merge v0.23.0-rc changes

2024-09-29 19:23:19 +03:00
parent ad92992324
commit 844f18cac3
753 changed files with 85141 additions and 63396 deletions
--- a/apis/base.go
+++ b/apis/base.go
@@ -1,266 +1,202 @@
-// Package apis implements the default PocketBase api services and middlewares.
 package apis

 import (
-	"database/sql"
 	"errors"
 	"fmt"
 	"io/fs"
-	"log/slog"
 	"net/http"
-	"net/url"
 	"path/filepath"
 	"strings"
-	"time"

-	"github.com/labstack/echo/v5"
-	"github.com/labstack/echo/v5/middleware"
 	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/rest"
-	"github.com/pocketbase/pocketbase/ui"
-	"github.com/spf13/cast"
+	"github.com/pocketbase/pocketbase/tools/filesystem"
+	"github.com/pocketbase/pocketbase/tools/hook"
+	"github.com/pocketbase/pocketbase/tools/router"
 )

-const trailedAdminPath = "/_/"
+// StaticWildcardParam is the name of Static handler wildcard parameter.
+const StaticWildcardParam = "path"

-// InitApi creates a configured echo instance with registered
-// system and app specific routes and middlewares.
-func InitApi(app core.App) (*echo.Echo, error) {
-	e := echo.New()
-	e.Debug = false
-	e.Binder = &rest.MultiBinder{}
-	e.JSONSerializer = &rest.Serializer{
-		FieldsParam: fieldsQueryParam,
-	}
+// NewRouter returns a new router instance loaded with the default app middlewares and api routes.
+func NewRouter(app core.App) (*router.Router[*core.RequestEvent], error) {
+	pbRouter := router.NewRouter(func(w http.ResponseWriter, r *http.Request) (*core.RequestEvent, router.EventCleanupFunc) {
+		event := new(core.RequestEvent)
+		event.Response = w
+		event.Request = r
+		event.App = app

-	// configure a custom router
-	e.ResetRouterCreator(func(ec *echo.Echo) echo.Router {
-		return echo.NewRouter(echo.RouterConfig{
-			UnescapePathParamValues: true,
-			AllowOverwritingRoute:   true,
-		})
+		return event, nil
 	})

-	// default middlewares
-	e.Pre(middleware.RemoveTrailingSlashWithConfig(middleware.RemoveTrailingSlashConfig{
-		Skipper: func(c echo.Context) bool {
-			// enable by default only for the API routes
-			return !strings.HasPrefix(c.Request().URL.Path, "/api/")
-		},
-	}))
-	e.Pre(LoadAuthContext(app))
-	e.Use(middleware.Recover())
-	e.Use(middleware.Secure())
-	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
-		return func(c echo.Context) error {
-			c.Set(ContextExecStartKey, time.Now())
+	// register default middlewares
+	pbRouter.Bind(activityLogger())
+	pbRouter.Bind(loadAuthToken())
+	pbRouter.Bind(securityHeaders())
+	pbRouter.Bind(rateLimit())
+	pbRouter.Bind(BodyLimit(DefaultMaxBodySize))

-			return next(c)
-		}
-	})
+	apiGroup := pbRouter.Group("/api")
+	bindSettingsApi(app, apiGroup)
+	bindCollectionApi(app, apiGroup)
+	bindRecordCrudApi(app, apiGroup)
+	bindRecordAuthApi(app, apiGroup)
+	bindLogsApi(app, apiGroup)
+	bindBackupApi(app, apiGroup)
+	bindFileApi(app, apiGroup)
+	bindBatchApi(app, apiGroup)
+	bindRealtimeApi(app, apiGroup)
+	bindHealthApi(app, apiGroup)

