/
Framework.hs
348 lines (313 loc) · 13.4 KB
/
Framework.hs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
{-# LANGUAGE ScopedTypeVariables #-}
{-
Copyright (C) 2009 John MacFarlane <jgm@berkeley.edu>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-}
{- | Useful functions for defining wiki handlers.
-}
module Network.Gitit.Framework (
-- * Combinators for dealing with users
withUserFromSession
, withUserFromHTTPAuth
, authenticateUserThat
, authenticate
, getLoggedInUser
-- * Combinators to exclude certain actions
, unlessNoEdit
, unlessNoDelete
-- * Guards for routing
, guardCommand
, guardPath
, guardIndex
, guardBareBase
-- * Functions to get info from the request
, getPath
, getPage
, getReferer
, getWikiBase
, uriPath
-- * Useful predicates
, isPage
, isPageFile
, isDiscussPage
, isDiscussPageFile
, isSourceCode
-- * Combinators that change the request locally
, withMessages
-- * Miscellaneous
, urlForPage
, pathForPage
, getMimeTypeForExtension
, validate
, filestoreFromConfig
)
where
import Safe
import Network.Gitit.Server
import Network.Gitit.State
import Network.Gitit.Types
import Data.FileStore
import Data.Char (toLower)
import Control.Monad (mzero, liftM, unless, MonadPlus)
import qualified Data.Map as M
import qualified Data.ByteString.UTF8 as UTF8
import qualified Data.ByteString.Lazy.UTF8 as LazyUTF8
import Data.Maybe (fromJust, fromMaybe)
import Data.List (intercalate, isPrefixOf, isInfixOf)
import System.FilePath ((<.>), takeExtension, takeFileName)
import Text.Highlighting.Kate
import Text.ParserCombinators.Parsec
import Network.URL (decString, encString)
import Network.URI (isUnescapedInURI)
import Data.ByteString.Base64 (decodeLenient)
import Network.HTTP (urlEncodeVars)
-- | Require a logged in user if the authentication level demands it.
-- Run the handler if a user is logged in, otherwise redirect
-- to login page.
authenticate :: AuthenticationLevel -> Handler -> Handler
authenticate = authenticateUserThat (const True)
-- | Like 'authenticate', but with a predicate that the user must satisfy.
authenticateUserThat :: (User -> Bool) -> AuthenticationLevel -> Handler -> Handler
authenticateUserThat predicate level handler = do
cfg <- getConfig
if level <= requireAuthentication cfg
then do
mbUser <- getLoggedInUser
rq <- askRq
let url = rqUri rq ++ rqQuery rq
case mbUser of
Nothing -> tempRedirect ("/_login?" ++ urlEncodeVars [("destination", url)]) $ toResponse ()
Just u -> if predicate u
then handler
else error "Not authorized."
else handler
-- | Run the handler after setting @REMOTE_USER@ with the user from
-- the session.
withUserFromSession :: Handler -> Handler
withUserFromSession handler = withData $ \(sk :: Maybe SessionKey) -> do
mbSd <- maybe (return Nothing) getSession sk
cfg <- getConfig
mbUser <- case mbSd of
Nothing -> return Nothing
Just sd -> do
addCookie (MaxAge $ sessionTimeout cfg) (mkCookie "sid" (show $ fromJust sk)) -- refresh timeout
getUser $! sessionUser sd
let user = maybe "" uUsername mbUser
localRq (setHeader "REMOTE_USER" user) handler
-- | Run the handler after setting @REMOTE_USER@ from the "authorization"
-- header. Works with simple HTTP authentication or digest authentication.
withUserFromHTTPAuth :: Handler -> Handler
withUserFromHTTPAuth handler = do
req <- askRq
let user = case getHeader "authorization" req of
Nothing -> ""
Just authHeader -> case parse pAuthorizationHeader "" (UTF8.toString authHeader) of
Left _ -> ""
Right u -> u
localRq (setHeader "REMOTE_USER" user) handler
-- | Returns @Just@ logged in user or @Nothing@.
