add support for running in read-only mode

Right now, running in read-only mode displays a banner stating that
links can be resolved but not created or updated, as well as actively
blocking requests to modify links.

Update #118

Signed-off-by: Will Norris <[email protected]>

Author: willnorris

golink.go

@@ -65,6 +65,7 @@ var (
 	configDir         = flag.String("config-dir", "", `tsnet configuration directory ("" to use default)`)
 	resolveFromBackup = flag.String("resolve-from-backup", "", "resolve a link from snapshot file and exit")
 	allowUnknownUsers = flag.Bool("allow-unknown-users", false, "allow unknown users to save links")
+	readonly          = flag.Bool("readonly", false, "start golink server in read-only mode")
 )
 
 var stats struct {
@@ -271,10 +272,11 @@ type visitData struct {
 
 // homeData is the data used by homeTmpl.
 type homeData struct {
-	Short  string
-	Long   string
-	Clicks []visitData
-	XSRF   string
+	Short    string
+	Long     string
+	Clicks   []visitData
+	XSRF     string
+	ReadOnly bool
 }
 
 // deleteData is the data used by deleteTmpl.
@@ -479,10 +481,11 @@ func serveHome(w http.ResponseWriter, r *http.Request, short string) {
 		return
 	}
 	homeTmpl.Execute(w, homeData{
-		Short:  short,
-		Long:   long,
-		Clicks: clicks,
-		XSRF:   xsrftoken.Generate(xsrfKey, cu.login, newShortName),
+		Short:    short,
+		Long:     long,
+		Clicks:   clicks,
+		XSRF:     xsrftoken.Generate(xsrfKey, cu.login, newShortName),
+		ReadOnly: *readonly,
 	})
 }
 
@@ -798,6 +801,10 @@ func userExists(ctx context.Context, login string) (bool, error) {
 var reShortName = regexp.MustCompile(`^\w[\w\-\.]*$`)
 
 func serveDelete(w http.ResponseWriter, r *http.Request) {
+	if *readonly {
+		http.Error(w, "golink is in read-only mode", http.StatusMethodNotAllowed)
+		return
+	}
 	short := strings.TrimPrefix(r.URL.Path, "/.delete/")
 	if short == "" {
 		http.Error(w, "short required", http.StatusBadRequest)
@@ -848,6 +855,10 @@ func serveDelete(w http.ResponseWriter, r *http.Request) {
 // long URL are validated for proper format. Existing links may only be updated
 // by their owner.
 func serveSave(w http.ResponseWriter, r *http.Request) {
+	if *readonly {
+		http.Error(w, "golink is in read-only mode", http.StatusMethodNotAllowed)
+		return
+	}
 	short, long := r.FormValue("short"), r.FormValue("long")
 	if short == "" || long == "" {
 		http.Error(w, "short and long required", http.StatusBadRequest)
@@ -934,6 +945,9 @@ func serveSave(w http.ResponseWriter, r *http.Request) {
 // Admin users can edit all links.
 // Non-admin users can only edit their own links or links without an active owner.
 func canEditLink(ctx context.Context, link *Link, u user) bool {
+	if *readonly {
+		return false
+	}
 	if link == nil || link.Owner == "" {
 		// new or unowned link
 		return true

golink_test.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"golang.org/x/net/xsrftoken"
+	"tailscale.com/types/ptr"
 	"tailscale.com/util/must"
 )
 
@@ -357,6 +358,47 @@ func TestServeDelete(t *testing.T) {
 	}
 }
 
+func TestReadOnlyMode(t *testing.T) {
+	var err error
+	db, err = NewSQLiteDB(":memory:")
+	if err != nil {
+		t.Fatal(err)
+	}
+	db.Save(&Link{Short: "who", Long: "http://who/"})
+
+	oldReadOnly := readonly
+	readonly = ptr.To(true)
+	defer func() { readonly = oldReadOnly }()
+
+	// resolving link should succeed
+	r := httptest.NewRequest("GET", "/who", nil)
+	w := httptest.NewRecorder()
+	serveHandler().ServeHTTP(w, r)
+	if want := http.StatusFound; w.Code != want {
+		t.Errorf("serveHandler() = %d; want %d", w.Code, want)
+	}
+	wantLocation := "http://who/"
+	if location := w.Header().Get("Location"); location != wantLocation {
+		t.Errorf("serveHandler() location = %v; want %v", location, wantLocation)
+	}
+
+	// updating link should fail
+	r = httptest.NewRequest("POST", "/", nil)
+	w = httptest.NewRecorder()
+	serveHandler().ServeHTTP(w, r)
+	if want := http.StatusMethodNotAllowed; w.Code != want {
+		t.Errorf("serveHandler() = %d; want %d", w.Code, want)
+	}
+
+	// deleting link should fail
+	r = httptest.NewRequest("POST", "/.delete/who", nil)
+	w = httptest.NewRecorder()
+	serveHandler().ServeHTTP(w, r)
+	if want := http.StatusMethodNotAllowed; w.Code != want {
+		t.Errorf("serveHandler() = %d; want %d", w.Code, want)
+	}
+}
+
 func TestExpandLink(t *testing.T) {
 	tests := []struct {
 		name      string    // test name

static/base.css

@@ -1351,6 +1351,11 @@ select {
   border-color: rgb(178 45 48 / var(--tw-border-opacity));
 }
 
+.border-orange-50 {
+  --tw-border-opacity: 1;
+  border-color: rgb(254 227 192 / var(--tw-border-opacity));
+}
+
 .bg-gray-100 {
   --tw-bg-opacity: 1;
   background-color: rgb(247 245 244 / var(--tw-bg-opacity));
@@ -1366,6 +1371,11 @@ select {
   background-color: rgb(178 45 48 / var(--tw-bg-opacity));
 }
 
