "common.", "c.", -1) + "(w,req,user" for _, item := range route.Vars { out += "," + item } out += ")" } if defaultRoute.Name != "" { mapIt(defaultRoute.Name) out += "\n\t\t\t\tdefault:" out += runBefore(defaultRoute.RunBefore, 4) out += "\n\t\t\t\t\tco.RouteViewCounter.Bump(" + strconv.Itoa(allRouteMap[defaultRoute.Name]) + ")" if !defaultRoute.Action && !defaultRoute.NoHead && !group.NoHead { out += "\n\t\t\t\t\thead, err := c.UserCheck(w,req,&user)" out += "\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}" vcpy := defaultRoute.Vars defaultRoute.Vars = []string{"head"} defaultRoute.Vars = append(defaultRoute.Vars, vcpy...) } out += "\n\t\t\t\t\terr = " + strings.Replace(defaultRoute.Name, "common.", "c.", -1) + "(w,req,user" for _, item := range defaultRoute.Vars { out += ", " + item } out += ")" } out += ` }` } // Stubs for us to refer to these routes through mapIt("routes.DynamicRoute") mapIt("routes.UploadedFile") mapIt("routes.StaticFile") mapIt("routes.RobotsTxt") mapIt("routes.SitemapXml") mapIt("routes.OpenSearchXml") mapIt("routes.BadRoute") mapIt("routes.HTTPSRedirect") tmplVars.AllRouteNames = allRouteNames tmplVars.AllRouteMap = allRouteMap tmplVars.AllOSNames = []string{ "unknown", "windows", "linux", "mac", "android", "iphone", } tmplVars.AllOSMap = make(map[string]int) for id, os := range tmplVars.AllOSNames { tmplVars.AllOSMap[os] = id } tmplVars.AllAgentNames = []string{ "unknown", "firefox", "chrome", "opera", "safari", "edge", "internetexplorer", "trident", // Hack to support IE11 "androidchrome", "mobilesafari", "samsung", "ucbrowser", "googlebot", "yandex", "bing", "baidu", "duckduckgo", "seznambot", "discord", "twitter", "facebook", "cloudflare", "uptimebot", "slackbot", "apple", "discourse", "lynx", "blank", "malformed", "suspicious", "semrush", "dotbot", "zgrab", } tmplVars.AllAgentMap = make(map[string]int) for id, agent := range tmplVars.AllAgentNames { tmplVars.AllAgentMap[agent] = id } tmplVars.AllAgentMarkNames = []string{ "OPR", "Chrome", "Firefox", "MSIE", "Trident", "Edge", "Lynx", "SamsungBrowser", "UCBrowser", "Google", "Googlebot", "yandex", "DuckDuckBot", "Baiduspider", "bingbot", "BingPreview", "SeznamBot", "CloudFlare", "Uptimebot", "Slackbot", "Discordbot", "Twitterbot", "facebookexternalhit", "Facebot", "Applebot", "Discourse", "SemrushBot", "DotBot", "zgrab", } tmplVars.AllAgentMarks = map[string]string{ "OPR": "opera", "Chrome": "chrome", "Firefox": "firefox", "MSIE": "internetexplorer", "Trident": "trident", // Hack to support IE11 "Edge": "edge", "Lynx": "lynx", // There's a rare android variant of lynx which isn't covered by this "SamsungBrowser": "samsung", "UCBrowser": "ucbrowser", "Google": "googlebot", "Googlebot": "googlebot", "yandex": "yandex", // from the URL "DuckDuckBot": "duckduckgo", "Baiduspider": "baidu", "bingbot": "bing", "BingPreview": "bing", "SeznamBot": "seznambot", "CloudFlare": "cloudflare", // Track alwayson specifically in case there are other bots? "Uptimebot": "uptimebot", "Slackbot": "slackbot", "Discordbot": "discord", "Twitterbot": "twitter", "facebookexternalhit": "facebook", "Facebot": "facebook", "Applebot": "apple", "Discourse": "discourse", "SemrushBot": "semrush", "DotBot": "dotbot", "zgrab": "zgrab", } fileData := `// Code generated by Gosora's Router Generator. DO NOT EDIT. /* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */ package main import ( "log" "strings" "bytes" "strconv" "compress/gzip" "sync" "sync/atomic" "errors" "os" "net/http" c "github.com/Azareal/Gosora/common" co "github.com/Azareal/Gosora/common/counters" "github.com/Azareal/Gosora/routes" "github.com/Azareal/Gosora/routes/panel" ) var ErrNoRoute = errors.New("That route doesn't exist.") // TODO: What about the /uploads/ route? x.x var RouteMap = map[string]interface{}{ {{range .AllRouteNames}} "{{.Plain}}": {{.Short}},{{end}} } // ! NEVER RELY ON THESE REMAINING THE SAME BETWEEN COMMITS var routeMapEnum = map[string]int{ {{range $index, $element := .AllRouteNames}} "{{$element.Plain}}": {{$index}},{{end}} } var reverseRouteMapEnum = map[int]string{ {{range $index, $element := .AllRouteNames}} {{$index}}: "{{$element.Plain}}",{{end}} } var osMapEnum = map[string]int{ {{range $index, $element := .AllOSNames}} "{{$element}}": {{$index}},{{end}} } var reverseOSMapEnum = map[int]string{ {{range $index, $element := .AllOSNames}} {{$index}}: "{{$element}}",{{end}} } var agentMapEnum = map[string]int{ {{range $index, $element := .AllAgentNames}} "{{$element}}": {{$index}},{{end}} } var reverseAgentMapEnum = map[int]string{ {{range $index, $element := .AllAgentNames}} {{$index}}: "{{$element}}",{{end}} } var markToAgent = map[string]string{ {{range $index, $element := .AllAgentMarkNames}} "{{$element}}": "{{index $.AllAgentMarks $element}}",{{end}} } /*var agentRank = map[string]int{ "opera":9, "chrome":8, "safari":1, }*/ // TODO: Stop spilling these into the package scope? func init() { co.SetRouteMapEnum(routeMapEnum) co.SetReverseRouteMapEnum(reverseRouteMapEnum) co.SetAgentMapEnum(agentMapEnum) co.SetReverseAgentMapEnum(reverseAgentMapEnum) co.SetOSMapEnum(osMapEnum) co.SetReverseOSMapEnum(reverseOSMapEnum) } type WriterIntercept struct { http.ResponseWriter } func NewWriterIntercept(w http.ResponseWriter) *WriterIntercept { return &WriterIntercept{w} } var wiMaxAge = "max-age=" + strconv.Itoa(int(c.Day)) func (writ *WriterIntercept) WriteHeader(code int) { if code == 200 { h := writ.ResponseWriter.Header() h.Set("Cache-Control", wiMaxAge) h.Set("Vary", "Accept-Encoding") } writ.ResponseWriter.WriteHeader(code) } // HTTPSRedirect is a connection handler which redirects all HTTP requests to HTTPS type HTTPSRedirect struct {} func (red *HTTPSRedirect) ServeHTTP(w http.ResponseWriter, req *http.Request) { w.Header().Set("Connection", "close") co.RouteViewCounter.Bump({{index .AllRouteMap "routes.HTTPSRedirect"}}) dest := "https://" + req.Host + req.URL.String() http.Redirect(w, req, dest, http.StatusTemporaryRedirect) } type GenRouter struct { UploadHandler func(http.ResponseWriter, *http.Request) extraRoutes map[string]func(http.ResponseWriter, *http.Request, c.User) c.RouteError requestLogger *log.Logger sync.RWMutex } func NewGenRouter(uploads http.Handler) (*GenRouter, error) { f, err := os.OpenFile("./logs/reqs-"+strconv.FormatInt(c.StartTime.Unix(),10)+".log", os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0755) if err != nil { return nil, err } return &GenRouter{ UploadHandler: func(w http.ResponseWriter, req *http.Request) { writ := NewWriterIntercept(w) http.StripPrefix("/uploads/",uploads).ServeHTTP(writ,req) }, extraRoutes: make(map[string]func(http.ResponseWriter, *http.Request, c.User) c.RouteError), requestLogger: log.New(f, "", log.LstdFlags), }, nil } func (r *GenRouter) handleError(err c.RouteError, w http.ResponseWriter, req *http.Request, user c.User) { if err.Handled() { return } if err.Type() == "system" { c.InternalErrorJSQ(err, w, req, err.JSON()) return } c.LocalErrorJSQ(err.Error(), w, req, user, err.JSON()) } func (r *GenRouter) Handle(_ string, _ http.Handler) { } func (r *GenRouter) HandleFunc(pattern string, h func(http.ResponseWriter, *http.Request, c.User) c.RouteError) { r.Lock() defer r.Unlock() r.extraRoutes[pattern] = h } func (r *GenRouter) RemoveFunc(pattern string) error { r.Lock() defer r.Unlock() _, ok := r.extraRoutes[pattern] if !ok { return ErrNoRoute } delete(r.extraRoutes, pattern) return nil } func (r *GenRouter) DumpRequest(req *http.Request, prepend string) { var heads string for key, value := range req.Header { for _, vvalue := range value { heads += "Header '" + c.SanitiseSingleLine(key) + "': " + c.SanitiseSingleLine(vvalue) + "!\n" } } r.requestLogger.Print(prepend + "\nUA: " + c.SanitiseSingleLine(req.UserAgent()) + "\n" + "Method: " + c.SanitiseSingleLine(req.Method) + "\n" + heads + "Host: " + c.SanitiseSingleLine(req.Host) + "\n" + "URL.Path: " + c.SanitiseSingleLine(req.URL.Path) + "\n" + "URL.RawQuery: " + c.SanitiseSingleLine(req.URL.RawQuery) + "\n" + "Referer(): " + c.SanitiseSingleLine(req.Referer()) + "\n" + "RemoteAddr: " + req.RemoteAddr + "\n") } func (r *GenRouter) SuspiciousRequest(req *http.Request, prepend string) { if prepend != "" { prepend += "\n" } r.DumpRequest(req,prepend+"Suspicious Request") co.AgentViewCounter.Bump({{.AllAgentMap.suspicious}}) } func isLocalHost(h string) bool { return h=="localhost" || h=="127.0.0.1" || h=="::1" } // TODO: Pass the default path or config struct to the router rather than accessing it via a package global // TODO: SetDefaultPath // TODO: GetDefaultPath func (r *GenRouter) ServeHTTP(w http.ResponseWriter, req *http.Request) { malformedRequest := func(typ int) { w.WriteHeader(200) // 400 w.Write([]byte("")) r.DumpRequest(req,"Malformed Request T"+strconv.Itoa(typ)) co.AgentViewCounter.Bump({{.AllAgentMap.malformed}}) } // Split the Host and Port string var shost, sport string if req.Host[0]=='[' { spl := strings.Split(req.Host,"]") if len(spl) > 2 { malformedRequest(0) return } shost = strings.TrimPrefix(spl[0],"[") sport = strings.TrimPrefix(spl[1],":") } else { spl := strings.Split(req.Host,":") if len(spl) > 2 { malformedRequest(1) return } shost = spl[0] if len(spl)==2 { sport = spl[1] } } // TODO: Reject requests from non-local IPs, if the site host is set to localhost or a localhost IP if !c.Config.LoosePort && c.Site.PortInt != 80 && c.Site.PortInt != 443 && sport != c.Site.Port { malformedRequest(2) return } // Redirect www. and local IP requests to the right place if shost == "www." + c.Site.Host || (c.Site.LocalHost && shost != c.Site.Host && isLocalHost(shost)) { // TODO: Abstract the redirect logic? w.Header().Set("Connection", "close") var s string if c.Config.SslSchema { s = "s" } var p string if c.Site.PortInt != 80 && c.Site.PortInt != 443 { p = ":"+c.Site.Port } dest := "http"+s+"://" + c.Site.Host+p + req.URL.Path if len(req.URL.RawQuery) > 0 { dest += "?" + req.URL.RawQuery } http.Redirect(w, req, dest, http.StatusMovedPermanently) return } // Deflect malformed requests if len(req.URL.Path) == 0 || req.URL.Path[0] != '/' || (!c.Config.LooseHost && shost != c.Site.Host) { malformedRequest(3) return } if c.Dev.FullReqLog { r.DumpRequest(req,"") } // TODO: Cover more suspicious strings and at a lower layer than this for _, ch := range req.URL.Path { //char if ch != '&' && !(ch > 44 && ch < 58) && ch != '=' && ch != '?' && !(ch > 64 && ch < 91) && ch != '\\' && ch != '_' && !