SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Merge branch 'main' into client-certificate

Browse source
This commit is contained in:
Bernhard Reiter 2022-03-23 20:12:36 +01:00
commit 3753f08370
No known key found for this signature in database
GPG key ID: 2B7BA3BF9BC3A554
18 changed files with 537 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

20
cmd/csaf_provider/controller.go
View file

@ -38,11 +38,14 @@ func asMultiError(err error) multiError {
return multiError([]string{err.Error()})
}
// controller contains the config values and the html templates.
type controller struct {
cfg *config
tmpl *template.Template
}
// newController assigns the given configs to a controller variable and parses the html template
// if the config value "NoWebUI" is true. It returns the controller variable and nil, otherwise error.
func newController(cfg *config) (*controller, error) {
c := controller{cfg: cfg}
@ -57,6 +60,8 @@ func newController(cfg *config) (*controller, error) {
return &c, nil
}
// bind binds the paths with the corresponding http.handler and wraps it with the respective middleware,
// according to the "NoWebUI" config value.
func (c *controller) bind(pim *pathInfoMux) {
if !c.cfg.NoWebUI {
pim.handleFunc("/", c.auth(c.index))
@ -67,6 +72,9 @@ func (c *controller) bind(pim *pathInfoMux) {
pim.handleFunc("/api/create", c.auth(api(c.create)))
}
// auth wraps the given http.HandlerFunc and returns an new one after authenticating the
// password contained in the header "X-CSAF-PROVIDER-AUTH" with the "password" config value
// if set, otherwise returns the given http.HandlerFunc.
func (c *controller) auth(
fn func(http.ResponseWriter, *http.Request),
) func(http.ResponseWriter, *http.Request) {
@ -93,6 +101,9 @@ func (c *controller) auth(
}
}
// render sets the headers for the response. It applies the given template "tmpl" to
// the given object "arg" and writes the output to http.ResponseWriter.
// It logs a warning in case of error.
func (c *controller) render(rw http.ResponseWriter, tmpl string, arg interface{}) {
rw.Header().Set("Content-type", "text/html; charset=utf-8")
rw.Header().Set("X-Content-Type-Options", "nosniff")
@ -101,17 +112,24 @@ func (c *controller) render(rw http.ResponseWriter, tmpl string, arg interface{}
}
}
// failed constructs the error messages by calling "asMultiError" and calls "render"
// function to render the passed template and error object.
func (c *controller) failed(rw http.ResponseWriter, tmpl string, err error) {
result := map[string]interface{}{"Error": asMultiError(err)}
c.render(rw, tmpl, result)
}
// index calls the "render" function and passes the "index.html" and c.cfg to it.
func (c *controller) index(rw http.ResponseWriter, r *http.Request) {
c.render(rw, "index.html", map[string]interface{}{
"Config": c.cfg,
})
}
// web executes the given function "fn", calls the "render" function and passes
// the result content from "fn", the given template and the http.ResponseWriter to it
// in case of no error occurred, otherwise calls the "failed" function and passes the given
// template and the error from "fn".
func (c *controller) web(
fn func(*http.Request) (interface{}, error),
tmpl string,
@ -126,6 +144,8 @@ func (c *controller) web(
}
}
// writeJSON sets the header for the response and writes the JSON encoding of the given "content".
// It logs out an error message in case of an error.
func writeJSON(rw http.ResponseWriter, content interface{}, code int) {
rw.Header().Set("Content-type", "application/json; charset=utf-8")
rw.Header().Set("X-Content-Type-Options", "nosniff")