diff --git a/configuration.rkt b/configuration.rkt new file mode 100644 index 0000000..ba4cc60 --- /dev/null +++ b/configuration.rkt @@ -0,0 +1,12 @@ +#lang racket/base + +(provide + configuration:notepad:path + configuration:notepad:dev? + ) + +; Notepad configuration +; Path +(define configuration:notepad:path "./notepad") +; Development mode for notepad +(define configuration:notepad:dev? #f) diff --git a/main.rkt b/main.rkt index a1922c3..e3dc1d0 100644 --- a/main.rkt +++ b/main.rkt @@ -18,7 +18,8 @@ "src/pages/flag.rkt" "src/pages/road-map.rkt" "src/pages/island.rkt" - "src/pages/notepad.rkt") + "src/pages/notepad.rkt" + "configuration.rkt") ; Website (define *website* (website @@ -83,6 +84,7 @@ ("edit" weblet pages:notepad:page-edit) ("edit/{page}" matching-weblet pages:notepad:page-edit) ("delete/{page}" matching-weblet pages:notepad:page-delete) + ("preview" weblet pages:notepad:preview) ) ("media" symlink "/media/list" ("list" weblet pages:notepad:media-list) @@ -152,8 +154,8 @@ (make-webcontainer #:static (make-immutable-hash - '(("" . "./static") - ("/media/get" . "./notepad/media"))))) + `(("" . "./static") + ("/media/get" . ,(string-append configuration:notepad:path "/media")))))) (webcontainer-add-website! *webcontainer* *website*) (webcontainer-set-404-weblet! *webcontainer* pages:not-found) (display "Starting server...")(newline) diff --git a/src/pages/notepad.rkt b/src/pages/notepad.rkt index 377f3f7..4e42f46 100644 --- a/src/pages/notepad.rkt +++ b/src/pages/notepad.rkt @@ -8,6 +8,7 @@ "../notepad/notepad.rkt" "../notepad/user.rkt" "../notepad/notes.rkt" + "../../configuration.rkt" web-server/http/redirect web-server/http/request-structs net/cookies/server @@ -32,12 +33,13 @@ pages:notepad:user-edit ) -; Notepad directory -(define notepad-dir "notepad") -; Dev mode -(define dev? #t) ; Notepad -(define notepad (make-notepad notepad-dir)) +(define notepad (make-notepad configuration:notepad:path)) + +; Secured : either protocol is https or dev mode is active +(define (check-secured? param) + (or configuration:notepad:dev? + (eq? 'https (weblet-parameter-protocol param)))) ; Cookie management ; Cookie key @@ -45,13 +47,9 @@ ; User from weblet parameter (define (get-user param) (define cookie (weblet-parameter-cookie-ref param *cookie-key*)) - (and cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie)))) - - -; Secured : either protocol is https or dev mode is active -(define (check-secured? param) - (or dev? - (eq? 'https (weblet-parameter-protocol param)))) + ; Precondition: check-secured? must be #t + (and (check-secured? param) + cookie (get-user-by-usercookie-value (string->bytes/utf-8 cookie)))) ; Error pages ; Type to code + title + message @@ -103,9 +101,7 @@ #:content (lambda (param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) - (define can-edit? (and connected-usr secured?)) - (define notes (if can-edit? (get-all-notes) (get-public-notes))) + (define notes (if connected-usr (get-all-notes) (get-public-notes))) `(article ,@(if (null? notes) '("Pas de notes.") @@ -115,7 +111,7 @@ ,(if (note-public? n) "" "🔒︎ ") ,(note-title n)))) notes)) - ,@(if can-edit? + ,@(if connected-usr '((hr) (a ((href "/notes/edit")) "Ajouter une note")) '("")) @@ -127,12 +123,10 @@ ; If the page does not exists and user is logged in, redirect to the /notes/edit/xxx page. (define (pages:notepad:page-show param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) - (define can-edit? (and connected-usr secured?)) (define page (weblet-parameter-ref param 'page #f)) (define note (get-note-by-name page)) (cond - ( (and note (or (note-public? note) can-edit?)) + ( (and note (or (note-public? note) connected-usr)) ( (pages:template #:title (note-title note) #:author (note-author note) @@ -140,7 +134,7 @@ #:content `(article ,@(format-note note) - ,@(if can-edit? + ,@(if connected-usr `((hr) (a ((href ,(note-link 'edit page))) "Éditer") " — " (a ((href ,(note-link 'delete page))) "Supprimer")) @@ -150,7 +144,7 @@ ( note ; Note exists, but is private and user cannot edit it => not authorized (pages:notepad:error param 'unauthorized)) - ( can-edit? + ( connected-usr ; Page does not exists, but user can edit => redirect to page creation (redirect-to (note-link 'edit page) @@ -164,13 +158,12 @@ ; Post => Save page (define (pages:notepad:page-edit param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (define page (weblet-parameter-ref param 'page #f)) (define note (get-note-by-name page)) (define err? (equal? "t" (weblet-parameter-ref param 'error #f))) (cond - ( (and connected-usr secured? (eq? method 'get)) + ( (and connected-usr (eq? method 'get)) ; User connected, get method : read the page (define title (or (and note (note-title note)) "")) (define content (or (and note (note-content note)) "")) @@ -236,7 +229,7 @@ ) )) param)) - ( (and page connected-usr secured? (eq? method 'post)) + ( (and page connected-usr (eq? method 'post)) (define continue? (equal? "t" (weblet-parameter-ref param 'continue #f))) (define page-name (weblet-parameter-ref param 'pagename #f)) (define new-note-title (weblet-parameter-ref param 'pagetitle #f)) @@ -276,12 +269,11 @@ ; Post => remove (define (pages:notepad:page-delete param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (define page (weblet-parameter-ref param 'page #f)) (define note (get-note-by-name page)) (cond - ( (and note connected-usr secured? (eq? method 'get)) + ( (and note connected-usr (eq? method 'get)) ; Method get => ask for confirmation ( (pages:template #:title (string-append "Suppression de la page " page) @@ -298,7 +290,7 @@ (formmethod "get")(value "Non, garder la page"))) ))) param)) - ( (and note connected-usr secured? (eq? method 'post)) + ( (and note connected-usr (eq? method 'post)) ; Method post => remove (remove-note note) ; Redirect @@ -321,10 +313,8 @@ #:body (lambda (param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) - (define can-edit? (and connected-usr secured?)) (define content (weblet-parameter-ref param 'pagecontent #f)) - (if (and can-edit? content) + (if (and connected-usr content) `(article ,@(format-note-content content)) "")))) @@ -353,8 +343,6 @@ #:content (lambda (param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) - (define can-edit? (and connected-usr secured?)) (define files (notepad-list-media notepad)) `(article ,@(if (null? files) @@ -363,7 +351,7 @@ (lambda (x) `(div (a ((href ,(media-link 'show x))) ,x))) files)) - ,@(if can-edit? + ,@(if connected-usr '((hr) (a ((href "/media/new")) "Ajouter un fichier")) '("")) @@ -374,8 +362,6 @@ ; Show a given media of the notepad. (define (pages:notepad:media-show param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) - (define can-edit? (and connected-usr secured?)) (define media (weblet-parameter-ref param 'media #f)) (define direct-link (media-link 'get media)) (cond @@ -391,7 +377,7 @@ ( else '())) (a ((href ,direct-link)) "Lien vers le fichier") - ,@(if can-edit? + ,@(if connected-usr `((hr) (a ((href ,(media-link 'edit media))) "Éditer") " — " (a ((href ,(media-link 'delete media))) "Supprimer")) @@ -411,11 +397,10 @@ ; Post => Process the upload, and show the media (define (pages:notepad:media-new