// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. // See License.txt for license information. package utils import ( "crypto" "crypto/rand" "encoding/base64" "fmt" "html/template" "net/http" "net/url" "path" "strings" "github.com/mattermost/mattermost-server/model" ) func CheckOrigin(r *http.Request, allowedOrigins string) bool { origin := r.Header.Get("Origin") if origin == "" { return true } if allowedOrigins == "*" { return true } for _, allowed := range strings.Split(allowedOrigins, " ") { if allowed == origin { return true } } return false } func OriginChecker(allowedOrigins string) func(*http.Request) bool { return func(r *http.Request) bool { return CheckOrigin(r, allowedOrigins) } } func RenderWebAppError(config *model.Config, w http.ResponseWriter, r *http.Request, err *model.AppError, s crypto.Signer) { RenderWebError(config, w, r, err.StatusCode, url.Values{ "message": []string{err.Message}, }, s) } func RenderWebError(config *model.Config, w http.ResponseWriter, r *http.Request, status int, params url.Values, s crypto.Signer) { queryString := params.Encode() subpath, _ := GetSubpathFromConfig(config) h := crypto.SHA256 sum := h.New() sum.Write([]byte(path.Join(subpath, "error") + "?" + queryString)) signature, err := s.Sign(rand.Reader, sum.Sum(nil), h) if err != nil { http.Error(w, "", http.StatusInternalServerError) return } destination := path.Join(subpath, "error") + "?" + queryString + "&s=" + base64.URLEncoding.EncodeToString(signature) if status >= 300 && status < 400 { http.Redirect(w, r, destination, status) return } w.Header().Set("Content-Type", "text/html") w.WriteHeader(status) fmt.Fprintln(w, `
`) fmt.Fprintln(w, ``) fmt.Fprintln(w, ``) fmt.Fprintln(w, `...`) fmt.Fprintln(w, ``) }