Block framing on some pages

2021-03-09 17:00:43 +01:00
parent 2dd9ad4777
commit e8181eb6d2
3 changed files with 65 additions and 64 deletions
--- a/res/template/fragments/revenuehits.html
+++ b/res/template/fragments/revenuehits.html
@@ -1,16 +0,0 @@
 {{ define "revenuehits" }}
 <html>
 	<head>
 		<title>Ad Banner</title>
 		<style>
 			html, body {
 				margin: 0;
 				background-color: black;
 			}
 		</style>
 	</head>
 	<body>
 		<script data-cfasync='false' type='text/javascript' src='//p416901.clksite.com/adServe/banners?tid=416901_817726_0'></script>
 	</body>
 </html>
 {{ end }}
--- a/webcontroller/user_settings.go
+++ b/webcontroller/user_settings.go
@@ -60,6 +60,7 @@ func (wc *WebController) serveUserSettings(
 	r *http.Request,
 	p httprouter.Params,
 ) {
 	w.Header().Set("X-Frame-Options", "DENY")
 	td := wc.newTemplateData(w, r)
 	if !td.Authenticated {
--- a/webcontroller/web_controller.go
+++ b/webcontroller/web_controller.go
@@ -129,41 +129,41 @@ func New(
 		handler httprouter.Handle // The function to run when this API is called
 	}{
 		// General navigation
-		{GET, "" /*                */, wc.serveTemplate("home", false)},
+		{GET, "" /*                */, wc.serveTemplate("home", handlerOpts{})},
-		{GET, "api" /*             */, wc.serveMarkdown("apidoc.md", false)},
+		{GET, "api" /*             */, wc.serveMarkdown("apidoc.md", handlerOpts{})},
-		{GET, "history" /*         */, wc.serveTemplate("history_cookies", false)},
+		{GET, "history" /*         */, wc.serveTemplate("history_cookies", handlerOpts{})},
 		{GET, "u/:id" /*           */, wc.serveFileViewer},
 		{GET, "u/:id/preview" /*   */, wc.serveFilePreview},
 		{GET, "l/:id" /*           */, wc.serveListViewer},
 		{GET, "d/*path" /*         */, wc.serveDirectory},
 		{GET, "s/:id" /*           */, wc.serveSkynetViewer},
-		{GET, "t" /*               */, wc.serveTemplate("text_editor", false)},
+		{GET, "t" /*               */, wc.serveTemplate("text_editor", handlerOpts{})},
-		{GET, "donation" /*        */, wc.serveMarkdown("donation.md", false)},
+		{GET, "donation" /*        */, wc.serveMarkdown("donation.md", handlerOpts{})},
-		{GET, "subscribe" /*       */, wc.serveMarkdown("subscribe.md", false)},
+		{GET, "subscribe" /*       */, wc.serveMarkdown("subscribe.md", handlerOpts{})},
-		{GET, "widgets" /*         */, wc.serveTemplate("widgets", false)},
+		{GET, "widgets" /*         */, wc.serveTemplate("widgets", handlerOpts{})},
-		{GET, "about" /*           */, wc.serveMarkdown("about.md", false)},
+		{GET, "about" /*           */, wc.serveMarkdown("about.md", handlerOpts{})},
-		{GET, "appearance" /*      */, wc.serveTemplate("appearance", false)},
+		{GET, "appearance" /*      */, wc.serveTemplate("appearance", handlerOpts{})},
-		{GET, "hosting" /*         */, wc.serveMarkdown("hosting.md", false)},
+		{GET, "hosting" /*         */, wc.serveMarkdown("hosting.md", handlerOpts{})},
-		{GET, "brave" /*           */, wc.serveMarkdown("brave.md", false)},
+		{GET, "brave" /*           */, wc.serveMarkdown("brave.md", handlerOpts{})},
-		{GET, "acknowledgements" /**/, wc.serveMarkdown("acknowledgements.md", false)},
+		{GET, "acknowledgements" /**/, wc.serveMarkdown("acknowledgements.md", handlerOpts{})},
-		{GET, "business" /*        */, wc.serveMarkdown("business.md", false)},
+		{GET, "business" /*        */, wc.serveMarkdown("business.md", handlerOpts{})},
-		{GET, "server_status" /*   */, wc.serveTemplate("server_status", false)},
+		{GET, "server_status" /*   */, wc.serveTemplate("server_status", handlerOpts{})},
