2015-05-15 23:18:52 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"compress/gzip"
|
2018-11-04 06:22:46 +00:00
|
|
|
"crypto/sha256"
|
2016-01-25 05:01:40 +00:00
|
|
|
"encoding/base64"
|
2017-04-14 02:33:44 +00:00
|
|
|
"io"
|
2015-05-15 23:18:52 +00:00
|
|
|
"io/ioutil"
|
2016-01-25 00:01:37 +00:00
|
|
|
"log"
|
2015-05-15 23:18:52 +00:00
|
|
|
"net/http"
|
2016-02-03 01:22:45 +00:00
|
|
|
"path/filepath"
|
2015-05-15 23:18:52 +00:00
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
2015-05-25 02:00:21 +00:00
|
|
|
|
2017-04-14 02:33:44 +00:00
|
|
|
"github.com/dsnet/compress/brotli"
|
2015-12-11 03:35:48 +00:00
|
|
|
"github.com/khlieng/dispatch/assets"
|
2018-11-04 06:22:46 +00:00
|
|
|
"github.com/spf13/viper"
|
2015-05-15 23:18:52 +00:00
|
|
|
)
|
|
|
|
|
|
2018-10-19 00:11:12 +00:00
|
|
|
const longCacheControl = "public, max-age=31536000, immutable"
|
2017-04-14 02:33:44 +00:00
|
|
|
const disabledCacheControl = "no-cache, no-store, must-revalidate"
|
|
|
|
|
|
2016-02-03 01:22:45 +00:00
|
|
|
type File struct {
|
|
|
|
|
Asset string
|
2017-04-14 02:33:44 +00:00
|
|
|
GzipAsset []byte
|
2017-04-15 02:48:24 +00:00
|
|
|
Hash string
|
2016-02-03 01:22:45 +00:00
|
|
|
ContentType string
|
|
|
|
|
CacheControl string
|
2017-04-14 02:33:44 +00:00
|
|
|
Compressed bool
|
2016-02-03 01:22:45 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
type h2PushAsset struct {
|
|
|
|
|
path string
|
|
|
|
|
hash string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newH2PushAsset(name string) h2PushAsset {
|
|
|
|
|
return h2PushAsset{
|
2018-11-07 00:35:53 +00:00
|
|
|
path: name,
|
2018-11-04 06:22:46 +00:00
|
|
|
hash: strings.Split(name, ".")[1],
|
2016-02-03 01:22:45 +00:00
|
|
|
}
|
2018-11-04 06:22:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
2018-11-27 11:07:48 +00:00
|
|
|
files = map[string]*File{}
|
2018-11-04 06:22:46 +00:00
|
|
|
|
2018-11-17 10:52:36 +00:00
|
|
|
indexStylesheet string
|
|
|
|
|
indexScripts []string
|
|
|
|
|
inlineScript string
|
|
|
|
|
inlineScriptSha256 string
|
|
|
|
|
serviceWorker []byte
|
2018-11-04 06:22:46 +00:00
|
|
|
|
|
|
|
|
h2PushAssets []h2PushAsset
|
|
|
|
|
h2PushCookieValue string
|
2016-02-03 01:22:45 +00:00
|
|
|
|
|
|
|
|
contentTypes = map[string]string{
|
2018-11-04 06:22:46 +00:00
|
|
|
".js": "text/javascript",
|
|
|
|
|
".css": "text/css",
|
2016-02-03 01:22:45 +00:00
|
|
|
".woff2": "font/woff2",
|
|
|
|
|
".woff": "application/font-woff",
|
|
|
|
|
".ttf": "application/x-font-ttf",
|
2018-11-10 11:18:45 +00:00
|
|
|
".png": "image/png",
|
|
|
|
|
".ico": "image/x-icon",
|
|
|
|
|
".json": "application/json",
|
2016-01-25 21:41:54 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-14 09:11:15 +00:00
|
|
|
robots = []byte("User-agent: *\nDisallow: /")
|
|
|
|
|
|
2016-01-25 21:41:54 +00:00
|
|
|
hstsHeader string
|
2016-02-03 18:42:07 +00:00
|
|
|
cspEnabled bool
|
2016-01-25 21:41:54 +00:00
|
|
|
)
|
2015-05-15 23:18:52 +00:00
|
|
|
|
2018-05-31 21:24:59 +00:00
|
|
|
