many: cmd/pkgsite embeds static assets

The `pkgsite` command now embeds all the static assets it needs, so it
need not be told the location of the static/ directory with a
flag. The binary is self-contained and can be placed and invoked from
anywhere.

This required embedding the static/ and third_party/
directories. Since //go:embed cannot reference files outside the
containing package's tree, we had to add trivial Go packages in
static/ and third_party/ to construct `embed.FS`s for those
directories.

Also, the frontend needed to accept `fs.FS` values where it
previously took paths, and `template.TrustedFS` values where it
previously used `template.TrustedSources`. We ended up clumsily
requiring four separate config values:

- A TrustedFS to load templates.

- Two fs.FSs, one for static and one for third_party, to load other
  assets.

- The path to the static directory as a string, solely to support
  dynamic loading in dev mode.

For golang/go#48410

Change-Id: I9eeb351b1c6f23444b9e65b60f2a1d3905d59ef9
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/359395
Trust: Jonathan Amsterdam <[email protected]>
Run-TryBot: Jonathan Amsterdam <[email protected]>
Reviewed-by: Julie Qiu <[email protected]>
Reviewed-by: Jamal Carvalho <[email protected]>

Author: jba

cmd/frontend/main.go

@@ -34,7 +34,7 @@ import (
 var (
 	queueName      = config.GetEnv("GO_DISCOVERY_FRONTEND_TASK_QUEUE", "")
 	workers        = flag.Int("workers", 10, "number of concurrent requests to the fetch service, when running locally")
-	_              = flag.String("static", "static", "path to folder containing static files served")
+	staticFlag     = flag.String("static", "static", "path to folder containing static files served")
 	thirdPartyPath = flag.String("third_party", "third_party", "path to folder containing third-party libraries")
 	devMode        = flag.Bool("dev", false, "enable developer mode (reload templates on each page load, serve non-minified JS/CSS, etc.)")
 	disableCSP     = flag.Bool("nocsp", false, "disable Content Security Policy")
@@ -111,12 +111,15 @@ func main() {
 	if err != nil {
 		log.Fatalf(ctx, "vulndbc.NewClient: %v", err)
 	}
+	staticSource := template.TrustedSourceFromFlag(flag.Lookup("static").Value)
 	server, err := frontend.NewServer(frontend.ServerConfig{
 		DataSourceGetter:     dsg,
 		Queue:                fetchQueue,
 		TaskIDChangeInterval: config.TaskIDChangeIntervalFrontend,
-		StaticPath:           template.TrustedSourceFromFlag(flag.Lookup("static").Value),
-		ThirdPartyPath:       *thirdPartyPath,
+		TemplateFS:           template.TrustedFSFromTrustedSource(staticSource),
+		StaticFS:             os.DirFS(*staticFlag),
+		StaticPath:           *staticFlag,
+		ThirdPartyFS:         os.DirFS(*thirdPartyPath),
 		DevMode:              *devMode,
 		AppVersionLabel:      cfg.AppVersionLabel(),
 		GoogleTagManagerID:   cfg.GoogleTagManagerID,

cmd/pkgsite/main.go

@@ -6,29 +6,28 @@
 // It runs as a web server and presents the documentation as a
 // web page.
 //
-// After running `go install ./cmd/pkgsite` from the pkgsite repo root, you can
-// run `pkgsite` from anywhere, but if you don't run it from the pkgsite repo
-// root you must specify the location of the static assets with -static.
+// To install, run `go install ./cmd/pkgsite` from the pkgsite repo root.
 //
-// With just -static, pkgsite will serve docs for the module in the current
+// With no arguments, pkgsite will serve docs for the module in the current
 // directory, which must have a go.mod file:
 //
-//   cd ~/repos/cue && pkgsite -static ~/repos/pkgsite/static
+//   cd ~/repos/cue && pkgsite
 //
 // You can also serve docs from your module cache, directly from the proxy
 // (it uses the GOPROXY environment variable), or both:
 //
-//   pkgsite -static ~/repos/pkgsite/static -cache -proxy
+//   pkgsite -cache -proxy
 //
-// With either -cache or -proxy, it won't look for a module in the current directory.
-// You can still provide modules on the local filesystem by listing their paths:
+// With either -cache or -proxy, pkgsite won't look for a module in the current
+// directory. You can still provide modules on the local filesystem by listing
+// their paths:
 //
-//   pkgsite -static ~/repos/pkgsite/static -cache -proxy ~/repos/cue some/other/module
+//   pkgsite -cache -proxy ~/repos/cue some/other/module
 //
 // Although standard library packages will work by default, the docs can take a
 // while to appear the first time because the Go repo must be cloned and
 // processed. If you clone the repo yourself (https://go.googlesource.com/go),
-// provide its location with the -gorepo flag to save a little time.
+// you can provide its location with the -gorepo flag to save a little time.
 package main
 
