pages/pages-server
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2025-01-19 17:07:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

more string

Browse source
This commit is contained in:
6543 2022-08-28 15:33:10 +02:00
parent 32431b23bb
commit 662d76386c
No known key found for this signature in database
GPG key ID: C99B82E40B027BAE
5 changed files with 51 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
cmd/main.go
View file

@ -24,15 +24,15 @@ import (
// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed. // AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
// TODO: make it a flag // TODO: make it a flag
var AllowedCorsDomains = [][]byte{ var AllowedCorsDomains = []string{
[]byte("fonts.codeberg.org"), "fonts.codeberg.org",
[]byte("design.codeberg.org"), "design.codeberg.org",
} }
// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages. // BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.
// TODO: Make it a flag too // TODO: Make it a flag too
var BlacklistedPaths = [][]byte{ var BlacklistedPaths = []string{
[]byte("/.well-known/acme-challenge/"), "/.well-known/acme-challenge/",
} }
// Serve sets up and starts the web server. // Serve sets up and starts the web server.
@ -65,7 +65,7 @@ func Serve(ctx *cli.Context) error {
allowedCorsDomains := AllowedCorsDomains allowedCorsDomains := AllowedCorsDomains
if len(rawDomain) != 0 { if len(rawDomain) != 0 {
allowedCorsDomains = append(allowedCorsDomains, []byte(rawDomain)) allowedCorsDomains = append(allowedCorsDomains, rawDomain)
} }
// Make sure MainDomain has a trailing dot, and GiteaRoot has no trailing slash // Make sure MainDomain has a trailing dot, and GiteaRoot has no trailing slash

14
server/context/context.go
View file

@ -10,6 +10,13 @@ type Context struct {
Req *http.Request Req *http.Request
} }
func New(w http.ResponseWriter, r *http.Request) *Context {
return &Context{
RespWriter: w,
Req: r,
}
}
func (c *Context) Context() stdContext.Context { func (c *Context) Context() stdContext.Context {
if c.Req != nil { if c.Req != nil {
return c.Req.Context() return c.Req.Context()
@ -27,3 +34,10 @@ func (c *Context) Response() *http.Response {
func (c *Context) Redirect(uri string, statusCode int) { func (c *Context) Redirect(uri string, statusCode int) {
http.Redirect(c.RespWriter, c.Req, uri, statusCode) http.Redirect(c.RespWriter, c.Req, uri, statusCode)
} }
// Path returns requested path.
//
// The returned bytes are valid until your request handler returns.
func (c *Context) Path() string {
return c.Req.URL.Path
}