getLoggedInUser :: GititServerPart (Maybe User)
getLoggedInUser = do
req <- askRq
case maybe "" UTF8.toString (getHeader "REMOTE_USER" req) of
"" -> return Nothing
u -> do
mbUser <- getUser u
case mbUser of
Just user -> return $ Just user
Nothing -> return $ Just User{uUsername = u, uEmail = "", uPassword = undefined}
pAuthorizationHeader :: GenParser Char st String
pAuthorizationHeader = try pBasicHeader <|> pDigestHeader
pDigestHeader :: GenParser Char st String
pDigestHeader = do
_ <- string "Digest username=\""
result' <- many (noneOf "\"")
_ <- char '"'
return result'
pBasicHeader :: GenParser Char st String
pBasicHeader = do
_ <- string "Basic "
result' <- many (noneOf " \t\n")
return $ takeWhile (/=':') $ UTF8.toString
$ decodeLenient $ UTF8.fromString result'
-- | @unlessNoEdit responder fallback@ runs @responder@ unless the
-- page has been designated not editable in configuration; in that
-- case, runs @fallback@.
unlessNoEdit :: Handler
-> Handler
-> Handler
unlessNoEdit responder fallback = withData $ \(params :: Params) -> do
cfg <- getConfig
page <- getPage
if page `elem` noEdit cfg
then withMessages ("Page is locked." : pMessages params) fallback
else responder
-- | @unlessNoDelete responder fallback@ runs @responder@ unless the
-- page has been designated not deletable in configuration; in that
-- case, runs @fallback@.
unlessNoDelete :: Handler
-> Handler
-> Handler
unlessNoDelete responder fallback = withData $ \(params :: Params) -> do
cfg <- getConfig
page <- getPage
if page `elem` noDelete cfg
then withMessages ("Page cannot be deleted." : pMessages params) fallback
else responder
-- | Returns the current path (subtracting initial commands like @\/_edit@).
getPath :: ServerMonad m => m String
getPath = liftM (intercalate "/" . rqPaths) askRq
-- | Returns the current page name (derived from the path).
getPage :: GititServerPart String
getPage = do
conf <- getConfig
path' <- getPath
if null path'
then return (frontPage conf)
else if isPage path'
then return path'
else mzero -- fail if not valid page name
-- | Returns the contents of the "referer" header.
getReferer :: ServerMonad m => m String
getReferer = do
req <- askRq
base' <- getWikiBase
return $ case getHeader "referer" req of
Just r -> case UTF8.toString r of
"" -> base'
s -> s
Nothing -> base'
-- | Returns the base URL of the wiki in the happstack server.
-- So, if the wiki handlers are behind a @dir 'foo'@, getWikiBase will
-- return @\/foo/@. getWikiBase doesn't know anything about HTTP
-- proxies, so if you use proxies to map a gitit wiki to @\/foo/@,
-- you'll still need to follow the instructions in README.
getWikiBase :: ServerMonad m => m String
getWikiBase = do
path' <- getPath
uri' <- liftM (fromJust . decString True . rqUri) askRq
case calculateWikiBase path' uri' of
Just b -> return b
Nothing -> error $ "Could not getWikiBase: (path, uri) = " ++ show (path',uri')
-- | The pure core of 'getWikiBase'.
calculateWikiBase :: String -> String -> Maybe String
calculateWikiBase path' uri' =
let revpaths = reverse . filter (not . null) $ splitOn '/' path'
revuris = reverse . filter (not . null) $ splitOn '/' uri'
in if revpaths `isPrefixOf` revuris
then let revbase = drop (length revpaths) revuris
-- a path like _feed is not part of the base...
revbase' = case revbase of
(x:xs) | startsWithUnderscore x -> xs
xs -> xs
base' = intercalate "/" $ reverse revbase'
in Just $ if null base' then "" else '/' : base'
else Nothing
startsWithUnderscore :: String -> Bool
startsWithUnderscore ('_':_) = True
startsWithUnderscore _ = False
splitOn :: Eq a => a -> [a] -> [[a]]
splitOn c cs =
let (next, rest) = break (==c) cs
in case rest of
[] -> [next]
(_:rs) -> next : splitOn c rs
-- | Returns path portion of URI, without initial @\/@.
