188 lines
5.1 KiB
Go
188 lines
5.1 KiB
Go
package parser
|
|
|
|
import (
|
|
"embed"
|
|
"html/template"
|
|
"log"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"time"
|
|
|
|
"gonetkit/security"
|
|
)
|
|
|
|
type Handler struct {
|
|
templates *template.Template
|
|
csrf *security.CSRFManager
|
|
validator *security.InputValidator
|
|
}
|
|
|
|
func NewHandler(embeddedFiles embed.FS) *Handler {
|
|
tmpl := template.Must(template.New("").Funcs(template.FuncMap{
|
|
"splitString": func(s, delimiter string) []string {
|
|
return strings.Split(s, delimiter)
|
|
},
|
|
"contains": func(s, substr string) bool {
|
|
return strings.Contains(s, substr)
|
|
},
|
|
"add": func(a, b int) int {
|
|
return a + b
|
|
},
|
|
"ge": func(a, b int) bool {
|
|
return a >= b
|
|
},
|
|
"gt": func(a, b int) bool {
|
|
return a > b
|
|
},
|
|
"eq": func(a, b interface{}) bool {
|
|
return a == b
|
|
},
|
|
"index": func(slice []string, i int) string {
|
|
if i >= 0 && i < len(slice) {
|
|
return slice[i]
|
|
}
|
|
return ""
|
|
},
|
|
"len": func(v interface{}) int {
|
|
switch s := v.(type) {
|
|
case []string:
|
|
return len(s)
|
|
case map[string]string:
|
|
return len(s)
|
|
case string:
|
|
return len(s)
|
|
default:
|
|
return 0
|
|
}
|
|
},
|
|
"ne": func(a, b interface{}) bool {
|
|
return a != b
|
|
},
|
|
}).ParseFS(embeddedFiles, "web/base.html", "web/headeranalyzer.html"))
|
|
|
|
return &Handler{
|
|
templates: tmpl,
|
|
csrf: security.NewCSRFManager(time.Hour),
|
|
validator: security.NewInputValidator(),
|
|
}
|
|
}
|
|
|
|
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == http.MethodPost {
|
|
// Validate CSRF token
|
|
csrfToken := r.FormValue("csrf_token")
|
|
if !h.csrf.ValidateToken(csrfToken) {
|
|
// If CSRF validation fails, check if this looks like a refresh attempt
|
|
// by seeing if we have headers data
|
|
headers := r.FormValue("headers")
|
|
if headers != "" {
|
|
// This appears to be a refresh attempt with stale CSRF token
|
|
// Generate a new token and re-analyze
|
|
log.Printf("DEBUG: CSRF validation failed, but reanalyzing with fresh token for refresh")
|
|
freshCSRFToken, err := h.csrf.GenerateToken()
|
|
if err != nil {
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Security token generation failed"), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
validatedHeaders, err := h.validator.ValidateEmailHeaders(headers)
|
|
if err != nil {
|
|
log.Printf("DEBUG: Validation failed on refresh: %v", err)
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Invalid input provided"), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
report := Analyze(validatedHeaders)
|
|
data := struct {
|
|
*Report
|
|
CurrentPage string
|
|
CSRFToken string
|
|
OriginalHeaders string
|
|
}{
|
|
Report: report,
|
|
CurrentPage: "home",
|
|
CSRFToken: freshCSRFToken,
|
|
OriginalHeaders: validatedHeaders,
|
|
}
|
|
|
|
h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
|
return
|
|
}
|
|
|
|
// Regular CSRF failure - redirect to home
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Invalid security token. Please try again."), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
// Get and validate headers input
|
|
headers := r.FormValue("headers")
|
|
log.Printf("DEBUG: Received headers input: %d characters", len(headers))
|
|
|
|
validatedHeaders, err := h.validator.ValidateEmailHeaders(headers)
|
|
if err != nil {
|
|
log.Printf("DEBUG: Validation failed: %v", err)
|
|
if security.IsValidationError(err) {
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Invalid input provided"), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
log.Printf("DEBUG: Headers validated successfully")
|
|
report := Analyze(validatedHeaders)
|
|
log.Printf("DEBUG: Analysis completed, From field: '%s'", report.From)
|
|
|
|
// Generate a fresh CSRF token for the result page
|
|
freshCSRFToken, err := h.csrf.GenerateToken()
|
|
if err != nil {
|
|
log.Printf("ERROR: Failed to generate fresh CSRF token: %v", err)
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Security token generation failed"), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
// Create a wrapper struct to include current page info and fresh CSRF token
|
|
data := struct {
|
|
*Report
|
|
CurrentPage string
|
|
CSRFToken string
|
|
OriginalHeaders string
|
|
}{
|
|
Report: report,
|
|
CurrentPage: "home",
|
|
CSRFToken: freshCSRFToken,
|
|
OriginalHeaders: validatedHeaders,
|
|
}
|
|
|
|
log.Printf("DEBUG: About to render template with data")
|
|
err = h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
|
if err != nil {
|
|
log.Printf("ERROR: Template execution failed: %v", err)
|
|
http.Error(w, "Template rendering failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
log.Printf("DEBUG: Template rendered successfully")
|
|
return
|
|
}
|
|
|
|
// Generate CSRF token for GET requests
|
|
csrfToken, err := h.csrf.GenerateToken()
|
|
if err != nil {
|
|
http.Redirect(w, r, "/?error="+url.QueryEscape("Security token generation failed"), http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
// For GET requests, create an empty report so template conditions work
|
|
data := struct {
|
|
*Report
|
|
CurrentPage string
|
|
CSRFToken string
|
|
}{
|
|
Report: &Report{}, // Empty report so .From will be empty string
|
|
CurrentPage: "home",
|
|
CSRFToken: csrfToken,
|
|
}
|
|
h.templates.ExecuteTemplate(w, "headeranalyzer.html", data)
|
|
}
|