Added wip permission policy editor

api.go

@@ -71,7 +71,7 @@ func initAPIs() {
 	authRouter.HandleFunc("/api/proxy/header/add", HandleCustomHeaderAdd)
 	authRouter.HandleFunc("/api/proxy/header/remove", HandleCustomHeaderRemove)
 	authRouter.HandleFunc("/api/proxy/header/handleHSTS", HandleHSTSState)
-	//authRouter.HandleFunc("/api/proxy/header/handlePermissionPolicy", HandleCustomHeaderRemove)
+	authRouter.HandleFunc("/api/proxy/header/handlePermissionPolicy", HandlePermissionPolicy)
 	//Reverse proxy auth related APIs
 	authRouter.HandleFunc("/api/proxy/auth/exceptions/list", ListProxyBasicAuthExceptionPaths)
 	authRouter.HandleFunc("/api/proxy/auth/exceptions/add", AddProxyBasicAuthExceptionPaths)

reverseproxy.go

@@ -11,6 +11,7 @@ import (
 
 	"imuslab.com/zoraxy/mod/auth"
 	"imuslab.com/zoraxy/mod/dynamicproxy"
+	"imuslab.com/zoraxy/mod/dynamicproxy/permissionpolicy"
 	"imuslab.com/zoraxy/mod/uptime"
 	"imuslab.com/zoraxy/mod/utils"
 )
@@ -1274,5 +1275,47 @@ func HandleHSTSState(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	utils.SendErrorResponse(w, "invalid method: "+r.Method)
+	http.Error(w, "405 - Method not allowed", http.StatusMethodNotAllowed)
+}
+
+// HandlePermissionPolicy handle read or write to permission policy
+func HandlePermissionPolicy(w http.ResponseWriter, r *http.Request) {
+	domain, err := utils.PostPara(r, "domain")
+	if err != nil {
+		domain, err = utils.GetPara(r, "domain")
+		if err != nil {
+			utils.SendErrorResponse(w, "domain or matching rule not defined")
+			return
+		}
+	}
+
+	targetProxyEndpoint, err := dynamicProxyRouter.LoadProxy(domain)
+	if err != nil {
+		utils.SendErrorResponse(w, "target endpoint not exists")
+		return
+	}
+
+	if r.Method == http.MethodGet {
+		type CurrentPolicyState struct {
+			PPEnabled     bool
+			CurrentPolicy *permissionpolicy.PermissionsPolicy
+		}
+
+		currentPolicy := permissionpolicy.GetDefaultPermissionPolicy()
+		if targetProxyEndpoint.PermissionPolicy != nil {
+			currentPolicy = targetProxyEndpoint.PermissionPolicy
+		}
+		result := CurrentPolicyState{
+			PPEnabled:     targetProxyEndpoint.EnablePermissionPolicyHeader,
+			CurrentPolicy: currentPolicy,
+		}
+
+		js, _ := json.Marshal(result)
+		utils.SendJSONResponse(w, string(js))
+		return
+	} else if r.Method == http.MethodPost {
+
+	}
+
+	http.Error(w, "405 - Method not allowed", http.StatusMethodNotAllowed)
 }

web/snippet/customHeaders.html

@@ -10,6 +10,12 @@
                 padding: 0.6em !important;
                 margin: 0.15em !important;
             }
+
+            #permissionPolicyEditor.disabled{
+                opacity: 0.4;
+                pointer-events: none;
+                user-select: none;
+            }
         </style>
     </head>
     <body>
@@ -85,14 +91,29 @@
                 <h4>Permission Policy</h4>
                 <p>Explicitly declare what functionality can and cannot be used on this website. </p>
                 <div class="ui toggle checkbox" style="margin-top: 0.6em;">
-                    <input type="checkbox" name="enableHSTS">
+                    <input type="checkbox" id="enablePP" name="enablePP">
                     <label>Enable Permission Policy<br>
                     <small>Enable Permission-Policy header with all allowed state.</small></label>
                 </div>
-                <div id="permissionPolicyEditTable">
-
+                <div style="margin-top: 1em;" id="permissionPolicyEditor">
+                    <table class="ui celled unstackable very compact table">
+                        <thead>
+                          <tr><th>Feature</th>
+                            <th>Enabled</th>
+                            <th>Allow All (*)</th>
+                            <th>Self Only (self)</th>
+                        </tr></thead>
+                        <tbody id="permissionPolicyEditTable">
+                          <tr>
+                            <td>James</td>
+                            <td>24</td>
+                            <td>Engineer</td>
+                            <td>Engineer</td>
+                          </tr>
+                        </tbody>
+                      </table>
                 </div>
-                <br><br>
+                <br>
                 <button class="ui basic button"><i class="green save icon"></i> Save</button>
             </div>
            