param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (define failed? (equal? "t" (weblet-parameter-ref param 'error #f))) (cond - ( (and connected-usr secured? (eq? method 'get)) + ( (and connected-usr (eq? method 'get)) ; User connected, get method : new media form ( (pages:template #:title "Ajouter un fichier" @@ -435,7 +420,7 @@ (value "Ajouter le fichier"))) ))) param)) - ( (and connected-usr secured? (eq? method 'post)) + ( (and connected-usr (eq? method 'post)) (define filename (weblet-parameter-ref param 'filename #f)) (define in (and filename (weblet-parameter-file-port-ref param 'filename))) ; Save file @@ -461,13 +446,12 @@ ; Post => Process the upload, and show the media (define (pages:notepad:media-edit param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (define media (weblet-parameter-ref param 'media #f)) (define has-media? (notepad-has-media? notepad media)) (define failed? (equal? "t" (weblet-parameter-ref param 'error #f))) (cond - ( (and has-media? connected-usr secured? (eq? method 'get)) + ( (and has-media? connected-usr (eq? method 'get)) ; User connected, get method : edit media form ( (pages:template #:title "Éditer un fichier" @@ -486,7 +470,7 @@ (value "Renommer le fichier"))) ))) param)) - ( (and has-media? connected-usr secured? (eq? method 'post)) + ( (and has-media? connected-usr (eq? method 'post)) (define filename (weblet-parameter-ref param 'filename #f)) (cond ( (and filename (not (equal? filename "")) (not (equal? filename media))) @@ -514,12 +498,11 @@ ; Post => remove (define (pages:notepad:media-delete param) (define connected-usr (get-user param)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (define media (weblet-parameter-ref param 'media #f)) (define has-media? (notepad-has-media? notepad media)) (cond - ( (and has-media? connected-usr secured? (eq? method 'get)) + ( (and has-media? connected-usr (eq? method 'get)) ; Method get => ask for confirmation ( (pages:template #:title (string-append "Suppression du fichier " media) @@ -536,7 +519,7 @@ (formmethod "get")(value "Non, garder le fichier"))) ))) param)) - ( (and has-media? connected-usr secured? (eq? method 'post)) + ( (and has-media? connected-usr (eq? method 'post)) ; Method post => remove (notepad-delete-media notepad media) (redirect-to @@ -587,7 +570,6 @@ (define usr (get-user-by-name (weblet-parameter-ref param 'name #f))) (define connected-usr (get-user param)) (define edition-possible? (same-user? usr connected-usr)) - (define secured? (check-secured? param)) (cond (usr (make-immutable-hash @@ -610,10 +592,10 @@ )) (hr) ,(cond - ( (and secured? (not connected-usr)) + ( (and (check-secured? param) (not connected-usr)) `(p (a ((href ,(user-link 'login (user-name usr)))) "Se connecter en tant que " ,(user-pseudo usr)))) - ( (and secured? edition-possible?) + ( edition-possible? `(p (a ((href ,(string-append "/user/logout"))) "Se déconnecter"))) ( #t @@ -698,7 +680,7 @@ #:expires (seconds->date (usercookie-expires usercookie)) #:domain (weblet-parameter-host param) #:path "/" - #:secure? (not dev?) + #:secure? (not configuration:notepad:dev?) #:http-only? #t)))) )) ( usr @@ -716,11 +698,9 @@ (define usr (get-user-by-name (weblet-parameter-ref param 'name #f))) (define connected-usr (get-user param)) (define edition-possible? (same-user? usr connected-usr)) - (define secured? (check-secured? param)) (define method (weblet-parameter-method param)) (cond ( (and edition-possible? - secured? (eq? method 'post)) (define pseudo (weblet-parameter-ref param 'pseudo (user-pseudo usr))) (define about (weblet-parameter-ref param 'about (user-about usr)))