-	// custom error handler
-	e.HTTPErrorHandler = func(c echo.Context, err error) {
-		if err == nil {
-			return // no error
-		}
-
-		var apiErr *ApiError
-
-		if errors.As(err, &apiErr) {
-			// already an api error...
-		} else if v := new(echo.HTTPError); errors.As(err, &v) {
-			msg := fmt.Sprintf("%v", v.Message)
-			apiErr = NewApiError(v.Code, msg, v)
-		} else {
-			if errors.Is(err, sql.ErrNoRows) {
-				apiErr = NewNotFoundError("", err)
-			} else {
-				apiErr = NewBadRequestError("", err)
-			}
-		}
-
-		logRequest(app, c, apiErr)
-
-		if c.Response().Committed {
-			return // already committed
-		}
-
-		event := new(core.ApiErrorEvent)
-		event.HttpContext = c
-		event.Error = apiErr
-
-		// send error response
-		hookErr := app.OnBeforeApiError().Trigger(event, func(e *core.ApiErrorEvent) error {
-			if e.HttpContext.Response().Committed {
-				return nil
-			}
-
-			// @see https://github.com/labstack/echo/issues/608
-			if e.HttpContext.Request().Method == http.MethodHead {
-				return e.HttpContext.NoContent(apiErr.Code)
-			}
-
-			return e.HttpContext.JSON(apiErr.Code, apiErr)
-		})
-
-		if hookErr == nil {
-			if err := app.OnAfterApiError().Trigger(event); err != nil {
-				app.Logger().Debug("OnAfterApiError failure", slog.String("error", err.Error()))
-			}
-		} else {
-			app.Logger().Debug("OnBeforeApiError error (truly rare case, eg. client already disconnected)", slog.String("error", hookErr.Error()))
-		}
-	}
-
-	// admin ui routes
-	bindStaticAdminUI(app, e)
-
-	// default routes
-	api := e.Group("/api", eagerRequestInfoCache(app))
-	bindSettingsApi(app, api)
-	bindAdminApi(app, api)
-	bindCollectionApi(app, api)
-	bindRecordCrudApi(app, api)
-	bindRecordAuthApi(app, api)
-	bindFileApi(app, api)
-	bindRealtimeApi(app, api)
-	bindLogsApi(app, api)
-	bindHealthApi(app, api)
-	bindBackupApi(app, api)
-
-	// catch all any route
-	api.Any("/*", func(c echo.Context) error {
-		return echo.ErrNotFound
-	}, ActivityLogger(app))
-
-	return e, nil
+	return pbRouter, nil
 }

-// StaticDirectoryHandler is similar to `echo.StaticDirectoryHandler`
-// but without the directory redirect which conflicts with RemoveTrailingSlash middleware.
+// WrapStdHandler wraps Go [http.Handler] into a PocketBase handler func.
+func WrapStdHandler(h http.Handler) hook.HandlerFunc[*core.RequestEvent] {
+	return func(e *core.RequestEvent) error {
+		h.ServeHTTP(e.Response, e.Request)
+		return nil
+	}
+}
+
+// WrapStdMiddleware wraps Go [func(http.Handler) http.Handle] into a PocketBase middleware func.
+func WrapStdMiddleware(m func(http.Handler) http.Handler) hook.HandlerFunc[*core.RequestEvent] {
+	return func(e *core.RequestEvent) (err error) {
+		m(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			e.Response = w
+			e.Request = r
+			err = e.Next()
+		})).ServeHTTP(e.Response, e.Request)
+		return err
+	}
+}
+
+// MustSubFS returns an [fs.FS] corresponding to the subtree rooted at fsys's dir.
+//
+// This is similar to [fs.Sub] but panics on failure.
+func MustSubFS(fsys fs.FS, dir string) fs.FS {
+	dir = filepath.ToSlash(filepath.Clean(dir)) // ToSlash in case of Windows path
+
+	sub, err := fs.Sub(fsys, dir)
+	if err != nil {
+		panic(fmt.Errorf("failed to create sub FS: %w", err))
+	}
+
+	return sub
+}
+
+// Static is a handler function to serve static directory content from fsys.
 //
 // If a file resource is missing and indexFallback is set, the request
-// will be forwarded to the base index.html (useful also for SPA).
+// will be forwarded to the base index.html (useful for SPA with pretty urls).
 //
-// @see https://github.com/labstack/echo/issues/2211
-func StaticDirectoryHandler(fileSystem fs.FS, indexFallback bool) echo.HandlerFunc {
-	return func(c echo.Context) error {
-		p := c.PathParam("*")
+// NB! Expects the route to have a "{path...}" wildcard parameter.
+//
+// Special redirects:
+//   - if "path" is a file that ends in index.html, it is redirected to its non-index.html version (eg. /test/index.html -> /test/)
+//   - if "path" is a directory that has index.html, the index.html file is rendered,
+//     otherwise if missing - returns 404 or fallback to the root index.html if indexFallback is set
+//
+// Example:
+//
+//	fsys := os.DirFS("./pb_public")
+//	router.GET("/files/{path...}", apis.Static(fsys, false))
+func Static(fsys fs.FS, indexFallback bool) hook.HandlerFunc[*core.RequestEvent] {
+	if fsys == nil {
+		panic("Static: the provided fs.FS argument is nil")
+	}