func (d *Dispatch) initFileServer() {
|
2018-11-04 06:22:46 +00:00
|
|
|
if viper.GetBool("dev") {
|
|
|
|
|
indexScripts = []string{"bundle.js"}
|
|
|
|
|
} else {
|
2018-11-10 11:18:45 +00:00
|
|
|
bootloader := decompressedAsset(findAssetName("boot*.js"))
|
|
|
|
|
runtime := decompressedAsset(findAssetName("runtime*.js"))
|
2018-11-06 10:13:32 +00:00
|
|
|
|
2018-11-17 10:52:36 +00:00
|
|
|
inlineScript = string(bootloader) + string(runtime)
|
2017-04-14 02:33:44 +00:00
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
hash := sha256.New()
|
2018-11-06 10:13:32 +00:00
|
|
|
hash.Write(bootloader)
|
|
|
|
|
hash.Write(runtime)
|
2018-11-17 10:52:36 +00:00
|
|
|
inlineScriptSha256 = base64.StdEncoding.EncodeToString(hash.Sum(nil))
|
2018-11-06 10:13:32 +00:00
|
|
|
|
2018-11-10 11:18:45 +00:00
|
|
|
indexStylesheet = findAssetName("main*.css")
|
2018-11-04 06:22:46 +00:00
|
|
|
indexScripts = []string{
|
2018-11-10 11:18:45 +00:00
|
|
|
findAssetName("vendors*.js"),
|
|
|
|
|
findAssetName("main*.js"),
|
2016-01-25 05:01:40 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
h2PushAssets = []h2PushAsset{
|
|
|
|
|
newH2PushAsset(indexStylesheet),
|
|
|
|
|
newH2PushAsset(indexScripts[0]),
|
|
|
|
|
newH2PushAsset(indexScripts[1]),
|
|
|
|
|
}
|
2016-01-25 21:41:54 +00:00
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
for _, asset := range h2PushAssets {
|
|
|
|
|
h2PushCookieValue += asset.hash
|
|
|
|
|
}
|
2017-04-14 02:33:44 +00:00
|
|
|
|
2018-11-06 10:13:32 +00:00
|
|
|
ignoreAssets := []string{
|
2018-11-10 11:18:45 +00:00
|
|
|
findAssetName("runtime*.js"),
|
|
|
|
|
findAssetName("boot*.js"),
|
|
|
|
|
"sw.js",
|
2018-11-06 10:13:32 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-07 00:35:53 +00:00
|
|
|
outer:
|
2018-11-10 11:18:45 +00:00
|
|
|
for _, asset := range assets.AssetNames() {
|
|
|
|
|
assetName := strings.TrimSuffix(asset, ".br")
|
|
|
|
|
|
2018-11-06 10:13:32 +00:00
|
|
|
for _, ignored := range ignoreAssets {
|
2018-11-10 11:18:45 +00:00
|
|
|
if ignored == assetName {
|
2018-11-07 00:35:53 +00:00
|
|
|
continue outer
|
2018-11-06 10:13:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
file := &File{
|
2018-11-10 11:18:45 +00:00
|
|
|
Asset: asset,
|
|
|
|
|
ContentType: contentTypes[filepath.Ext(assetName)],
|
2018-11-04 06:22:46 +00:00
|
|
|
CacheControl: longCacheControl,
|
2018-11-10 11:18:45 +00:00
|
|
|
Compressed: strings.HasSuffix(asset, ".br"),
|
2017-04-14 02:33:44 +00:00
|
|
|
}
|
2018-11-04 06:22:46 +00:00
|
|
|
|
2017-04-14 02:33:44 +00:00
|
|
|
if file.Compressed {
|
2018-11-04 06:22:46 +00:00
|
|
|
data, err := assets.Asset(file.Asset)
|
2017-04-14 02:33:44 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
file.GzipAsset = gzipAsset(data)
|
2017-04-14 02:33:44 +00:00
|
|
|
}
|
2018-11-10 11:18:45 +00:00
|
|
|
|
2018-11-27 11:07:48 +00:00
|
|
|
files["/"+assetName] = file
|
2016-02-03 01:22:45 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-06 10:13:32 +00:00
|
|
|
serviceWorker = decompressedAsset("sw.js")
|
|
|
