ntfy/server/util.go

package server

import (
	"context"
	"fmt"
	"heckel.io/ntfy/util"
	"io"
	"mime"
	"net/http"
	"net/netip"
	"strings"
)

var mimeDecoder mime.WordDecoder

func readBoolParam(r *http.Request, defaultValue bool, names ...string) bool {
	value := strings.ToLower(readParam(r, names...))
	if value == "" {
		return defaultValue
	}
	return toBool(value)
}

func isBoolValue(value string) bool {
	return value == "1" || value == "yes" || value == "true" || value == "0" || value == "no" || value == "false"
}

func toBool(value string) bool {
	return value == "1" || value == "yes" || value == "true"
}

func readCommaSeparatedParam(r *http.Request, names ...string) (params []string) {
	paramStr := readParam(r, names...)
	if paramStr != "" {
		params = make([]string, 0)
		for _, s := range util.SplitNoEmpty(paramStr, ",") {
			params = append(params, strings.TrimSpace(s))
		}
	}
	return params
}

func readParam(r *http.Request, names ...string) string {
	value := readHeaderParam(r, names...)
	if value != "" {
		return value
	}
	return readQueryParam(r, names...)
}

func readHeaderParam(r *http.Request, names ...string) string {
	for _, name := range names {
		value := r.Header.Get(name)
		if value != "" {
			return strings.TrimSpace(value)
		}
	}
	return ""
}

func readQueryParam(r *http.Request, names ...string) string {
	for _, name := range names {
		value := r.URL.Query().Get(strings.ToLower(name))
		if value != "" {
			return strings.TrimSpace(value)
		}
	}
	return ""
}

func extractIPAddress(r *http.Request, behindProxy bool) netip.Addr {
	remoteAddr := r.RemoteAddr
	addrPort, err := netip.ParseAddrPort(remoteAddr)
	ip := addrPort.Addr()
	if err != nil {
		// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
		ip, err = netip.ParseAddr(remoteAddr)
		if err != nil {
			ip = netip.IPv4Unspecified()
			if remoteAddr != "@" || !behindProxy { // RemoteAddr is @ when unix socket is used
				logr(r).Err(err).Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created", remoteAddr)
			}
		}
	}
	if behindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
		// X-Forwarded-For can contain multiple addresses (see #328). If we are behind a proxy,
		// only the right-most address can be trusted (as this is the one added by our proxy server).
		// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
		ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
		realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
		if err != nil {
			logr(r).Err(err).Error("invalid IP address %s received in X-Forwarded-For header", ip)
			// Fall back to regular remote address if X-Forwarded-For is damaged
		} else {
			ip = realIP
		}
	}
	return ip
}

func readJSONWithLimit[T any](r io.ReadCloser, limit int, allowEmpty bool) (*T, error) {
	obj, err := util.UnmarshalJSONWithLimit[T](r, limit, allowEmpty)
	if err == util.ErrUnmarshalJSON {
		return nil, errHTTPBadRequestJSONInvalid
	} else if err == util.ErrTooLargeJSON {
		return nil, errHTTPEntityTooLargeJSONBody
	} else if err != nil {
		return nil, err
	}
	return obj, nil
}

func withContext(r *http.Request, ctx map[contextKey]any) *http.Request {
	c := r.Context()
	for k, v := range ctx {
		c = context.WithValue(c, k, v)
	}
	return r.WithContext(c)
}

func fromContext[T any](r *http.Request, key contextKey) (T, error) {
	t, ok := r.Context().Value(key).(T)
	if !ok {
		return t, fmt.Errorf("cannot find key %v in request context", key)
	}
	return t, nil
}

func maybeDecodeHeader(header string) string {
	decoded, err := mimeDecoder.DecodeHeader(header)
	if err != nil {
		return header
	}
	return decoded
}
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`package server`

			`import (`
Polish a little 2023-02-23 04:26:43 +01:00			`"context"`
Polishing 2023-02-24 02:46:53 +01:00			`"fmt"`
Return HTTP 500 on Matrix discovery GET if base-url not configured; log entire HTTP request when TRACE enabled 2022-06-20 03:25:35 +02:00			`"heckel.io/ntfy/util"`
Tests 2022-12-29 15:57:42 +01:00			`"io"`
UTF-8 headers 2023-04-22 00:45:27 +02:00			`"mime"`
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`"net/http"`
stuff 2022-12-22 03:55:39 +01:00			`"net/netip"`
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`"strings"`
			`)`

UTF-8 headers 2023-04-22 00:45:27 +02:00			`var mimeDecoder mime.WordDecoder`

Combine things, move stuff 2022-01-16 05:17:46 +01:00			`func readBoolParam(r *http.Request, defaultValue bool, names ...string) bool {`
			`value := strings.ToLower(readParam(r, names...))`
			`if value == "" {`
			`return defaultValue`
			`}`
WIP twilio 2023-05-13 18:26:14 +02:00			`return toBool(value)`
			`}`

			`func isBoolValue(value string) bool {`
			`return value == "1" \|\| value == "yes" \|\| value == "true" \|\| value == "0" \|\| value == "no" \|\| value == "false"`
			`}`

			`func toBool(value string) bool {`
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`return value == "1" \|\| value == "yes" \|\| value == "true"`
			`}`