(ch > 96 && ch < 123) { r.SuspiciousRequest(req,"Bad char in path") break } } lowerPath := strings.ToLower(req.URL.Path) // TODO: Flag any requests which has a dot with anything but a number after that if strings.Contains(req.URL.Path,"..") || strings.Contains(req.URL.Path,"--") || strings.Contains(lowerPath,".php") || strings.Contains(lowerPath,".asp") || strings.Contains(lowerPath,".cgi") || strings.Contains(lowerPath,".py") || strings.Contains(lowerPath,".sql") || strings.Contains(lowerPath,".action") { r.SuspiciousRequest(req,"Bad snippet in path") } // Indirect the default route onto a different one if req.URL.Path == "/" { req.URL.Path = c.Config.DefaultPath } var prefix, extraData string prefix = req.URL.Path[0:strings.IndexByte(req.URL.Path[1:],'/') + 1] if req.URL.Path[len(req.URL.Path) - 1] != '/' { extraData = req.URL.Path[strings.LastIndexByte(req.URL.Path,'/') + 1:] req.URL.Path = req.URL.Path[:strings.LastIndexByte(req.URL.Path,'/') + 1] } // TODO: Use the same hook table as downstream hTbl := c.GetHookTable() skip, ferr := hTbl.VhookSkippable("router_after_filters", w, req, prefix, extraData) if skip || ferr != nil { return } if prefix != "/ws" { h := w.Header() h.Set("X-Frame-Options", "deny") h.Set("X-XSS-Protection", "1; mode=block") // TODO: Remove when we add a CSP? CSP's are horrendously glitchy things, tread with caution before removing h.Set("X-Content-Type-Options", "nosniff") if c.Config.RefNoRef || !c.Config.SslSchema { h.Set("Referrer-Policy","no-referrer") } else { h.Set("Referrer-Policy","strict-origin") } } if c.Dev.SuperDebug { r.DumpRequest(req,"before routes.StaticFile") } // Increment the request counter co.GlobalViewCounter.Bump() if prefix == "/s" { //old prefix: /static co.RouteViewCounter.Bump({{index .AllRouteMap "routes.StaticFile"}}) req.URL.Path += extraData routes.StaticFile(w, req) return } if atomic.LoadInt32(&c.IsDBDown) == 1 { c.DatabaseError(w, req) return } if c.Dev.SuperDebug { r.requestLogger.Print("before PreRoute") } /*if c.Dev.QuicPort != 0 { w.Header().Set("Alt-Svc", "quic=\":"+strconv.Itoa(c.Dev.QuicPort)+"\"; ma=2592000; v=\"44,43,39\", h3-23=\":"+strconv.Itoa(c.Dev.QuicPort)+"\"; ma=3600, h3-24=\":"+strconv.Itoa(c.Dev.QuicPort)+"\"; ma=3600, h2=\":443\"; ma=3600") }*/ // Track the user agents. Unfortunately, everyone pretends to be Mozilla, so this'll be a little less efficient than I would like. // TODO: Add a setting to disable this? // TODO: Use a more efficient detector instead of smashing every possible combination in ua := strings.TrimSpace(strings.Replace(strings.TrimPrefix(req.UserAgent(),"Mozilla/5.0 ")," Safari/537.36","",-1)) // Noise, no one's going to be running this and it would require some sort of agent ranking system to determine which identifier should be prioritised over another var agent string if ua == "" { co.AgentViewCounter.Bump({{.AllAgentMap.blank}}) if c.Dev.DebugMode { var prepend string for _, char := range req.UserAgent() { prepend += strconv.Itoa(int(char)) + " " } r.DumpRequest(req,"Blank UA: " + prepend) } } else { // WIP UA Parser var items []string var buffer []byte var os string for _, it := range StringToBytes(ua) { if (it > 64 && it < 91) || (it > 96 && it < 123) { buffer = append(buffer, it) } else if it == ' ' || it == '(' || it == ')' || it == '-' || (it > 47 && it < 58) || it == '_' || it == ';' || it == ':' || it == '.' || it == '+' || it == '~' || it == '@' || (it == ':' && bytes.Equal(buffer,[]byte("http"))) || it == ',' || it == '/' { if len(buffer) != 0 { if