|
|
hash.Reset()
|
2018-11-17 10:52:36 +00:00
|
|
|
IndexTemplate(hash, indexStylesheet, inlineScript, indexScripts)
|
2018-11-06 10:13:32 +00:00
|
|
|
indexHash := base64.StdEncoding.EncodeToString(hash.Sum(nil))
|
|
|
|
|
|
|
|
|
|
serviceWorker = append(serviceWorker, []byte(`
|
|
|
|
|
workbox.precaching.precacheAndRoute([{
|
|
|
|
|
revision: '`+indexHash+`',
|
2018-11-17 10:52:36 +00:00
|
|
|
url: '/'
|
2018-11-06 10:13:32 +00:00
|
|
|
}]);
|
2018-11-17 10:52:36 +00:00
|
|
|
workbox.routing.registerNavigationRoute('/');`)...)
|
2018-11-06 10:13:32 +00:00
|
|
|
|
2016-02-03 18:42:07 +00:00
|
|
|
if viper.GetBool("https.hsts.enabled") && viper.GetBool("https.enabled") {
|
2016-01-25 21:41:54 +00:00
|
|
|
hstsHeader = "max-age=" + viper.GetString("https.hsts.max_age")
|
|
|
|
|
|
|
|
|
|
if viper.GetBool("https.hsts.include_subdomains") {
|
|
|
|
|
hstsHeader += "; includeSubDomains"
|
|
|
|
|
}
|
|
|
|
|
if viper.GetBool("https.hsts.preload") {
|
|
|
|
|
hstsHeader += "; preload"
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-03 18:42:07 +00:00
|
|
|
|
|
|
|
|
cspEnabled = true
|
2016-01-25 05:01:40 +00:00
|
|
|
}
|
2015-05-15 23:18:52 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-10 11:18:45 +00:00
|
|
|
func findAssetName(glob string) string {
|
|
|
|
|
for _, assetName := range assets.AssetNames() {
|
|
|
|
|
assetName = strings.TrimSuffix(assetName, ".br")
|
2018-11-08 08:39:32 +00:00
|
|
|
|
2018-11-10 11:18:45 +00:00
|
|
|
if m, _ := filepath.Match(glob, assetName); m {
|
|
|
|
|
return assetName
|
2018-11-08 08:39:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-11-10 11:18:45 +00:00
|
|
|
return ""
|
2018-11-08 08:39:32 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
func decompressAsset(data []byte) []byte {
|
|
|
|
|
br, err := brotli.NewReader(bytes.NewReader(data), nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := &bytes.Buffer{}
|
|
|
|
|
io.Copy(buf, br)
|
|
|
|
|
return buf.Bytes()
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-06 10:13:32 +00:00
|
|
|
func decompressedAsset(name string) []byte {
|
2018-11-10 11:18:45 +00:00
|
|
|
asset, err := assets.Asset(name + ".br")
|
2018-11-06 10:13:32 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
return decompressAsset(asset)
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-04 06:22:46 +00:00
|
|
|
func gzipAsset(data []byte) []byte {
|
|
|
|
|
br, err := brotli.NewReader(bytes.NewReader(data), nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf := &bytes.Buffer{}
|
|
|
|
|
gzw, err := gzip.NewWriterLevel(buf, gzip.BestCompression)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
io.Copy(gzw, br)
|
|
|
|
|
gzw.Close()
|
|
|
|
|
return buf.Bytes()
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-31 21:24:59 +00:00
|
|
|
func (d *Dispatch) serveFiles(w http.ResponseWriter, r *http.Request) {
|
2015-05-15 23:18:52 +00:00
|
|
|
if r.URL.Path == "/" {
|
2018-05-31 21:24:59 +00:00
|
|
|
d.serveIndex(w, r)
|