 import (
@@ -51,12 +50,14 @@ import (
 	"golang.org/x/pkgsite/internal/proxy"
 	"golang.org/x/pkgsite/internal/source"
 	"golang.org/x/pkgsite/internal/stdlib"
+	"golang.org/x/pkgsite/static"
+	thirdparty "golang.org/x/pkgsite/third_party"
 )
 
 const defaultAddr = "localhost:8080" // default webserver address
 
 var (
-	_          = flag.String("static", "static", "path to folder containing static files served")
+	staticFlag = flag.String("static", "", "OBSOLETE - DO NOT USE")
 	gopathMode = flag.Bool("gopath_mode", false, "assume that local modules' paths are relative to GOPATH/src")
 	httpAddr   = flag.String("http", defaultAddr, "HTTP service address to listen for incoming requests on")
 	useCache   = flag.Bool("cache", false, "fetch from the module cache")
@@ -76,6 +77,10 @@ func main() {
 	flag.Parse()
 	ctx := context.Background()
 
+	if *staticFlag != "" {
+		fmt.Fprintf(os.Stderr, "-static is ignored. It is obsolete and may be removed in a future version.\n")
+	}
+
 	paths := collectPaths(flag.Args())
 	if len(paths) == 0 && !*useCache && !*useProxy {
 		paths = []string{"."}
@@ -118,7 +123,7 @@ func main() {
 
 	server, err := newServer(ctx, paths, *gopathMode, modCacheDir, prox)
 	if err != nil {
-		die("%s\nMaybe you need to provide the location of static assets with -static.", err)
+		die("%s", err)
 	}
 	router := http.NewServeMux()
 	server.Install(router.Handle, nil, nil)
@@ -160,7 +165,9 @@ func newServer(ctx context.Context, paths []string, gopathMode bool, downloadDir
 	}.New()
 	server, err := frontend.NewServer(frontend.ServerConfig{
 		DataSourceGetter: func(context.Context) internal.DataSource { return lds },
-		StaticPath:       template.TrustedSourceFromFlag(flag.Lookup("static").Value),
+		TemplateFS:       template.TrustedFSFromEmbed(static.FS),
+		StaticFS:         static.FS,
+		ThirdPartyFS:     thirdparty.FS,
 	})
 	if err != nil {
 		return nil, err

cmd/pkgsite/main_test.go

@@ -6,7 +6,6 @@ package main
 
 import (
 	"context"
-	"flag"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -45,7 +44,6 @@ func Test(t *testing.T) {
 
 	localModule := repoPath("internal/fetch/testdata/has_go_mod")
 	cacheDir := repoPath("internal/fetch/testdata/modcache")
-	flag.Set("static", repoPath("static"))
 	testModules := proxytest.LoadTestModules(repoPath("internal/proxy/testdata"))
 	prox, teardown := proxytest.SetupTestClient(t, testModules)
 	defer teardown()

