pages-server/server/handler.go

package server

import (
	"fmt"
	"net/http"
	"path"
	"strings"

	"github.com/rs/zerolog/log"

	"codeberg.org/codeberg/pages/html"
	"codeberg.org/codeberg/pages/server/cache"
	"codeberg.org/codeberg/pages/server/context"
	"codeberg.org/codeberg/pages/server/dns"
	"codeberg.org/codeberg/pages/server/gitea"
	"codeberg.org/codeberg/pages/server/upstream"
	"codeberg.org/codeberg/pages/server/utils"
	"codeberg.org/codeberg/pages/server/version"
)

const (
	headerAccessControlAllowOrigin  = "Access-Control-Allow-Origin"
	headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
)

// Handler handles a single HTTP request to the web server.
func Handler(mainDomainSuffix, rawDomain string,
	giteaClient *gitea.Client,
	rawInfoPage string,
	blacklistedPaths, allowedCorsDomains []string,
	dnsLookupCache, canonicalDomainCache cache.SetGetKey,
) http.HandlerFunc {
	return func(w http.ResponseWriter, req *http.Request) {
		log := log.With().Strs("Handler", []string{string(req.Host), req.RequestURI}).Logger()
		ctx := context.New(w, req)

		ctx.RespWriter.Header().Set("Server", "CodebergPages/"+version.Version)

		// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
		ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")

		// Enable browser caching for up to 10 minutes
		ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")

		trimmedHost := utils.TrimHostPort(req.Host)

		// Add HSTS for RawDomain and MainDomainSuffix
		if hsts := getHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" {
			ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
		}

		// Handle all http methods
		ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
		switch ctx.Req.Method {
		case http.MethodOptions:
			// return Allow header
			ctx.RespWriter.WriteHeader(http.StatusNoContent)
			return
		case http.MethodGet,
			http.MethodHead:
			// end switch case and handle allowed requests
			break
		default:
			// Block all methods not required for static pages
			ctx.String("Method not allowed", http.StatusMethodNotAllowed)
			return
		}

		// Block blacklisted paths (like ACME challenges)
		for _, blacklistedPath := range blacklistedPaths {
			if strings.HasPrefix(ctx.Path(), blacklistedPath) {
				html.ReturnErrorPage(ctx, "requested blacklisted path", http.StatusForbidden)
				return
			}
		}

		// Allow CORS for specified domains
		allowCors := false
		for _, allowedCorsDomain := range allowedCorsDomains {
			if strings.EqualFold(trimmedHost, allowedCorsDomain) {
				allowCors = true
				break
			}
		}
		if allowCors {
			ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
			ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
		}

		// Prepare request information to Gitea
		pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")

		log.Debug().Msg("preparations")
		if rawDomain != "" && strings.EqualFold(trimmedHost, rawDomain) {
			// Serve raw content from RawDomain
			log.Debug().Msg("raw domain")

			if len(pathElements) < 2 {
				// https://{RawDomain}/{owner}/{repo}[/@{branch}]/{path} is required
				ctx.Redirect(rawInfoPage, http.StatusTemporaryRedirect)
				return
			}

			// raw.codeberg.org/example/myrepo/@main/index.html
			if len(pathElements) > 2 && strings.HasPrefix(pathElements[2], "@") {
				log.Debug().Msg("raw domain preparations, now trying with specified branch")
				if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
					TryIndexPages: false,
					ServeRaw:      true,
					TargetOwner:   pathElements[0],
					TargetRepo:    pathElements[1],
					TargetBranch:  pathElements[2][1:],
					TargetPath:    path.Join(pathElements[3:]...),
				}, true); works {
					log.Trace().Msg("tryUpstream: serve raw domain with specified branch")
					tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
					return
				}
				log.Debug().Msg("missing branch info")
				html.ReturnErrorPage(ctx, "missing branch info", http.StatusFailedDependency)
				return
			}

			log.Debug().Msg("raw domain preparations, now trying with default branch")
			if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
				TryIndexPages: false,
				ServeRaw:      true,
				TargetOwner:   pathElements[0],
				TargetRepo:    pathElements[1],
				TargetPath:    path.Join(pathElements[2:]...),
			}, true); works {
				log.Trace().Msg("tryUpstream: serve raw domain with default branch")
				tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
			} else {
				html.ReturnErrorPage(ctx,
					fmt.Sprintf("raw domain could not find repo '%s/%s' or repo is empty", targetOpt.TargetOwner, targetOpt.TargetRepo),
					http.StatusNotFound)
			}
			return

		} else if strings.HasSuffix(trimmedHost, mainDomainSuffix) {
			// Serve pages from subdomains of MainDomainSuffix
			log.Debug().Msg("main domain suffix")

			targetOwner := strings.TrimSuffix(trimmedHost, mainDomainSuffix)
			targetRepo := pathElements[0]

			if targetOwner == "www" {
				// www.codeberg.page redirects to codeberg.page // TODO: rm hardcoded - use cname?
				ctx.Redirect("https://"+string(mainDomainSuffix[1:])+string(ctx.Path()), http.StatusPermanentRedirect)
				return
			}

