From 73fa8a9ea96bfc3e940e66b27943d5ed3b90393a Mon Sep 17 00:00:00 2001 From: George Shaw Date: Wed, 1 Nov 2017 17:20:36 -0500 Subject: [PATCH] fixed bottleneck in web servers, tidy'ed code up in web servers by quite a bit --- pkg/public/public.go | 35 ++++++------ pkg/webhost/check_auth.go | 15 ------ pkg/webhost/webhost.go | 108 ++++++++++++++++++++++++++------------ 3 files changed, 93 insertions(+), 65 deletions(-) delete mode 100644 pkg/webhost/check_auth.go diff --git a/pkg/public/public.go b/pkg/public/public.go index 520cde7..e241057 100644 --- a/pkg/public/public.go +++ b/pkg/public/public.go @@ -2,7 +2,7 @@ package public import ( - "bufio" + "io" "net/http" "os" @@ -33,23 +33,26 @@ func (pub *PublicWeb) ServeHTTP(w http.ResponseWriter, req *http.Request) { f, err := os.Open(path) - if err == nil { - bufferedReader := bufio.NewReader(f) - contentType, err := routing.GetContentType(path) - - if err == nil { - w.Header().Add("Content Type", contentType) - bufferedReader.WriteTo(w) - - logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 200 success.") - } else { - routing.HttpThrowStatus(http.StatusUnsupportedMediaType, w) - logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" content type could not be determined, 404 error.") - } - - } else { + if err != nil { routing.HttpThrowStatus(http.StatusNotFound, w) logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 404 error.") + return } + contentType, err := routing.GetContentType(path) + + if err != nil { + routing.HttpThrowStatus(http.StatusUnsupportedMediaType, w) + logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" content type could not be determined, 404 error.") + return + } + + w.Header().Add("Content-Type", contentType) + _, err = io.Copy(w, f) + + if err != nil { + routing.HttpThrowStatus(http.StatusInternalServerError, w) + logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 500 error.") + return + } } diff --git a/pkg/webhost/check_auth.go b/pkg/webhost/check_auth.go deleted file mode 100644 index ddcf921..0000000 --- a/pkg/webhost/check_auth.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package webhost handles the logic of the webhosting panel -package webhost - -import "strings" - -var allowedUnauthorizedPathSuffixes = [...]string{"api_testing.html", "user_auth", "user_register"} - -func CheckAuth(path string) bool { - for _, suffix := range allowedUnauthorizedPathSuffixes { - if strings.HasSuffix(path, suffix) { - return true - } - } - return false -} diff --git a/pkg/webhost/webhost.go b/pkg/webhost/webhost.go index d325c9b..57fcedf 100644 --- a/pkg/webhost/webhost.go +++ b/pkg/webhost/webhost.go @@ -2,9 +2,10 @@ package webhost import ( - "bufio" + "io" "net/http" "os" + "strings" "github.com/Ennovar/gPanel/pkg/api" "github.com/Ennovar/gPanel/pkg/logging" @@ -23,6 +24,30 @@ func NewPrivateHost() PrivateHost { } } +// reqAuth function checks to see if the given path requires authentication. +func reqAuth(path string) bool { + path = strings.ToLower(path) + + dismissibleTypes := []string{".css", ".js"} + for _, t := range dismissibleTypes { + if strings.HasSuffix(path, t) { + return false + } + } + + dismissibleFiles := []string{ + "api_testing.html", + "index.html", + } + for _, f := range dismissibleFiles { + if strings.HasSuffix(path, f) { + return false + } + } + + return true +} + // ServeHTTP function routes all requests for the private webhost server. It is used in the main // function inside of the http.ListenAndServe() function for the private webhost host. func (priv *PrivateHost) ServeHTTP(w http.ResponseWriter, req *http.Request) { @@ -33,43 +58,58 @@ func (priv *PrivateHost) ServeHTTP(w http.ResponseWriter, req *http.Request) { path = (priv.Directory + path) } - store := networking.GetStore(networking.COOKIES_USER_AUTH) - val, err := store.Read(w, req, "auth") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) + var auth interface{} = true + if reqAuth(path) { + store := networking.GetStore(networking.COOKIES_USER_AUTH) + + auth, err := store.Read(w, req, "auth") + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + auth, ok := auth.(bool) + if !ok { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + if !auth.(bool) { + routing.HttpThrowStatus(http.StatusUnauthorized, w) + logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 401 error.") return } - if val != true && !CheckAuth(path) { - routing.HttpThrowStatus(http.StatusUnauthorized, w) - logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 401 error.") - } else { - isApi, _ := api.HandleAPI(path, w, req) - - if isApi != true { - f, err := os.Open(path) - - if err == nil { - bufferedReader := bufio.NewReader(f) - contentType, err := routing.GetContentType(path) - - if err == nil { - w.Header().Add("Content Type", contentType) - bufferedReader.WriteTo(w) - - logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 200 success.") - } else { - routing.HttpThrowStatus(http.StatusUnsupportedMediaType, w) - logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" content type could not be determined, 404 error.") - } - - } else { - routing.HttpThrowStatus(http.StatusNotFound, w) - logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 404 error.") - } - - } + isApi, _ := api.HandleAPI(path, w, req) + if isApi { + // API methods handle HTTP logic from here + return } + f, err := os.Open(path) + + if err != nil { + routing.HttpThrowStatus(http.StatusNotFound, w) + logging.Console(logging.PRIVATE_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 404 error.") + return + } + + contentType, err := routing.GetContentType(path) + + if err != nil { + routing.HttpThrowStatus(http.StatusUnsupportedMediaType, w) + logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" content type could not be determined, 404 error.") + return + } + + w.Header().Add("Content-Type", contentType) + _, err = io.Copy(w, f) + + if err != nil { + routing.HttpThrowStatus(http.StatusInternalServerError, w) + logging.Console(logging.PUBLIC_PREFIX, logging.NORMAL_LOG, "Path \""+path+"\" rendered a 500 error.") + return + } }