This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
/
index.go
110 lines (96 loc) · 3.7 KB
/
index.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package userreport
import (
"fmt"
"net/http"
"time"
"github.com/google/exposure-notifications-server/pkg/base64util"
"github.com/google/exposure-notifications-server/pkg/logging"
"github.com/google/exposure-notifications-verification-server/internal/project"
"github.com/google/exposure-notifications-verification-server/pkg/controller"
"github.com/google/exposure-notifications-verification-server/pkg/database"
"go.opencensus.io/stats"
)
func (c *Controller) HandleIndex() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
logger := logging.FromContext(ctx).Named("userreport.HandleIndex")
authApp := controller.AuthorizedAppFromContext(ctx)
if authApp == nil {
controller.NotFound(w, r, c.h)
return
}
realm := controller.RealmFromContext(ctx)
if realm == nil {
controller.MissingMembership(w, r, c.h)
return
}
if !(realm.AllowsUserReport() && realm.AllowUserReportWebView) {
stats.Record(ctx, mUserReportNotAllowed.M(1))
controller.NotFound(w, r, c.h)
return
}
m := controller.TemplateMapFromContext(ctx)
m = c.addDynamicTranslations(realm, m)
session := controller.SessionFromContext(ctx)
if session == nil {
controller.MissingSession(w, r, c.h)
return
}
locale := controller.LocaleFromContext(ctx)
if locale == nil {
logger.Errorw("no locale in context")
controller.InternalError(w, r, c.h, fmt.Errorf("internal error, please try again"))
return
}
now := time.Now().UTC()
pastDaysDuration := -1 * c.config.IssueConfig().AllowedSymptomAge
displayAllowedDays := fmt.Sprintf("%.0f", c.config.IssueConfig().AllowedSymptomAge.Hours()/24.0)
m["maxDate"] = now.Format(project.RFC3339Date)
m["minDate"] = now.Add(pastDaysDuration).Format(project.RFC3339Date)
m["maxSymptomDays"] = displayAllowedDays
m["duration"] = realm.CodeDuration.Duration.String()
var errorMessages []string
// Check the nonce - if it isn't valid, show an error page, but with branding since we know the app.
nonce := controller.NonceFromContext(ctx)
if len(nonce) == 0 {
stats.Record(ctx, mMissingNonce.M(1))
m["realm"] = realm
c.h.RenderHTML(w, "report/invalid", m)
return
}
if decoded, err := base64util.DecodeString(nonce); err != nil || len(decoded) != database.NonceLength {
stats.Record(ctx, mInvalidNonce.M(1))
logger.Warnw("invalid nonce on webview load", "error", err, "nonce-length", len(decoded))
errorMessages = addError(locale.Get("user-report.invalid-request"), errorMessages)
m["skipForm"] = true
}
// This could get triggered in a pause.
if !realm.AllowsUserReport() {
stats.Record(ctx, mUserReportNotAllowed.M(1))
errorMessages = addError(locale.Get("user-report.not-available"), errorMessages)
m["skipForm"] = true
}
m["error"] = errorMessages
// stash the nonce value in the session
controller.StoreSessionNonce(session, nonce)
controller.StoreSessionRegion(session, realm.RegionCode)
c.renderIndex(w, realm, m)
})
}
func (c *Controller) renderIndex(w http.ResponseWriter, realm *database.Realm, m controller.TemplateMap) {
m["realm"] = realm
c.h.RenderHTML(w, "report/index", m)
}