			// Check if the first directory is a repo with the second directory as a branch
			// example.codeberg.page/myrepo/@main/index.html
			if len(pathElements) > 1 && strings.HasPrefix(pathElements[1], "@") {
				if targetRepo == "pages" {
					// example.codeberg.org/pages/@... redirects to example.codeberg.org/@...
					ctx.Redirect("/"+strings.Join(pathElements[1:], "/"), http.StatusTemporaryRedirect)
					return
				}

				log.Debug().Msg("main domain preparations, now trying with specified repo & branch")
				if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
					TargetOwner:  targetOwner,
					TargetRepo:   pathElements[0],
					TargetBranch: pathElements[1][1:],
					TargetPath:   path.Join(pathElements[2:]...),
				}, true); works {
					log.Trace().Msg("tryUpstream: serve with specified repo and branch")
					tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
				} else {
					html.ReturnErrorPage(ctx,
						fmt.Sprintf("explizite set branch %q do not exist at '%s/%s'", targetOpt.TargetBranch, targetOpt.TargetOwner, targetOpt.TargetRepo),
						http.StatusFailedDependency)
				}
				return
			}

			// Check if the first directory is a branch for the "pages" repo
			// example.codeberg.page/@main/index.html
			if strings.HasPrefix(pathElements[0], "@") {
				log.Debug().Msg("main domain preparations, now trying with specified branch")
				if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
					TargetOwner:  targetOwner,
					TargetRepo:   "pages",
					TargetBranch: pathElements[0][1:],
					TargetPath:   path.Join(pathElements[1:]...),
				}, true); works {
					log.Trace().Msg("tryUpstream: serve default pages repo with specified branch")
					tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
				} else {
					html.ReturnErrorPage(ctx,
						fmt.Sprintf("explizite set branch %q do not exist at '%s/%s'", targetOpt.TargetBranch, targetOpt.TargetOwner, targetOpt.TargetRepo),
						http.StatusFailedDependency)
				}
				return
			}

			// Check if the first directory is a repo with a "pages" branch
			// example.codeberg.page/myrepo/index.html
			// example.codeberg.page/pages/... is not allowed here.
			log.Debug().Msg("main domain preparations, now trying with specified repo")
			if pathElements[0] != "pages" {
				if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
					TargetOwner:  targetOwner,
					TargetRepo:   pathElements[0],
					TargetBranch: "pages",
					TargetPath:   path.Join(pathElements[1:]...),
				}, false); works {
					log.Debug().Msg("tryBranch, now trying upstream 5")
					tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
					return
				}
			}

			// Try to use the "pages" repo on its default branch
			// example.codeberg.page/index.html
			log.Debug().Msg("main domain preparations, now trying with default repo/branch")
			if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
				TargetOwner: targetOwner,
				TargetRepo:  "pages",
				TargetPath:  path.Join(pathElements...),
			}, false); works {
				log.Debug().Msg("tryBranch, now trying upstream 6")
				tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
				return
			}

			// Couldn't find a valid repo/branch
			html.ReturnErrorPage(ctx,
				fmt.Sprintf("couldn't find a valid repo[%s]", targetRepo),
				http.StatusFailedDependency)
			return
		} else {
			trimmedHostStr := string(trimmedHost)

			// Serve pages from custom domains
			targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHostStr, string(mainDomainSuffix), dnsLookupCache)
			if targetOwner == "" {
				html.ReturnErrorPage(ctx,
					"could not obtain repo owner from custom domain",
					http.StatusFailedDependency)
				return
			}

			pathParts := pathElements
			canonicalLink := false
			if strings.HasPrefix(pathElements[0], "@") {
				targetBranch = pathElements[0][1:]
				pathParts = pathElements[1:]
				canonicalLink = true
			}

			// Try to use the given repo on the given branch or the default branch
			log.Debug().Msg("custom domain preparations, now trying with details from DNS")
			if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
				TargetOwner:  targetOwner,
				TargetRepo:   targetRepo,
				TargetBranch: targetBranch,
				TargetPath:   path.Join(pathParts...),
			}, canonicalLink); works {
				canonicalDomain, valid := upstream.CheckCanonicalDomain(giteaClient, targetOpt.TargetOwner, targetOpt.TargetRepo, targetOpt.TargetBranch, trimmedHostStr, string(mainDomainSuffix), canonicalDomainCache)
				if !valid {
					html.ReturnErrorPage(ctx, "domain not specified in <code>.domains</code> file", http.StatusMisdirectedRequest)
					return
				} else if canonicalDomain != trimmedHostStr {
					// only redirect if the target is also a codeberg page!
					targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], string(mainDomainSuffix), dnsLookupCache)
					if targetOwner != "" {
						ctx.Redirect("https://"+canonicalDomain+string(targetOpt.TargetPath), http.StatusTemporaryRedirect)
						return
					}

					html.ReturnErrorPage(ctx, "target is no codeberg page", http.StatusFailedDependency)
					return
				}

				log.Debug().Msg("tryBranch, now trying upstream 7")
				tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
				return
			}

			html.ReturnErrorPage(ctx, "could not find target for custom domain", http.StatusFailedDependency)
			return
		}
	}
}