-- Consecutive spaces are collapsed. We don't want to distinguish
-- @Hi There@ and @Hi There@.
uriPath :: String -> String
uriPath = unwords . words . drop 1 . takeWhile (/='?')
isPage :: String -> Bool
isPage "" = False
isPage ('_':_) = False
isPage s = all (`notElem` "*?") s && not (".." `isInfixOf` s) && not ("/_" `isInfixOf` s)
-- for now, we disallow @*@ and @?@ in page names, because git filestore
-- does not deal with them properly, and darcs filestore disallows them.
isPageFile :: FilePath -> Bool
isPageFile f = takeExtension f == ".page"
isDiscussPage :: String -> Bool
isDiscussPage ('@':xs) = isPage xs
isDiscussPage _ = False
isDiscussPageFile :: FilePath -> Bool
isDiscussPageFile ('@':xs) = isPageFile xs
isDiscussPageFile _ = False
isSourceCode :: String -> Bool
isSourceCode path' =
let langs = languagesByFilename $ takeFileName path'
in not (null langs || takeExtension path' == ".svg")
-- allow svg to be served as image
-- | Returns encoded URL path for the page with the given name, relative to
-- the wiki base.
urlForPage :: String -> String
urlForPage page = '/' : encString False isUnescapedInURI page
-- | Returns the filestore path of the file containing the page's source.
pathForPage :: String -> FilePath
pathForPage page = page <.> "page"
-- | Retrieves a mime type based on file extension.
getMimeTypeForExtension :: String -> GititServerPart String
getMimeTypeForExtension ext = do
mimes <- liftM mimeMap getConfig
return $ fromMaybe "application/octet-stream"
(M.lookup (dropWhile (== '.') $ map toLower ext) mimes)
-- | Simple helper for validation of forms.
validate :: [(Bool, String)] -- ^ list of conditions and error messages
-> [String] -- ^ list of error messages
validate = foldl go []
where go errs (condition, msg) = if condition then msg:errs else errs
guardCommand :: String -> GititServerPart ()
guardCommand command = withData $ \(com :: Command) ->
case com of
Command (Just c) | c == command -> return ()
_ -> mzero
guardPath :: (String -> Bool) -> GititServerPart ()
guardPath pred' = guardRq (pred' . rqUri)
-- | Succeeds if path is an index path: e.g. @\/foo\/bar/@.
guardIndex :: GititServerPart ()
guardIndex = do
base <- getWikiBase
uri' <- liftM rqUri askRq
let localpath = drop (length base) uri'
unless (length localpath > 1 && lastNote "guardIndex" uri' == '/')
mzero
-- Guard against a path like @\/wiki@ when the wiki is being
-- served at @\/wiki@.
guardBareBase :: GititServerPart ()
guardBareBase = do
base' <- getWikiBase
uri' <- liftM rqUri askRq
unless (not (null base') && base' == uri')
mzero
-- | Runs a server monad in a local context after setting
-- the "message" request header.
withMessages :: ServerMonad m => [String] -> m a -> m a
withMessages messages handler = do
req <- askRq
let inps = filter (\(n,_) -> n /= "message") $ rqInputsQuery req
let newInp msg = ("message", Input {
inputValue = Right
$ LazyUTF8.fromString msg
, inputFilename = Nothing
, inputContentType = ContentType {
ctType = "text"
, ctSubtype = "plain"
, ctParameters = [] }
})
localRq (\rq -> rq{ rqInputsQuery = map newInp messages ++ inps }) handler
-- | Returns a filestore object derived from the
-- repository path and filestore type specified in configuration.
filestoreFromConfig :: Config -> FileStore
filestoreFromConfig conf =
case repositoryType conf of
Git -> gitFileStore $ repositoryPath conf
Darcs -> darcsFileStore $ repositoryPath conf
Mercurial -> mercurialFileStore $ repositoryPath conf