go.sum

@@ -288,7 +288,6 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200905233945-acf8798be1f7 h1:k+KkMRk8mGOu1xG38StS7dQ+Z6oW1i9n3dgrAVU9Q/E=
 github.com/google/pprof v0.0.0-20200905233945-acf8798be1f7/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/safehtml v0.0.2 h1:ZOt2VXg4x24bW0m2jtzAOkhoXV0iM8vNKc0paByCZqM=
 github.com/google/safehtml v0.0.2/go.mod h1:L4KWwDsUJdECRAEpZoBn3O64bQaywRscowZjJAzjHnU=
 github.com/google/safehtml v0.0.3-0.20211026203422-d6f0e11a5516 h1:pSEdbeokt55L2hwtWo6A2k7u5SG08rmw0LhWEyrdWgk=
 github.com/google/safehtml v0.0.3-0.20211026203422-d6f0e11a5516/go.mod h1:L4KWwDsUJdECRAEpZoBn3O64bQaywRscowZjJAzjHnU=

internal/fetch/fetch_test.go

@@ -34,14 +34,14 @@ import (
 var testTimeout = 30 * time.Second
 
 var (
-	templateSource = template.TrustedSourceFromConstant("../../static/doc")
-	testModules    []*proxytest.Module
+	templateFS  = template.TrustedFSFromTrustedSource(template.TrustedSourceFromConstant("../../static"))
+	testModules []*proxytest.Module
 )
 
 type fetchFunc func(t *testing.T, withLicenseDetector bool, ctx context.Context, mod *proxytest.Module, fetchVersion string) (*FetchResult, *licenses.Detector)
 
 func TestMain(m *testing.M) {
-	dochtml.LoadTemplates(templateSource)
+	dochtml.LoadTemplates(templateFS)
 	testModules = proxytest.LoadTestModules("../proxy/testdata")
 	licenses.OmitExceptions = true
 	os.Exit(m.Run())

internal/fetchdatasource/fetchdatasource_test.go

@@ -36,7 +36,7 @@ var (
 )
 
 func TestMain(m *testing.M) {
-	dochtml.LoadTemplates(template.TrustedSourceFromConstant("../../static/doc"))
+	dochtml.LoadTemplates(template.TrustedFSFromTrustedSource(template.TrustedSourceFromConstant("../../static")))
 	defaultTestModules = proxytest.LoadTestModules("../proxy/testdata")
 	var cleanup func()
 	localGetters, cleanup = buildLocalGetters()

internal/frontend/badge.go

@@ -5,7 +5,6 @@
 package frontend
 
 import (
-	"fmt"
 	"net/http"
 	"strings"
 )
@@ -23,7 +22,7 @@ type badgePage struct {
 func (s *Server) badgeHandler(w http.ResponseWriter, r *http.Request) {
 	path := strings.TrimPrefix(r.URL.Path, "/badge/")
 	if path != "" {
-		http.ServeFile(w, r, fmt.Sprintf("%s/frontend/badge/badge.svg", s.staticPath))
+		serveFileFS(w, r, s.staticFS, "frontend/badge/badge.svg")
 		return
 	}
 