2015-05-15 23:18:52 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-27 11:07:48 +00:00
|
|
|
if file, ok := files[r.URL.Path]; ok {
|
|
|
|
|
d.serveFile(w, r, file)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-06 10:13:32 +00:00
|
|
|
if r.URL.Path == "/sw.js" {
|
|
|
|
|
w.Header().Set("Cache-Control", disabledCacheControl)
|
|
|
|
|
w.Header().Set("Content-Type", "text/javascript")
|
|
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(serviceWorker)))
|
|
|
|
|
w.Write(serviceWorker)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-14 09:11:15 +00:00
|
|
|
if r.URL.Path == "/robots.txt" {
|
|
|
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(robots)))
|
|
|
|
|
w.Write(robots)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-31 21:24:59 +00:00
|
|
|
d.serveIndex(w, r)
|
2016-01-25 00:01:37 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-31 21:24:59 +00:00
|
|
|
func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) {
|
2017-04-15 02:48:24 +00:00
|
|
|
if pusher, ok := w.(http.Pusher); ok {
|
|
|
|
|
options := &http.PushOptions{
|
|
|
|
|
Header: http.Header{
|
|
|
|
|
"Accept-Encoding": r.Header["Accept-Encoding"],
|
|
|
|
|
},
|
|
|
|
|
}
|
2018-11-07 01:55:00 +00:00
|
|
|
|
2017-04-15 02:48:24 +00:00
|
|
|
cookie, err := r.Cookie("push")
|
|
|
|
|
if err != nil {
|
2018-11-04 06:22:46 +00:00
|
|
|
for _, asset := range h2PushAssets {
|
|
|
|
|
pusher.Push(asset.path, options)
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-15 02:48:24 +00:00
|
|
|
setPushCookie(w, r)
|
|
|
|
|
} else {
|
|
|
|
|
pushed := false
|
|
|
|
|
|
2018-11-27 10:34:02 +00:00
|
|
|
i := 0
|
|
|
|
|
for _, asset := range h2PushAssets {
|
|
|
|
|
if len(cookie.Value) >= i+len(asset.hash) &&
|
|
|
|
|
asset.hash != cookie.Value[i:i+len(asset.hash)] {
|
|
|
|
|
i += len(asset.hash)
|
2018-11-04 06:22:46 +00:00
|
|
|
pusher.Push(asset.path, options)
|
|
|
|
|
pushed = true
|
|
|
|
|
}
|
2017-04-15 02:48:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if pushed {
|
|
|
|
|
setPushCookie(w, r)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 01:55:00 +00:00
|
|
|
if cspEnabled {
|
|
|
|
|
var wsSrc string
|
|
|
|
|
if r.TLS != nil {
|
|
|
|
|
wsSrc = "wss://" + r.Host
|
|
|
|
|
} else {
|
|
|
|
|
wsSrc = "ws://" + r.Host
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-14 07:34:35 +00:00
|
|
|
csp := []string{
|
|
|
|
|
"default-src 'none'",
|
2018-11-17 10:52:36 +00:00
|
|
|
"script-src 'self' 'sha256-" + inlineScriptSha256 + "'",
|
2018-11-14 07:34:35 +00:00
|
|
|
"style-src 'self' 'unsafe-inline'",
|
|
|
|
|
"font-src 'self'",
|
|
|
|
|
"img-src 'self'",
|
|
|
|
|
"manifest-src 'self'",
|
|
|
|
|
"connect-src 'self' " + wsSrc,
|
|
|
|
|
"worker-src 'self'",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Security-Policy", strings.Join(csp, "; "))
|
2018-11-06 10:13:32 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-07 01:55:00 +00:00
|
|
|
w.Header().Set("Content-Type", "text/html")
|
|
|
|
|
w.Header().Set("Cache-Control", disabledCacheControl)
|
|
|
|
