Accueil Explorer Aide
Connexion
mirrors
/
ntfy
miroir de https://github.com/binwiederhier/ntfy
1
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: d4767caf30
Branches Tags
ntfy
/
server
/
server.go

server.go 68 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889 
  1. package server
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"context"
    6. 

  6. 	"crypto/sha256"
    7. 

  7. 	"embed"
    8. 

  8. 	"encoding/base64"
    9. 

  9. 	"encoding/json"
    10. 

  10. 	"errors"
    11. 

  11. 	"fmt"
    12. 

  12. 	"github.com/emersion/go-smtp"
    13. 

  13. 	"github.com/gorilla/websocket"
    14. 

  14. 	"github.com/prometheus/client_golang/prometheus/promhttp"
    15. 

  15. 	"golang.org/x/sync/errgroup"
    16. 

  16. 	"heckel.io/ntfy/log"
    17. 

  17. 	"heckel.io/ntfy/user"
    18. 

  18. 	"heckel.io/ntfy/util"
    19. 

  19. 	"io"
    20. 

  20. 	"net"
    21. 

  21. 	"net/http"
    22. 

  22. 	"net/http/pprof"
    23. 

  23. 	"net/netip"
    24. 

  24. 	"net/url"
    25. 

  25. 	"os"
    26. 

  26. 	"path"
    27. 

  27. 	"path/filepath"
    28. 

  28. 	"regexp"
    29. 

  29. 	"sort"
    30. 

  30. 	"strconv"
    31. 

  31. 	"strings"
    32. 

  32. 	"sync"
    33. 

  33. 	"time"
    34. 

  34. 	"unicode/utf8"
    35. 

  35. )
    36. 

  36. 

  37. // Server is the main server, providing the UI and API for ntfy
    38. 

  38. type Server struct {
    39. 

  39. 	config            *Config
    40. 

  40. 	httpServer        *http.Server
    41. 

  41. 	httpsServer       *http.Server
    42. 

  42. 	httpMetricsServer *http.Server
    43. 

  43. 	httpProfileServer *http.Server
    44. 

  44. 	unixListener      net.Listener
    45. 

  45. 	smtpServer        *smtp.Server
    46. 

  46. 	smtpServerBackend *smtpBackend
    47. 

  47. 	smtpSender        mailer
    48. 

  48. 	topics            map[string]*topic
    49. 

  49. 	visitors          map[string]*visitor // ip:<ip> or user:<user>
    50. 

  50. 	firebaseClient    *firebaseClient
    51. 

  51. 	messages          int64                               // Total number of messages (persisted if messageCache enabled)
    52. 

  52. 	messagesHistory   []int64                             // Last n values of the messages counter, used to determine rate
    53. 

  53. 	userManager       *user.Manager                       // Might be nil!
    54. 

  54. 	messageCache      *messageCache                       // Database that stores the messages
    55. 

  55. 	fileCache         *fileCache                          // File system based cache that stores attachments
    56. 

  56. 	stripe            stripeAPI                           // Stripe API, can be replaced with a mock
    57. 

  57. 	priceCache        *util.LookupCache[map[string]int64] // Stripe price ID -> price as cents (USD implied!)
    58. 

  58. 	metricsHandler    http.Handler                        // Handles /metrics if enable-metrics set, and listen-metrics-http not set
    59. 

  59. 	closeChan         chan bool
    60. 

  60. 	mu                sync.RWMutex
    61. 

  61. }
    62. 

  62. 

  63. // handleFunc extends the normal http.HandlerFunc to be able to easily return errors
    64. 

  64. type handleFunc func(http.ResponseWriter, *http.Request, *visitor) error
    65. 

  65. 

  66. var (
    67. 

  67. 	// If changed, don't forget to update Android App and auth_sqlite.go
    68. 

  68. 	topicRegex             = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)               // No /!
    69. 

  69. 	topicPathRegex         = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`)              // Regex must match JS & Android app!
    70. 

  70. 	externalTopicPathRegex = regexp.MustCompile(`^/[^/]+\.[^/]+/[-_A-Za-z0-9]{1,64}$`) // Extended topic path, for web-app, e.g. /example.com/mytopic
    71. 

  71. 	jsonPathRegex          = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
    72. 

  72. 	ssePathRegex           = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
    73. 

  73. 	rawPathRegex           = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
    74. 

  74. 	wsPathRegex            = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/ws$`)
    75. 

  75. 	authPathRegex          = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
    76. 

  76. 	publishPathRegex       = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`)
    77. 

  77. 

  78. 	webConfigPath                                        = "/config.js"
    79. 

  79. 	accountPath                                          = "/account"
    80. 

  80. 	matrixPushPath                                       = "/_matrix/push/v1/notify"
    81. 

  81. 	metricsPath                                          = "/metrics"
    82. 

  82. 	apiHealthPath                                        = "/v1/health"
    83. 

  83. 	apiStatsPath                                         = "/v1/stats"
    84. 

  84. 	apiTiersPath                                         = "/v1/tiers"
    85. 

  85. 	apiAccountPath                                       = "/v1/account"
    86. 

  86. 	apiAccountTokenPath                                  = "/v1/account/token"
    87. 

  87. 	apiAccountPasswordPath                               = "/v1/account/password"
    88. 

  88. 	apiAccountSettingsPath                               = "/v1/account/settings"
    89. 

  89. 	apiAccountSubscriptionPath                           = "/v1/account/subscription"
    90. 

  90. 	apiAccountReservationPath                            = "/v1/account/reservation"
    91. 

  91. 	apiAccountPhonePath                                  = "/v1/account/phone"
    92. 

  92. 	apiAccountBillingPortalPath                          = "/v1/account/billing/portal"
    93. 

  93. 	apiAccountBillingWebhookPath                         = "/v1/account/billing/webhook"
    94. 

  94. 	apiAccountBillingSubscriptionPath                    = "/v1/account/billing/subscription"
    95. 

  95. 	apiAccountBillingSubscriptionCheckoutSuccessTemplate = "/v1/account/billing/subscription/success/{CHECKOUT_SESSION_ID}"
    96. 

  96. 	apiAccountBillingSubscriptionCheckoutSuccessRegex    = regexp.MustCompile(`/v1/account/billing/subscription/success/(.+)$`)
    97. 

  97. 	apiAccountReservationSingleRegex                     = regexp.MustCompile(`/v1/account/reservation/([-_A-Za-z0-9]{1,64})$`)
    98. 

  98. 	staticRegex                                          = regexp.MustCompile(`^/static/.+`)
    99. 

  99. 	docsRegex                                            = regexp.MustCompile(`^/docs(|/.*)$`)
    100. 

  100. 	fileRegex                                            = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
    101. 

  101. 	urlRegex                                             = regexp.MustCompile(`^https?://`)
    102. 

  102. 	phoneNumberRegex                                     = regexp.MustCompile(`^\+\d{1,100}$`)
    103. 

  103. 

  104. 	//go:embed site
    105. 

  105. 	webFs       embed.FS
    106. 

  106. 	webFsCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: webFs}
    107. 

  107. 	webSiteDir  = "/site"
    108. 

  108. 	webAppIndex = "/app.html" // React app
    109. 

  109. 

  110. 	//go:embed docs
    111. 

  111. 	docsStaticFs     embed.FS
    112. 

  112. 	docsStaticCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: docsStaticFs}
    113. 

  113. )
    114. 

  114. 

  115. const (
    116. 

  116. 	firebaseControlTopic     = "~control"                // See Android if changed
    117. 

  117. 	firebasePollTopic        = "~poll"                   // See iOS if changed
    118. 

  118. 	emptyMessageBody         = "triggered"               // Used if message body is empty
    119. 

  119. 	newMessageBody           = "New message"             // Used in poll requests as generic message
    120. 

  120. 	defaultAttachmentMessage = "You received a file: %s" // Used if message body is empty, and there is an attachment
    121. 

  121. 	encodingBase64           = "base64"                  // Used mainly for binary UnifiedPush messages
    122. 

  122. 	jsonBodyBytesLimit       = 16384                     // Max number of bytes for a JSON request body
    123. 

  123. 	unifiedPushTopicPrefix   = "up"                      // Temporarily, we rate limit all "up*" topics based on the subscriber
    124. 

  124. 	unifiedPushTopicLength   = 14                        // Length of UnifiedPush topics, including the "up" part
    125. 

  125. 	messagesHistoryMax       = 10                        // Number of message count values to keep in memory
    126. 

  126. )
    127. 

  127. 

  128. // WebSocket constants
    129. 

  129. const (
    130. 

  130. 	wsWriteWait  = 2 * time.Second
    131. 

  131. 	wsBufferSize = 1024
    132. 

  132. 	wsReadLimit  = 64 // We only ever receive PINGs
    133. 

  133. 	wsPongWait   = 15 * time.Second
    134. 

  134. )
    135. 

  135. 

  136. // New instantiates a new Server. It creates the cache and adds a Firebase
    137. 

  137. // subscriber (if configured).
    138. 

  138. func New(conf *Config) (*Server, error) {
    139. 

  139. 	var mailer mailer
    140. 

  140. 	if conf.SMTPSenderAddr != "" {
    141. 

  141. 		mailer = &smtpSender{config: conf}
    142. 

  142. 	}
    143. 

  143. 	var stripe stripeAPI
    144. 

  144. 	if conf.StripeSecretKey != "" {
    145. 

  145. 		stripe = newStripeAPI()
    146. 

  146. 	}
    147. 

  147. 	messageCache, err := createMessageCache(conf)
    148. 

  148. 	if err != nil {
    149. 

  149. 		return nil, err
    150. 

  150. 	}
    151. 

  151. 	topics, err := messageCache.Topics()
    152. 

  152. 	if err != nil {
    153. 

  153. 		return nil, err
    154. 

  154. 	}
    155. 

  155. 	messages, err := messageCache.Stats()
    156. 

  156. 	if err != nil {
    157. 

  157. 		return nil, err
    158. 

  158. 	}
    159. 

  159. 	var fileCache *fileCache
    160. 

  160. 	if conf.AttachmentCacheDir != "" {
    161. 

  161. 		fileCache, err = newFileCache(conf.AttachmentCacheDir, conf.AttachmentTotalSizeLimit)
    162. 

  162. 		if err != nil {
    163. 

  163. 			return nil, err
    164. 

  164. 		}
    165. 

  165. 	}
    166. 

  166. 	var userManager *user.Manager
    167. 

  167. 	if conf.AuthFile != "" {
    168. 

  168. 		userManager, err = user.NewManager(conf.AuthFile, conf.AuthStartupQueries, conf.AuthDefault, conf.AuthBcryptCost, conf.AuthStatsQueueWriterInterval)
    169. 

  169. 		if err != nil {
    170. 

  170. 			return nil, err
    171. 

  171. 		}
    172. 

  172. 	}
    173. 

  173. 	var firebaseClient *firebaseClient
    174. 

  174. 	if conf.FirebaseKeyFile != "" {
    175. 

  175. 		sender, err := newFirebaseSender(conf.FirebaseKeyFile)
    176. 

  176. 		if err != nil {
    177. 

  177. 			return nil, err
    178. 

  178. 		}
    179. 

  179. 		// This awkward logic is required because Go is weird about nil types and interfaces.
    180. 

  180. 		// See issue #641, and https://go.dev/play/p/uur1flrv1t3 for an example
    181. 

  181. 		var auther user.Auther
    182. 

  182. 		if userManager != nil {
    183. 

  183. 			auther = userManager
    184. 

  184. 		}
    185. 

  185. 		firebaseClient = newFirebaseClient(sender, auther)
    186. 

  186. 	}
    187. 

  187. 	s := &Server{
    188. 

  188. 		config:          conf,
    189. 

  189. 		messageCache:    messageCache,
    190. 

  190. 		fileCache:       fileCache,
    191. 

  191. 		firebaseClient:  firebaseClient,
    192. 

  192. 		smtpSender:      mailer,
    193. 

  193. 		topics:          topics,
    194. 

  194. 		userManager:     userManager,
    195. 

  195. 		messages:        messages,
    196. 

  196. 		messagesHistory: []int64{messages},
    197. 

  197. 		visitors:        make(map[string]*visitor),
    198. 

  198. 		stripe:          stripe,
    199. 

  199. 	}
    200. 

  200. 	s.priceCache = util.NewLookupCache(s.fetchStripePrices, conf.StripePriceCacheDuration)
    201. 

  201. 	return s, nil
    202. 

  202. }
    203. 

  203. 

  204. func createMessageCache(conf *Config) (*messageCache, error) {
    205. 

  205. 	if conf.CacheDuration == 0 {
    206. 

  206. 		return newNopCache()
    207. 

  207. 	} else if conf.CacheFile != "" {
    208. 

  208. 		return newSqliteCache(conf.CacheFile, conf.CacheStartupQueries, conf.CacheDuration, conf.CacheBatchSize, conf.CacheBatchTimeout, false)
    209. 

  209. 	}
    210. 

  210. 	return newMemCache()
    211. 

  211. }
    212. 

  212. 

  213. // Run executes the main server. It listens on HTTP (+ HTTPS, if configured), and starts
    214. 

  214. // a manager go routine to print stats and prune messages.
    215. 

  215. func (s *Server) Run() error {
    216. 

  216. 	var listenStr string
    217. 

  217. 	if s.config.ListenHTTP != "" {
    218. 

  218. 		listenStr += fmt.Sprintf(" %s[http]", s.config.ListenHTTP)
    219. 

  219. 	}
    220. 

  220. 	if s.config.ListenHTTPS != "" {
    221. 

  221. 		listenStr += fmt.Sprintf(" %s[https]", s.config.ListenHTTPS)
    222. 

  222. 	}
    223. 

  223. 	if s.config.ListenUnix != "" {
    224. 

  224. 		listenStr += fmt.Sprintf(" %s[unix]", s.config.ListenUnix)
    225. 

  225. 	}
    226. 

  226. 	if s.config.SMTPServerListen != "" {
    227. 

  227. 		listenStr += fmt.Sprintf(" %s[smtp]", s.config.SMTPServerListen)
    228. 

  228. 	}
    229. 

  229. 	if s.config.MetricsListenHTTP != "" {
    230. 

  230. 		listenStr += fmt.Sprintf(" %s[http/metrics]", s.config.MetricsListenHTTP)
    231. 

  231. 	}
    232. 

  232. 	if s.config.ProfileListenHTTP != "" {
    233. 

  233. 		listenStr += fmt.Sprintf(" %s[http/profile]", s.config.ProfileListenHTTP)
    234. 

  234. 	}
    235. 

  235. 	log.Tag(tagStartup).Info("Listening on%s, ntfy %s, log level is %s", listenStr, s.config.Version, log.CurrentLevel().String())
    236. 

  236. 	if log.IsFile() {
    237. 

  237. 		fmt.Fprintf(os.Stderr, "Listening on%s, ntfy %s\n", listenStr, s.config.Version)
    238. 

