dispatch/server/serve_files.go

package server

import (
	"bytes"
	"compress/gzip"
	"crypto/md5"
	"encoding/base64"
	"io"
	"io/ioutil"
	"log"
	"net/http"
	"path"
	"path/filepath"
	"strconv"
	"strings"
	"time"

	"github.com/dsnet/compress/brotli"
	"github.com/spf13/viper"

	"github.com/khlieng/dispatch/assets"
)

const longCacheControl = "public, max-age=31536000"
const disabledCacheControl = "no-cache, no-store, must-revalidate"

type File struct {
	Path         string
	Asset        string
	GzipAsset    []byte
	ContentType  string
	CacheControl string
	Compressed   bool
}

var (
	files = []*File{
		&File{
			Path:         "bundle.js",
			Asset:        "bundle.js.br",
			ContentType:  "text/javascript",
			CacheControl: longCacheControl,
			Compressed:   true,
		},
		&File{
			Path:         "bundle.css",
			Asset:        "bundle.css.br",
			ContentType:  "text/css",
			CacheControl: longCacheControl,
			Compressed:   true,
		},
	}

	contentTypes = map[string]string{
		".woff2": "font/woff2",
		".woff":  "application/font-woff",
		".ttf":   "application/x-font-ttf",
	}

	hstsHeader string
	cspEnabled bool
)

func initFileServer() {
	if !viper.GetBool("dev") {
		data, err := assets.Asset(files[0].Asset)
		if err != nil {
			log.Fatal(err)
		}

		hash := md5.Sum(data)
		files[0].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".js"

		br, err := brotli.NewReader(bytes.NewReader(data), nil)
		if err != nil {
			log.Fatal(err)
		}

		buf := &bytes.Buffer{}
		gzw, err := gzip.NewWriterLevel(buf, gzip.BestCompression)
		if err != nil {
			log.Fatal(err)
		}

		io.Copy(gzw, br)
		gzw.Close()
		files[0].GzipAsset = buf.Bytes()

		data, err = assets.Asset(files[1].Asset)
		if err != nil {
			log.Fatal(err)
		}

		hash = md5.Sum(data)
		files[1].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".css"

		br.Reset(bytes.NewReader(data))
		buf = &bytes.Buffer{}
		gzw.Reset(buf)

		io.Copy(gzw, br)
		gzw.Close()
		files[1].GzipAsset = buf.Bytes()

		fonts, err := assets.AssetDir("font")
		if err != nil {
			log.Fatal(err)
		}

		for _, font := range fonts {
			p := strings.TrimSuffix(font, ".br")

			file := &File{
				Path:         path.Join("font", p),
				Asset:        path.Join("font", font),
				ContentType:  contentTypes[filepath.Ext(p)],
				CacheControl: longCacheControl,
				Compressed:   strings.HasSuffix(font, ".br"),
			}

			if file.Compressed {
				data, err = assets.Asset(file.Asset)
				if err != nil {
					log.Fatal(err)
				}

				br.Reset(bytes.NewReader(data))
				buf = &bytes.Buffer{}
				gzw.Reset(buf)

				io.Copy(gzw, br)
				gzw.Close()
				file.GzipAsset = buf.Bytes()
			}

			files = append(files, file)
		}

		if viper.GetBool("https.hsts.enabled") && viper.GetBool("https.enabled") {
			hstsHeader = "max-age=" + viper.GetString("https.hsts.max_age")

			if viper.GetBool("https.hsts.include_subdomains") {
				hstsHeader += "; includeSubDomains"
			}
			if viper.GetBool("https.hsts.preload") {
				hstsHeader += "; preload"
			}
		}

		cspEnabled = true
	}
}

func serveFiles(w http.ResponseWriter, r *http.Request) {
	if r.URL.Path == "/" {
		serveIndex(w, r)
		return
	}

	for _, file := range files {
		if strings.HasSuffix(r.URL.Path, file.Path) {
			serveFile(w, r, file)
			return
		}
	}

	serveIndex(w, r)
}

func serveIndex(w http.ResponseWriter, r *http.Request) {
	session := handleAuth(w, r)
	if session == nil {
		log.Println("[Auth] No session")
		w.WriteHeader(500)
		return
	}

	if cspEnabled {
		var connectSrc string
		if r.TLS != nil {
			connectSrc = "wss://" + r.Host
		} else {
			connectSrc = "ws://" + r.Host
		}

		w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data:; connect-src "+connectSrc)
	}

	w.Header().Set("Content-Type", "text/html")
	w.Header().Set("Cache-Control", disabledCacheControl)
	w.Header().Set("X-Content-Type-Options", "nosniff")
	w.Header().Set("X-Frame-Options", "deny")
	w.Header().Set("X-XSS-Protection", "1; mode=block")