internal/frontend/server.go

@@ -14,6 +14,7 @@ import (
 	"io/fs"
 	"net/http"
 	"net/url"
+	"path"
 	"strings"
 	"sync"
 	"time"
@@ -42,10 +43,11 @@ type Server struct {
 	getDataSource        func(context.Context) internal.DataSource
 	queue                queue.Queue
 	taskIDChangeInterval time.Duration
-	staticPath           template.TrustedSource
-	thirdPartyPath       string
-	templateDir          template.TrustedSource
+	templateFS           template.TrustedFS
+	staticFS             fs.FS
+	thirdPartyFS         fs.FS
 	devMode              bool
+	staticPath           string // used only for dynamic loading in dev mode
 	errorPage            []byte
 	appVersionLabel      string
 	googleTagManagerID   string
@@ -65,9 +67,11 @@ type ServerConfig struct {
 	DataSourceGetter     func(context.Context) internal.DataSource
 	Queue                queue.Queue
 	TaskIDChangeInterval time.Duration
-	StaticPath           template.TrustedSource
-	ThirdPartyPath       string
+	TemplateFS           template.TrustedFS // for loading templates safely
+	StaticFS             fs.FS              // for static/ directory
+	ThirdPartyFS         fs.FS              // for third_party/ directory
 	DevMode              bool
+	StaticPath           string // used only for dynamic loading in dev mode
 	AppVersionLabel      string
 	GoogleTagManagerID   string
 	ServeStats           bool
@@ -78,20 +82,19 @@ type ServerConfig struct {
 // NewServer creates a new Server for the given database and template directory.
 func NewServer(scfg ServerConfig) (_ *Server, err error) {
 	defer derrors.Wrap(&err, "NewServer(...)")
-	templateDir := template.TrustedSourceJoin(scfg.StaticPath)
-	ts, err := parsePageTemplates(templateDir)
+	ts, err := parsePageTemplates(scfg.TemplateFS)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing templates: %v", err)
 	}
-	docTemplateDir := template.TrustedSourceJoin(templateDir, template.TrustedSourceFromConstant("doc"))
-	dochtml.LoadTemplates(docTemplateDir)
+	dochtml.LoadTemplates(scfg.TemplateFS)
 	s := &Server{
 		getDataSource:        scfg.DataSourceGetter,
 		queue:                scfg.Queue,
-		staticPath:           scfg.StaticPath,
-		thirdPartyPath:       scfg.ThirdPartyPath,
-		templateDir:          templateDir,
+		templateFS:           scfg.TemplateFS,
+		staticFS:             scfg.StaticFS,
+		thirdPartyFS:         scfg.ThirdPartyFS,
 		devMode:              scfg.DevMode,
+		staticPath:           scfg.StaticPath,
 		templates:            ts,
 		taskIDChangeInterval: scfg.TaskIDChangeInterval,
 		appVersionLabel:      scfg.AppVersionLabel,
@@ -134,10 +137,11 @@ func (s *Server) Install(handle func(string, http.Handler), redisClient *redis.C
 		log.Infof(r.Context(), "Request made to %q", r.URL.Path)
 	}))
 	handle("/static/", s.staticHandler())
-	handle("/third_party/", http.StripPrefix("/third_party", http.FileServer(http.Dir(s.thirdPartyPath))))
+	handle("/third_party/", http.StripPrefix("/third_party", http.FileServer(http.FS(s.thirdPartyFS))))
 	handle("/favicon.ico", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		http.ServeFile(w, r, fmt.Sprintf("%s/shared/icon/favicon.ico", http.Dir(s.staticPath.String())))
+		serveFileFS(w, r, s.staticFS, "shared/icon/favicon.ico")
 	}))
+
 	handle("/sitemap/", http.StripPrefix("/sitemap/", http.FileServer(http.Dir("private/sitemap"))))
 	handle("/mod/", http.HandlerFunc(s.handleModuleDetailsRedirect))
 	handle("/pkg/", http.HandlerFunc(s.handlePackageDetailsRedirect))
@@ -539,7 +543,7 @@ func (s *Server) findTemplate(templateName string) (*template.Template, error) {
 		s.mu.Lock()
 		defer s.mu.Unlock()
 		var err error
-		s.templates, err = parsePageTemplates(s.templateDir)
+		s.templates, err = parsePageTemplates(s.templateFS)
 		if err != nil {
 			return nil, fmt.Errorf("error parsing templates: %v", err)
 		}
@@ -584,69 +588,73 @@ func stripScheme(url string) string {
 	return url
 }
 