-		{GET, "apps" /*            */, wc.serveTemplate("apps", false)},
+		{GET, "apps" /*            */, wc.serveTemplate("apps", handlerOpts{})},
 		// User account pages
-		{GET, "register" /*         */, wc.serveForm(wc.registerForm, false)},
+		{GET, "register" /*         */, wc.serveForm(wc.registerForm, handlerOpts{NoEmbed: true})},
-		{PST, "register" /*         */, wc.serveForm(wc.registerForm, false)},
+		{PST, "register" /*         */, wc.serveForm(wc.registerForm, handlerOpts{NoEmbed: true})},
-		{GET, "login" /*            */, wc.serveForm(wc.loginForm, false)},
+		{GET, "login" /*            */, wc.serveForm(wc.loginForm, handlerOpts{NoEmbed: true})},
-		{PST, "login" /*            */, wc.serveForm(wc.loginForm, false)},
+		{PST, "login" /*            */, wc.serveForm(wc.loginForm, handlerOpts{NoEmbed: true})},
-		{GET, "password_reset" /*   */, wc.serveForm(wc.passwordResetForm, false)},
+		{GET, "password_reset" /*   */, wc.serveForm(wc.passwordResetForm, handlerOpts{NoEmbed: true})},
-		{PST, "password_reset" /*   */, wc.serveForm(wc.passwordResetForm, false)},
+		{PST, "password_reset" /*   */, wc.serveForm(wc.passwordResetForm, handlerOpts{NoEmbed: true})},
-		{GET, "logout" /*           */, wc.serveTemplate("logout", true)},
+		{GET, "logout" /*           */, wc.serveTemplate("logout", handlerOpts{Auth: true, NoEmbed: true})},
 		{PST, "logout" /*           */, wc.serveLogout},
-		{GET, "user" /*             */, wc.serveTemplate("user_home", true)},
+		{GET, "user" /*             */, wc.serveTemplate("user_home", handlerOpts{Auth: true})},
-		{GET, "user/files" /*       */, wc.serveTemplate("user_files", true)},
+		{GET, "user/files" /*       */, wc.serveTemplate("user_files", handlerOpts{Auth: true})},
-		{GET, "user/lists" /*       */, wc.serveTemplate("user_lists", true)},
+		{GET, "user/lists" /*       */, wc.serveTemplate("user_lists", handlerOpts{Auth: true})},
-		{GET, "user/buckets" /*     */, wc.serveTemplate("user_buckets", true)},
+		{GET, "user/buckets" /*     */, wc.serveTemplate("user_buckets", handlerOpts{Auth: true})},
-		{GET, "user/filemanager" /* */, wc.serveTemplate("file_manager", true)},
+		{GET, "user/filemanager" /* */, wc.serveTemplate("file_manager", handlerOpts{Auth: true})},
 		{GET, "user/export/files" /**/, wc.serveUserExportFiles},
 		{GET, "user/export/lists" /**/, wc.serveUserExportLists},
@@ -171,27 +171,26 @@ func New(
 		{GET, "user/settings" /*              */, wc.serveUserSettings},
 		{PST, "user/settings" /*              */, wc.serveUserSettings},
 		{GET, "user/confirm_email" /*         */, wc.serveEmailConfirm},
-		{GET, "user/password_reset_confirm" /**/, wc.serveForm(wc.passwordResetConfirmForm, false)},
+		{GET, "user/password_reset_confirm" /**/, wc.serveForm(wc.passwordResetConfirmForm, handlerOpts{NoEmbed: true})},
-		{PST, "user/password_reset_confirm" /**/, wc.serveForm(wc.passwordResetConfirmForm, false)},
+		{PST, "user/password_reset_confirm" /**/, wc.serveForm(wc.passwordResetConfirmForm, handlerOpts{NoEmbed: true})},
-		{GET, "patreon_activate" /*  */, wc.serveForm(wc.patreonLinkForm, true)},
+		{GET, "patreon_activate" /*  */, wc.serveForm(wc.patreonLinkForm, handlerOpts{Auth: true})},
-		{PST, "patreon_activate" /*  */, wc.serveForm(wc.patreonLinkForm, true)},
+		{PST, "patreon_activate" /*  */, wc.serveForm(wc.patreonLinkForm, handlerOpts{Auth: true})},
-		{GET, "knoxfs_activate" /*  */, wc.serveForm(wc.knoxfsLinkForm, true)},
+		{GET, "knoxfs_activate" /*  */, wc.serveForm(wc.knoxfsLinkForm, handlerOpts{Auth: true})},