  238. 		fmt.Fprintf(os.Stderr, "Logs are written to %s\n", log.File())
    239. 

  239. 	}
    240. 

  240. 	mux := http.NewServeMux()
    241. 

  241. 	mux.HandleFunc("/", s.handle)
    242. 

  242. 	errChan := make(chan error)
    243. 

  243. 	s.mu.Lock()
    244. 

  244. 	s.closeChan = make(chan bool)
    245. 

  245. 	if s.config.ListenHTTP != "" {
    246. 

  246. 		s.httpServer = &http.Server{Addr: s.config.ListenHTTP, Handler: mux}
    247. 

  247. 		go func() {
    248. 

  248. 			errChan <- s.httpServer.ListenAndServe()
    249. 

  249. 		}()
    250. 

  250. 	}
    251. 

  251. 	if s.config.ListenHTTPS != "" {
    252. 

  252. 		s.httpsServer = &http.Server{Addr: s.config.ListenHTTPS, Handler: mux}
    253. 

  253. 		go func() {
    254. 

  254. 			errChan <- s.httpsServer.ListenAndServeTLS(s.config.CertFile, s.config.KeyFile)
    255. 

  255. 		}()
    256. 

  256. 	}
    257. 

  257. 	if s.config.ListenUnix != "" {
    258. 

  258. 		go func() {
    259. 

  259. 			var err error
    260. 

  260. 			s.mu.Lock()
    261. 

  261. 			os.Remove(s.config.ListenUnix)
    262. 

  262. 			s.unixListener, err = net.Listen("unix", s.config.ListenUnix)
    263. 

  263. 			if err != nil {
    264. 

  264. 				s.mu.Unlock()
    265. 

  265. 				errChan <- err
    266. 

  266. 				return
    267. 

  267. 			}
    268. 

  268. 			defer s.unixListener.Close()
    269. 

  269. 			if s.config.ListenUnixMode > 0 {
    270. 

  270. 				if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil {
    271. 

  271. 					s.mu.Unlock()
    272. 

  272. 					errChan <- err
    273. 

  273. 					return
    274. 

  274. 				}
    275. 

  275. 			}
    276. 

  276. 			s.mu.Unlock()
    277. 

  277. 			httpServer := &http.Server{Handler: mux}
    278. 

  278. 			errChan <- httpServer.Serve(s.unixListener)
    279. 

  279. 		}()
    280. 

  280. 	}
    281. 

  281. 	if s.config.MetricsListenHTTP != "" {
    282. 

  282. 		initMetrics()
    283. 

  283. 		s.httpMetricsServer = &http.Server{Addr: s.config.MetricsListenHTTP, Handler: promhttp.Handler()}
    284. 

  284. 		go func() {
    285. 

  285. 			errChan <- s.httpMetricsServer.ListenAndServe()
    286. 

  286. 		}()
    287. 

  287. 	} else if s.config.EnableMetrics {
    288. 

  288. 		initMetrics()
    289. 

  289. 		s.metricsHandler = promhttp.Handler()
    290. 

  290. 	}
    291. 

  291. 	if s.config.ProfileListenHTTP != "" {
    292. 

  292. 		profileMux := http.NewServeMux()
    293. 

  293. 		profileMux.HandleFunc("/debug/pprof/", pprof.Index)
    294. 

  294. 		profileMux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
    295. 

  295. 		profileMux.HandleFunc("/debug/pprof/profile", pprof.Profile)
    296. 

  296. 		profileMux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
    297. 

  297. 		profileMux.HandleFunc("/debug/pprof/trace", pprof.Trace)
    298. 

  298. 		s.httpProfileServer = &http.Server{Addr: s.config.ProfileListenHTTP, Handler: profileMux}
    299. 

  299. 		go func() {
    300. 

  300. 			errChan <- s.httpProfileServer.ListenAndServe()
    301. 

  301. 		}()
    302. 

  302. 	}
    303. 

  303. 	if s.config.SMTPServerListen != "" {
    304. 

  304. 		go func() {
    305. 

  305. 			errChan <- s.runSMTPServer()
    306. 

  306. 		}()
    307. 

  307. 	}
    308. 

  308. 	s.mu.Unlock()
    309. 

  309. 	go s.runManager()
    310. 

  310. 	go s.runStatsResetter()
    311. 

  311. 	go s.runDelayedSender()
    312. 

  312. 	go s.runFirebaseKeepaliver()
    313. 

  313. 

  314. 	return <-errChan
    315. 

  315. }
    316. 

  316. 

  317. // Stop stops HTTP (+HTTPS) server and all managers
    318. 

  318. func (s *Server) Stop() {
    319. 

  319. 	s.mu.Lock()
    320. 

  320. 	defer s.mu.Unlock()
    321. 

  321. 	if s.httpServer != nil {
    322. 

  322. 		s.httpServer.Close()
    323. 

  323. 	}
    324. 

  324. 	if s.httpsServer != nil {
    325. 

  325. 		s.httpsServer.Close()
    326. 

  326. 	}
    327. 

  327. 	if s.unixListener != nil {
    328. 

  328. 		s.unixListener.Close()
    329. 

  329. 	}
    330. 

  330. 	if s.smtpServer != nil {
    331. 

  331. 		s.smtpServer.Close()
    332. 

  332. 	}
    333. 

  333. 	s.closeDatabases()
    334. 

  334. 	close(s.closeChan)
    335. 

  335. }
    336. 

  336. 

  337. func (s *Server) closeDatabases() {
    338. 

  338. 	if s.userManager != nil {
    339. 

  339. 		s.userManager.Close()
    340. 

  340. 	}
    341. 

  341. 	s.messageCache.Close()
    342. 

  342. }
    343. 

  343. 

  344. // handle is the main entry point for all HTTP requests
    345. 

  345. func (s *Server) handle(w http.ResponseWriter, r *http.Request) {
    346. 

  346. 	v, err := s.maybeAuthenticate(r) // Note: Always returns v, even when error is returned
    347. 

  347. 	if err != nil {
    348. 

  348. 		s.handleError(w, r, v, err)
    349. 

  349. 		return
    350. 

  350. 	}
    351. 

  351. 	ev := logvr(v, r)
    352. 

  352. 	if ev.IsTrace() {
    353. 

  353. 		ev.Field("http_request", renderHTTPRequest(r)).Trace("HTTP request started")
    354. 

  354. 	} else if logvr(v, r).IsDebug() {
    355. 

  355. 		ev.Debug("HTTP request started")
    356. 

  356. 	}
    357. 

  357. 	logvr(v, r).
    358. 

  358. 		Timing(func() {
    359. 

  359. 			if err := s.handleInternal(w, r, v); err != nil {
    360. 

  360. 				s.handleError(w, r, v, err)
    361. 

  361. 				return
    362. 

  362. 			}
    363. 

  363. 			if metricHTTPRequests != nil {
    364. 

  364. 				metricHTTPRequests.WithLabelValues("200", "20000", r.Method).Inc()
    365. 

  365. 			}
    366. 

  366. 		}).
    367. 

  367. 		Debug("HTTP request finished")
    368. 

  368. }
    369. 

  369. 

  370. func (s *Server) handleError(w http.ResponseWriter, r *http.Request, v *visitor, err error) {
    371. 

  371. 	httpErr, ok := err.(*errHTTP)
    372. 

  372. 	if !ok {
    373. 

  373. 		httpErr = errHTTPInternalError
    374. 

  374. 	}
    375. 

  375. 	if metricHTTPRequests != nil {
    376. 

  376. 		metricHTTPRequests.WithLabelValues(fmt.Sprintf("%d", httpErr.HTTPCode), fmt.Sprintf("%d", httpErr.Code), r.Method).Inc()
    377. 

  377. 	}
    378. 

  378. 	isRateLimiting := util.Contains(rateLimitingErrorCodes, httpErr.HTTPCode)
    379. 

  379. 	isNormalError := strings.Contains(err.Error(), "i/o timeout") || util.Contains(normalErrorCodes, httpErr.HTTPCode)
    380. 

  380. 	ev := logvr(v, r).Err(err)
    381. 

  381. 	if websocket.IsWebSocketUpgrade(r) {
    382. 

  382. 		ev.Tag(tagWebsocket).Fields(websocketErrorContext(err))
    383. 

  383. 		if isNormalError {
    384. 

  384. 			ev.Debug("WebSocket error (this error is okay, it happens a lot): %s", err.Error())
    385. 

  385. 		} else {
    386. 

  386. 			ev.Info("WebSocket error: %s", err.Error())
    387. 

  387. 		}
    388. 

  388. 		return // Do not attempt to write to upgraded connection
    389. 

  389. 	}
    390. 

  390. 	if isNormalError {
    391. 

  391. 		ev.Debug("Connection closed with HTTP %d (ntfy error %d)", httpErr.HTTPCode, httpErr.Code)
    392. 

  392. 	} else {
    393. 

  393. 		ev.Info("Connection closed with HTTP %d (ntfy error %d)", httpErr.HTTPCode, httpErr.Code)
    394. 

  394. 	}
    395. 

  395. 	if isRateLimiting && s.config.StripeSecretKey != "" {
    396. 

  396. 		u := v.User()
    397. 

  397. 		if u == nil || u.Tier == nil {
    398. 

  398. 			httpErr = httpErr.Wrap("increase your limits with a paid plan, see %s", s.config.BaseURL)
    399. 

  399. 		}
    400. 

  400. 	}
    401. 

  401. 	w.Header().Set("Content-Type", "application/json")
    402. 

  402. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    403. 

  403. 	w.WriteHeader(httpErr.HTTPCode)
    404. 

  404. 	io.WriteString(w, httpErr.JSON()+"\n")
    405. 

  405. }
    406. 

  406. 

  407. func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visitor) error {
    408. 

  408. 	if r.Method == http.MethodGet && r.URL.Path == "/" && s.config.WebRoot == "/" {
    409. 

  409. 		return s.ensureWebEnabled(s.handleRoot)(w, r, v)
    410. 

  410. 	} else if r.Method == http.MethodHead && r.URL.Path == "/" {
    411. 

  411. 		return s.ensureWebEnabled(s.handleEmpty)(w, r, v)
    412. 

  412. 	} else if r.Method == http.MethodGet && r.URL.Path == apiHealthPath {
    413. 

  413. 		return s.handleHealth(w, r, v)
    414. 

  414. 	} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
    415. 

  415. 		return s.ensureWebEnabled(s.handleWebConfig)(w, r, v)
    416. 

  416. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPath {
    417. 

  417. 		return s.ensureUserManager(s.handleAccountCreate)(w, r, v)
    418. 

  418. 	} else if r.Method == http.MethodGet && r.URL.Path == apiAccountPath {
    419. 

  419. 		return s.handleAccountGet(w, r, v) // Allowed by anonymous
    420. 

  420. 	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountPath {
    421. 

  421. 		return s.ensureUser(s.withAccountSync(s.handleAccountDelete))(w, r, v)
    422. 

  422. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPasswordPath {
    423. 

  423. 		return s.ensureUser(s.handleAccountPasswordChange)(w, r, v)
    424. 

  424. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountTokenPath {
    425. 

  425. 		return s.ensureUser(s.withAccountSync(s.handleAccountTokenCreate))(w, r, v)
    426. 

  426. 	} else if r.Method == http.MethodPatch && r.URL.Path == apiAccountTokenPath {
    427. 

  427. 		return s.ensureUser(s.withAccountSync(s.handleAccountTokenUpdate))(w, r, v)
    428. 

  428. 	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountTokenPath {
    429. 

  429. 		return s.ensureUser(s.withAccountSync(s.handleAccountTokenDelete))(w, r, v)
    430. 

  430. 	} else if r.Method == http.MethodPatch && r.URL.Path == apiAccountSettingsPath {
    431. 

  431. 		return s.ensureUser(s.withAccountSync(s.handleAccountSettingsChange))(w, r, v)
    432. 

  432. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountSubscriptionPath {
    433. 

  433. 		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionAdd))(w, r, v)
    434. 

  434. 	} else if r.Method == http.MethodPatch && r.URL.Path == apiAccountSubscriptionPath {
    435. 

  435. 		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionChange))(w, r, v)
    436. 

  436. 	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountSubscriptionPath {
    437. 

  437. 		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionDelete))(w, r, v)
    438. 

  438. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountReservationPath {
    439. 

  439. 		return s.ensureUser(s.withAccountSync(s.handleAccountReservationAdd))(w, r, v)
    440. 

  440. 	} else if r.Method == http.MethodDelete && apiAccountReservationSingleRegex.MatchString(r.URL.Path) {
    441. 

  441. 		return s.ensureUser(s.withAccountSync(s.handleAccountReservationDelete))(w, r, v)
    442. 

  442. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingSubscriptionPath {
    443. 

  443. 		return s.ensurePaymentsEnabled(s.ensureUser(s.handleAccountBillingSubscriptionCreate))(w, r, v) // Account sync via incoming Stripe webhook
    444. 

  444. 	} else if r.Method == http.MethodGet && apiAccountBillingSubscriptionCheckoutSuccessRegex.MatchString(r.URL.Path) {
    445. 

  445. 		return s.ensurePaymentsEnabled(s.ensureUserManager(s.handleAccountBillingSubscriptionCreateSuccess))(w, r, v) // No user context!
    446. 

  446. 	} else if r.Method == http.MethodPut && r.URL.Path == apiAccountBillingSubscriptionPath {
    447. 

  447. 		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingSubscriptionUpdate))(w, r, v) // Account sync via incoming Stripe webhook
    448. 

  448. 	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountBillingSubscriptionPath {
    449. 

  449. 		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingSubscriptionDelete))(w, r, v) // Account sync via incoming Stripe webhook
    450. 

  450. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingPortalPath {
    451. 

  451. 		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingPortalSessionCreate))(w, r, v)
    452. 

  452. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingWebhookPath {
    453. 

  453. 		return s.ensurePaymentsEnabled(s.ensureUserManager(s.handleAccountBillingWebhook))(w, r, v) // This request comes from Stripe!
    454. 

  454. 	} else if r.Method == http.MethodPut && r.URL.Path == apiAccountPhonePath {
    455. 

  455. 		return s.ensureUser(s.withAccountSync(s.handleAccountPhoneNumberAdd))(w, r, v)
    456. 

  456. 	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPhonePath {
    457. 

  457. 		return s.ensureUser(s.withAccountSync(s.handleAccountPhoneNumberVerify))(w, r, v)
    458. 

  458. 	} else if r.Method == http.MethodGet && r.URL.Path == apiStatsPath {
    459. 

  459. 		return s.handleStats(w, r, v)
    460. 

  460. 	} else if r.Method == http.MethodGet && r.URL.Path == apiTiersPath {
    461. 