+.bg-orange-0 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(255 250 238 / var(--tw-bg-opacity));
+}
+
 .p-2 {
   padding: 0.5rem;
 }
@@ -1390,6 +1400,11 @@ select {
   padding-bottom: 1rem;
 }
 
+.py-3 {
+  padding-top: 0.75rem;
+  padding-bottom: 0.75rem;
+}
+
 .pt-6 {
   padding-top: 1.5rem;
 }

tailwind.config.js

@@ -41,26 +41,36 @@ module.exports = {
         800: "rgba(90, 0, 0)",
         900: "rgba(66, 0, 0)",
       },
-      white: '#fff',
-      current: 'currentColor',
+      orange: {
+        0: "rgba(255, 250, 238)",
+        50: "rgba(254, 227, 192)",
+        100: "rgba(248, 184, 134)",
+        200: "rgba(245, 146, 94)",
+        300: "rgba(229, 111, 74)",
+        400: "rgba(196, 76, 52)",
+        500: "rgba(158, 47, 40)",
+        600: "rgba(126, 30, 35)",
+        700: "rgba(93, 22, 27)",
+        800: "rgba(66, 14, 17)",
+        900: "rgba(66, 14, 17)",
+      },
+      white: "#fff",
+      current: "currentColor",
     },
     extend: {
       typography: {
         DEFAULT: {
           css: {
-            'code::before': {
-              'content': '',
+            "code::before": {
+              content: "",
             },
-            'code::after': {
-              'content': '',
+            "code::after": {
+              content: "",
             },
           },
         },
       },
     },
   },
-  plugins: [
-    require('@tailwindcss/forms'),
-    require('@tailwindcss/typography'),
-  ],
-}
+  plugins: [require("@tailwindcss/forms"), require("@tailwindcss/typography")],
+};

tmpl/home.html

@@ -1,21 +1,25 @@
 {{ define "main" }}
-    <h2 class="text-xl font-bold pb-2">Create a new link</h2>
+    {{ if .ReadOnly }}
+      <p class="rounded-md py-3 px-4 bg-orange-0 border border-orange-50">{{go}} is running in read-only mode. Links can be resolved, but not created or updated.</p>
+    {{ else }}
+      <h2 class="text-xl font-bold pb-2">Create a new link</h2>
 
-    {{ with .Long }}
-    <p class="">Did you mean <a class="text-blue-600 hover:underline" href="{{.}}">{{.}}</a> ? Create a {{go}} link for it now:</p>
+      {{ with .Long }}
+      <p class="">Did you mean <a class="text-blue-600 hover:underline" href="{{.}}">{{.}}</a> ? Create a {{go}} link for it now:</p>
+      {{ end }}
+      <form method="POST" action="/" class="flex flex-wrap">
+        <input type="hidden" name="xsrf" value="{{ .XSRF }}" />
+        <div class="flex">
+          <label for=short class="flex my-2 px-2 items-center bg-gray-100 border border-r-0 border-gray-300 rounded-l-md text-gray-700">http://{{go}}/</label>
+          <input id=short name=short required type=text size=15 placeholder="shortname" value="{{.Short}}" pattern="\w[\w\-\.]*" title="Must start with letter or number; may contain letters, numbers, dashes, and periods."
+            class="p-2 my-2 rounded-r-md border-gray-300 placeholder:text-gray-400">
+          <span class="flex m-2 items-center">&rarr;</span>
+        </div>
+        <input name=long required type=text size=40 placeholder="https://destination-url"{{if .Short}} value="{{.Long}}" autofocus{{end}} class="p-2 my-2 mr-2 max-w-full rounded-md border-gray-300 placeholder:text-gray-400">
+        <button type=submit class="py-2 px-4 my-2 rounded-md bg-blue-500 border-blue-500 text-white hover:bg-blue-600 hover:border-blue-600">Create</button>
+      </form>
+      <p class="text-sm text-gray-500"><a class="text-blue-600 hover:underline" href="/.help">Help and advanced options</a></p>
     {{ end }}
-    <form method="POST" action="/" class="flex flex-wrap">
-      <input type="hidden" name="xsrf" value="{{ .XSRF }}" />
-      <div class="flex">
-        <label for=short class="flex my-2 px-2 items-center bg-gray-100 border border-r-0 border-gray-300 rounded-l-md text-gray-700">http://{{go}}/</label>
-        <input id=short name=short required type=text size=15 placeholder="shortname" value="{{.Short}}" pattern="\w[\w\-\.]*" title="Must start with letter or number; may contain letters, numbers, dashes, and periods."
-          class="p-2 my-2 rounded-r-md border-gray-300 placeholder:text-gray-400">
-        <span class="flex m-2 items-center">&rarr;</span>
-      </div>
-      <input name=long required type=text size=40 placeholder="https://destination-url"{{if .Short}} value="{{.Long}}" autofocus{{end}} class="p-2 my-2 mr-2 max-w-full rounded-md border-gray-300 placeholder:text-gray-400">
-      <button type=submit class="py-2 px-4 my-2 rounded-md bg-blue-500 border-blue-500 text-white hover:bg-blue-600 hover:border-blue-600">Create</button>
-    </form>
-    <p class="text-sm text-gray-500"><a class="text-blue-600 hover:underline" href="/.help">Help and advanced options</a></p>
 
     <h2 class="text-xl font-bold pt-6 pb-2">Popular Links</h2>
     <table class="table-auto ">