2023-01-17 00:35:37 +03:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
2023-02-22 07:40:15 +03:00
|
|
|
|
|
|
|
"heckel.io/ntfy/util"
|
2023-01-17 00:35:37 +03:00
|
|
|
)
|
|
|
|
|
2023-02-23 06:26:43 +03:00
|
|
|
type contextKey int
|
|
|
|
|
|
|
|
const (
|
|
|
|
contextRateVisitor contextKey = iota + 2586
|
|
|
|
contextTopic
|
2023-03-04 06:22:07 +03:00
|
|
|
contextMatrixPushKey
|
2023-02-23 06:26:43 +03:00
|
|
|
)
|
|
|
|
|
2023-02-08 23:20:44 +03:00
|
|
|
func (s *Server) limitRequests(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
if util.ContainsIP(s.config.VisitorRequestExemptIPAddrs, v.ip) {
|
|
|
|
return next(w, r, v)
|
|
|
|
} else if !v.RequestAllowed() {
|
|
|
|
return errHTTPTooManyRequestsLimitRequests
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-22 07:40:15 +03:00
|
|
|
// limitRequestsWithTopic limits requests with a topic and stores the rate-limiting-subscriber and topic into request.Context
|
|
|
|
func (s *Server) limitRequestsWithTopic(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
t, err := s.topicFromPath(r.URL.Path)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-02-23 05:00:56 +03:00
|
|
|
vrate := v
|
2023-02-23 05:33:18 +03:00
|
|
|
if rateVisitor := t.RateVisitor(); rateVisitor != nil {
|
|
|
|
vrate = rateVisitor
|
2023-02-22 07:40:15 +03:00
|
|
|
}
|
2023-02-23 06:26:43 +03:00
|
|
|
r = withContext(r, map[contextKey]any{
|
|
|
|
contextRateVisitor: vrate,
|
|
|
|
contextTopic: t,
|
|
|
|
})
|
2023-02-22 07:40:15 +03:00
|
|
|
if util.ContainsIP(s.config.VisitorRequestExemptIPAddrs, v.ip) {
|
|
|
|
return next(w, r, v)
|
2023-02-23 05:00:56 +03:00
|
|
|
} else if !vrate.RequestAllowed() {
|
2023-02-22 07:40:15 +03:00
|
|
|
return errHTTPTooManyRequestsLimitRequests
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-17 00:35:37 +03:00
|
|
|
func (s *Server) ensureWebEnabled(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-05-01 18:58:49 +03:00
|
|
|
if s.config.WebRoot == "" {
|
2023-01-17 00:35:37 +03:00
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-05-24 22:36:01 +03:00
|
|
|
func (s *Server) ensureWebPushEnabled(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-06-24 21:11:10 +03:00
|
|
|
if s.config.WebRoot == "" || s.config.WebPushPublicKey == "" {
|
2023-05-24 22:36:01 +03:00
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-17 00:35:37 +03:00
|
|
|
func (s *Server) ensureUserManager(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
if s.userManager == nil {
|
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) ensureUser(next handleFunc) handleFunc {
|
|
|
|
return s.ensureUserManager(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-29 04:43:06 +03:00
|
|
|
if v.User() == nil {
|
2023-01-17 00:35:37 +03:00
|
|
|
return errHTTPUnauthorized
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-05-13 21:39:31 +03:00
|
|
|
func (s *Server) ensureAdmin(next handleFunc) handleFunc {
|
|
|
|
return s.ensureUserManager(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
if !v.User().IsAdmin() {
|
|
|
|
return errHTTPUnauthorized
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-05-16 21:15:58 +03:00
|
|
|
func (s *Server) ensureCallsEnabled(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-05-17 18:19:48 +03:00
|
|
|
if s.config.TwilioAccount == "" || s.userManager == nil {
|
2023-05-16 21:15:58 +03:00
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-17 00:35:37 +03:00
|
|
|
func (s *Server) ensurePaymentsEnabled(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-19 07:01:26 +03:00
|
|
|
if s.config.StripeSecretKey == "" || s.stripe == nil {
|
2023-01-17 00:35:37 +03:00
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) ensureStripeCustomer(next handleFunc) handleFunc {
|
|
|
|
return s.ensureUser(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-29 04:43:06 +03:00
|
|
|
if v.User().Billing.StripeCustomerID == "" {
|
2023-01-17 00:35:37 +03:00
|
|
|
return errHTTPBadRequestNotAPaidUser
|
|
|
|
}
|
|
|
|
return next(w, r, v)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) withAccountSync(next handleFunc) handleFunc {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
err := next(w, r, v)
|
|
|
|
if err == nil {
|
|
|
|
s.publishSyncEventAsync(v)
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|