  461. 		return s.ensurePaymentsEnabled(s.handleBillingTiersGet)(w, r, v)
    462. 

  462. 	} else if r.Method == http.MethodGet && r.URL.Path == matrixPushPath {
    463. 

  463. 		return s.handleMatrixDiscovery(w)
    464. 

  464. 	} else if r.Method == http.MethodGet && r.URL.Path == metricsPath && s.metricsHandler != nil {
    465. 

  465. 		return s.handleMetrics(w, r, v)
    466. 

  466. 	} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
    467. 

  467. 		return s.ensureWebEnabled(s.handleStatic)(w, r, v)
    468. 

  468. 	} else if r.Method == http.MethodGet && docsRegex.MatchString(r.URL.Path) {
    469. 

  469. 		return s.ensureWebEnabled(s.handleDocs)(w, r, v)
    470. 

  470. 	} else if (r.Method == http.MethodGet || r.Method == http.MethodHead) && fileRegex.MatchString(r.URL.Path) && s.config.AttachmentCacheDir != "" {
    471. 

  471. 		return s.limitRequests(s.handleFile)(w, r, v)
    472. 

  472. 	} else if r.Method == http.MethodOptions {
    473. 

  473. 		return s.limitRequests(s.handleOptions)(w, r, v) // Should work even if the web app is not enabled, see #598
    474. 

  474. 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == "/" {
    475. 

  475. 		return s.transformBodyJSON(s.limitRequestsWithTopic(s.authorizeTopicWrite(s.handlePublish)))(w, r, v)
    476. 

  476. 	} else if r.Method == http.MethodPost && r.URL.Path == matrixPushPath {
    477. 

  477. 		return s.transformMatrixJSON(s.limitRequestsWithTopic(s.authorizeTopicWrite(s.handlePublishMatrix)))(w, r, v)
    478. 

  478. 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
    479. 

  479. 		return s.limitRequestsWithTopic(s.authorizeTopicWrite(s.handlePublish))(w, r, v)
    480. 

  480. 	} else if r.Method == http.MethodGet && publishPathRegex.MatchString(r.URL.Path) {
    481. 

  481. 		return s.limitRequestsWithTopic(s.authorizeTopicWrite(s.handlePublish))(w, r, v)
    482. 

  482. 	} else if r.Method == http.MethodGet && jsonPathRegex.MatchString(r.URL.Path) {
    483. 

  483. 		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeJSON))(w, r, v)
    484. 

  484. 	} else if r.Method == http.MethodGet && ssePathRegex.MatchString(r.URL.Path) {
    485. 

  485. 		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeSSE))(w, r, v)
    486. 

  486. 	} else if r.Method == http.MethodGet && rawPathRegex.MatchString(r.URL.Path) {
    487. 

  487. 		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeRaw))(w, r, v)
    488. 

  488. 	} else if r.Method == http.MethodGet && wsPathRegex.MatchString(r.URL.Path) {
    489. 

  489. 		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeWS))(w, r, v)
    490. 

  490. 	} else if r.Method == http.MethodGet && authPathRegex.MatchString(r.URL.Path) {
    491. 

  491. 		return s.limitRequests(s.authorizeTopicRead(s.handleTopicAuth))(w, r, v)
    492. 

  492. 	} else if r.Method == http.MethodGet && (topicPathRegex.MatchString(r.URL.Path) || externalTopicPathRegex.MatchString(r.URL.Path)) {
    493. 

  493. 		return s.ensureWebEnabled(s.handleTopic)(w, r, v)
    494. 

  494. 	}
    495. 

  495. 	return errHTTPNotFound
    496. 

  496. }
    497. 

  497. 

  498. func (s *Server) handleRoot(w http.ResponseWriter, r *http.Request, v *visitor) error {
    499. 

  499. 	r.URL.Path = webAppIndex
    500. 

  500. 	return s.handleStatic(w, r, v)
    501. 

  501. }
    502. 

  502. 

  503. func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request, v *visitor) error {
    504. 

  504. 	unifiedpush := readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see PUT/POST too!
    505. 

  505. 	if unifiedpush {
    506. 

  506. 		w.Header().Set("Content-Type", "application/json")
    507. 

  507. 		w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    508. 

  508. 		_, err := io.WriteString(w, `{"unifiedpush":{"version":1}}`+"\n")
    509. 

  509. 		return err
    510. 

  510. 	}
    511. 

  511. 	r.URL.Path = webAppIndex
    512. 

  512. 	return s.handleStatic(w, r, v)
    513. 

  513. }
    514. 

  514. 

  515. func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request, _ *visitor) error {
    516. 

  516. 	return nil
    517. 

  517. }
    518. 

  518. 

  519. func (s *Server) handleTopicAuth(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
    520. 

  520. 	return s.writeJSON(w, newSuccessResponse())
    521. 

  521. }
    522. 

  522. 

  523. func (s *Server) handleHealth(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
    524. 

  524. 	response := &apiHealthResponse{
    525. 

  525. 		Healthy: true,
    526. 

  526. 	}
    527. 

  527. 	return s.writeJSON(w, response)
    528. 

  528. }
    529. 

  529. 

  530. func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
    531. 

  531. 	response := &apiConfigResponse{
    532. 

  532. 		BaseURL:            "", // Will translate to window.location.origin
    533. 

  533. 		AppRoot:            s.config.WebRoot,
    534. 

  534. 		EnableLogin:        s.config.EnableLogin,
    535. 

  535. 		EnableSignup:       s.config.EnableSignup,
    536. 

  536. 		EnablePayments:     s.config.StripeSecretKey != "",
    537. 

  537. 		EnableSMS:          s.config.TwilioAccount != "",
    538. 

  538. 		EnableCalls:        s.config.TwilioAccount != "",
    539. 

  539. 		EnableReservations: s.config.EnableReservations,
    540. 

  540. 		BillingContact:     s.config.BillingContact,
    541. 

  541. 		DisallowedTopics:   s.config.DisallowedTopics,
    542. 

  542. 	}
    543. 

  543. 	b, err := json.MarshalIndent(response, "", "  ")
    544. 

  544. 	if err != nil {
    545. 

  545. 		return err
    546. 

  546. 	}
    547. 

  547. 	w.Header().Set("Content-Type", "text/javascript")
    548. 

  548. 	_, err = io.WriteString(w, fmt.Sprintf("// Generated server configuration\nvar config = %s;\n", string(b)))
    549. 

  549. 	return err
    550. 

  550. }
    551. 

  551. 

  552. // handleMetrics returns Prometheus metrics. This endpoint is only called if enable-metrics is set,
    553. 

  553. // and listen-metrics-http is not set.
    554. 

  554. func (s *Server) handleMetrics(w http.ResponseWriter, r *http.Request, _ *visitor) error {
    555. 

  555. 	s.metricsHandler.ServeHTTP(w, r)
    556. 

  556. 	return nil
    557. 

  557. }
    558. 

  558. 

  559. // handleStatic returns all static resources (excluding the docs), including the web app
    560. 

  560. func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request, _ *visitor) error {
    561. 

  561. 	r.URL.Path = webSiteDir + r.URL.Path
    562. 

  562. 	util.Gzip(http.FileServer(http.FS(webFsCached))).ServeHTTP(w, r)
    563. 

  563. 	return nil
    564. 

  564. }
    565. 

  565. 

  566. // handleDocs returns static resources related to the docs
    567. 

  567. func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request, _ *visitor) error {
    568. 

  568. 	util.Gzip(http.FileServer(http.FS(docsStaticCached))).ServeHTTP(w, r)
    569. 

  569. 	return nil
    570. 

  570. }
    571. 

  571. 

  572. // handleStats returns the publicly available server stats
    573. 

  573. func (s *Server) handleStats(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
    574. 

  574. 	s.mu.RLock()
    575. 

  575. 	messages, n, rate := s.messages, len(s.messagesHistory), float64(0)
    576. 

  576. 	if n > 1 {
    577. 

  577. 		rate = float64(s.messagesHistory[n-1]-s.messagesHistory[0]) / (float64(n-1) * s.config.ManagerInterval.Seconds())
    578. 

  578. 	}
    579. 

  579. 	s.mu.RUnlock()
    580. 

  580. 	response := &apiStatsResponse{
    581. 

  581. 		Messages:     messages,
    582. 

  582. 		MessagesRate: rate,
    583. 

  583. 	}
    584. 

  584. 	return s.writeJSON(w, response)
    585. 

  585. }
    586. 

  586. 

  587. // handleFile processes the download of attachment files. The method handles GET and HEAD requests against a file.
    588. 

  588. // Before streaming the file to a client, it locates uploader (m.Sender or m.User) in the message cache, so it
    589. 

  589. // can associate the download bandwidth with the uploader.
    590. 

  590. func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor) error {
    591. 

  591. 	if s.config.AttachmentCacheDir == "" {
    592. 

  592. 		return errHTTPInternalError
    593. 

  593. 	}
    594. 

  594. 	matches := fileRegex.FindStringSubmatch(r.URL.Path)
    595. 

  595. 	if len(matches) != 2 {
    596. 

  596. 		return errHTTPInternalErrorInvalidPath
    597. 

  597. 	}
    598. 

  598. 	messageID := matches[1]
    599. 

  599. 	file := filepath.Join(s.config.AttachmentCacheDir, messageID)
    600. 

  600. 	stat, err := os.Stat(file)
    601. 

  601. 	if err != nil {
    602. 

  602. 		return errHTTPNotFound.Fields(log.Context{
    603. 

  603. 			"message_id":    messageID,
    604. 

  604. 			"error_context": "filesystem",
    605. 

  605. 		})
    606. 

  606. 	}
    607. 

  607. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    608. 

  608. 	w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
    609. 

  609. 	if r.Method == http.MethodHead {
    610. 

  610. 		return nil
    611. 

  611. 	}
    612. 

  612. 	// Find message in database, and associate bandwidth to the uploader user
    613. 

  613. 	// This is an easy way to
    614. 

  614. 	//   - avoid abuse (e.g. 1 uploader, 1k downloaders)
    615. 

  615. 	//   - and also uses the higher bandwidth limits of a paying user
    616. 

  616. 	m, err := s.messageCache.Message(messageID)
    617. 

  617. 	if err == errMessageNotFound {
    618. 

  618. 		if s.config.CacheBatchTimeout > 0 {
    619. 

  619. 			// Strange edge case: If we immediately after upload request the file (the web app does this for images),
    620. 

  620. 			// and messages are persisted asynchronously, retry fetching from the database
    621. 

  621. 			m, err = util.Retry(func() (*message, error) {
    622. 

  622. 				return s.messageCache.Message(messageID)
    623. 

  623. 			}, s.config.CacheBatchTimeout, 100*time.Millisecond, 300*time.Millisecond, 600*time.Millisecond)
    624. 

  624. 		}
    625. 

  625. 		if err != nil {
    626. 

  626. 			return errHTTPNotFound.Fields(log.Context{
    627. 

  627. 				"message_id":    messageID,
    628. 

  628. 				"error_context": "message_cache",
    629. 

  629. 			})
    630. 

  630. 		}
    631. 

  631. 	} else if err != nil {
    632. 

  632. 		return err
    633. 

  633. 	}
    634. 

  634. 	bandwidthVisitor := v
    635. 

  635. 	if s.userManager != nil && m.User != "" {
    636. 

  636. 		u, err := s.userManager.UserByID(m.User)
    637. 

  637. 		if err != nil {
    638. 

  638. 			return err
    639. 

  639. 		}
    640. 

  640. 		bandwidthVisitor = s.visitor(v.IP(), u)
    641. 

  641. 	} else if m.Sender.IsValid() {
    642. 

  642. 		bandwidthVisitor = s.visitor(m.Sender, nil)
    643. 

  643. 	}
    644. 

  644. 	if !bandwidthVisitor.BandwidthAllowed(stat.Size()) {
    645. 

  645. 		return errHTTPTooManyRequestsLimitAttachmentBandwidth.With(m)
    646. 

  646. 	}
    647. 

  647. 	// Actually send file
    648. 

  648. 	f, err := os.Open(file)
    649. 

  649. 	if err != nil {
    650. 

  650. 		return err
    651. 

  651. 	}
    652. 

  652. 	defer f.Close()
    653. 

  653. 	_, err = io.Copy(util.NewContentTypeWriter(w, r.URL.Path), f)
    654. 

  654. 	return err
    655. 

  655. }
    656. 

  656. 

  657. func (s *Server) handleMatrixDiscovery(w http.ResponseWriter) error {
    658. 

  658. 	if s.config.BaseURL == "" {
    659. 

  659. 		return errHTTPInternalErrorMissingBaseURL
    660. 

  660. 	}
    661. 

  661. 	return writeMatrixDiscoveryResponse(w)
    662. 

  662. }
    663. 

  663. 

  664. func (s *Server) handlePublishInternal(r *http.Request, v *visitor) (*message, error) {
    665. 

  665. 	start := time.Now()
    666. 

  666. 	t, err := fromContext[*topic](r, contextTopic)
    667. 

  667. 	if err != nil {
    668. 

  668. 		return nil, err
    669. 

  669. 	}
    670. 

  670. 	vrate, err := fromContext[*visitor](r, contextRateVisitor)
    671. 

  671. 	if err != nil {
    672. 

  672. 		return nil, err
    673. 

  673. 	}
    674. 

  674. 	body, err := util.Peek(r.Body, s.config.MessageLimit)
    675. 

  675. 	if err != nil {
    676. 

  676. 		return nil, err
    677. 

  677. 	}
    678. 

  678. 	m := newDefaultMessage(t.ID, "")
    679. 

  679. 	cache, firebase, email, sms, call, unifiedpush, e := s.parsePublishParams(r, m)
    680. 

  680. 	if e != nil {
    681. 

  681. 		return nil, e.With(t)
    682. 

  682. 	}
    683. 

  683. 	if unifiedpush && s.config.VisitorSubscriberRateLimiting && t.RateVisitor() == nil {
    684. 

  684. 		// UnifiedPush clients must subscribe before publishing to allow proper subscriber-based rate limiting (see
    685. 

  685. 		// Rate-Topics header). The 5xx response is because some app servers (in particular Mastodon) will remove
    686. 

  686. 		// the subscription as invalid if any 400-499 code (except 429/408) is returned.
    687. 

  687. 		// See https://github.com/mastodon/mastodon/blob/730bb3e211a84a2f30e3e2bbeae3f77149824a68/app/workers/web/push_notification_worker.rb#L35-L46
    688. 

  688. 		return nil, errHTTPInsufficientStorageUnifiedPush.With(t)
    689. 

  689. 	} else if !util.ContainsIP(s.config.VisitorRequestExemptIPAddrs, v.ip) && !vrate.MessageAllowed() {
    690. 

  690. 		return nil, errHTTPTooManyRequestsLimitMessages.With(t)
    691. 

  691. 	} else if email != "" && !vrate.EmailAllowed() {
    692. 

