more string

server/handler.go

@@ -13,6 +13,7 @@ import (
 
 	"codeberg.org/codeberg/pages/html"
 	"codeberg.org/codeberg/pages/server/cache"
+	"codeberg.org/codeberg/pages/server/context"
 	"codeberg.org/codeberg/pages/server/dns"
 	"codeberg.org/codeberg/pages/server/gitea"
 	"codeberg.org/codeberg/pages/server/upstream"
@@ -20,29 +21,35 @@ import (
 	"codeberg.org/codeberg/pages/server/version"
 )
 
+const (
+	headerAccessControlAllowOrigin  = "Access-Control-Allow-Origin"
+	headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
+)
+
 // Handler handles a single HTTP request to the web server.
 func Handler(mainDomainSuffix, rawDomain []byte,
 	giteaClient *gitea.Client,
 	giteaRoot, rawInfoPage string,
-	blacklistedPaths, allowedCorsDomains [][]byte,
+	blacklistedPaths, allowedCorsDomains []string,
 	dnsLookupCache, canonicalDomainCache cache.SetGetKey,
 ) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
 		log := log.With().Strs("Handler", []string{string(req.Host), req.RequestURI}).Logger()
+		ctx := context.New(w, req)
 
-		w.Header().Set("Server", "CodebergPages/"+version.Version)
+		ctx.RespWriter.Header().Set("Server", "CodebergPages/"+version.Version)
 
 		// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
-		w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
+		ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
 
 		// Enable browser caching for up to 10 minutes
-		w.Header().Set("Cache-Control", "public, max-age=600")
+		ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")
 
 		trimmedHost := utils.TrimHostPort([]byte(req.Host))
 
 		// Add HSTS for RawDomain and MainDomainSuffix
 		if hsts := GetHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" {
-			w.Header().Set("Strict-Transport-Security", hsts)
+			ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
 		}
 
 		// Block all methods not required for static pages
@@ -54,7 +61,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 
 		// Block blacklisted paths (like ACME challenges)
 		for _, blacklistedPath := range blacklistedPaths {
-			if bytes.HasPrefix(ctx.Path(), blacklistedPath) {
+			if strings.HasPrefix(ctx.Path(), blacklistedPath) {
 				html.ReturnErrorPage(ctx, fasthttp.StatusForbidden)
 				return
 			}
@@ -69,13 +76,13 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 			}
 		}
 		if allowCors {
-			w.Header().Set("Access-Control-Allow-Origin", "*")
-			w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD")
+			ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
+			ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
 		}
-		w.Header().Set("Allow", "GET, HEAD, OPTIONS")
+		ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
 		if ctx.IsOptions() {
 
-			ctx.Response.Header.SetStatusCode(http.StatusNoContent)
+			ctx.Response().StatusCode = http.StatusNoContent
 			return
 		}
 
@@ -113,8 +120,8 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 
 			if canonicalLink != "" {
 				// Hide from search machines & add canonical link
-				ctx.Response.Header.Set("X-Robots-Tag", "noarchive, noindex")
-				ctx.Response.Header.Set("Link",
+				ctx.Response().Header.Set("X-Robots-Tag", "noarchive, noindex")
+				ctx.Response().Header.Set("Link",
 					strings.NewReplacer("%b", targetBranch, "%p", targetPath).Replace(canonicalLink)+
 						"; rel=\"canonical\"",
 				)
@@ -136,7 +143,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 			targetOptions.ForbiddenMimeTypes["text/html"] = true
 			targetOptions.DefaultMimeType = "text/plain; charset=utf-8"
 
-			pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/")
+			pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
 			if len(pathElements) < 2 {
 				// https://{RawDomain}/{owner}/{repo}[/@{branch}]/{path} is required
 				ctx.Redirect(rawInfoPage, http.StatusTemporaryRedirect)
@@ -178,7 +185,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 			// Serve pages from subdomains of MainDomainSuffix
 			log.Debug().Msg("main domain suffix")
 
-			pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/")
+			pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
 			targetOwner = string(bytes.TrimSuffix(trimmedHost, mainDomainSuffix))
 			targetRepo = pathElements[0]
 			targetPath = strings.Trim(strings.Join(pathElements[1:], "/"), "/")
@@ -267,7 +274,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 				return
 			}
 
-			pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/")
+			pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
 			canonicalLink := ""
 			if strings.HasPrefix(pathElements[0], "@") {
 				targetBranch = pathElements[0][1:]
@@ -287,7 +294,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
 					// only redirect if the target is also a codeberg page!
 					targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], string(mainDomainSuffix), dnsLookupCache)
 					if targetOwner != "" {
-						ctx.Redirect("https://"+canonicalDomain+string(ctx.RequestURI()), http.StatusTemporaryRedirect)
+						ctx.Redirect("https://"+canonicalDomain+string(ctx.Path()), http.StatusTemporaryRedirect)
 						return
 					}