157 lines
4.4 KiB
Go
157 lines
4.4 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"heckel.io/ntfy/util"
|
|
"io"
|
|
"mime"
|
|
"net/http"
|
|
"net/netip"
|
|
"strings"
|
|
"regexp"
|
|
)
|
|
|
|
var mimeDecoder mime.WordDecoder
|
|
|
|
func readBoolParam(r *http.Request, defaultValue bool, names ...string) bool {
|
|
value := strings.ToLower(readParam(r, names...))
|
|
if value == "" {
|
|
return defaultValue
|
|
}
|
|
return toBool(value)
|
|
}
|
|
|
|
func isBoolValue(value string) bool {
|
|
return value == "1" || value == "yes" || value == "true" || value == "0" || value == "no" || value == "false"
|
|
}
|
|
|
|
func toBool(value string) bool {
|
|
return value == "1" || value == "yes" || value == "true"
|
|
}
|
|
|
|
func readCommaSeparatedParam(r *http.Request, names ...string) (params []string) {
|
|
paramStr := readParam(r, names...)
|
|
if paramStr != "" {
|
|
params = make([]string, 0)
|
|
for _, s := range util.SplitNoEmpty(paramStr, ",") {
|
|
params = append(params, strings.TrimSpace(s))
|
|
}
|
|
}
|
|
return params
|
|
}
|
|
|
|
func readParam(r *http.Request, names ...string) string {
|
|
value := readHeaderParam(r, names...)
|
|
if value != "" {
|
|
return value
|
|
}
|
|
return readQueryParam(r, names...)
|
|
}
|
|
|
|
func readHeaderParam(r *http.Request, names ...string) string {
|
|
for _, name := range names {
|
|
value := maybeDecodeHeader(r.Header.Get(name), name)
|
|
if value != "" {
|
|
return strings.TrimSpace(value)
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func readQueryParam(r *http.Request, names ...string) string {
|
|
for _, name := range names {
|
|
value := r.URL.Query().Get(strings.ToLower(name))
|
|
if value != "" {
|
|
return strings.TrimSpace(value)
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func extractIPAddress(r *http.Request, behindProxy bool) netip.Addr {
|
|
remoteAddr := r.RemoteAddr
|
|
addrPort, err := netip.ParseAddrPort(remoteAddr)
|
|
ip := addrPort.Addr()
|
|
if err != nil {
|
|
// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
|
|
ip, err = netip.ParseAddr(remoteAddr)
|
|
if err != nil {
|
|
ip = netip.IPv4Unspecified()
|
|
if remoteAddr != "@" || !behindProxy { // RemoteAddr is @ when unix socket is used
|
|
logr(r).Err(err).Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created", remoteAddr)
|
|
}
|
|
}
|
|
}
|
|
if behindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
|
|
// X-Forwarded-For can contain multiple addresses (see #328). If we are behind a proxy,
|
|
// only the right-most address can be trusted (as this is the one added by our proxy server).
|
|
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
|
|
ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
|
|
realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
|
|
if err != nil {
|
|
logr(r).Err(err).Error("invalid IP address %s received in X-Forwarded-For header", ip)
|
|
// Fall back to regular remote address if X-Forwarded-For is damaged
|
|
} else {
|
|
ip = realIP
|
|
}
|
|
}
|
|
return ip
|
|
}
|
|
|
|
func readJSONWithLimit[T any](r io.ReadCloser, limit int, allowEmpty bool) (*T, error) {
|
|
obj, err := util.UnmarshalJSONWithLimit[T](r, limit, allowEmpty)
|
|
if err == util.ErrUnmarshalJSON {
|
|
return nil, errHTTPBadRequestJSONInvalid
|
|
} else if err == util.ErrTooLargeJSON {
|
|
return nil, errHTTPEntityTooLargeJSONBody
|
|
} else if err != nil {
|
|
return nil, err
|
|
}
|
|
return obj, nil
|
|
}
|
|
|
|
func withContext(r *http.Request, ctx map[contextKey]any) *http.Request {
|
|
c := r.Context()
|
|
for k, v := range ctx {
|
|
c = context.WithValue(c, k, v)
|
|
}
|
|
return r.WithContext(c)
|
|
}
|
|
|
|
func fromContext[T any](r *http.Request, key contextKey) (T, error) {
|
|
t, ok := r.Context().Value(key).(T)
|
|
if !ok {
|
|
return t, fmt.Errorf("cannot find key %v in request context", key)
|
|
}
|
|
return t, nil
|
|
}
|
|
|
|
func maybeDecodeHeader(header string, name string) string {
|
|
decoded, err := mimeDecoder.DecodeHeader(header)
|
|
if err != nil {
|
|
if name == "priority"{
|
|
return cloudflarePriorityIgnore(header)
|
|
}
|
|
return header
|
|
}
|
|
|
|
if name == "priority"{
|
|
return cloudflarePriorityIgnore(decoded)
|
|
}
|
|
return decoded
|
|
}
|
|
|
|
// Ignore new HTTP Priority header (see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-priority)
|
|
// Cloudflare adds this to requests when forwarding to the backend (ntfy), so we just ignore it.
|
|
// If the Priority header is set to "u=*, i" or "u=*" (by cloudflare), the header will be ignored.
|
|
// And continue searching for another header (x-priority, prio, p) or in the Query parameters.
|
|
func cloudflarePriorityIgnore(value string) string {
|
|
pattern := `^u=\d,\s(i|\d)$|^u=\d$`
|
|
regex := regexp.MustCompile(pattern)
|
|
if regex.MatchString(value) {
|
|
return ""
|
|
}
|
|
return value
|
|
}
|