  692. 		return nil, errHTTPTooManyRequestsLimitEmails.With(t)
    693. 

  693. 	} else if sms != "" && !vrate.SMSAllowed() {
    694. 

  694. 		return nil, errHTTPTooManyRequestsLimitSMS.With(t)
    695. 

  695. 	} else if call != "" && !vrate.CallAllowed() {
    696. 

  696. 		return nil, errHTTPTooManyRequestsLimitCalls.With(t)
    697. 

  697. 	}
    698. 

  698. 	if m.PollID != "" {
    699. 

  699. 		m = newPollRequestMessage(t.ID, m.PollID)
    700. 

  700. 	}
    701. 

  701. 	m.Sender = v.IP()
    702. 

  702. 	m.User = v.MaybeUserID()
    703. 

  703. 	if cache {
    704. 

  704. 		m.Expires = time.Unix(m.Time, 0).Add(v.Limits().MessageExpiryDuration).Unix()
    705. 

  705. 	}
    706. 

  706. 	if err := s.handlePublishBody(r, v, m, body, unifiedpush); err != nil {
    707. 

  707. 		return nil, err
    708. 

  708. 	}
    709. 

  709. 	if m.Message == "" {
    710. 

  710. 		m.Message = emptyMessageBody
    711. 

  711. 	}
    712. 

  712. 	delayed := m.Time > time.Now().Unix()
    713. 

  713. 	ev := logvrm(v, r, m).
    714. 

  714. 		Tag(tagPublish).
    715. 

  715. 		With(t).
    716. 

  716. 		Fields(log.Context{
    717. 

  717. 			"message_delayed":     delayed,
    718. 

  718. 			"message_firebase":    firebase,
    719. 

  719. 			"message_unifiedpush": unifiedpush,
    720. 

  720. 			"message_email":       email,
    721. 

  721. 		})
    722. 

  722. 	if ev.IsTrace() {
    723. 

  723. 		ev.Field("message_body", util.MaybeMarshalJSON(m)).Trace("Received message")
    724. 

  724. 	} else if ev.IsDebug() {
    725. 

  725. 		ev.Debug("Received message")
    726. 

  726. 	}
    727. 

  727. 	if !delayed {
    728. 

  728. 		if err := t.Publish(v, m); err != nil {
    729. 

  729. 			return nil, err
    730. 

  730. 		}
    731. 

  731. 		if s.firebaseClient != nil && firebase {
    732. 

  732. 			go s.sendToFirebase(v, m)
    733. 

  733. 		}
    734. 

  734. 		if s.smtpSender != nil && email != "" {
    735. 

  735. 			go s.sendEmail(v, m, email)
    736. 

  736. 		}
    737. 

  737. 		if s.config.TwilioAccount != "" && sms != "" {
    738. 

  738. 			go s.sendSMS(v, r, m, sms)
    739. 

  739. 		}
    740. 

  740. 		if s.config.TwilioAccount != "" && call != "" {
    741. 

  741. 			go s.callPhone(v, r, m, call)
    742. 

  742. 		}
    743. 

  743. 		if s.config.UpstreamBaseURL != "" {
    744. 

  744. 			go s.forwardPollRequest(v, m)
    745. 

  745. 		}
    746. 

  746. 	} else {
    747. 

  747. 		logvrm(v, r, m).Tag(tagPublish).Debug("Message delayed, will process later")
    748. 

  748. 	}
    749. 

  749. 	if cache {
    750. 

  750. 		logvrm(v, r, m).Tag(tagPublish).Debug("Adding message to cache")
    751. 

  751. 		if err := s.messageCache.AddMessage(m); err != nil {
    752. 

  752. 			return nil, err
    753. 

  753. 		}
    754. 

  754. 	}
    755. 

  755. 	u := v.User()
    756. 

  756. 	if s.userManager != nil && u != nil && u.Tier != nil {
    757. 

  757. 		go s.userManager.EnqueueUserStats(u.ID, v.Stats())
    758. 

  758. 	}
    759. 

  759. 	s.mu.Lock()
    760. 

  760. 	s.messages++
    761. 

  761. 	s.mu.Unlock()
    762. 

  762. 	if unifiedpush {
    763. 

  763. 		minc(metricUnifiedPushPublishedSuccess)
    764. 

  764. 	}
    765. 

  765. 	mset(metricMessagePublishDurationMillis, time.Since(start).Milliseconds())
    766. 

  766. 	return m, nil
    767. 

  767. }
    768. 

  768. 

  769. func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visitor) error {
    770. 

  770. 	m, err := s.handlePublishInternal(r, v)
    771. 

  771. 	if err != nil {
    772. 

  772. 		minc(metricMessagesPublishedFailure)
    773. 

  773. 		return err
    774. 

  774. 	}
    775. 

  775. 	minc(metricMessagesPublishedSuccess)
    776. 

  776. 	return s.writeJSON(w, m)
    777. 

  777. }
    778. 

  778. 

  779. func (s *Server) handlePublishMatrix(w http.ResponseWriter, r *http.Request, v *visitor) error {
    780. 

  780. 	_, err := s.handlePublishInternal(r, v)
    781. 

  781. 	if err != nil {
    782. 

  782. 		minc(metricMessagesPublishedFailure)
    783. 

  783. 		minc(metricMatrixPublishedFailure)
    784. 

  784. 		if e, ok := err.(*errHTTP); ok && e.HTTPCode == errHTTPInsufficientStorageUnifiedPush.HTTPCode {
    785. 

  785. 			topic, err := fromContext[*topic](r, contextTopic)
    786. 

  786. 			if err != nil {
    787. 

  787. 				return err
    788. 

  788. 			}
    789. 

  789. 			pushKey, err := fromContext[string](r, contextMatrixPushKey)
    790. 

  790. 			if err != nil {
    791. 

  791. 				return err
    792. 

  792. 			}
    793. 

  793. 			if time.Since(topic.LastAccess()) > matrixRejectPushKeyForUnifiedPushTopicWithoutRateVisitorAfter {
    794. 

  794. 				return writeMatrixResponse(w, pushKey)
    795. 

  795. 			}
    796. 

  796. 		}
    797. 

  797. 		return err
    798. 

  798. 	}
    799. 

  799. 	minc(metricMessagesPublishedSuccess)
    800. 

  800. 	minc(metricMatrixPublishedSuccess)
    801. 

  801. 	return writeMatrixSuccess(w)
    802. 

  802. }
    803. 

  803. 

  804. func (s *Server) sendToFirebase(v *visitor, m *message) {
    805. 

  805. 	logvm(v, m).Tag(tagFirebase).Debug("Publishing to Firebase")
    806. 

  806. 	if err := s.firebaseClient.Send(v, m); err != nil {
    807. 

  807. 		minc(metricFirebasePublishedFailure)
    808. 

  808. 		if err == errFirebaseTemporarilyBanned {
    809. 

  809. 			logvm(v, m).Tag(tagFirebase).Err(err).Debug("Unable to publish to Firebase: %v", err.Error())
    810. 

  810. 		} else {
    811. 

  811. 			logvm(v, m).Tag(tagFirebase).Err(err).Warn("Unable to publish to Firebase: %v", err.Error())
    812. 

  812. 		}
    813. 

  813. 		return
    814. 

  814. 	}
    815. 

  815. 	minc(metricFirebasePublishedSuccess)
    816. 

  816. }
    817. 

  817. 

  818. func (s *Server) sendEmail(v *visitor, m *message, email string) {
    819. 

  819. 	logvm(v, m).Tag(tagEmail).Field("email", email).Debug("Sending email to %s", email)
    820. 

  820. 	if err := s.smtpSender.Send(v, m, email); err != nil {
    821. 

  821. 		logvm(v, m).Tag(tagEmail).Field("email", email).Err(err).Warn("Unable to send email to %s: %v", email, err.Error())
    822. 

  822. 		minc(metricEmailsPublishedFailure)
    823. 

  823. 		return
    824. 

  824. 	}
    825. 

  825. 	minc(metricEmailsPublishedSuccess)
    826. 

  826. }
    827. 

  827. 

  828. func (s *Server) forwardPollRequest(v *visitor, m *message) {
    829. 

  829. 	topicURL := fmt.Sprintf("%s/%s", s.config.BaseURL, m.Topic)
    830. 

  830. 	topicHash := fmt.Sprintf("%x", sha256.Sum256([]byte(topicURL)))
    831. 

  831. 	forwardURL := fmt.Sprintf("%s/%s", s.config.UpstreamBaseURL, topicHash)
    832. 

  832. 	logvm(v, m).Debug("Publishing poll request to %s", forwardURL)
    833. 

  833. 	req, err := http.NewRequest("POST", forwardURL, strings.NewReader(""))
    834. 

  834. 	if err != nil {
    835. 

  835. 		logvm(v, m).Err(err).Warn("Unable to publish poll request")
    836. 

  836. 		return
    837. 

  837. 	}
    838. 

  838. 	req.Header.Set("X-Poll-ID", m.ID)
    839. 

  839. 	var httpClient = &http.Client{
    840. 

  840. 		Timeout: time.Second * 10,
    841. 

  841. 	}
    842. 

  842. 	response, err := httpClient.Do(req)
    843. 

  843. 	if err != nil {
    844. 

  844. 		logvm(v, m).Err(err).Warn("Unable to publish poll request")
    845. 

  845. 		return
    846. 

  846. 	} else if response.StatusCode != http.StatusOK {
    847. 

  847. 		logvm(v, m).Err(err).Warn("Unable to publish poll request, unexpected HTTP status: %d", response.StatusCode)
    848. 

  848. 		return
    849. 

  849. 	}
    850. 

  850. }
    851. 

  851. 

  852. func (s *Server) parsePublishParams(r *http.Request, m *message) (cache bool, firebase bool, email, sms, call string, unifiedpush bool, err *errHTTP) {
    853. 

  853. 	cache = readBoolParam(r, true, "x-cache", "cache")
    854. 

  854. 	firebase = readBoolParam(r, true, "x-firebase", "firebase")
    855. 

  855. 	m.Title = maybeDecodeHeader(readParam(r, "x-title", "title", "t"))
    856. 

  856. 	m.Click = readParam(r, "x-click", "click")
    857. 

  857. 	icon := readParam(r, "x-icon", "icon")
    858. 

  858. 	filename := readParam(r, "x-filename", "filename", "file", "f")
    859. 

  859. 	attach := readParam(r, "x-attach", "attach", "a")
    860. 

  860. 	if attach != "" || filename != "" {
    861. 

  861. 		m.Attachment = &attachment{}
    862. 

  862. 	}
    863. 

  863. 	if filename != "" {
    864. 

  864. 		m.Attachment.Name = filename
    865. 

  865. 	}
    866. 

  866. 	if attach != "" {
    867. 

  867. 		if !urlRegex.MatchString(attach) {
    868. 

  868. 			return false, false, "", "", "", false, errHTTPBadRequestAttachmentURLInvalid
    869. 

  869. 		}
    870. 

  870. 		m.Attachment.URL = attach
    871. 

  871. 		if m.Attachment.Name == "" {
    872. 

  872. 			u, err := url.Parse(m.Attachment.URL)
    873. 

  873. 			if err == nil {
    874. 

  874. 				m.Attachment.Name = path.Base(u.Path)
    875. 

  875. 				if m.Attachment.Name == "." || m.Attachment.Name == "/" {
    876. 

  876. 					m.Attachment.Name = ""
    877. 

  877. 				}
    878. 

  878. 			}
    879. 

  879. 		}
    880. 

  880. 		if m.Attachment.Name == "" {
    881. 

  881. 			m.Attachment.Name = "attachment"
    882. 

  882. 		}
    883. 

  883. 	}
    884. 

  884. 	if icon != "" {
    885. 

  885. 		if !urlRegex.MatchString(icon) {
    886. 

  886. 			return false, false, "", "", "", false, errHTTPBadRequestIconURLInvalid
    887. 

  887. 		}
    888. 

  888. 		m.Icon = icon
    889. 

  889. 	}
    890. 

  890. 	email = readParam(r, "x-email", "x-e-mail", "email", "e-mail", "mail", "e")
    891. 

  891. 	if s.smtpSender == nil && email != "" {
    892. 

  892. 		return false, false, "", "", "", false, errHTTPBadRequestEmailDisabled
    893. 

  893. 	}
    894. 

  894. 	sms = readParam(r, "x-sms", "sms")
    895. 

  895. 	if sms != "" && s.config.TwilioAccount == "" {
    896. 

  896. 		return false, false, "", "", "", false, errHTTPBadRequestTwilioDisabled
    897. 

  897. 	} else if sms != "" && !phoneNumberRegex.MatchString(sms) {
    898. 

  898. 		return false, false, "", "", "", false, errHTTPBadRequestPhoneNumberInvalid
    899. 

  899. 	}
    900. 

  900. 	call = readParam(r, "x-call", "call")
    901. 

  901. 	if call != "" && s.config.TwilioAccount == "" {
    902. 

  902. 		return false, false, "", "", "", false, errHTTPBadRequestTwilioDisabled
    903. 

  903. 	} else if call != "" && !phoneNumberRegex.MatchString(call) {
    904. 

  904. 		return false, false, "", "", "", false, errHTTPBadRequestPhoneNumberInvalid
    905. 

  905. 	}
    906. 

  906. 	messageStr := strings.ReplaceAll(readParam(r, "x-message", "message", "m"), "\\n", "\n")
    907. 

  907. 	if messageStr != "" {
    908. 

  908. 		m.Message = maybeDecodeHeader(messageStr)
    909. 

  909. 	}
    910. 

  910. 	var e error
    911. 

  911. 	m.Priority, e = util.ParsePriority(readParam(r, "x-priority", "priority", "prio", "p"))
    912. 

  912. 	if e != nil {
    913. 

  913. 		return false, false, "", "", "", false, errHTTPBadRequestPriorityInvalid
    914. 

  914. 	}
    915. 

  915. 	m.Tags = readCommaSeparatedParam(r, "x-tags", "tags", "tag", "ta")
    916. 

  916. 	for i, t := range m.Tags {
    917. 

  917. 		m.Tags[i] = maybeDecodeHeader(t)
    918. 

  918. 	}
    919. 

  919. 	delayStr := readParam(r, "x-delay", "delay", "x-at", "at", "x-in", "in")
    920. 

  920. 	if delayStr != "" {
    921. 

  921. 		if !cache {
    922. 

  922. 			return false, false, "", "", "", false, errHTTPBadRequestDelayNoCache
    923. 

  923. 		}
    924. 

  924. 		if email != "" {
    925. 

  925. 			return false, false, "", "", "", false, errHTTPBadRequestDelayNoEmail // we cannot store the email address (yet)
    926. 

  926. 		}
    927. 

  927. 		delay, err := util.ParseFutureTime(delayStr, time.Now())
    928. 

  928. 		if err != nil {
    929. 