-		// escape url path
-		tmpPath, err := url.PathUnescape(p)
-		if err != nil {
-			return fmt.Errorf("failed to unescape path variable: %w", err)
+	return func(e *core.RequestEvent) error {
+		// disable the activity logger to avoid flooding with messages
+		//
+		// note: errors are still logged
+		if e.Get(requestEventKeySkipSuccessActivityLog) == nil {
+			e.Set(requestEventKeySkipSuccessActivityLog, true)
 		}
-		p = tmpPath

-		// fs.FS.Open() already assumes that file names are relative to FS root path and considers name with prefix `/` as invalid
-		name := filepath.ToSlash(filepath.Clean(strings.TrimPrefix(p, "/")))
+		filename := e.Request.PathValue(StaticWildcardParam)
+		filename = filepath.ToSlash(filepath.Clean(strings.TrimPrefix(filename, "/")))

-		fileErr := c.FileFS(name, fileSystem)
+		// eagerly check for directory traversal
+		//
+		// note: this is just out of an abundance of caution because the fs.FS implementation could be non-std,
+		// but usually shouldn't be necessary since os.DirFS.Open is expected to fail if the filename starts with dots
+		if len(filename) > 2 && filename[0] == '.' && filename[1] == '.' && (filename[2] == '/' || filename[2] == '\\') {
+			if indexFallback && filename != router.IndexPage {
+				return e.FileFS(fsys, router.IndexPage)
+			}
+			return router.ErrFileNotFound
+		}

-		if fileErr != nil && indexFallback && errors.Is(fileErr, echo.ErrNotFound) {
-			return c.FileFS("index.html", fileSystem)
+		fi, err := fs.Stat(fsys, filename)
+		if err != nil {
+			if indexFallback && filename != router.IndexPage {
+				return e.FileFS(fsys, router.IndexPage)
+			}
+			return router.ErrFileNotFound
+		}
+
+		if fi.IsDir() {
+			// redirect to a canonical dir url, aka. with trailing slash
+			if !strings.HasSuffix(e.Request.URL.Path, "/") {
+				return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(e.Request.URL.Path+"/"))
+			}
+		} else {
+			urlPath := e.Request.URL.Path
+			if strings.HasSuffix(urlPath, "/") {
+				// redirect to a non-trailing slash file route
+				urlPath = strings.TrimRight(urlPath, "/")
+				if len(urlPath) > 0 {
+					return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(urlPath))
+				}
+			} else if stripped, ok := strings.CutSuffix(urlPath, router.IndexPage); ok {
+				// redirect without the index.html
+				return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(stripped))
+			}
+		}
+
+		fileErr := e.FileFS(fsys, filename)
+
+		if fileErr != nil && indexFallback && filename != router.IndexPage && errors.Is(fileErr, router.ErrFileNotFound) {
+			return e.FileFS(fsys, router.IndexPage)
 		}