-		{PST, "knoxfs_activate" /*  */, wc.serveForm(wc.knoxfsLinkForm, true)},
+		{PST, "knoxfs_activate" /*  */, wc.serveForm(wc.knoxfsLinkForm, handlerOpts{Auth: true})},
 		// Admin settings
-		{GET, "admin" /*                */, wc.serveTemplate("admin_panel", true)},
+		{GET, "admin" /*                */, wc.serveTemplate("admin_panel", handlerOpts{Auth: true})},
-		{GET, "admin/globals" /*        */, wc.serveForm(wc.adminGlobalsForm, true)},
+		{GET, "admin/globals" /*        */, wc.serveForm(wc.adminGlobalsForm, handlerOpts{Auth: true})},
-		{PST, "admin/globals" /*        */, wc.serveForm(wc.adminGlobalsForm, true)},
+		{PST, "admin/globals" /*        */, wc.serveForm(wc.adminGlobalsForm, handlerOpts{Auth: true})},
-		{GET, "admin/abuse" /*          */, wc.serveForm(wc.adminAbuseForm, true)},
+		{GET, "admin/abuse" /*          */, wc.serveForm(wc.adminAbuseForm, handlerOpts{Auth: true})},
-		{PST, "admin/abuse" /*          */, wc.serveForm(wc.adminAbuseForm, true)},
+		{PST, "admin/abuse" /*          */, wc.serveForm(wc.adminAbuseForm, handlerOpts{Auth: true})},
-		{GET, "admin/abuse_reporters" /**/, wc.serveTemplate("admin_abuse_reporters", true)},
+		{GET, "admin/abuse_reporters" /**/, wc.serveTemplate("admin_abuse_reporters", handlerOpts{Auth: true})},
 		// Advertising related
 		{GET, "click/:id" /*     */, wc.serveAdClick},
 		{GET, "campaign/:id" /*  */, wc.serveCampaignPartner},
 		{GET, "ad/revenuehits" /**/, wc.serveTemplate("revenuehits", false)},
 		// Misc
 		{GET, "misc/sharex/pixeldrain.com.sxcu", wc.serveShareXConfig},
@@ -202,25 +201,38 @@ func New(
 	return wc
 }
-func (wc *WebController) serveTemplate(tpl string, requireAuth bool) httprouter.Handle {
+type handlerOpts struct {
 	Auth    bool
 	NoEmbed bool
 }
 func (wc *WebController) serveTemplate(tpl string, opts handlerOpts) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
-		var tpld = wc.newTemplateData(w, r)
+		if opts.NoEmbed {
-		if requireAuth && !tpld.Authenticated {
+			w.Header().Set("X-Frame-Options", "DENY")
 		}
 		var td = wc.newTemplateData(w, r)
 		if opts.Auth && !td.Authenticated {
 			http.Redirect(w, r, "/login", http.StatusSeeOther)
 			return
 		}
-		err := wc.templates.Get().ExecuteTemplate(w, tpl, tpld)
+		err := wc.templates.Get().ExecuteTemplate(w, tpl, td)
 		if err != nil && !strings.Contains(err.Error(), "broken pipe") {
 			log.Error("Error executing template '%s': %s", tpl, err)
 		}
 	}
 }
-func (wc *WebController) serveMarkdown(tpl string, requireAuth bool) httprouter.Handle {
+func (wc *WebController) serveMarkdown(tpl string, opts handlerOpts) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
 		var err error
 		if opts.NoEmbed {
 			w.Header().Set("X-Frame-Options", "DENY")
 		}
 		var tpld = wc.newTemplateData(w, r)
-		if requireAuth && !tpld.Authenticated {
+		if opts.Auth && !tpld.Authenticated {
 			http.Redirect(w, r, "/login", http.StatusSeeOther)
 			return
 		}
@@ -286,15 +298,19 @@ func (wc *WebController) serveFile(path string) httprouter.Handle {
 func (wc *WebController) serveForm(
 	handler func(*TemplateData, *http.Request) Form,
-	requireAuth bool,
+	opts handlerOpts,
 ) httprouter.Handle {
 	return func(
 		w http.ResponseWriter,
 		r *http.Request,
 		p httprouter.Params,
 	) {
 		if opts.NoEmbed {
 			w.Header().Set("X-Frame-Options", "DENY")
 		}
 		var td = wc.newTemplateData(w, r)
-		if requireAuth && !td.Authenticated {
+		if opts.Auth && !td.Authenticated {
 			http.Redirect(w, r, "/login", http.StatusSeeOther)
 			return
 		}