  929. 			return false, false, "", "", "", false, errHTTPBadRequestDelayCannotParse
    930. 

  930. 		} else if delay.Unix() < time.Now().Add(s.config.MinDelay).Unix() {
    931. 

  931. 			return false, false, "", "", "", false, errHTTPBadRequestDelayTooSmall
    932. 

  932. 		} else if delay.Unix() > time.Now().Add(s.config.MaxDelay).Unix() {
    933. 

  933. 			return false, false, "", "", "", false, errHTTPBadRequestDelayTooLarge
    934. 

  934. 		}
    935. 

  935. 		m.Time = delay.Unix()
    936. 

  936. 	}
    937. 

  937. 	actionsStr := readParam(r, "x-actions", "actions", "action")
    938. 

  938. 	if actionsStr != "" {
    939. 

  939. 		m.Actions, e = parseActions(actionsStr)
    940. 

  940. 		if e != nil {
    941. 

  941. 			return false, false, "", "", "", false, errHTTPBadRequestActionsInvalid.Wrap(e.Error())
    942. 

  942. 		}
    943. 

  943. 	}
    944. 

  944. 	unifiedpush = readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see GET too!
    945. 

  945. 	if unifiedpush {
    946. 

  946. 		firebase = false
    947. 

  947. 		unifiedpush = true
    948. 

  948. 	}
    949. 

  949. 	m.PollID = readParam(r, "x-poll-id", "poll-id")
    950. 

  950. 	if m.PollID != "" {
    951. 

  951. 		unifiedpush = false
    952. 

  952. 		cache = false
    953. 

  953. 		email = ""
    954. 

  954. 	}
    955. 

  955. 	return cache, firebase, email, sms, call, unifiedpush, nil
    956. 

  956. }
    957. 

  957. 

  958. // handlePublishBody consumes the PUT/POST body and decides whether the body is an attachment or the message.
    959. 

  959. //
    960. 

  960. //  1. curl -X POST -H "Poll: 1234" ntfy.sh/...
    961. 

  961. //     If a message is flagged as poll request, the body does not matter and is discarded
    962. 

  962. //  2. curl -T somebinarydata.bin "ntfy.sh/mytopic?up=1"
    963. 

  963. //     If body is binary, encode as base64, if not do not encode
    964. 

  964. //  3. curl -H "Attach: http://example.com/file.jpg" ntfy.sh/mytopic
    965. 

  965. //     Body must be a message, because we attached an external URL
    966. 

  966. //  4. curl -T short.txt -H "Filename: short.txt" ntfy.sh/mytopic
    967. 

  967. //     Body must be attachment, because we passed a filename
    968. 

  968. //  5. curl -T file.txt ntfy.sh/mytopic
    969. 

  969. //     If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
    970. 

  970. //  6. curl -T file.txt ntfy.sh/mytopic
    971. 

  971. //     If file.txt is > message limit, treat it as an attachment
    972. 

  972. func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser, unifiedpush bool) error {
    973. 

  973. 	if m.Event == pollRequestEvent { // Case 1
    974. 

  974. 		return s.handleBodyDiscard(body)
    975. 

  975. 	} else if unifiedpush {
    976. 

  976. 		return s.handleBodyAsMessageAutoDetect(m, body) // Case 2
    977. 

  977. 	} else if m.Attachment != nil && m.Attachment.URL != "" {
    978. 

  978. 		return s.handleBodyAsTextMessage(m, body) // Case 3
    979. 

  979. 	} else if m.Attachment != nil && m.Attachment.Name != "" {
    980. 

  980. 		return s.handleBodyAsAttachment(r, v, m, body) // Case 4
    981. 

  981. 	} else if !body.LimitReached && utf8.Valid(body.PeekedBytes) {
    982. 

  982. 		return s.handleBodyAsTextMessage(m, body) // Case 5
    983. 

  983. 	}
    984. 

  984. 	return s.handleBodyAsAttachment(r, v, m, body) // Case 6
    985. 

  985. }
    986. 

  986. 

  987. func (s *Server) handleBodyDiscard(body *util.PeekedReadCloser) error {
    988. 

  988. 	_, err := io.Copy(io.Discard, body)
    989. 

  989. 	_ = body.Close()
    990. 

  990. 	return err
    991. 

  991. }
    992. 

  992. 

  993. func (s *Server) handleBodyAsMessageAutoDetect(m *message, body *util.PeekedReadCloser) error {
    994. 

  994. 	if utf8.Valid(body.PeekedBytes) {
    995. 

  995. 		m.Message = string(body.PeekedBytes) // Do not trim
    996. 

  996. 	} else {
    997. 

  997. 		m.Message = base64.StdEncoding.EncodeToString(body.PeekedBytes)
    998. 

  998. 		m.Encoding = encodingBase64
    999. 

  999. 	}
    1000. 

  1000. 	return nil
    1001. 

  1001. }
    1002. 

  1002. 

  1003. func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeekedReadCloser) error {
    1004. 

  1004. 	if !utf8.Valid(body.PeekedBytes) {
    1005. 

  1005. 		return errHTTPBadRequestMessageNotUTF8.With(m)
    1006. 

  1006. 	}
    1007. 

  1007. 	if len(body.PeekedBytes) > 0 { // Empty body should not override message (publish via GET!)
    1008. 

  1008. 		m.Message = strings.TrimSpace(string(body.PeekedBytes)) // Truncates the message to the peek limit if required
    1009. 

  1009. 	}
    1010. 

  1010. 	if m.Attachment != nil && m.Attachment.Name != "" && m.Message == "" {
    1011. 

  1011. 		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
    1012. 

  1012. 	}
    1013. 

  1013. 	return nil
    1014. 

  1014. }
    1015. 

  1015. 

  1016. func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser) error {
    1017. 

  1017. 	if s.fileCache == nil || s.config.BaseURL == "" || s.config.AttachmentCacheDir == "" {
    1018. 

  1018. 		return errHTTPBadRequestAttachmentsDisallowed.With(m)
    1019. 

  1019. 	}
    1020. 

  1020. 	vinfo, err := v.Info()
    1021. 

  1021. 	if err != nil {
    1022. 

  1022. 		return err
    1023. 

  1023. 	}
    1024. 

  1024. 	attachmentExpiry := time.Now().Add(vinfo.Limits.AttachmentExpiryDuration).Unix()
    1025. 

  1025. 	if m.Time > attachmentExpiry {
    1026. 

  1026. 		return errHTTPBadRequestAttachmentsExpiryBeforeDelivery.With(m)
    1027. 

  1027. 	}
    1028. 

  1028. 	contentLengthStr := r.Header.Get("Content-Length")
    1029. 

  1029. 	if contentLengthStr != "" { // Early "do-not-trust" check, hard limit see below
    1030. 

  1030. 		contentLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
    1031. 

  1031. 		if err == nil && (contentLength > vinfo.Stats.AttachmentTotalSizeRemaining || contentLength > vinfo.Limits.AttachmentFileSizeLimit) {
    1032. 

  1032. 			return errHTTPEntityTooLargeAttachment.With(m).Fields(log.Context{
    1033. 

  1033. 				"message_content_length":          contentLength,
    1034. 

  1034. 				"attachment_total_size_remaining": vinfo.Stats.AttachmentTotalSizeRemaining,
    1035. 

  1035. 				"attachment_file_size_limit":      vinfo.Limits.AttachmentFileSizeLimit,
    1036. 

  1036. 			})
    1037. 

  1037. 		}
    1038. 

  1038. 	}
    1039. 

  1039. 	if m.Attachment == nil {
    1040. 

  1040. 		m.Attachment = &attachment{}
    1041. 

  1041. 	}
    1042. 

  1042. 	var ext string
    1043. 

  1043. 	m.Attachment.Expires = attachmentExpiry
    1044. 

  1044. 	m.Attachment.Type, ext = util.DetectContentType(body.PeekedBytes, m.Attachment.Name)
    1045. 

  1045. 	m.Attachment.URL = fmt.Sprintf("%s/file/%s%s", s.config.BaseURL, m.ID, ext)
    1046. 

  1046. 	if m.Attachment.Name == "" {
    1047. 

  1047. 		m.Attachment.Name = fmt.Sprintf("attachment%s", ext)
    1048. 

  1048. 	}
    1049. 

  1049. 	if m.Message == "" {
    1050. 

  1050. 		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
    1051. 

  1051. 	}
    1052. 

  1052. 	limiters := []util.Limiter{
    1053. 

  1053. 		v.BandwidthLimiter(),
    1054. 

  1054. 		util.NewFixedLimiter(vinfo.Limits.AttachmentFileSizeLimit),
    1055. 

  1055. 		util.NewFixedLimiter(vinfo.Stats.AttachmentTotalSizeRemaining),
    1056. 

  1056. 	}
    1057. 

  1057. 	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, limiters...)
    1058. 

  1058. 	if err == util.ErrLimitReached {
    1059. 

  1059. 		return errHTTPEntityTooLargeAttachment.With(m)
    1060. 

  1060. 	} else if err != nil {
    1061. 

  1061. 		return err
    1062. 

  1062. 	}
    1063. 

  1063. 	return nil
    1064. 

  1064. }
    1065. 

  1065. 

  1066. func (s *Server) handleSubscribeJSON(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1067. 

  1067. 	encoder := func(msg *message) (string, error) {
    1068. 

  1068. 		var buf bytes.Buffer
    1069. 

  1069. 		if err := json.NewEncoder(&buf).Encode(&msg); err != nil {
    1070. 

  1070. 			return "", err
    1071. 

  1071. 		}
    1072. 

  1072. 		return buf.String(), nil
    1073. 

  1073. 	}
    1074. 

  1074. 	return s.handleSubscribeHTTP(w, r, v, "application/x-ndjson", encoder)
    1075. 

  1075. }
    1076. 

  1076. 

  1077. func (s *Server) handleSubscribeSSE(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1078. 

  1078. 	encoder := func(msg *message) (string, error) {
    1079. 

  1079. 		var buf bytes.Buffer
    1080. 

  1080. 		if err := json.NewEncoder(&buf).Encode(&msg); err != nil {
    1081. 

  1081. 			return "", err
    1082. 

  1082. 		}
    1083. 

  1083. 		if msg.Event != messageEvent {
    1084. 

  1084. 			return fmt.Sprintf("event: %s\ndata: %s\n", msg.Event, buf.String()), nil // Browser's .onmessage() does not fire on this!
    1085. 

  1085. 		}
    1086. 

  1086. 		return fmt.Sprintf("data: %s\n", buf.String()), nil
    1087. 

  1087. 	}
    1088. 

  1088. 	return s.handleSubscribeHTTP(w, r, v, "text/event-stream", encoder)
    1089. 

  1089. }
    1090. 

  1090. 

  1091. func (s *Server) handleSubscribeRaw(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1092. 

  1092. 	encoder := func(msg *message) (string, error) {
    1093. 

  1093. 		if msg.Event == messageEvent { // only handle default events
    1094. 

  1094. 			return strings.ReplaceAll(msg.Message, "\n", " ") + "\n", nil
    1095. 

  1095. 		}
    1096. 

  1096. 		return "\n", nil // "keepalive" and "open" events just send an empty line
    1097. 

  1097. 	}
    1098. 

  1098. 	return s.handleSubscribeHTTP(w, r, v, "text/plain", encoder)
    1099. 

  1099. }
    1100. 

  1100. 

  1101. func (s *Server) handleSubscribeHTTP(w http.ResponseWriter, r *http.Request, v *visitor, contentType string, encoder messageEncoder) error {
    1102. 

  1102. 	logvr(v, r).Tag(tagSubscribe).Debug("HTTP stream connection opened")
    1103. 

  1103. 	defer logvr(v, r).Tag(tagSubscribe).Debug("HTTP stream connection closed")
    1104. 

  1104. 	if !v.SubscriptionAllowed() {
    1105. 

  1105. 		return errHTTPTooManyRequestsLimitSubscriptions
    1106. 

  1106. 	}
    1107. 

  1107. 	defer v.RemoveSubscription()
    1108. 

  1108. 	topics, topicsStr, err := s.topicsFromPath(r.URL.Path)
    1109. 

  1109. 	if err != nil {
    1110. 

  1110. 		return err
    1111. 

  1111. 	}
    1112. 

  1112. 	poll, since, scheduled, filters, rateTopics, err := parseSubscribeParams(r)
    1113. 

  1113. 	if err != nil {
    1114. 

  1114. 		return err
    1115. 

  1115. 	}
    1116. 

  1116. 	var wlock sync.Mutex
    1117. 

  1117. 	defer func() {
    1118. 

  1118. 		// Hack: This is the fix for a horrible data race that I have not been able to figure out in quite some time.
    1119. 

  1119. 		// It appears to be happening when the Go HTTP code reads from the socket when closing the request (i.e. AFTER
    1120. 

  1120. 		// this function returns), and causes a data race with the ResponseWriter. Locking wlock here silences the
    1121. 

  1121. 		// data race detector. See https://github.com/binwiederhier/ntfy/issues/338#issuecomment-1163425889.
    1122. 

  1122. 		wlock.TryLock()
    1123. 

  1123. 	}()
    1124. 

  1124. 	sub := func(v *visitor, msg *message) error {
    1125. 

  1125. 		if !filters.Pass(msg) {
    1126. 

  1126. 			return nil
    1127. 

  1127. 		}
    1128. 

  1128. 		m, err := encoder(msg)
    1129. 

  1129. 		if err != nil {
    1130. 

  1130. 			return err
    1131. 

  1131. 		}
    1132. 

  1132. 		wlock.Lock()
    1133. 

  1133. 		defer wlock.Unlock()
    1134. 

  1134. 		if _, err := w.Write([]byte(m)); err != nil {
    1135. 

  1135. 			return err
    1136. 

  1136. 		}
    1137. 

  1137. 		if fl, ok := w.(http.Flusher); ok {
    1138. 

  1138. 			fl.Flush()
    1139. 

  1139. 		}
    1140. 

  1140. 		return nil
    1141. 

  1141. 	}
    1142. 

  1142. 	if err := s.maybeSetRateVisitors(r, v, topics, rateTopics); err != nil {
    1143. 

  1143. 		return err
    1144. 

  1144. 	}
    1145. 

  1145. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    1146. 

  1146. 	w.Header().Set("Content-Type", contentType+"; charset=utf-8")                    // Android/Volley client needs charset!
    1147. 

  1147. 	if poll {
    1148. 

  1148. 		for _, t := range topics {
    1149. 

  1149. 			t.Keepalive()
    1150. 

  1150. 		}
    1151. 

  1151. 		return s.sendOldMessages(topics, since, scheduled, v, sub)
    1152. 

  1152. 	}
    1153. 

  1153. 	ctx, cancel := context.WithCancel(context.Background())
    1154. 

  1154. 	defer cancel()
    1155. 

