-
Notifications
You must be signed in to change notification settings - Fork 0
/
Framework.hs
306 lines (278 loc) · 13.5 KB
/
Framework.hs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
{-
Copyright (C) 2009 John MacFarlane <[email protected]>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-}
{- General framework for defining wiki actions.
-}
module Gitit.Framework (
Handler
, Recaptcha(..)
, Params(..)
, Command(..)
, getLoggedInUser
, sessionTime
, unlessNoEdit
, unlessNoDelete
, handle
, handlePage
, handleText
, handlePath
, withCommand
, uriPath
, isPage
, isDiscussPage
, isSourceCode
, urlForPage
, pathForPage
, withCommands
, getMimeTypeForExtension
, ifLoggedIn
, validate
)
where
import Gitit.Server
import Gitit.State
import Text.Pandoc.Shared (substitute)
import Control.Monad.Reader (mplus)
import Data.Char (toLower)
import Data.DateTime
import Control.Monad.Trans (MonadIO)
import Control.Monad (msum, mzero)
import qualified Data.ByteString.Lazy as B
import qualified Data.Map as M
import Data.ByteString.UTF8 (fromString, toString)
import Data.Maybe (fromMaybe, fromJust)
import Data.List (intersect, intercalate, isSuffixOf)
import System.FilePath ((<.>), takeExtension)
import Codec.Binary.UTF8.String (decodeString, encodeString)
import Text.Highlighting.Kate
import Network.HTTP (urlEncode)
type Handler = ServerPart Response
data Recaptcha = Recaptcha {
recaptchaChallengeField :: String
, recaptchaResponseField :: String
} deriving (Read, Show)
data Params = Params { pUsername :: String
, pPassword :: String
, pPassword2 :: String
, pRevision :: Maybe String
, pDestination :: String
, pReferer :: Maybe String
, pUri :: String
, pForUser :: Maybe String
, pSince :: Maybe DateTime
, pRaw :: String
, pLimit :: Int
, pPatterns :: [String]
, pGotoPage :: String
, pEditedText :: Maybe String
, pMessages :: [String]
, pFrom :: Maybe String
, pTo :: Maybe String
, pFormat :: String
, pSHA1 :: String
, pLogMsg :: String
, pEmail :: String
, pFullName :: String
, pAccessCode :: String
, pWikiname :: String
, pPrintable :: Bool
, pOverwrite :: Bool
, pFilename :: String
, pFileContents :: B.ByteString
, pUser :: String
, pConfirm :: Bool
, pSessionKey :: Maybe SessionKey
, pRecaptcha :: Recaptcha
, pPeer :: String
} deriving Show
instance FromData Params where
fromData = do
un <- look "username" `mplus` return ""
pw <- look "password" `mplus` return ""
p2 <- look "password2" `mplus` return ""
rv <- (look "revision" >>= \s ->
return (if null s then Nothing else Just s)) `mplus` return Nothing
fu <- (look "forUser" >>= return . Just) `mplus` return Nothing
si <- (look "since" >>= return . parseDateTime "%Y-%m-%d") `mplus` return Nothing -- YYYY-mm-dd format
ds <- (lookCookieValue "destination") `mplus` return "/"
ra <- look "raw" `mplus` return ""
lt <- look "limit" `mplus` return "100"
pa <- look "patterns" `mplus` return ""
gt <- look "gotopage" `mplus` return ""
me <- lookRead "messages" `mplus` return []
fm <- (look "from" >>= return . Just) `mplus` return Nothing
to <- (look "to" >>= return . Just) `mplus` return Nothing
et <- (look "editedText" >>= return . Just . filter (/= '\r')) `mplus` return Nothing
fo <- look "format" `mplus` return ""
sh <- look "sha1" `mplus` return ""
lm <- look "logMsg" `mplus` return ""
em <- look "email" `mplus` return ""
na <- look "full_name_1" `mplus` return ""
wn <- look "wikiname" `mplus` return ""
pr <- (look "printable" >> return True) `mplus` return False
ow <- (look "overwrite" >>= return . (== "yes")) `mplus` return False
fn <- (lookInput "file" >>= return . fromMaybe "" . inputFilename) `mplus` return ""
fc <- (lookInput "file" >>= return . inputValue) `mplus` return B.empty
ac <- look "accessCode" `mplus` return ""
cn <- (look "confirm" >> return True) `mplus` return False
sk <- (readCookieValue "sid" >>= return . Just) `mplus` return Nothing
rc <- look "recaptcha_challenge_field" `mplus` return ""
rr <- look "recaptcha_response_field" `mplus` return ""
return $ Params { pUsername = un
, pPassword = pw
, pPassword2 = p2
, pRevision = rv
, pForUser = fu
, pSince = si
, pDestination = ds
, pReferer = Nothing -- this gets set by handle...
, pUri = "" -- this gets set by handle...
, pRaw = ra
, pLimit = read lt
, pPatterns = words pa
, pGotoPage = gt
, pMessages = me
, pFrom = fm
, pTo = to
, pEditedText = et
, pFormat = fo
, pSHA1 = sh
, pLogMsg = lm
, pEmail = em
, pFullName = na
, pWikiname = wn
, pPrintable = pr
, pOverwrite = ow
, pFilename = fn
, pFileContents = fc
, pAccessCode = ac
, pUser = "" -- this gets set by ifLoggedIn...