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
|
|
|
|
w.Header().Set("X-Frame-Options", "deny")
|
|
|
|
|
w.Header().Set("X-XSS-Protection", "1; mode=block")
|
2018-11-09 05:30:31 +00:00
|
|
|
w.Header().Set("Referrer-Policy", "same-origin")
|
2018-11-07 01:55:00 +00:00
|
|
|
|
|
|
|
|
if hstsHeader != "" {
|
|
|
|
|
w.Header().Set("Strict-Transport-Security", hstsHeader)
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-25 00:01:37 +00:00
|
|
|
if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
|
|
|
|
|
w.Header().Set("Content-Encoding", "gzip")
|
2016-01-25 21:41:54 +00:00
|
|
|
|
2018-11-09 05:30:31 +00:00
|
|
|
gzw := getGzipWriter(w)
|
2018-11-17 10:52:36 +00:00
|
|
|
IndexTemplate(gzw, indexStylesheet, inlineScript, indexScripts)
|
2018-11-09 05:30:31 +00:00
|
|
|
putGzipWriter(gzw)
|
2016-01-25 00:01:37 +00:00
|
|
|
} else {
|
2018-11-17 10:52:36 +00:00
|
|
|
IndexTemplate(w, indexStylesheet, inlineScript, indexScripts)
|
2016-01-25 00:01:37 +00:00
|
|
|
}
|
2015-05-15 23:18:52 +00:00
|
|
|
}
|
|
|
|
|
|
2017-04-15 02:48:24 +00:00
|
|
|
func setPushCookie(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
|
|
|
Name: "push",
|
2018-11-04 06:22:46 +00:00
|
|
|
Value: h2PushCookieValue,
|
2017-04-15 02:48:24 +00:00
|
|
|
Path: "/",
|
|
|
|
|
Expires: time.Now().AddDate(1, 0, 0),
|
|
|
|
|
HttpOnly: true,
|
|
|
|
|
Secure: r.TLS != nil,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-31 21:24:59 +00:00
|
|
|
func (d *Dispatch) serveFile(w http.ResponseWriter, r *http.Request, file *File) {
|
2016-02-03 01:22:45 +00:00
|
|
|
data, err := assets.Asset(file.Asset)
|
2015-05-15 23:18:52 +00:00
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, "", http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-03 01:22:45 +00:00
|
|
|
if file.CacheControl != "" {
|
|
|
|
|
w.Header().Set("Cache-Control", file.CacheControl)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", file.ContentType)
|
2015-05-15 23:18:52 +00:00
|
|
|
|
2017-04-15 23:37:26 +00:00
|
|
|
if file.Compressed && strings.Contains(r.Header.Get("Accept-Encoding"), "br") {
|
|
|
|
|
w.Header().Set("Content-Encoding", "br")
|
|
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
|
|
|
|
|
w.Write(data)
|
|
|
|
|
} else if file.Compressed && strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
|
|
|
|
|
w.Header().Set("Content-Encoding", "gzip")
|
|
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(file.GzipAsset)))
|
|
|
|
|
w.Write(file.GzipAsset)
|
2017-04-14 02:33:44 +00:00
|
|
|
} else if !file.Compressed {
|
2016-02-03 01:22:45 +00:00
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
|
|
|
|
|
w.Write(data)
|
2015-05-15 23:18:52 +00:00
|
|
|
} else {
|
2017-04-14 02:33:44 +00:00
|
|
|
gzr, err := gzip.NewReader(bytes.NewReader(file.GzipAsset))
|
2015-05-15 23:18:52 +00:00
|
|
|
buf, err := ioutil.ReadAll(gzr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, "", http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
|
|
|
|
|
w.Write(buf)
|
|
|
|
|
}
|
|
|
|
|
}
|