  1155. 	subscriberIDs := make([]int, 0)
    1156. 

  1156. 	for _, t := range topics {
    1157. 

  1157. 		subscriberIDs = append(subscriberIDs, t.Subscribe(sub, v.MaybeUserID(), cancel))
    1158. 

  1158. 	}
    1159. 

  1159. 	defer func() {
    1160. 

  1160. 		for i, subscriberID := range subscriberIDs {
    1161. 

  1161. 			topics[i].Unsubscribe(subscriberID) // Order!
    1162. 

  1162. 		}
    1163. 

  1163. 	}()
    1164. 

  1164. 	if err := sub(v, newOpenMessage(topicsStr)); err != nil { // Send out open message
    1165. 

  1165. 		return err
    1166. 

  1166. 	}
    1167. 

  1167. 	if err := s.sendOldMessages(topics, since, scheduled, v, sub); err != nil {
    1168. 

  1168. 		return err
    1169. 

  1169. 	}
    1170. 

  1170. 	for {
    1171. 

  1171. 		select {
    1172. 

  1172. 		case <-ctx.Done():
    1173. 

  1173. 			return nil
    1174. 

  1174. 		case <-r.Context().Done():
    1175. 

  1175. 			return nil
    1176. 

  1176. 		case <-time.After(s.config.KeepaliveInterval):
    1177. 

  1177. 			ev := logvr(v, r).Tag(tagSubscribe)
    1178. 

  1178. 			if len(topics) == 1 {
    1179. 

  1179. 				ev.With(topics[0]).Trace("Sending keepalive message to %s", topics[0].ID)
    1180. 

  1180. 			} else {
    1181. 

  1181. 				ev.Trace("Sending keepalive message to %d topics", len(topics))
    1182. 

  1182. 			}
    1183. 

  1183. 			v.Keepalive()
    1184. 

  1184. 			for _, t := range topics {
    1185. 

  1185. 				t.Keepalive()
    1186. 

  1186. 			}
    1187. 

  1187. 			if err := sub(v, newKeepaliveMessage(topicsStr)); err != nil { // Send keepalive message
    1188. 

  1188. 				return err
    1189. 

  1189. 			}
    1190. 

  1190. 		}
    1191. 

  1191. 	}
    1192. 

  1192. }
    1193. 

  1193. 

  1194. func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1195. 

  1195. 	if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" {
    1196. 

  1196. 		return errHTTPBadRequestWebSocketsUpgradeHeaderMissing
    1197. 

  1197. 	}
    1198. 

  1198. 	if !v.SubscriptionAllowed() {
    1199. 

  1199. 		return errHTTPTooManyRequestsLimitSubscriptions
    1200. 

  1200. 	}
    1201. 

  1201. 	defer v.RemoveSubscription()
    1202. 

  1202. 	logvr(v, r).Tag(tagWebsocket).Debug("WebSocket connection opened")
    1203. 

  1203. 	defer logvr(v, r).Tag(tagWebsocket).Debug("WebSocket connection closed")
    1204. 

  1204. 	topics, topicsStr, err := s.topicsFromPath(r.URL.Path)
    1205. 

  1205. 	if err != nil {
    1206. 

  1206. 		return err
    1207. 

  1207. 	}
    1208. 

  1208. 	poll, since, scheduled, filters, rateTopics, err := parseSubscribeParams(r)
    1209. 

  1209. 	if err != nil {
    1210. 

  1210. 		return err
    1211. 

  1211. 	}
    1212. 

  1212. 	upgrader := &websocket.Upgrader{
    1213. 

  1213. 		ReadBufferSize:  wsBufferSize,
    1214. 

  1214. 		WriteBufferSize: wsBufferSize,
    1215. 

  1215. 		CheckOrigin: func(r *http.Request) bool {
    1216. 

  1216. 			return true // We're open for business!
    1217. 

  1217. 		},
    1218. 

  1218. 	}
    1219. 

  1219. 	conn, err := upgrader.Upgrade(w, r, nil)
    1220. 

  1220. 	if err != nil {
    1221. 

  1221. 		return err
    1222. 

  1222. 	}
    1223. 

  1223. 	defer conn.Close()
    1224. 

  1224. 

  1225. 	// Subscription connections can be canceled externally, see topic.CancelSubscribers
    1226. 

  1226. 	cancelCtx, cancel := context.WithCancel(context.Background())
    1227. 

  1227. 	defer cancel()
    1228. 

  1228. 

  1229. 	// Use errgroup to run WebSocket reader and writer in Go routines
    1230. 

  1230. 	var wlock sync.Mutex
    1231. 

  1231. 	g, gctx := errgroup.WithContext(cancelCtx)
    1232. 

  1232. 	g.Go(func() error {
    1233. 

  1233. 		pongWait := s.config.KeepaliveInterval + wsPongWait
    1234. 

  1234. 		conn.SetReadLimit(wsReadLimit)
    1235. 

  1235. 		if err := conn.SetReadDeadline(time.Now().Add(pongWait)); err != nil {
    1236. 

  1236. 			return err
    1237. 

  1237. 		}
    1238. 

  1238. 		conn.SetPongHandler(func(appData string) error {
    1239. 

  1239. 			logvr(v, r).Tag(tagWebsocket).Trace("Received WebSocket pong")
    1240. 

  1240. 			return conn.SetReadDeadline(time.Now().Add(pongWait))
    1241. 

  1241. 		})
    1242. 

  1242. 		for {
    1243. 

  1243. 			_, _, err := conn.NextReader()
    1244. 

  1244. 			if err != nil {
    1245. 

  1245. 				return err
    1246. 

  1246. 			}
    1247. 

  1247. 			select {
    1248. 

  1248. 			case <-gctx.Done():
    1249. 

  1249. 				return nil
    1250. 

  1250. 			default:
    1251. 

  1251. 			}
    1252. 

  1252. 		}
    1253. 

  1253. 	})
    1254. 

  1254. 	g.Go(func() error {
    1255. 

  1255. 		ping := func() error {
    1256. 

  1256. 			wlock.Lock()
    1257. 

  1257. 			defer wlock.Unlock()
    1258. 

  1258. 			if err := conn.SetWriteDeadline(time.Now().Add(wsWriteWait)); err != nil {
    1259. 

  1259. 				return err
    1260. 

  1260. 			}
    1261. 

  1261. 			logvr(v, r).Tag(tagWebsocket).Trace("Sending WebSocket ping")
    1262. 

  1262. 			return conn.WriteMessage(websocket.PingMessage, nil)
    1263. 

  1263. 		}
    1264. 

  1264. 		for {
    1265. 

  1265. 			select {
    1266. 

  1266. 			case <-gctx.Done():
    1267. 

  1267. 				return nil
    1268. 

  1268. 			case <-cancelCtx.Done():
    1269. 

  1269. 				logvr(v, r).Tag(tagWebsocket).Trace("Cancel received, closing subscriber connection")
    1270. 

  1270. 				conn.Close()
    1271. 

  1271. 				return &websocket.CloseError{Code: websocket.CloseNormalClosure, Text: "subscription was canceled"}
    1272. 

  1272. 			case <-time.After(s.config.KeepaliveInterval):
    1273. 

  1273. 				v.Keepalive()
    1274. 

  1274. 				for _, t := range topics {
    1275. 

  1275. 					t.Keepalive()
    1276. 

  1276. 				}
    1277. 

  1277. 				if err := ping(); err != nil {
    1278. 

  1278. 					return err
    1279. 

  1279. 				}
    1280. 

  1280. 			}
    1281. 

  1281. 		}
    1282. 

  1282. 	})
    1283. 

  1283. 	sub := func(v *visitor, msg *message) error {
    1284. 

  1284. 		if !filters.Pass(msg) {
    1285. 

  1285. 			return nil
    1286. 

  1286. 		}
    1287. 

  1287. 		wlock.Lock()
    1288. 

  1288. 		defer wlock.Unlock()
    1289. 

  1289. 		if err := conn.SetWriteDeadline(time.Now().Add(wsWriteWait)); err != nil {
    1290. 

  1290. 			return err
    1291. 

  1291. 		}
    1292. 

  1292. 		return conn.WriteJSON(msg)
    1293. 

  1293. 	}
    1294. 

  1294. 	if err := s.maybeSetRateVisitors(r, v, topics, rateTopics); err != nil {
    1295. 

  1295. 		return err
    1296. 

  1296. 	}
    1297. 

  1297. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    1298. 

  1298. 	if poll {
    1299. 

  1299. 		for _, t := range topics {
    1300. 

  1300. 			t.Keepalive()
    1301. 

  1301. 		}
    1302. 

  1302. 		return s.sendOldMessages(topics, since, scheduled, v, sub)
    1303. 

  1303. 	}
    1304. 

  1304. 	subscriberIDs := make([]int, 0)
    1305. 

  1305. 	for _, t := range topics {
    1306. 

  1306. 		subscriberIDs = append(subscriberIDs, t.Subscribe(sub, v.MaybeUserID(), cancel))
    1307. 

  1307. 	}
    1308. 

  1308. 	defer func() {
    1309. 

  1309. 		for i, subscriberID := range subscriberIDs {
    1310. 

  1310. 			topics[i].Unsubscribe(subscriberID) // Order!
    1311. 

  1311. 		}
    1312. 

  1312. 	}()
    1313. 

  1313. 	if err := sub(v, newOpenMessage(topicsStr)); err != nil { // Send out open message
    1314. 

  1314. 		return err
    1315. 

  1315. 	}
    1316. 

  1316. 	if err := s.sendOldMessages(topics, since, scheduled, v, sub); err != nil {
    1317. 

  1317. 		return err
    1318. 

  1318. 	}
    1319. 

  1319. 	err = g.Wait()
    1320. 

  1320. 	if err != nil && websocket.IsCloseError(err, websocket.CloseNormalClosure, websocket.CloseGoingAway, websocket.CloseAbnormalClosure, websocket.CloseNoStatusReceived) {
    1321. 

  1321. 		logvr(v, r).Tag(tagWebsocket).Err(err).Fields(websocketErrorContext(err)).Trace("WebSocket connection closed")
    1322. 

  1322. 		return nil // Normal closures are not errors; note: "1006 (abnormal closure)" is treated as normal, because people disconnect a lot
    1323. 

  1323. 	}
    1324. 

  1324. 	return err
    1325. 

  1325. }
    1326. 

  1326. 

  1327. func parseSubscribeParams(r *http.Request) (poll bool, since sinceMarker, scheduled bool, filters *queryFilter, rateTopics []string, err error) {
    1328. 

  1328. 	poll = readBoolParam(r, false, "x-poll", "poll", "po")
    1329. 

  1329. 	scheduled = readBoolParam(r, false, "x-scheduled", "scheduled", "sched")
    1330. 

  1330. 	since, err = parseSince(r, poll)
    1331. 

  1331. 	if err != nil {
    1332. 

  1332. 		return
    1333. 

  1333. 	}
    1334. 

  1334. 	filters, err = parseQueryFilters(r)
    1335. 

  1335. 	if err != nil {
    1336. 

  1336. 		return
    1337. 

  1337. 	}
    1338. 

  1338. 	rateTopics = readCommaSeparatedParam(r, "x-rate-topics", "rate-topics")
    1339. 

  1339. 	return
    1340. 

  1340. }
    1341. 

  1341. 

  1342. // maybeSetRateVisitors sets the rate visitor on a topic (v.SetRateVisitor), indicating that all messages published
    1343. 

  1343. // to that topic will be rate limited against the rate visitor instead of the publishing visitor.
    1344. 

  1344. //
    1345. 

  1345. // Setting the rate visitor is ony allowed if the `visitor-subscriber-rate-limiting` setting is enabled, AND
    1346. 

  1346. // - auth-file is not set (everything is open by default)
    1347. 

  1347. // - or the topic is reserved, and v.user is the owner
    1348. 

  1348. // - or the topic is not reserved, and v.user has write access
    1349. 

  1349. //
    1350. 

  1350. // Note: This TEMPORARILY also registers all topics starting with "up" (= UnifiedPush). This is to ease the transition
    1351. 

  1351. // until the Android app will send the "Rate-Topics" header.
    1352. 

  1352. func (s *Server) maybeSetRateVisitors(r *http.Request, v *visitor, topics []*topic, rateTopics []string) error {
    1353. 

  1353. 	// Bail out if not enabled
    1354. 

  1354. 	if !s.config.VisitorSubscriberRateLimiting {
    1355. 

  1355. 		return nil
    1356. 

  1356. 	}
    1357. 

  1357. 

  1358. 	// Make a list of topics that we'll actually set the RateVisitor on
    1359. 

  1359. 	eligibleRateTopics := make([]*topic, 0)
    1360. 

  1360. 	for _, t := range topics {
    1361. 

  1361. 		if (strings.HasPrefix(t.ID, unifiedPushTopicPrefix) && len(t.ID) == unifiedPushTopicLength) || util.Contains(rateTopics, t.ID) {
    1362. 

  1362. 			eligibleRateTopics = append(eligibleRateTopics, t)
    1363. 

  1363. 		}
    1364. 

  1364. 	}
    1365. 

  1365. 	if len(eligibleRateTopics) == 0 {
    1366. 

  1366. 		return nil
    1367. 

  1367. 	}
    1368. 

  1368. 

  1369. 	// If access controls are turned off, v has access to everything, and we can set the rate visitor
    1370. 

  1370. 	if s.userManager == nil {
    1371. 

  1371. 		return s.setRateVisitors(r, v, eligibleRateTopics)
    1372. 

  1372. 	}
    1373. 

  1373. 

  1374. 	// If access controls are enabled, only set rate visitor if
    1375. 

  1375. 	// - topic is reserved, and v.user is the owner
    1376. 

  1376. 	// - topic is not reserved, and v.user has write access
    1377. 

  1377. 	writableRateTopics := make([]*topic, 0)
    1378. 

  1378. 	for _, t := range topics {
    1379. 

  1379. 		ownerUserID, err := s.userManager.ReservationOwner(t.ID)
    1380. 

  1380. 		if err != nil {
    1381. 

  1381. 			return err
    1382. 

  1382. 		}
    1383. 

  1383. 		if ownerUserID == "" {
    1384. 

  1384. 			if err := s.userManager.Authorize(v.User(), t.ID, user.PermissionWrite); err == nil {
    1385. 

  1385. 				writableRateTopics = append(writableRateTopics, t)
    1386. 

  1386. 			}
    1387. 

  1387. 		} else if ownerUserID == v.MaybeUserID() {
    1388. 

  1388. 			writableRateTopics = append(writableRateTopics, t)
    1389. 

  1389. 		}
    1390. 

  1390. 	}
    1391. 

  1391. 	return s.setRateVisitors(r, v, writableRateTopics)
    1392. 

  1392. }
    1393. 

  1393. 

  1394. func (s *Server) setRateVisitors(r *http.Request, v *visitor, rateTopics []*topic) error {
    1395. 

