mattermost/utils/api.go

// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.

package utils

import (
	"net/http"
	"net/url"
	"strings"

	"github.com/mattermost/platform/model"
)

type OriginCheckerProc func(*http.Request) bool

func OriginChecker(r *http.Request) bool {
	origin := r.Header.Get("Origin")
	return *Cfg.ServiceSettings.AllowCorsFrom == "*" || strings.Contains(*Cfg.ServiceSettings.AllowCorsFrom, origin)
}

func GetOriginChecker(r *http.Request) OriginCheckerProc {
	if len(*Cfg.ServiceSettings.AllowCorsFrom) > 0 {
		return OriginChecker
	}

	return nil
}

func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) {
	T, _ := GetTranslationsAndLocale(w, r)

	title := T("api.templates.error.title", map[string]interface{}{"SiteName": ClientCfg["SiteName"]})
	message := err.Message
	details := err.DetailedError
	link := "/"
	linkMessage := T("api.templates.error.link")

	status := http.StatusTemporaryRedirect
	if err.StatusCode != http.StatusInternalServerError {
		status = err.StatusCode
	}

	http.Redirect(
		w,
		r,
		"/error?title="+url.QueryEscape(title)+
			"&message="+url.QueryEscape(message)+
			"&details="+url.QueryEscape(details)+
			"&link="+url.QueryEscape(link)+
			"&linkmessage="+url.QueryEscape(linkMessage),
		status)
}
PLT-5860 Updated copyright date (#6058) * PLT-5860 Updated copyright date in about modal * PLT-5860 Updated copyright notice in JSX files * PLT-5860 Updated copyright notice in go files * Fixed misc copyright dates * Fixed component snapshots 2017-04-12 08:27:57 -04:00			`// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.`
Move WebSocket API to it's own package and add websocket v4 endpoint (#5881) 2017-03-28 04:58:19 -04:00			`// See License.txt for license information.`

			`package utils`

			`import (`
			`"net/http"`
Implement v4 endpoints for OAuth (#6040) * Implement POST /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps/{app_id} and /oauth/apps/{app_id}/info endpoints for APIv4 * Refactor API version independent oauth endpoints * Implement DELETE /oauth/apps/{app_id} endpoint for APIv4 * Implement /oauth/apps/{app_id}/regen_secret endpoint for APIv4 * Implement GET /user/{user_id}/oauth/apps/authorized endpoint for APIv4 * Implement POST /oauth/deauthorize endpoint 2017-04-20 09:55:02 -04:00			`"net/url"`
Move WebSocket API to it's own package and add websocket v4 endpoint (#5881) 2017-03-28 04:58:19 -04:00			`"strings"`
Implement v4 endpoints for OAuth (#6040) * Implement POST /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps/{app_id} and /oauth/apps/{app_id}/info endpoints for APIv4 * Refactor API version independent oauth endpoints * Implement DELETE /oauth/apps/{app_id} endpoint for APIv4 * Implement /oauth/apps/{app_id}/regen_secret endpoint for APIv4 * Implement GET /user/{user_id}/oauth/apps/authorized endpoint for APIv4 * Implement POST /oauth/deauthorize endpoint 2017-04-20 09:55:02 -04:00
			`"github.com/mattermost/platform/model"`
Move WebSocket API to it's own package and add websocket v4 endpoint (#5881) 2017-03-28 04:58:19 -04:00			`)`

			`type OriginCheckerProc func(*http.Request) bool`

			`func OriginChecker(r *http.Request) bool {`
			`origin := r.Header.Get("Origin")`
PLT-6393: Fix Websocket CORS header check. (#6335) 2017-05-04 22:21:28 +01:00			`return Cfg.ServiceSettings.AllowCorsFrom == "" \|\| strings.Contains(*Cfg.ServiceSettings.AllowCorsFrom, origin)`
Move WebSocket API to it's own package and add websocket v4 endpoint (#5881) 2017-03-28 04:58:19 -04:00			`}`

			`func GetOriginChecker(r *http.Request) OriginCheckerProc {`
			`if len(*Cfg.ServiceSettings.AllowCorsFrom) > 0 {`
			`return OriginChecker`
			`}`

			`return nil`
			`}`
Implement v4 endpoints for OAuth (#6040) * Implement POST /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps/{app_id} and /oauth/apps/{app_id}/info endpoints for APIv4 * Refactor API version independent oauth endpoints * Implement DELETE /oauth/apps/{app_id} endpoint for APIv4 * Implement /oauth/apps/{app_id}/regen_secret endpoint for APIv4 * Implement GET /user/{user_id}/oauth/apps/authorized endpoint for APIv4 * Implement POST /oauth/deauthorize endpoint 2017-04-20 09:55:02 -04:00
			`func RenderWebError(err model.AppError, w http.ResponseWriter, r http.Request) {`
			`T, _ := GetTranslationsAndLocale(w, r)`

			`title := T("api.templates.error.title", map[string]interface{}{"SiteName": ClientCfg["SiteName"]})`
			`message := err.Message`
			`details := err.DetailedError`
			`link := "/"`
			`linkMessage := T("api.templates.error.link")`

			`status := http.StatusTemporaryRedirect`
			`if err.StatusCode != http.StatusInternalServerError {`
			`status = err.StatusCode`
			`}`

			`http.Redirect(`
			`w,`
			`r,`
			`"/error?title="+url.QueryEscape(title)+`
			`"&message="+url.QueryEscape(message)+`
			`"&details="+url.QueryEscape(details)+`
			`"&link="+url.QueryEscape(link)+`
			`"&linkmessage="+url.QueryEscape(linkMessage),`
			`status)`
			`}`