Working test 2023-02-23 03:33:18 +01:00			`func readCommaSeparatedParam(r *http.Request, names ...string) (params []string) {`
rate limiting impl 2.0? 2023-02-22 03:04:56 +01:00			`paramStr := readParam(r, names...)`
			`if paramStr != "" {`
			`params = make([]string, 0)`
			`for _, s := range util.SplitNoEmpty(paramStr, ",") {`
			`params = append(params, strings.TrimSpace(s))`
			`}`
			`}`
			`return params`
			`}`

Combine things, move stuff 2022-01-16 05:17:46 +01:00			`func readParam(r *http.Request, names ...string) string {`
Fully support auth in Web UI; persist users in localStorage (for now); add ugly ?auth=... param 2022-02-26 05:25:04 +01:00			`value := readHeaderParam(r, names...)`
			`if value != "" {`
			`return value`
			`}`
			`return readQueryParam(r, names...)`
			`}`

			`func readHeaderParam(r *http.Request, names ...string) string {`
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`for _, name := range names {`
			`value := r.Header.Get(name)`
			`if value != "" {`
			`return strings.TrimSpace(value)`
			`}`
			`}`
Fully support auth in Web UI; persist users in localStorage (for now); add ugly ?auth=... param 2022-02-26 05:25:04 +01:00			`return ""`
			`}`

			`func readQueryParam(r *http.Request, names ...string) string {`
Combine things, move stuff 2022-01-16 05:17:46 +01:00			`for _, name := range names {`
			`value := r.URL.Query().Get(strings.ToLower(name))`
			`if value != "" {`
			`return strings.TrimSpace(value)`
			`}`
			`}`
			`return ""`
			`}`
So much logging 2022-06-02 05:24:44 +02:00
stuff 2022-12-22 03:55:39 +01:00			`func extractIPAddress(r *http.Request, behindProxy bool) netip.Addr {`
			`remoteAddr := r.RemoteAddr`
			`addrPort, err := netip.ParseAddrPort(remoteAddr)`
			`ip := addrPort.Addr()`
			`if err != nil {`
			`// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified`
			`ip, err = netip.ParseAddr(remoteAddr)`
			`if err != nil {`
			`ip = netip.IPv4Unspecified()`
Merge branch 'main' into user-account 2022-12-23 15:37:47 +01:00			`if remoteAddr != "@" \|\| !behindProxy { // RemoteAddr is @ when unix socket is used`
Minor tweaks 2023-02-15 16:55:01 +01:00			`logr(r).Err(err).Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created", remoteAddr)`
Merge branch 'main' into user-account 2022-12-23 15:37:47 +01:00			`}`
stuff 2022-12-22 03:55:39 +01:00			`}`
			`}`
			`if behindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {`
			`// X-Forwarded-For can contain multiple addresses (see #328). If we are behind a proxy,`
			`// only the right-most address can be trusted (as this is the one added by our proxy server).`
			`// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.`
			`ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")`
			`realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))`
			`if err != nil {`
Minor tweaks 2023-02-15 16:55:01 +01:00			`logr(r).Err(err).Error("invalid IP address %s received in X-Forwarded-For header", ip)`
stuff 2022-12-22 03:55:39 +01:00			`// Fall back to regular remote address if X-Forwarded-For is damaged`
			`} else {`
			`ip = realIP`
			`}`
			`}`
			`return ip`
			`}`
Tests 2022-12-29 15:57:42 +01:00
Add Access Tokens UI 2023-01-28 05:10:59 +01:00			`func readJSONWithLimit[T any](r io.ReadCloser, limit int, allowEmpty bool) (*T, error) {`
			`obj, err := util.UnmarshalJSONWithLimit[T](r, limit, allowEmpty)`
Some tests 2022-12-31 22:08:49 +01:00			`if err == util.ErrUnmarshalJSON {`
Tests 2022-12-29 15:57:42 +01:00			`return nil, errHTTPBadRequestJSONInvalid`
			`} else if err == util.ErrTooLargeJSON {`
			`return nil, errHTTPEntityTooLargeJSONBody`
			`} else if err != nil {`
			`return nil, err`
			`}`
			`return obj, nil`
			`}`
Polish a little 2023-02-23 04:26:43 +01:00
			`func withContext(r http.Request, ctx map[contextKey]any) http.Request {`
			`c := r.Context()`
			`for k, v := range ctx {`
			`c = context.WithValue(c, k, v)`
			`}`
			`return r.WithContext(c)`
			`}`
Polishing 2023-02-24 02:46:53 +01:00
More metrics 2023-03-14 15:19:15 +01:00			`func fromContext[T any](r *http.Request, key contextKey) (T, error) {`
Works 2023-03-04 04:22:07 +01:00			`t, ok := r.Context().Value(key).(T)`
Polishing 2023-02-24 02:46:53 +01:00			`if !ok {`
More metrics 2023-03-14 15:19:15 +01:00			`return t, fmt.Errorf("cannot find key %v in request context", key)`
Polishing 2023-02-24 02:46:53 +01:00			`}`
More metrics 2023-03-14 15:19:15 +01:00			`return t, nil`
Polishing 2023-02-24 02:46:53 +01:00			`}`
Simplify 2023-04-22 03:07:07 +02:00
			`func maybeDecodeHeader(header string) string {`
			`decoded, err := mimeDecoder.DecodeHeader(header)`
			`if err != nil {`
			`return header`
			`}`
			`return decoded`
			`}`