	if hstsHeader != "" {
		w.Header().Set("Strict-Transport-Security", hstsHeader)
	}

	if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
		w.Header().Set("Content-Encoding", "gzip")

		gzw := gzip.NewWriter(w)
		IndexTemplate(gzw, getIndexData(r, session), files[1].Path, files[0].Path)
		gzw.Close()
	} else {
		IndexTemplate(w, getIndexData(r, session), files[1].Path, files[0].Path)
	}
}

func serveFile(w http.ResponseWriter, r *http.Request, file *File) {
	info, err := assets.AssetInfo(file.Asset)
	if err != nil {
		http.Error(w, "", http.StatusInternalServerError)
		return
	}

	if !modifiedSince(w, r, info.ModTime()) {
		return
	}

	data, err := assets.Asset(file.Asset)
	if err != nil {
		http.Error(w, "", http.StatusInternalServerError)
		return
	}

	if file.CacheControl != "" {
		w.Header().Set("Cache-Control", file.CacheControl)
	}

	w.Header().Set("Content-Type", file.ContentType)

	if file.Compressed {
		if strings.Contains(r.Header.Get("Accept-Encoding"), "br") {
			w.Header().Set("Content-Encoding", "br")
			w.Header().Set("Content-Length", strconv.Itoa(len(data)))
			w.Write(data)
		} else if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
			w.Header().Set("Content-Encoding", "gzip")
			w.Header().Set("Content-Length", strconv.Itoa(len(file.GzipAsset)))
			w.Write(file.GzipAsset)
		}
	} else if !file.Compressed {
		w.Header().Set("Content-Length", strconv.Itoa(len(data)))
		w.Write(data)
	} else {
		gzr, err := gzip.NewReader(bytes.NewReader(file.GzipAsset))
		buf, err := ioutil.ReadAll(gzr)
		if err != nil {
			http.Error(w, "", http.StatusInternalServerError)
			return
		}

		w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
		w.Write(buf)
	}
}

func modifiedSince(w http.ResponseWriter, r *http.Request, modtime time.Time) bool {
	t, err := time.Parse(http.TimeFormat, r.Header.Get("If-Modified-Since"))

	if err == nil && modtime.Before(t.Add(1*time.Second)) {
		w.WriteHeader(http.StatusNotModified)
		return false
	}

	w.Header().Set("Last-Modified", modtime.UTC().Format(http.TimeFormat))
	return true
}
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`package server`

			`import (`
			`"bytes"`
			`"compress/gzip"`
Set long cache-control and add a hash to css and js urls, clean some things up 2016-01-25 05:01:40 +00:00			`"crypto/md5"`
			`"encoding/base64"`
Add brotli support 2017-04-14 02:33:44 +00:00			`"io"`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`"io/ioutil"`
Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`"log"`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`"net/http"`
Update client dependencies 2016-02-04 02:35:50 +00:00			`"path"`
Use local fonts 2016-02-03 01:22:45 +00:00			`"path/filepath"`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`"strconv"`
			`"strings"`
			`"time"`
Add config file, handle it with Viper, add a command to open it in an editor 2015-05-25 02:00:21 +00:00
Add brotli support 2017-04-14 02:33:44 +00:00			`"github.com/dsnet/compress/brotli"`
Switch from Godep to go vendoring 2016-03-01 00:51:26 +00:00			`"github.com/spf13/viper"`
Set long cache-control and add a hash to css and js urls, clean some things up 2016-01-25 05:01:40 +00:00
Name it 2015-12-11 03:35:48 +00:00			`"github.com/khlieng/dispatch/assets"`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`)`

Add brotli support 2017-04-14 02:33:44 +00:00			`const longCacheControl = "public, max-age=31536000"`
			`const disabledCacheControl = "no-cache, no-store, must-revalidate"`

Use local fonts 2016-02-03 01:22:45 +00:00			`type File struct {`
			`Path string`
			`Asset string`
Add brotli support 2017-04-14 02:33:44 +00:00			`GzipAsset []byte`
Use local fonts 2016-02-03 01:22:45 +00:00			`ContentType string`
			`CacheControl string`
Add brotli support 2017-04-14 02:33:44 +00:00			`Compressed bool`
Use local fonts 2016-02-03 01:22:45 +00:00			`}`

Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`var (`
Use local fonts 2016-02-03 01:22:45 +00:00			`files = []*File{`
			`&File{`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`Path: "bundle.js",`
Add brotli support 2017-04-14 02:33:44 +00:00			`Asset: "bundle.js.br",`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`ContentType: "text/javascript",`
Add brotli support 2017-04-14 02:33:44 +00:00			`CacheControl: longCacheControl,`
			`Compressed: true,`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`},`
Use local fonts 2016-02-03 01:22:45 +00:00			`&File{`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`Path: "bundle.css",`
Add brotli support 2017-04-14 02:33:44 +00:00			`Asset: "bundle.css.br",`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`ContentType: "text/css",`
Add brotli support 2017-04-14 02:33:44 +00:00			`CacheControl: longCacheControl,`
			`Compressed: true,`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`},`
Use local fonts 2016-02-03 01:22:45 +00:00			`}`

			`contentTypes = map[string]string{`
			`".woff2": "font/woff2",`
			`".woff": "application/font-woff",`
			`".ttf": "application/x-font-ttf",`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`}`

			`hstsHeader string`
Implement Content-Security-Policy 2016-02-03 18:42:07 +00:00			`cspEnabled bool`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00
Set long cache-control and add a hash to css and js urls, clean some things up 2016-01-25 05:01:40 +00:00			`func initFileServer() {`
			`if !viper.GetBool("dev") {`
			`data, err := assets.Asset(files[0].Asset)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`hash := md5.Sum(data)`
			`files[0].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".js"`

Add brotli support 2017-04-14 02:33:44 +00:00			`br, err := brotli.NewReader(bytes.NewReader(data), nil)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`buf := &bytes.Buffer{}`
			`gzw, err := gzip.NewWriterLevel(buf, gzip.BestCompression)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`io.Copy(gzw, br)`
			`gzw.Close()`
			`files[0].GzipAsset = buf.Bytes()`

Set long cache-control and add a hash to css and js urls, clean some things up 2016-01-25 05:01:40 +00:00			`data, err = assets.Asset(files[1].Asset)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`hash = md5.Sum(data)`
			`files[1].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".css"`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00
Add brotli support 2017-04-14 02:33:44 +00:00			`br.Reset(bytes.NewReader(data))`
			`buf = &bytes.Buffer{}`
			`gzw.Reset(buf)`

			`io.Copy(gzw, br)`
			`gzw.Close()`
			`files[1].GzipAsset = buf.Bytes()`

Use local fonts 2016-02-03 01:22:45 +00:00			`fonts, err := assets.AssetDir("font")`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`for _, font := range fonts {`
Add brotli support 2017-04-14 02:33:44 +00:00			`p := strings.TrimSuffix(font, ".br")`
Use local fonts 2016-02-03 01:22:45 +00:00
Add brotli support 2017-04-14 02:33:44 +00:00			`file := &File{`
Update client dependencies 2016-02-04 02:35:50 +00:00			`Path: path.Join("font", p),`
			`Asset: path.Join("font", font),`
			`ContentType: contentTypes[filepath.Ext(p)],`
Add brotli support 2017-04-14 02:33:44 +00:00			`CacheControl: longCacheControl,`
			`Compressed: strings.HasSuffix(font, ".br"),`
			`}`

			`if file.Compressed {`
			`data, err = assets.Asset(file.Asset)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`br.Reset(bytes.NewReader(data))`
			`buf = &bytes.Buffer{}`
			`gzw.Reset(buf)`

			`io.Copy(gzw, br)`
			`gzw.Close()`
			`file.GzipAsset = buf.Bytes()`
			`}`

			`files = append(files, file)`
Use local fonts 2016-02-03 01:22:45 +00:00			`}`

Implement Content-Security-Policy 2016-02-03 18:42:07 +00:00			`if viper.GetBool("https.hsts.enabled") && viper.GetBool("https.enabled") {`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`hstsHeader = "max-age=" + viper.GetString("https.hsts.max_age")`

			`if viper.GetBool("https.hsts.include_subdomains") {`
			`hstsHeader += "; includeSubDomains"`
			`}`
			`if viper.GetBool("https.hsts.preload") {`
			`hstsHeader += "; preload"`
			`}`
			`}`
Implement Content-Security-Policy 2016-02-03 18:42:07 +00:00
			`cspEnabled = true`
Set long cache-control and add a hash to css and js urls, clean some things up 2016-01-25 05:01:40 +00:00			`}`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`}`

			`func serveFiles(w http.ResponseWriter, r *http.Request) {`
			`if r.URL.Path == "/" {`
Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`serveIndex(w, r)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`return`
			`}`

			`for _, file := range files {`
			`if strings.HasSuffix(r.URL.Path, file.Path) {`
Use local fonts 2016-02-03 01:22:45 +00:00			`serveFile(w, r, file)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`return`
			`}`
			`}`

Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`serveIndex(w, r)`
			`}`

			`func serveIndex(w http.ResponseWriter, r *http.Request) {`
			`session := handleAuth(w, r)`
			`if session == nil {`
			`log.Println("[Auth] No session")`
			`w.WriteHeader(500)`
			`return`
			`}`

Implement Content-Security-Policy 2016-02-03 18:42:07 +00:00			`if cspEnabled {`
			`var connectSrc string`
			`if r.TLS != nil {`
			`connectSrc = "wss://" + r.Host`
			`} else {`
			`connectSrc = "ws://" + r.Host`
			`}`

Prevent favicon requests 2017-03-23 19:55:34 +00:00			`w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data:; connect-src "+connectSrc)`
Implement Content-Security-Policy 2016-02-03 18:42:07 +00:00			`}`

Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`w.Header().Set("Content-Type", "text/html")`
Add brotli support 2017-04-14 02:33:44 +00:00			`w.Header().Set("Cache-Control", disabledCacheControl)`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00			`w.Header().Set("X-Content-Type-Options", "nosniff")`
			`w.Header().Set("X-Frame-Options", "deny")`
			`w.Header().Set("X-XSS-Protection", "1; mode=block")`

			`if hstsHeader != "" {`
			`w.Header().Set("Strict-Transport-Security", hstsHeader)`
			`}`
Implement client connect form defaults 2016-01-25 00:01:37 +00:00
			`if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {`
			`w.Header().Set("Content-Encoding", "gzip")`
Add configurable HSTS and some other headers 2016-01-25 21:41:54 +00:00
Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`gzw := gzip.NewWriter(w)`
Use egon templating for the index page 2016-03-16 22:23:16 +00:00			`IndexTemplate(gzw, getIndexData(r, session), files[1].Path, files[0].Path)`
Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`gzw.Close()`
			`} else {`
Use egon templating for the index page 2016-03-16 22:23:16 +00:00			`IndexTemplate(w, getIndexData(r, session), files[1].Path, files[0].Path)`
Implement client connect form defaults 2016-01-25 00:01:37 +00:00			`}`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`}`

Use local fonts 2016-02-03 01:22:45 +00:00			`func serveFile(w http.ResponseWriter, r http.Request, file File) {`
			`info, err := assets.AssetInfo(file.Asset)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`if err != nil {`
			`http.Error(w, "", http.StatusInternalServerError)`
			`return`
			`}`

			`if !modifiedSince(w, r, info.ModTime()) {`
			`return`
			`}`

Use local fonts 2016-02-03 01:22:45 +00:00			`data, err := assets.Asset(file.Asset)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`if err != nil {`
			`http.Error(w, "", http.StatusInternalServerError)`
			`return`
			`}`

Use local fonts 2016-02-03 01:22:45 +00:00			`if file.CacheControl != "" {`
			`w.Header().Set("Cache-Control", file.CacheControl)`
			`}`

			`w.Header().Set("Content-Type", file.ContentType)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00
Add brotli support 2017-04-14 02:33:44 +00:00			`if file.Compressed {`
			`if strings.Contains(r.Header.Get("Accept-Encoding"), "br") {`
			`w.Header().Set("Content-Encoding", "br")`
			`w.Header().Set("Content-Length", strconv.Itoa(len(data)))`
			`w.Write(data)`
			`} else if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {`
			`w.Header().Set("Content-Encoding", "gzip")`
			`w.Header().Set("Content-Length", strconv.Itoa(len(file.GzipAsset)))`
			`w.Write(file.GzipAsset)`
			`}`
			`} else if !file.Compressed {`
Use local fonts 2016-02-03 01:22:45 +00:00			`w.Header().Set("Content-Length", strconv.Itoa(len(data)))`
			`w.Write(data)`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`} else {`
Add brotli support 2017-04-14 02:33:44 +00:00			`gzr, err := gzip.NewReader(bytes.NewReader(file.GzipAsset))`
Implement Last-Modified caching 2015-05-15 23:18:52 +00:00			`buf, err := ioutil.ReadAll(gzr)`
			`if err != nil {`
			`http.Error(w, "", http.StatusInternalServerError)`
			`return`
			`}`

			`w.Header().Set("Content-Length", strconv.Itoa(len(buf)))`
			`w.Write(buf)`
			`}`
			`}`

			`func modifiedSince(w http.ResponseWriter, r *http.Request, modtime time.Time) bool {`
			`t, err := time.Parse(http.TimeFormat, r.Header.Get("If-Modified-Since"))`

			`if err == nil && modtime.Before(t.Add(1*time.Second)) {`
			`w.WriteHeader(http.StatusNotModified)`
			`return false`
			`}`

			`w.Header().Set("Last-Modified", modtime.UTC().Format(http.TimeFormat))`
			`return true`
			`}`