  1395. 	for _, t := range rateTopics {
    1396. 

  1396. 		logvr(v, r).
    1397. 

  1397. 			Tag(tagSubscribe).
    1398. 

  1398. 			With(t).
    1399. 

  1399. 			Debug("Setting visitor as rate visitor for topic %s", t.ID)
    1400. 

  1400. 		t.SetRateVisitor(v)
    1401. 

  1401. 	}
    1402. 

  1402. 	return nil
    1403. 

  1403. }
    1404. 

  1404. 

  1405. // sendOldMessages selects old messages from the messageCache and calls sub for each of them. It uses since as the
    1406. 

  1406. // marker, returning only messages that are newer than the marker.
    1407. 

  1407. func (s *Server) sendOldMessages(topics []*topic, since sinceMarker, scheduled bool, v *visitor, sub subscriber) error {
    1408. 

  1408. 	if since.IsNone() {
    1409. 

  1409. 		return nil
    1410. 

  1410. 	}
    1411. 

  1411. 	messages := make([]*message, 0)
    1412. 

  1412. 	for _, t := range topics {
    1413. 

  1413. 		topicMessages, err := s.messageCache.Messages(t.ID, since, scheduled)
    1414. 

  1414. 		if err != nil {
    1415. 

  1415. 			return err
    1416. 

  1416. 		}
    1417. 

  1417. 		messages = append(messages, topicMessages...)
    1418. 

  1418. 	}
    1419. 

  1419. 	sort.Slice(messages, func(i, j int) bool {
    1420. 

  1420. 		return messages[i].Time < messages[j].Time
    1421. 

  1421. 	})
    1422. 

  1422. 	for _, m := range messages {
    1423. 

  1423. 		if err := sub(v, m); err != nil {
    1424. 

  1424. 			return err
    1425. 

  1425. 		}
    1426. 

  1426. 	}
    1427. 

  1427. 	return nil
    1428. 

  1428. }
    1429. 

  1429. 

  1430. // parseSince returns a timestamp identifying the time span from which cached messages should be received.
    1431. 

  1431. //
    1432. 

  1432. // Values in the "since=..." parameter can be either a unix timestamp or a duration (e.g. 12h), or
    1433. 

  1433. // "all" for all messages.
    1434. 

  1434. func parseSince(r *http.Request, poll bool) (sinceMarker, error) {
    1435. 

  1435. 	since := readParam(r, "x-since", "since", "si")
    1436. 

  1436. 

  1437. 	// Easy cases (empty, all, none)
    1438. 

  1438. 	if since == "" {
    1439. 

  1439. 		if poll {
    1440. 

  1440. 			return sinceAllMessages, nil
    1441. 

  1441. 		}
    1442. 

  1442. 		return sinceNoMessages, nil
    1443. 

  1443. 	} else if since == "all" {
    1444. 

  1444. 		return sinceAllMessages, nil
    1445. 

  1445. 	} else if since == "none" {
    1446. 

  1446. 		return sinceNoMessages, nil
    1447. 

  1447. 	}
    1448. 

  1448. 

  1449. 	// ID, timestamp, duration
    1450. 

  1450. 	if validMessageID(since) {
    1451. 

  1451. 		return newSinceID(since), nil
    1452. 

  1452. 	} else if s, err := strconv.ParseInt(since, 10, 64); err == nil {
    1453. 

  1453. 		return newSinceTime(s), nil
    1454. 

  1454. 	} else if d, err := time.ParseDuration(since); err == nil {
    1455. 

  1455. 		return newSinceTime(time.Now().Add(-1 * d).Unix()), nil
    1456. 

  1456. 	}
    1457. 

  1457. 	return sinceNoMessages, errHTTPBadRequestSinceInvalid
    1458. 

  1458. }
    1459. 

  1459. 

  1460. func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
    1461. 

  1461. 	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST, PATCH, DELETE")
    1462. 

  1462. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    1463. 

  1463. 	w.Header().Set("Access-Control-Allow-Headers", "*")                              // CORS, allow auth via JS // FIXME is this terrible?
    1464. 

  1464. 	return nil
    1465. 

  1465. }
    1466. 

  1466. 

  1467. func (s *Server) topicFromPath(path string) (*topic, error) {
    1468. 

  1468. 	parts := strings.Split(path, "/")
    1469. 

  1469. 	if len(parts) < 2 {
    1470. 

  1470. 		return nil, errHTTPBadRequestTopicInvalid
    1471. 

  1471. 	}
    1472. 

  1472. 	return s.topicFromID(parts[1])
    1473. 

  1473. }
    1474. 

  1474. 

  1475. func (s *Server) topicsFromPath(path string) ([]*topic, string, error) {
    1476. 

  1476. 	parts := strings.Split(path, "/")
    1477. 

  1477. 	if len(parts) < 2 {
    1478. 

  1478. 		return nil, "", errHTTPBadRequestTopicInvalid
    1479. 

  1479. 	}
    1480. 

  1480. 	topicIDs := util.SplitNoEmpty(parts[1], ",")
    1481. 

  1481. 	topics, err := s.topicsFromIDs(topicIDs...)
    1482. 

  1482. 	if err != nil {
    1483. 

  1483. 		return nil, "", errHTTPBadRequestTopicInvalid
    1484. 

  1484. 	}
    1485. 

  1485. 	return topics, parts[1], nil
    1486. 

  1486. }
    1487. 

  1487. 

  1488. func (s *Server) topicsFromIDs(ids ...string) ([]*topic, error) {
    1489. 

  1489. 	s.mu.Lock()
    1490. 

  1490. 	defer s.mu.Unlock()
    1491. 

  1491. 	topics := make([]*topic, 0)
    1492. 

  1492. 	for _, id := range ids {
    1493. 

  1493. 		if util.Contains(s.config.DisallowedTopics, id) {
    1494. 

  1494. 			return nil, errHTTPBadRequestTopicDisallowed
    1495. 

  1495. 		}
    1496. 

  1496. 		if _, ok := s.topics[id]; !ok {
    1497. 

  1497. 			if len(s.topics) >= s.config.TotalTopicLimit {
    1498. 

  1498. 				return nil, errHTTPTooManyRequestsLimitTotalTopics
    1499. 

  1499. 			}
    1500. 

  1500. 			s.topics[id] = newTopic(id)
    1501. 

  1501. 		}
    1502. 

  1502. 		topics = append(topics, s.topics[id])
    1503. 

  1503. 	}
    1504. 

  1504. 	return topics, nil
    1505. 

  1505. }
    1506. 

  1506. 

  1507. func (s *Server) topicFromID(id string) (*topic, error) {
    1508. 

  1508. 	topics, err := s.topicsFromIDs(id)
    1509. 

  1509. 	if err != nil {
    1510. 

  1510. 		return nil, err
    1511. 

  1511. 	}
    1512. 

  1512. 	return topics[0], nil
    1513. 

  1513. }
    1514. 

  1514. 

  1515. func (s *Server) runSMTPServer() error {
    1516. 

  1516. 	s.smtpServerBackend = newMailBackend(s.config, s.handle)
    1517. 

  1517. 	s.smtpServer = smtp.NewServer(s.smtpServerBackend)
    1518. 

  1518. 	s.smtpServer.Addr = s.config.SMTPServerListen
    1519. 

  1519. 	s.smtpServer.Domain = s.config.SMTPServerDomain
    1520. 

  1520. 	s.smtpServer.ReadTimeout = 10 * time.Second
    1521. 

  1521. 	s.smtpServer.WriteTimeout = 10 * time.Second
    1522. 

  1522. 	s.smtpServer.MaxMessageBytes = 1024 * 1024 // Must be much larger than message size (headers, multipart, etc.)
    1523. 

  1523. 	s.smtpServer.MaxRecipients = 1
    1524. 

  1524. 	s.smtpServer.AllowInsecureAuth = true
    1525. 

  1525. 	return s.smtpServer.ListenAndServe()
    1526. 

  1526. }
    1527. 

  1527. 

  1528. func (s *Server) runManager() {
    1529. 

  1529. 	for {
    1530. 

  1530. 		select {
    1531. 

  1531. 		case <-time.After(s.config.ManagerInterval):
    1532. 

  1532. 			log.
    1533. 

  1533. 				Tag(tagManager).
    1534. 

  1534. 				Timing(s.execManager).
    1535. 

  1535. 				Debug("Manager finished")
    1536. 

  1536. 		case <-s.closeChan:
    1537. 

  1537. 			return
    1538. 

  1538. 		}
    1539. 

  1539. 	}
    1540. 

  1540. }
    1541. 

  1541. 

  1542. // runStatsResetter runs once a day (usually midnight UTC) to reset all the visitor's message and
    1543. 

  1543. // email counters. The stats are used to display the counters in the web app, as well as for rate limiting.
    1544. 

  1544. func (s *Server) runStatsResetter() {
    1545. 

  1545. 	for {
    1546. 

  1546. 		runAt := util.NextOccurrenceUTC(s.config.VisitorStatsResetTime, time.Now())
    1547. 

  1547. 		timer := time.NewTimer(time.Until(runAt))
    1548. 

  1548. 		log.Tag(tagResetter).Debug("Waiting until %v to reset visitor stats", runAt)
    1549. 

  1549. 		select {
    1550. 

  1550. 		case <-timer.C:
    1551. 

  1551. 			log.Tag(tagResetter).Debug("Running stats resetter")
    1552. 

  1552. 			s.resetStats()
    1553. 

  1553. 		case <-s.closeChan:
    1554. 

  1554. 			log.Tag(tagResetter).Debug("Stopping stats resetter")
    1555. 

  1555. 			timer.Stop()
    1556. 

  1556. 			return
    1557. 

  1557. 		}
    1558. 

  1558. 	}
    1559. 

  1559. }
    1560. 

  1560. 

  1561. func (s *Server) resetStats() {
    1562. 

  1562. 	log.Info("Resetting all visitor stats (daily task)")
    1563. 

  1563. 	s.mu.Lock()
    1564. 

  1564. 	defer s.mu.Unlock() // Includes the database query to avoid races with other processes
    1565. 

  1565. 	for _, v := range s.visitors {
    1566. 

  1566. 		v.ResetStats()
    1567. 

  1567. 	}
    1568. 

  1568. 	if s.userManager != nil {
    1569. 

  1569. 		if err := s.userManager.ResetStats(); err != nil {
    1570. 

  1570. 			log.Tag(tagResetter).Warn("Failed to write to database: %s", err.Error())
    1571. 

  1571. 		}
    1572. 

  1572. 	}
    1573. 

  1573. }
    1574. 

  1574. 

  1575. func (s *Server) runFirebaseKeepaliver() {
    1576. 

  1576. 	if s.firebaseClient == nil {
    1577. 

  1577. 		return
    1578. 

  1578. 	}
    1579. 

  1579. 	v := newVisitor(s.config, s.messageCache, s.userManager, netip.IPv4Unspecified(), nil) // Background process, not a real visitor, uses IP 0.0.0.0
    1580. 

  1580. 	for {
    1581. 

  1581. 		select {
    1582. 

  1582. 		case <-time.After(s.config.FirebaseKeepaliveInterval):
    1583. 

  1583. 			s.sendToFirebase(v, newKeepaliveMessage(firebaseControlTopic))
    1584. 

  1584. 		/*
    1585. 

  1585. 			FIXME: Disable iOS polling entirely for now due to thundering herd problem (see #677)
    1586. 

  1586. 			       To solve this, we'd have to shard the iOS poll topics to spread out the polling evenly.
    1587. 

  1587. 			       Given that it's not really necessary to poll, turning it off for now should not have any impact.
    1588. 

  1588. 

  1589. 			case <-time.After(s.config.FirebasePollInterval):
    1590. 

  1590. 				s.sendToFirebase(v, newKeepaliveMessage(firebasePollTopic))
    1591. 

  1591. 		*/
    1592. 

  1592. 		case <-s.closeChan:
    1593. 

  1593. 			return
    1594. 

  1594. 		}
    1595. 

  1595. 	}
    1596. 

  1596. }
    1597. 

  1597. 

  1598. func (s *Server) runDelayedSender() {
    1599. 

  1599. 	for {
    1600. 

  1600. 		select {
    1601. 

  1601. 		case <-time.After(s.config.DelayedSenderInterval):
    1602. 

  1602. 			if err := s.sendDelayedMessages(); err != nil {
    1603. 

  1603. 				log.Tag(tagPublish).Err(err).Warn("Error sending delayed messages")
    1604. 

  1604. 			}
    1605. 

  1605. 		case <-s.closeChan:
    1606. 

  1606. 			return
    1607. 

  1607. 		}
    1608. 

  1608. 	}
    1609. 

  1609. }
    1610. 

  1610. 

  1611. func (s *Server) sendDelayedMessages() error {
    1612. 

  1612. 	messages, err := s.messageCache.MessagesDue()
    1613. 

  1613. 	if err != nil {
    1614. 

  1614. 		return err
    1615. 

  1615. 	}
    1616. 

  1616. 	for _, m := range messages {
    1617. 

  1617. 		var u *user.User
    1618. 

  1618. 		if s.userManager != nil && m.User != "" {
    1619. 

  1619. 			u, err = s.userManager.UserByID(m.User)
    1620. 

  1620. 			if err != nil {
    1621. 

  1621. 				log.With(m).Err(err).Warn("Error sending delayed message")
    1622. 

  1622. 				continue
    1623. 

  1623. 			}
    1624. 

  1624. 		}
    1625. 

  1625. 		v := s.visitor(m.Sender, u)
    1626. 

  1626. 		if err := s.sendDelayedMessage(v, m); err != nil {
    1627. 

  1627. 			logvm(v, m).Err(err).Warn("Error sending delayed message")
    1628. 

  1628. 		}
    1629. 

  1629. 	}
    1630. 

  1630. 	return nil
    1631. 

  1631. }
    1632. 

  1632. 

  1633. func (s *Server) sendDelayedMessage(v *visitor, m *message) error {
    1634. 

  1634. 	logvm(v, m).Debug("Sending delayed message")
    1635. 

  1635. 	s.mu.RLock()
    1636. 

  1636. 	t, ok := s.topics[m.Topic] // If no subscribers, just mark message as published
    1637. 

  1637. 	s.mu.RUnlock()
    1638. 

  1638. 	if ok {
    1639. 

  1639. 		go func() {
    1640. 

  1640. 			// We do not rate-limit messages here, since we've rate limited them in the PUT/POST handler
    1641. 

  1641. 			if err := t.Publish(v, m); err != nil {
    1642. 

  1642. 				logvm(v, m).Err(err).Warn("Unable to publish message")
    1643. 

  1643. 			}
    1644. 

  1644. 		}()
    1645. 

  1645. 	}
    1646. 

  1646. 	if s.firebaseClient != nil { // Firebase subscribers may not show up in topics map
    1647. 