, pConfirm = cn
, pSessionKey = sk
, pRecaptcha = Recaptcha { recaptchaChallengeField = rc, recaptchaResponseField = rr }
, pPeer = "" -- this gets set by handle...
}
data Command = Command (Maybe String)
instance FromData Command where
fromData = do
pairs <- lookPairs
return $ case map fst pairs `intersect` commandList of
[] -> Command Nothing
(c:_) -> Command $ Just c
where commandList = ["page", "request", "params", "edit", "showraw", "history",
"export", "diff", "cancel", "update", "delete", "discuss"]
getLoggedInUser :: MonadIO m => Params -> m (Maybe String)
getLoggedInUser params = do
mbSd <- maybe (return Nothing) getSession $ pSessionKey params
let user = case mbSd of
Nothing -> Nothing
Just sd -> Just $ sessionUser sd
return $! user
sessionTime :: Int
sessionTime = 60 * 60 -- session will expire 1 hour after page request
unlessNoEdit :: (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
unlessNoEdit responder fallback =
\page params -> do cfg <- getConfig
if page `elem` noEdit cfg
then fallback page params{pMessages = ("Page is locked." : pMessages params)}
else responder page params
unlessNoDelete :: (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
unlessNoDelete responder fallback =
\page params -> do cfg <- getConfig
if page `elem` noDelete cfg
then fallback page params{pMessages = ("Page cannot be deleted." : pMessages params)}
else responder page params
handle :: (String -> Bool) -> Method -> (String -> Params -> Web Response) -> Handler
handle pathtest meth responder = uriRest $ \uri ->
let path' = decodeString $ uriPath uri
in if pathtest path'
then do
compressedResponseFilter
withData $ \params ->
withRequest $ \req ->
if rqMethod req == meth
then do
let referer = case M.lookup (fromString "referer") (rqHeaders req) of
Just r | not (null (hValue r)) -> Just $ toString $ head $ hValue r
_ -> Nothing
let peer = fst $ rqPeer req
responder path' (params { pReferer = referer,
pUri = uri,
pPeer = peer })
else mzero
else anyRequest mzero
handlePage :: Method -> (String -> Params -> Web Response) -> Handler
handlePage = handle isPage
handleText :: Method -> (String -> Params -> Web Response) -> Handler
handleText = handle (\x -> isPage x || isSourceCode x)
handlePath :: String -> Method -> (String -> Params -> Web Response) -> Handler
handlePath path' = handle (== path')
withCommand :: String -> [Handler] -> Handler
withCommand command handlers =
withData $ \com -> case com of
Command (Just c) | c == command -> msum handlers
_ -> anyRequest mzero
-- | Returns path portion of URI, without initial /.
-- Consecutive spaces are collapsed. We don't want to distinguish 'Hi There' and 'Hi There'.
uriPath :: String -> String
uriPath = unwords . words . drop 1 . takeWhile (/='?')
isPage :: String -> Bool
isPage ('_':_) = False
isPage s = '.' `notElem` s
isDiscussPage :: String -> Bool
isDiscussPage s = isPage s && ":discuss" `isSuffixOf` s
isSourceCode :: String -> Bool
isSourceCode = not . null . languagesByExtension . takeExtension
urlForPage :: String -> String
urlForPage page = '/' : (substitute "%2f" "/" $ substitute "%3a" ":" $ urlEncode $ encodeString page)
-- this is needed so that browsers recognize relative URLs correctly
pathForPage :: String -> FilePath
pathForPage page = page <.> "page"
withCommands :: Method -> [String] -> (String -> Request -> Web Response) -> Handler
withCommands meth commands page = withRequest $ \req -> do
if rqMethod req /= meth
then mzero
else if all (`elem` (map fst $ rqInputs req)) commands
then page (intercalate "/" $ rqPaths req) req
else mzero
getMimeTypeForExtension :: MonadIO m => String -> m String
getMimeTypeForExtension ext = do
mimes <- queryAppState mimeMap
return $ case M.lookup (dropWhile (=='.') $ map toLower ext) mimes of
Nothing -> "application/octet-stream"
Just t -> t
ifLoggedIn :: (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
-> (String -> Params -> Web Response)
ifLoggedIn responder fallback =
\page params -> do user <- getLoggedInUser params
case user of
Nothing -> do
fallback page (params { pReferer = Just $ pUri params })
Just u -> do
usrs <- queryAppState users
let e = case M.lookup u usrs of
Just usr -> uEmail usr
Nothing -> error $ "User '" ++ u ++ "' not found."
-- give the user another hour...
addCookie sessionTime (mkCookie "sid" (show $ fromJust $ pSessionKey params))
responder page (params { pUser = u, pEmail = e })
validate :: [(Bool, String)] -- ^ list of conditions and error messages
-> [String] -- ^ list of error messages
validate = foldl go []
where go errs (condition, msg) = if condition then msg:errs else errs