len(buffer) > 2 { // Use an unsafe zero copy conversion here just to use the switch, it's not safe for this string to escape from here, as it will get mutated, so do a regular string conversion in append switch(BytesToString(buffer)) { case "Windows": os = "windows" case "Linux": os = "linux" case "Mac": os = "mac" case "iPhone": os = "iphone" case "Android": os = "android" case "like","compatible": // Skip these words default: items = append(items, string(buffer)) } } buffer = buffer[:0] } } else { // TODO: Test this items = items[:0] r.SuspiciousRequest(req,"Illegal char "+strconv.Itoa(int(it))+" in UA") r.requestLogger.Print("UA Buffer: ", buffer) r.requestLogger.Print("UA Buffer String: ", string(buffer)) break } } if os == "" { os = "unknown" } // Iterate over this in reverse as the real UA tends to be on the right side for i := len(items) - 1; i >= 0; i-- { fAgent, ok := markToAgent[items[i]] if ok { agent = fAgent if agent != "safari" { break } } } if c.Dev.SuperDebug { r.requestLogger.Print("parsed agent: ", agent) } if c.Dev.SuperDebug { r.requestLogger.Print("os: ", os) r.requestLogger.Printf("items: %+v\n",items) } // Special handling switch(agent) { case "chrome": if os == "android" { agent = "androidchrome" } case "safari": if os == "iphone" { agent = "mobilesafari" } case "trident": // Hack to support IE11, change this after we start logging versions if strings.Contains(ua,"rv:11") { agent = "internetexplorer" } case "zgrab": r.SuspiciousRequest(req,"Vulnerability Scanner") } if agent == "" { co.AgentViewCounter.Bump({{.AllAgentMap.unknown}}) if c.Dev.DebugMode { var prepend string for _, char := range req.UserAgent() { prepend += strconv.Itoa(int(char)) + " " } r.DumpRequest(req,"Blank UA: " + prepend) } } else { co.AgentViewCounter.Bump(agentMapEnum[agent]) } co.OSViewCounter.Bump(osMapEnum[os]) } // TODO: Do we want to track missing language headers too? Maybe as it's own type, e.g. "noheader"? lang := req.Header.Get("Accept-Language") if lang != "" { lang = strings.TrimSpace(lang) lLang := strings.Split(lang,"-") tLang := strings.Split(strings.Split(lLang[0],";")[0],",") c.DebugDetail("tLang:", tLang) var llLang string for _, seg := range tLang { if seg == "*" { continue } llLang = seg break } c.DebugDetail("llLang:", llLang) validCode := co.LangViewCounter.Bump(llLang) if !validCode { r.DumpRequest(req,"Invalid ISO Code") } } else { co.LangViewCounter.Bump("") } if !c.Config.RefNoTrack { ref := req.Header.Get("Referer") // Check the 'referrer' header too? :P if ref != "" { // ? Optimise this a little? ref = strings.TrimPrefix(strings.TrimPrefix(ref,"http://"),"https://") ref = strings.Split(ref,"/")[0] portless := strings.Split(ref,":")[0] if portless != "localhost" && portless != "127.0.0.1" && portless != c.Site.Host { co.ReferrerTracker.Bump(ref) } } } // Deal with the session stuff, etc. user, ok := c.PreRoute(w, req) if !ok { return } user.LastAgent = agent if c.Dev.SuperDebug { r.requestLogger.Print( "after PreRoute\n" + "routeMapEnum: ", routeMapEnum) } // Disable Gzip when SSL is disabled for security reasons? if prefix != "/ws" && strings.Contains(req.Header.Get("Accept-Encoding"), "gzip") { h := w.Header() h.Set("Content-Encoding", "gzip") h.Set("Content-Type", "text/html; charset=utf-8") gzw := c.GzipResponseWriter{Writer: gzip.NewWriter(w), ResponseWriter: w} defer func() { if h.Get("Content-Encoding") == "gzip" && h.Get("X-I") == "" { gzw.Writer.