 		return fileErr
 	}
 }

-// bindStaticAdminUI registers the endpoints that serves the static admin UI.
-func bindStaticAdminUI(app core.App, e *echo.Echo) error {
-	// redirect to trailing slash to ensure that relative urls will still work properly
-	e.GET(
-		strings.TrimRight(trailedAdminPath, "/"),
-		func(c echo.Context) error {
-			return c.Redirect(http.StatusTemporaryRedirect, strings.TrimLeft(trailedAdminPath, "/"))
-		},
-	)
-
-	// serves static files from the /ui/dist directory
-	// (similar to echo.StaticFS but with gzip middleware enabled)
-	e.GET(
-		trailedAdminPath+"*",
-		echo.StaticDirectoryHandler(ui.DistDirFS, false),
-		installerRedirect(app),
-		uiCacheControl(),
-		middleware.Gzip(),
-	)
-
-	return nil
+// safeRedirectPath normalizes the path string by replacing all beginning slashes
+// (`\\`, `//`, `\/`) with a single forward slash to prevent open redirect attacks
+func safeRedirectPath(path string) string {
+	if len(path) > 1 && (path[0] == '\\' || path[0] == '/') && (path[1] == '\\' || path[1] == '/') {
+		path = "/" + strings.TrimLeft(path, `/\`)
+	}
+	return path
 }

-func uiCacheControl() echo.MiddlewareFunc {
-	return func(next echo.HandlerFunc) echo.HandlerFunc {
-		return func(c echo.Context) error {
-			// add default Cache-Control header for all Admin UI resources
-			// (ignoring the root admin path)
-			if c.Request().URL.Path != trailedAdminPath {
-				c.Response().Header().Set("Cache-Control", "max-age=1209600, stale-while-revalidate=86400")
-			}
-
-			return next(c)
+// FindUploadedFiles extracts all form files of "key" from a http request
+// and returns a slice with filesystem.File instances (if any).
+func FindUploadedFiles(r *http.Request, key string) ([]*filesystem.File, error) {
+	if r.MultipartForm == nil {
+		err := r.ParseMultipartForm(router.DefaultMaxMemory)
+		if err != nil {
+			return nil, err
 		}
 	}
-}

-const hasAdminsCacheKey = "@hasAdmins"
-
-func updateHasAdminsCache(app core.App) error {
-	total, err := app.Dao().TotalAdmins()
-	if err != nil {
-		return err
+	if r.MultipartForm == nil || r.MultipartForm.File == nil || len(r.MultipartForm.File[key]) == 0 {
+		return nil, http.ErrMissingFile
 	}

-	app.Store().Set(hasAdminsCacheKey, total > 0)
+	result := make([]*filesystem.File, 0, len(r.MultipartForm.File[key]))

-	return nil
-}
-
-// installerRedirect redirects the user to the installer admin UI page
-// when the application needs some preliminary configurations to be done.
-func installerRedirect(app core.App) echo.MiddlewareFunc {
-	// keep hasAdminsCacheKey value up-to-date
-	app.OnAdminAfterCreateRequest().Add(func(data *core.AdminCreateEvent) error {
-		return updateHasAdminsCache(app)
-	})
-
-	app.OnAdminAfterDeleteRequest().Add(func(data *core.AdminDeleteEvent) error {
-		return updateHasAdminsCache(app)
-	})
-
-	return func(next echo.HandlerFunc) echo.HandlerFunc {
-		return func(c echo.Context) error {
-			// skip redirect checks for non-root level index.html requests
-			path := c.Request().URL.Path
-			if path != trailedAdminPath && path != trailedAdminPath+"index.html" {
-				return next(c)
-			}
-
-			hasAdmins := cast.ToBool(app.Store().Get(hasAdminsCacheKey))
-
-			if !hasAdmins {
-				// update the cache to make sure that the admin wasn't created by another process
-				if err := updateHasAdminsCache(app); err != nil {
-					return err
-				}
-				hasAdmins = cast.ToBool(app.Store().Get(hasAdminsCacheKey))
-			}
-
-			_, hasInstallerParam := c.Request().URL.Query()["installer"]
-
-			if !hasAdmins && !hasInstallerParam {
-				// redirect to the installer page
-				return c.Redirect(http.StatusTemporaryRedirect, "?installer#")
-			}
-
-			if hasAdmins && hasInstallerParam {
-				// clear the installer param
-				return c.Redirect(http.StatusTemporaryRedirect, "?")
-			}
-
-			return next(c)
+	for _, fh := range r.MultipartForm.File[key] {
+		file, err := filesystem.NewFileFromMultipart(fh)
+		if err != nil {
+			return nil, err
 		}
+
+		result = append(result, file)
 	}
+
+	return result, nil
 }