  1647. 		go s.sendToFirebase(v, m)
    1648. 

  1648. 	}
    1649. 

  1649. 	if s.config.UpstreamBaseURL != "" {
    1650. 

  1650. 		go s.forwardPollRequest(v, m)
    1651. 

  1651. 	}
    1652. 

  1652. 	if err := s.messageCache.MarkPublished(m); err != nil {
    1653. 

  1653. 		return err
    1654. 

  1654. 	}
    1655. 

  1655. 	return nil
    1656. 

  1656. }
    1657. 

  1657. 

  1658. // transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
    1659. 

  1659. // before passing it on to the next handler. This is meant to be used in combination with handlePublish.
    1660. 

  1660. func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
    1661. 

  1661. 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1662. 

  1662. 		m, err := readJSONWithLimit[publishMessage](r.Body, s.config.MessageLimit*2, false) // 2x to account for JSON format overhead
    1663. 

  1663. 		if err != nil {
    1664. 

  1664. 			return err
    1665. 

  1665. 		}
    1666. 

  1666. 		if !topicRegex.MatchString(m.Topic) {
    1667. 

  1667. 			return errHTTPBadRequestTopicInvalid
    1668. 

  1668. 		}
    1669. 

  1669. 		if m.Message == "" {
    1670. 

  1670. 			m.Message = emptyMessageBody
    1671. 

  1671. 		}
    1672. 

  1672. 		r.URL.Path = "/" + m.Topic
    1673. 

  1673. 		r.Body = io.NopCloser(strings.NewReader(m.Message))
    1674. 

  1674. 		if m.Title != "" {
    1675. 

  1675. 			r.Header.Set("X-Title", m.Title)
    1676. 

  1676. 		}
    1677. 

  1677. 		if m.Priority != 0 {
    1678. 

  1678. 			r.Header.Set("X-Priority", fmt.Sprintf("%d", m.Priority))
    1679. 

  1679. 		}
    1680. 

  1680. 		if m.Tags != nil && len(m.Tags) > 0 {
    1681. 

  1681. 			r.Header.Set("X-Tags", strings.Join(m.Tags, ","))
    1682. 

  1682. 		}
    1683. 

  1683. 		if m.Attach != "" {
    1684. 

  1684. 			r.Header.Set("X-Attach", m.Attach)
    1685. 

  1685. 		}
    1686. 

  1686. 		if m.Filename != "" {
    1687. 

  1687. 			r.Header.Set("X-Filename", m.Filename)
    1688. 

  1688. 		}
    1689. 

  1689. 		if m.Click != "" {
    1690. 

  1690. 			r.Header.Set("X-Click", m.Click)
    1691. 

  1691. 		}
    1692. 

  1692. 		if m.Icon != "" {
    1693. 

  1693. 			r.Header.Set("X-Icon", m.Icon)
    1694. 

  1694. 		}
    1695. 

  1695. 		if len(m.Actions) > 0 {
    1696. 

  1696. 			actionsStr, err := json.Marshal(m.Actions)
    1697. 

  1697. 			if err != nil {
    1698. 

  1698. 				return errHTTPBadRequestMessageJSONInvalid
    1699. 

  1699. 			}
    1700. 

  1700. 			r.Header.Set("X-Actions", string(actionsStr))
    1701. 

  1701. 		}
    1702. 

  1702. 		if m.Email != "" {
    1703. 

  1703. 			r.Header.Set("X-Email", m.Email)
    1704. 

  1704. 		}
    1705. 

  1705. 		if m.Delay != "" {
    1706. 

  1706. 			r.Header.Set("X-Delay", m.Delay)
    1707. 

  1707. 		}
    1708. 

  1708. 		return next(w, r, v)
    1709. 

  1709. 	}
    1710. 

  1710. }
    1711. 

  1711. 

  1712. func (s *Server) transformMatrixJSON(next handleFunc) handleFunc {
    1713. 

  1713. 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1714. 

  1714. 		newRequest, err := newRequestFromMatrixJSON(r, s.config.BaseURL, s.config.MessageLimit)
    1715. 

  1715. 		if err != nil {
    1716. 

  1716. 			logvr(v, r).Tag(tagMatrix).Err(err).Debug("Invalid Matrix request")
    1717. 

  1717. 			if e, ok := err.(*errMatrixPushkeyRejected); ok {
    1718. 

  1718. 				return writeMatrixResponse(w, e.rejectedPushKey)
    1719. 

  1719. 			}
    1720. 

  1720. 			return err
    1721. 

  1721. 		}
    1722. 

  1722. 		if err := next(w, newRequest, v); err != nil {
    1723. 

  1723. 			logvr(v, r).Tag(tagMatrix).Err(err).Debug("Error handling Matrix request")
    1724. 

  1724. 			return err
    1725. 

  1725. 		}
    1726. 

  1726. 		return nil
    1727. 

  1727. 	}
    1728. 

  1728. }
    1729. 

  1729. 

  1730. func (s *Server) authorizeTopicWrite(next handleFunc) handleFunc {
    1731. 

  1731. 	return s.autorizeTopic(next, user.PermissionWrite)
    1732. 

  1732. }
    1733. 

  1733. 

  1734. func (s *Server) authorizeTopicRead(next handleFunc) handleFunc {
    1735. 

  1735. 	return s.autorizeTopic(next, user.PermissionRead)
    1736. 

  1736. }
    1737. 

  1737. 

  1738. func (s *Server) autorizeTopic(next handleFunc, perm user.Permission) handleFunc {
    1739. 

  1739. 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
    1740. 

  1740. 		if s.userManager == nil {
    1741. 

  1741. 			return next(w, r, v)
    1742. 

  1742. 		}
    1743. 

  1743. 		topics, _, err := s.topicsFromPath(r.URL.Path)
    1744. 

  1744. 		if err != nil {
    1745. 

  1745. 			return err
    1746. 

  1746. 		}
    1747. 

  1747. 		u := v.User()
    1748. 

  1748. 		for _, t := range topics {
    1749. 

  1749. 			if err := s.userManager.Authorize(u, t.ID, perm); err != nil {
    1750. 

  1750. 				logvr(v, r).With(t).Err(err).Debug("Access to topic %s not authorized", t.ID)
    1751. 

  1751. 				return errHTTPForbidden.With(t)
    1752. 

  1752. 			}
    1753. 

  1753. 		}
    1754. 

  1754. 		return next(w, r, v)
    1755. 

  1755. 	}
    1756. 

  1756. }
    1757. 

  1757. 

  1758. // maybeAuthenticate reads the "Authorization" header and will try to authenticate the user
    1759. 

  1759. // if it is set.
    1760. 

  1760. //
    1761. 

  1761. //   - If auth-file is not configured, immediately return an IP-based visitor
    1762. 

  1762. //   - If the header is not set or not supported (anything non-Basic and non-Bearer),
    1763. 

  1763. //     an IP-based visitor is returned
    1764. 

  1764. //   - If the header is set, authenticate will be called to check the username/password (Basic auth),
    1765. 

  1765. //     or the token (Bearer auth), and read the user from the database
    1766. 

  1766. //
    1767. 

  1767. // This function will ALWAYS return a visitor, even if an error occurs (e.g. unauthorized), so
    1768. 

  1768. // that subsequent logging calls still have a visitor context.
    1769. 

  1769. func (s *Server) maybeAuthenticate(r *http.Request) (*visitor, error) {
    1770. 

  1770. 	// Read "Authorization" header value, and exit out early if it's not set
    1771. 

  1771. 	ip := extractIPAddress(r, s.config.BehindProxy)
    1772. 

  1772. 	vip := s.visitor(ip, nil)
    1773. 

  1773. 	if s.userManager == nil {
    1774. 

  1774. 		return vip, nil
    1775. 

  1775. 	}
    1776. 

  1776. 	header, err := readAuthHeader(r)
    1777. 

  1777. 	if err != nil {
    1778. 

  1778. 		return vip, err
    1779. 

  1779. 	} else if !supportedAuthHeader(header) {
    1780. 

  1780. 		return vip, nil
    1781. 

  1781. 	}
    1782. 

  1782. 	// If we're trying to auth, check the rate limiter first
    1783. 

  1783. 	if !vip.AuthAllowed() {
    1784. 

  1784. 		return vip, errHTTPTooManyRequestsLimitAuthFailure // Always return visitor, even when error occurs!
    1785. 

  1785. 	}
    1786. 

  1786. 	u, err := s.authenticate(r, header)
    1787. 

  1787. 	if err != nil {
    1788. 

  1788. 		vip.AuthFailed()
    1789. 

  1789. 		logr(r).Err(err).Debug("Authentication failed")
    1790. 

  1790. 		return vip, errHTTPUnauthorized // Always return visitor, even when error occurs!
    1791. 

  1791. 	}
    1792. 

  1792. 	// Authentication with user was successful
    1793. 

  1793. 	return s.visitor(ip, u), nil
    1794. 

  1794. }
    1795. 

  1795. 

  1796. // authenticate a user based on basic auth username/password (Authorization: Basic ...), or token auth (Authorization: Bearer ...).
    1797. 

  1797. // The Authorization header can be passed as a header or the ?auth=... query param. The latter is required only to
    1798. 

  1798. // support the WebSocket JavaScript class, which does not support passing headers during the initial request. The auth
    1799. 

  1799. // query param is effectively doubly base64 encoded. Its format is base64(Basic base64(user:pass)).
    1800. 

  1800. func (s *Server) authenticate(r *http.Request, header string) (user *user.User, err error) {
    1801. 

  1801. 	if strings.HasPrefix(header, "Bearer") {
    1802. 

  1802. 		return s.authenticateBearerAuth(r, strings.TrimSpace(strings.TrimPrefix(header, "Bearer")))
    1803. 

  1803. 	}
    1804. 

  1804. 	return s.authenticateBasicAuth(r, header)
    1805. 

  1805. }
    1806. 

  1806. 

  1807. // readAuthHeader reads the raw value of the Authorization header, either from the actual HTTP header,
    1808. 

  1808. // or from the ?auth... query parameter
    1809. 

  1809. func readAuthHeader(r *http.Request) (string, error) {
    1810. 

  1810. 	value := strings.TrimSpace(r.Header.Get("Authorization"))
    1811. 

  1811. 	queryParam := readQueryParam(r, "authorization", "auth")
    1812. 

  1812. 	if queryParam != "" {
    1813. 

  1813. 		a, err := base64.RawURLEncoding.DecodeString(queryParam)
    1814. 

  1814. 		if err != nil {
    1815. 

  1815. 			return "", err
    1816. 

  1816. 		}
    1817. 

  1817. 		value = strings.TrimSpace(string(a))
    1818. 

  1818. 	}
    1819. 

  1819. 	return value, nil
    1820. 

  1820. }
    1821. 

  1821. 

  1822. // supportedAuthHeader returns true only if the Authorization header value starts
    1823. 

  1823. // with "Basic" or "Bearer". In particular, an empty value is not supported, and neither
    1824. 

  1824. // are things like "WebPush", or "vapid" (see #629).
    1825. 

  1825. func supportedAuthHeader(value string) bool {
    1826. 

  1826. 	value = strings.ToLower(value)
    1827. 

  1827. 	return strings.HasPrefix(value, "basic ") || strings.HasPrefix(value, "bearer ")
    1828. 

  1828. }
    1829. 

  1829. 

  1830. func (s *Server) authenticateBasicAuth(r *http.Request, value string) (user *user.User, err error) {
    1831. 

  1831. 	r.Header.Set("Authorization", value)
    1832. 

  1832. 	username, password, ok := r.BasicAuth()
    1833. 

  1833. 	if !ok {
    1834. 

  1834. 		return nil, errors.New("invalid basic auth")
    1835. 

  1835. 	} else if username == "" {
    1836. 

  1836. 		return s.authenticateBearerAuth(r, password) // Treat password as token
    1837. 

  1837. 	}
    1838. 

  1838. 	return s.userManager.Authenticate(username, password)
    1839. 

  1839. }
    1840. 

  1840. 

  1841. func (s *Server) authenticateBearerAuth(r *http.Request, token string) (*user.User, error) {
    1842. 

  1842. 	u, err := s.userManager.AuthenticateToken(token)
    1843. 

  1843. 	if err != nil {
    1844. 

  1844. 		return nil, err
    1845. 

  1845. 	}
    1846. 

  1846. 	ip := extractIPAddress(r, s.config.BehindProxy)
    1847. 

  1847. 	go s.userManager.EnqueueTokenUpdate(token, &user.TokenUpdate{
    1848. 

  1848. 		LastAccess: time.Now(),
    1849. 

  1849. 		LastOrigin: ip,
    1850. 

  1850. 	})
    1851. 

  1851. 	return u, nil
    1852. 

  1852. }
    1853. 

  1853. 

  1854. func (s *Server) visitor(ip netip.Addr, user *user.User) *visitor {
    1855. 

  1855. 	s.mu.Lock()
    1856. 

  1856. 	defer s.mu.Unlock()
    1857. 

  1857. 	id := visitorID(ip, user)
    1858. 

  1858. 	v, exists := s.visitors[id]
    1859. 

  1859. 	if !exists {
    1860. 

  1860. 		s.visitors[id] = newVisitor(s.config, s.messageCache, s.userManager, ip, user)
    1861. 

  1861. 		return s.visitors[id]
    1862. 

  1862. 	}
    1863. 

  1863. 	v.Keepalive()
    1864. 

  1864. 	v.SetUser(user) // Always update with the latest user, may be nil!
    1865. 

  1865. 	return v
    1866. 

  1866. }
    1867. 

  1867. 

  1868. func (s *Server) writeJSON(w http.ResponseWriter, v any) error {
    1869. 

  1869. 	w.Header().Set("Content-Type", "application/json")
    1870. 

  1870. 	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
    1871. 

  1871. 	if err := json.NewEncoder(w).Encode(v); err != nil {
    1872. 

  1872. 		return err
    1873. 

  1873. 	}
    1874. 

  1874. 	return nil
    1875. 

  1875. }
    1876. 

  1876. 

  1877. func (s *Server) updateAndWriteStats(messagesCount int64) {
    1878. 

  1878. 	s.mu.Lock()
    1879. 

  1879. 	s.messagesHistory = append(s.messagesHistory, messagesCount)
    1880. 

  1880. 	if len(s.messagesHistory) > messagesHistoryMax {
    1881. 

  1881. 		s.messagesHistory = s.messagesHistory[1:]
    1882. 

  1882. 	}
    1883. 

  1883. 	s.mu.Unlock()
    1884. 

  1884. 	go func() {
    1885. 

  1885. 		if err := s.messageCache.UpdateStats(messagesCount); err != nil {
    1886. 

  1886. 			log.Tag(tagManager).Err(err).Warn("Cannot write messages stats")
    1887. 

  1887. 		}
    1888. 

  1888. 	}()
    1889. 

  1889. }
    1890.