(*gzip.Writer).Close() } }() w = gzw } skip, ferr = hTbl.VhookSkippable("router_pre_route", w, req, user, prefix, extraData) if skip || ferr != nil { r.handleError(ferr,w,req,user) } ferr = r.routeSwitch(w, req, user, prefix, extraData) if ferr != nil { r.handleError(ferr,w,req,user) } hTbl.VhookNoRet("router_end", w, req, user, prefix, extraData) //c.StoppedServer("Profile end") } func (r *GenRouter) routeSwitch(w http.ResponseWriter, req *http.Request, user c.User, prefix, extraData string) c.RouteError { var err c.RouteError switch(prefix) {` + out + ` /*case "/sitemaps": // TODO: Count these views req.URL.Path += extraData err = sitemapSwitch(w,req)*/ case "/uploads": if extraData == "" { return c.NotFound(w,req,nil) } gzw, ok := w.(c.GzipResponseWriter) if ok { w = gzw.ResponseWriter h := w.Header() h.Del("Content-Type") h.Del("Content-Encoding") } co.RouteViewCounter.Bump({{index .AllRouteMap "routes.UploadedFile"}}) req.URL.Path += extraData // TODO: Find a way to propagate errors up from this? r.UploadHandler(w,req) // TODO: Count these views return nil case "": // Stop the favicons, robots.txt file, etc. resolving to the topics list // TODO: Add support for favicons and robots.txt files switch(extraData) { case "robots.txt": co.RouteViewCounter.Bump({{index .AllRouteMap "routes.RobotsTxt"}}) return routes.RobotsTxt(w,req) case "favicon.ico": gzw, ok := w.(c.GzipResponseWriter) if ok { w = gzw.ResponseWriter h := w.Header() h.Del("Content-Type") h.Del("Content-Encoding") } req.URL.Path = "/s/favicon.ico" routes.StaticFile(w,req) return nil case "opensearch.xml": co.RouteViewCounter.Bump({{index .AllRouteMap "routes.OpenSearchXml"}}) return routes.OpenSearchXml(w,req) /*case "sitemap.xml": co.RouteViewCounter.Bump({{index .AllRouteMap "routes.SitemapXml"}}) return routes.SitemapXml(w,req)*/ } return c.NotFound(w,req,nil) default: // A fallback for dynamic routes, e.g. ones declared by plugins r.RLock() handle, ok := r.extraRoutes[req.URL.Path] r.RUnlock() if ok { co.RouteViewCounter.Bump({{index .AllRouteMap "routes.DynamicRoute"}}) // TODO: Be more specific about *which* dynamic route it is req.URL.Path += extraData return handle(w,req,user) } lp := strings.ToLower(req.URL.Path) if strings.Contains(lp,"admin") || strings.Contains(lp,"sql") || strings.Contains(lp,"manage") || strings.Contains(lp,"//") || strings.Contains(lp,"\\\\") || strings.Contains(lp,"wp") || strings.Contains(lp,"wordpress") || strings.Contains(lp,"config") || strings.Contains(lp,"setup") || strings.Contains(lp,"install") || strings.Contains(lp,"update") || strings.Contains(lp,"php") || strings.Contains(lp,"pl") || strings.Contains(lp,"wget") || strings.Contains(lp,"wp-") || strings.Contains(lp,"include") || strings.Contains(lp,"vendor") || strings.Contains(lp,"bin") || strings.Contains(lp,"system") || strings.Contains(lp,"eval") || strings.Contains(lp,"config") { r.SuspiciousRequest(req,"Bad Route") } else { r.DumpRequest(req,"Bad Route") } co.RouteViewCounter.Bump({{index .AllRouteMap "routes.BadRoute"}}) return c.NotFound(w,req,nil) } return err } ` tmpl := template.Must(template.New("router").Parse(fileData)) var b bytes.Buffer if err := tmpl.Execute(&b, tmplVars); err != nil { log.Fatal(err) } writeFile("./gen_router.go", string(b.Bytes())) log.Println("Successfully generated the router") } func writeFile(name, content string) { f, err := os.Create(name) if err != nil { log.Fatal(err) } _, err = f.WriteString(content) if err != nil { log.Fatal(err) } err = f.Sync() if err != nil { log.Fatal(err) } f.Close() }