-// parsePageTemplates parses html templates contained in the given base
-// directory in order to generate a map of Name->*template.Template.
+// parsePageTemplates parses html templates contained in the given filesystem in
+// order to generate a map of Name->*template.Template.
 //
 // Separate templates are used so that certain contextual functions (e.g.
 // templateName) can be bound independently for each page.
 //
 // Templates in directories prefixed with an underscore are considered helper
 // templates and parsed together with the files in each base directory.
-func parsePageTemplates(base template.TrustedSource) (map[string]*template.Template, error) {
-	tsc := template.TrustedSourceFromConstant
-	join := template.TrustedSourceJoin
-
+func parsePageTemplates(fsys template.TrustedFS) (map[string]*template.Template, error) {
 	templates := make(map[string]*template.Template)
-	htmlSets := [][]template.TrustedSource{
-		{tsc("badge")},
-		{tsc("error")},
-		{tsc("fetch")},
-		{tsc("homepage")},
-		{tsc("legacy_search")},
-		{tsc("license-policy")},
-		{tsc("search")},
-		{tsc("search-help")},
-		{tsc("styleguide")},
-		{tsc("subrepo")},
-		{tsc("unit/importedby"), tsc("unit")},
-		{tsc("unit/imports"), tsc("unit")},
-		{tsc("unit/licenses"), tsc("unit")},
-		{tsc("unit/main"), tsc("unit")},
-		{tsc("unit/versions"), tsc("unit")},
+	htmlSets := [][]string{
+		{"badge"},
+		{"error"},
+		{"fetch"},
+		{"homepage"},
+		{"legacy_search"},
+		{"license-policy"},
+		{"search"},
+		{"search-help"},
+		{"styleguide"},
+		{"subrepo"},
+		{"unit/importedby", "unit"},
+		{"unit/imports", "unit"},
+		{"unit/licenses", "unit"},
+		{"unit/main", "unit"},
+		{"unit/versions", "unit"},
 	}
 
 	for _, set := range htmlSets {
-		t, err := template.New("frontend.tmpl").Funcs(templateFuncs).ParseGlobFromTrustedSource(join(base, tsc("frontend/*.tmpl")))
+		t, err := template.New("frontend.tmpl").Funcs(templateFuncs).ParseFS(fsys, "frontend/*.tmpl")
 		if err != nil {
-			return nil, fmt.Errorf("ParseFilesFromTrustedSources: %v", err)
+			return nil, fmt.Errorf("ParseFS: %v", err)
 		}
-		helperGlob := join(base, tsc("shared/*/*.tmpl"))
-		if _, err := t.ParseGlobFromTrustedSource(helperGlob); err != nil {
-			return nil, fmt.Errorf("ParseGlobFromTrustedSource(%q): %v", helperGlob, err)
+		helperGlob := "shared/*/*.tmpl"
+		if _, err := t.ParseFS(fsys, helperGlob); err != nil {
+			return nil, fmt.Errorf("ParseFS(%q): %v", helperGlob, err)
 		}
-		var files []template.TrustedSource
 		for _, f := range set {
-			if _, err := t.ParseGlobFromTrustedSource(join(base, tsc("frontend"), f, tsc("*.tmpl"))); err != nil {
-				return nil, fmt.Errorf("ParseGlobFromTrustedSource(%v): %v", files, err)
+			if _, err := t.ParseFS(fsys, path.Join("frontend", f, "*.tmpl")); err != nil {
+				return nil, fmt.Errorf("ParseFS(%v): %v", f, err)
 			}
 		}
-		templates[set[0].String()] = t
+		templates[set[0]] = t
 	}
 
 	return templates, nil
 }
 
 func (s *Server) staticHandler() http.Handler {
-	staticPath := s.staticPath.String()
-
 	// In dev mode compile TypeScript files into minified JavaScript files
 	// and rebuild them on file changes.
 	if s.devMode {
+		if s.staticPath == "" {
+			panic("staticPath is empty in dev mode; cannot rebuild static files")
+		}
 		ctx := context.Background()
-		_, err := static.Build(static.Config{EntryPoint: staticPath + "/frontend", Watch: true, Bundle: true})
+		_, err := static.Build(static.Config{EntryPoint: s.staticPath + "/frontend", Watch: true, Bundle: true})
 		if err != nil {
 			log.Error(ctx, err)
 		}
 	}
-	return http.StripPrefix("/static/", http.FileServer(http.Dir(staticPath)))
+	return http.StripPrefix("/static/", http.FileServer(http.FS(s.staticFS)))
+}
+
+// serveFileFS serves a file from the given filesystem.
+func serveFileFS(w http.ResponseWriter, r *http.Request, fsys fs.FS, name string) {
+	fs := http.FileServer(http.FS(fsys))
+	r.URL.Path = name
+	fs.ServeHTTP(w, r)
 }