9c484efd36
* add public func to lookup a ChatClient by its clientId * add facility to send a system message directly to a user * add clientId field to UserEvent * implement simple http endpoint to send a message to a user * let mux handle new directSystemMessageToUser endpoint * add ClientId to UserEvents across the codebase * render body of system-message to client * add clientId to Chat-Message * add tests showing how url-parsing should work * add simple rest endpoint helpers for parameter-parsing and easy routing * use newly added rest-endpoint helper to rout to Client-Messaging controller * use safe "ReadRestUrlParameter" to parse ClientId * remove empty HandleFunc in router * set Header directly to prevent built-in (platform-dependent) canonicalization to kick in * fix typo in "Parameter" message * remove debug-logging of HTTP headers in REST-helpers * convert to uint32 to prevent overruns when converting to wraptype uint later on * resolve linter-ouchies * resolve linter potential nil-deref warning * document the SendSystemMessageToClient endpoint in swaggerdoc * remove clientId assignment causing potential nil dereference in userDisabledEvent-case as the clientId isn't relevant here anyway * make findClientById private, so its not accessible outside of core/chat * remove redundant string type hint * Update PR based on linter requirements Co-authored-by: Raffael Rehberger <raffael@rtrace.io> Co-authored-by: Gabe Kangas <gabek@real-ity.com>
165 lines
4.2 KiB
Go
165 lines
4.2 KiB
Go
package events
|
|
|
|
import (
|
|
"bytes"
|
|
"regexp"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/microcosm-cc/bluemonday"
|
|
"github.com/teris-io/shortid"
|
|
"github.com/yuin/goldmark"
|
|
"github.com/yuin/goldmark/extension"
|
|
"github.com/yuin/goldmark/renderer/html"
|
|
"mvdan.cc/xurls"
|
|
|
|
"github.com/owncast/owncast/core/user"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// EventPayload is a generic key/value map for sending out to chat clients.
|
|
type EventPayload map[string]interface{}
|
|
|
|
// OutboundEvent represents an event that is sent out to all listeners of the chat server.
|
|
type OutboundEvent interface {
|
|
GetBroadcastPayload() EventPayload
|
|
GetMessageType() EventType
|
|
}
|
|
|
|
// Event is any kind of event. A type is required to be specified.
|
|
type Event struct {
|
|
Type EventType `json:"type,omitempty"`
|
|
ID string `json:"id"`
|
|
Timestamp time.Time `json:"timestamp"`
|
|
}
|
|
|
|
// UserEvent is an event with an associated user.
|
|
type UserEvent struct {
|
|
User *user.User `json:"user"`
|
|
ClientID uint `json:"clientId"`
|
|
HiddenAt *time.Time `json:"hiddenAt,omitempty"`
|
|
}
|
|
|
|
// MessageEvent is an event that has a message body.
|
|
type MessageEvent struct {
|
|
OutboundEvent `json:"-"`
|
|
Body string `json:"body"`
|
|
RawBody string `json:"-"`
|
|
}
|
|
|
|
// SystemActionEvent is an event that represents an action that took place, not a chat message.
|
|
type SystemActionEvent struct {
|
|
Event
|
|
MessageEvent
|
|
}
|
|
|
|
// SetDefaults will set default properties of all inbound events.
|
|
func (e *Event) SetDefaults() {
|
|
e.ID = shortid.MustGenerate()
|
|
e.Timestamp = time.Now()
|
|
}
|
|
|
|
// SetDefaults will set default properties of all inbound events.
|
|
func (e *UserMessageEvent) SetDefaults() {
|
|
e.ID = shortid.MustGenerate()
|
|
e.Timestamp = time.Now()
|
|
e.RenderAndSanitizeMessageBody()
|
|
}
|
|
|
|
// RenderAndSanitizeMessageBody will turn markdown into HTML, sanitize raw user-supplied HTML and standardize
|
|
// the message into something safe and renderable for clients.
|
|
func (m *MessageEvent) RenderAndSanitizeMessageBody() {
|
|
m.RawBody = m.Body
|
|
|
|
// Set the new, sanitized and rendered message body
|
|
m.Body = RenderAndSanitize(m.RawBody)
|
|
}
|
|
|
|
// Empty will return if this message's contents is empty.
|
|
func (m *MessageEvent) Empty() bool {
|
|
return m.Body == ""
|
|
}
|
|
|
|
// RenderBody will render markdown to html without any sanitization.
|
|
func (m *MessageEvent) RenderBody() {
|
|
m.RawBody = m.Body
|
|
m.Body = RenderMarkdown(m.RawBody)
|
|
}
|
|
|
|
// RenderAndSanitize will turn markdown into HTML, sanitize raw user-supplied HTML and standardize
|
|
// the message into something safe and renderable for clients.
|
|
func RenderAndSanitize(raw string) string {
|
|
rendered := RenderMarkdown(raw)
|
|
safe := sanitize(rendered)
|
|
|
|
// Set the new, sanitized and rendered message body
|
|
return strings.TrimSpace(safe)
|
|
}
|
|
|
|
// RenderMarkdown will return HTML rendered from the string body of a chat message.
|
|
func RenderMarkdown(raw string) string {
|
|
markdown := goldmark.New(
|
|
goldmark.WithRendererOptions(
|
|
html.WithUnsafe(),
|
|
),
|
|
goldmark.WithExtensions(
|
|
extension.NewLinkify(
|
|
extension.WithLinkifyAllowedProtocols([][]byte{
|
|
[]byte("http:"),
|
|
[]byte("https:"),
|
|
}),
|
|
extension.WithLinkifyURLRegexp(
|
|
xurls.Strict,
|
|
),
|
|
),
|
|
),
|
|
)
|
|
|
|
trimmed := strings.TrimSpace(raw)
|
|
var buf bytes.Buffer
|
|
if err := markdown.Convert([]byte(trimmed), &buf); err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
|
|
return buf.String()
|
|
}
|
|
|
|
func sanitize(raw string) string {
|
|
p := bluemonday.StrictPolicy()
|
|
|
|
// Require URLs to be parseable by net/url.Parse
|
|
p.AllowStandardURLs()
|
|
p.RequireParseableURLs(true)
|
|
|
|
// Allow links
|
|
p.AllowAttrs("href").OnElements("a")
|
|
|
|
// Force all URLs to have "noreferrer" in their rel attribute.
|
|
p.RequireNoReferrerOnLinks(true)
|
|
|
|
// Links will get target="_blank" added to them.
|
|
p.AddTargetBlankToFullyQualifiedLinks(true)
|
|
|
|
// Allow breaks
|
|
p.AllowElements("br")
|
|
|
|
p.AllowElementsContent("p")
|
|
|
|
// Allow img tags from the the local emoji directory only
|
|
p.AllowAttrs("src").Matching(regexp.MustCompile(`(?i)^/img/emoji`)).OnElements("img")
|
|
p.AllowAttrs("alt", "title").Matching(regexp.MustCompile(`:\S+:`)).OnElements("img")
|
|
p.AllowAttrs("class").OnElements("img")
|
|
|
|
// Allow bold
|
|
p.AllowElements("strong")
|
|
|
|
// Allow emphasis
|
|
p.AllowElements("em")
|
|
|
|
// Allow code blocks
|
|
p.AllowElements("code")
|
|
p.AllowElements("pre")
|
|
|
|
return p.Sanitize(raw)
|
|
}
|