@@ -276,39 +297,99 @@
             }
             listCustomHeaders();
 
-            /* Bind events to toggles */
-            $.get("/api/proxy/header/handleHSTS?domain=" + editingEndpoint.ep, function(data){
-                if (data == 0){
-                    //HSTS disabled
-                    $("#enableHSTS").parent().checkbox("set unchecked");
-                }else{
-                    //HSTS enabled
-                    $("#enableHSTS").parent().checkbox("set checked");
-                }
+            //Start HSTS state
+            function initHSTSState(){
+                $.get("/api/proxy/header/handleHSTS?domain=" + editingEndpoint.ep, function(data){
+                    if (data == 0){
+                        //HSTS disabled
+                        $("#enableHSTS").parent().checkbox("set unchecked");
+                    }else{
+                        //HSTS enabled
+                        $("#enableHSTS").parent().checkbox("set checked");
+                    }
 
-                $("#enableHSTS").on("change", function(){
-                    let HSTSEnabled = $("#enableHSTS")[0].checked;
-                    $.ajax({
-                        url: "/api/proxy/header/handleHSTS",
-                        method: "POST",
-                        data: {
-                            "domain": editingEndpoint.ep,
-                            "maxage": 31536000
-                        },
-                        success: function(data){
-                            if (data.error != undefined){
-                                parent.msgbox(data.error, false);
-                            }else{
-                                parent.msgbox(`HSTS ${HSTSEnabled?"Enabled":"Disabled"}`);
+                    /* Bind events to toggles */
+                    $("#enableHSTS").on("change", function(){
+                        let HSTSEnabled = $("#enableHSTS")[0].checked;
+                        $.ajax({
+                            url: "/api/proxy/header/handleHSTS",
+                            method: "POST",
+                            data: {
+                                "domain": editingEndpoint.ep,
+                                "maxage": 31536000
+                            },
+                            success: function(data){
+                                if (data.error != undefined){
+                                    parent.msgbox(data.error, false);
+                                }else{
+                                    parent.msgbox(`HSTS ${HSTSEnabled?"Enabled":"Disabled"}`);
+                                }
                             }
-                        }
-                    })
+                        })
+                    });
                 });
-            });
-           
+            }
+            initHSTSState();
 
             /* List permission policy header from server */
-            
+            function initPermissionPolicy(){
+                $.get("/api/proxy/header/handlePermissionPolicy?domain=" + editingEndpoint.ep, function(data){
+                    if (data.error != undefined){
+                        console.log(data.error);
+                        $("#enablePP").parent().addClass('disabled');
+                        return;
+                    }
+
+                    //Set checkbox state
+                    if (data.PPEnabled){
+                        $("#enablePP").parent().checkbox("set checked");
+                        $("#permissionPolicyEditor").removeClass("disabled");
+                    }else{
+                        $("#enablePP").parent().checkbox("set unchecked");
+                        $("#permissionPolicyEditor").addClass("disabled");
+                    }
+
+                    //Render the table to list
+                    $("#permissionPolicyEditTable").html("");
+                    for (const [key, value] of Object.entries(data.CurrentPolicy)) {
+                        let allowall = "";
+                        let allowself = "";
+                        let enabled = "checked";
+                        if (value.length == 1 && value[0] == "*"){
+                            allowall = "checked";
+                        }else if (value.length == 1 && value[0] == "self"){
+                            allowself = "checked";
+                        }
+
+                        if (value.length == 0){
+                            enabled = ""
+                        }
+                        $("#permissionPolicyEditTable").append(`<tr>
+                            <td>${key}</td>
+                            <td>
+                                <div class="ui checkbox">
+                                    <input class="enabled" type="checkbox" name="${key}" ${enabled}>
+                                    <label></label>
+                                </div>
+                            </td>
+                            <td>
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="all" name="${key}-target" ${allowall}>
+                                    <label></label>
+                                </div>
+                            </td>
+                            <td>
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="self" name="${key}-target" ${allowself}>
+                                    <label></label>
+                                </div>
+                            </td>
+                        </tr>`);
+                    }
+                    
+                });
+            }
+            initPermissionPolicy();
         </script>
     </body>
 </html>