39
server/handler.go
View file

@ -13,6 +13,7 @@ import (
"codeberg.org/codeberg/pages/html" "codeberg.org/codeberg/pages/html"
"codeberg.org/codeberg/pages/server/cache" "codeberg.org/codeberg/pages/server/cache"
"codeberg.org/codeberg/pages/server/context"
"codeberg.org/codeberg/pages/server/dns" "codeberg.org/codeberg/pages/server/dns"
"codeberg.org/codeberg/pages/server/gitea" "codeberg.org/codeberg/pages/server/gitea"
"codeberg.org/codeberg/pages/server/upstream" "codeberg.org/codeberg/pages/server/upstream"
@ -20,29 +21,35 @@ import (
"codeberg.org/codeberg/pages/server/version" "codeberg.org/codeberg/pages/server/version"
) )
const (
headerAccessControlAllowOrigin = "Access-Control-Allow-Origin"
headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
)
// Handler handles a single HTTP request to the web server. // Handler handles a single HTTP request to the web server.
func Handler(mainDomainSuffix, rawDomain []byte, func Handler(mainDomainSuffix, rawDomain []byte,
giteaClient *gitea.Client, giteaClient *gitea.Client,
giteaRoot, rawInfoPage string, giteaRoot, rawInfoPage string,
blacklistedPaths, allowedCorsDomains [][]byte, blacklistedPaths, allowedCorsDomains []string,
dnsLookupCache, canonicalDomainCache cache.SetGetKey, dnsLookupCache, canonicalDomainCache cache.SetGetKey,
) http.HandlerFunc { ) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) { return func(w http.ResponseWriter, req *http.Request) {
log := log.With().Strs("Handler", []string{string(req.Host), req.RequestURI}).Logger() log := log.With().Strs("Handler", []string{string(req.Host), req.RequestURI}).Logger()
ctx := context.New(w, req)
w.Header().Set("Server", "CodebergPages/"+version.Version) ctx.RespWriter.Header().Set("Server", "CodebergPages/"+version.Version)
// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin // Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
// Enable browser caching for up to 10 minutes // Enable browser caching for up to 10 minutes
w.Header().Set("Cache-Control", "public, max-age=600") ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")
trimmedHost := utils.TrimHostPort([]byte(req.Host)) trimmedHost := utils.TrimHostPort([]byte(req.Host))
// Add HSTS for RawDomain and MainDomainSuffix // Add HSTS for RawDomain and MainDomainSuffix
if hsts := GetHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" { if hsts := GetHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" {
w.Header().Set("Strict-Transport-Security", hsts) ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
} }
// Block all methods not required for static pages // Block all methods not required for static pages
@ -54,7 +61,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
// Block blacklisted paths (like ACME challenges) // Block blacklisted paths (like ACME challenges)
for _, blacklistedPath := range blacklistedPaths { for _, blacklistedPath := range blacklistedPaths {
if bytes.HasPrefix(ctx.Path(), blacklistedPath) { if strings.HasPrefix(ctx.Path(), blacklistedPath) {
html.ReturnErrorPage(ctx, fasthttp.StatusForbidden) html.ReturnErrorPage(ctx, fasthttp.StatusForbidden)
return return
} }
@ -69,13 +76,13 @@ func Handler(mainDomainSuffix, rawDomain []byte,
} }
} }
if allowCors { if allowCors {
w.Header().Set("Access-Control-Allow-Origin", "*") ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD") ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
} }
w.Header().Set("Allow", "GET, HEAD, OPTIONS") ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
if ctx.IsOptions() { if ctx.IsOptions() {
ctx.Response.Header.SetStatusCode(http.StatusNoContent) ctx.Response().StatusCode = http.StatusNoContent
return return
} }
@ -113,8 +120,8 @@ func Handler(mainDomainSuffix, rawDomain []byte,
if canonicalLink != "" { if canonicalLink != "" {
// Hide from search machines & add canonical link // Hide from search machines & add canonical link
ctx.Response.Header.Set("X-Robots-Tag", "noarchive, noindex") ctx.Response().Header.Set("X-Robots-Tag", "noarchive, noindex")
ctx.Response.Header.Set("Link", ctx.Response().Header.Set("Link",
strings.NewReplacer("%b", targetBranch, "%p", targetPath).Replace(canonicalLink)+ strings.NewReplacer("%b", targetBranch, "%p", targetPath).Replace(canonicalLink)+
"; rel=\"canonical\"", "; rel=\"canonical\"",
) )
@ -136,7 +143,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
targetOptions.ForbiddenMimeTypes["text/html"] = true targetOptions.ForbiddenMimeTypes["text/html"] = true
targetOptions.DefaultMimeType = "text/plain; charset=utf-8" targetOptions.DefaultMimeType = "text/plain; charset=utf-8"
pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/") pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
if len(pathElements) < 2 { if len(pathElements) < 2 {
// https://{RawDomain}/{owner}/{repo}[/@{branch}]/{path} is required // https://{RawDomain}/{owner}/{repo}[/@{branch}]/{path} is required
ctx.Redirect(rawInfoPage, http.StatusTemporaryRedirect) ctx.Redirect(rawInfoPage, http.StatusTemporaryRedirect)
@ -178,7 +185,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
// Serve pages from subdomains of MainDomainSuffix // Serve pages from subdomains of MainDomainSuffix
log.Debug().Msg("main domain suffix") log.Debug().Msg("main domain suffix")
pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/") pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
targetOwner = string(bytes.TrimSuffix(trimmedHost, mainDomainSuffix)) targetOwner = string(bytes.TrimSuffix(trimmedHost, mainDomainSuffix))
targetRepo = pathElements[0] targetRepo = pathElements[0]
targetPath = strings.Trim(strings.Join(pathElements[1:], "/"), "/") targetPath = strings.Trim(strings.Join(pathElements[1:], "/"), "/")
@ -267,7 +274,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
return return
} }
pathElements := strings.Split(string(bytes.Trim(ctx.Request.URI().Path(), "/")), "/") pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
canonicalLink := "" canonicalLink := ""
if strings.HasPrefix(pathElements[0], "@") { if strings.HasPrefix(pathElements[0], "@") {
targetBranch = pathElements[0][1:] targetBranch = pathElements[0][1:]
@ -287,7 +294,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
// only redirect if the target is also a codeberg page! // only redirect if the target is also a codeberg page!
targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], string(mainDomainSuffix), dnsLookupCache) targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], string(mainDomainSuffix), dnsLookupCache)
if targetOwner != "" { if targetOwner != "" {
ctx.Redirect("https://"+canonicalDomain+string(ctx.RequestURI()), http.StatusTemporaryRedirect) ctx.Redirect("https://"+canonicalDomain+string(ctx.Path()), http.StatusTemporaryRedirect)
return return
} }

6
server/handler_fasthttp.go
View file

@ -23,7 +23,7 @@ import (
func Handler(mainDomainSuffix, rawDomain []byte, func Handler(mainDomainSuffix, rawDomain []byte,
giteaClient *gitea.Client, giteaClient *gitea.Client,
giteaRoot, rawInfoPage string, giteaRoot, rawInfoPage string,
blacklistedPaths, allowedCorsDomains [][]byte, blacklistedPaths, allowedCorsDomains []string,
dnsLookupCache, canonicalDomainCache cache.SetGetKey, dnsLookupCache, canonicalDomainCache cache.SetGetKey,
) func(ctx *fasthttp.RequestCtx) { ) func(ctx *fasthttp.RequestCtx) {
return func(ctx *fasthttp.RequestCtx) { return func(ctx *fasthttp.RequestCtx) {
@ -53,7 +53,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
// Block blacklisted paths (like ACME challenges) // Block blacklisted paths (like ACME challenges)
for _, blacklistedPath := range blacklistedPaths { for _, blacklistedPath := range blacklistedPaths {
if bytes.HasPrefix(ctx.Path(), blacklistedPath) { if bytes.HasPrefix(ctx.Path(), []byte(blacklistedPath)) {
html.ReturnErrorPage(ctx, fasthttp.StatusForbidden) html.ReturnErrorPage(ctx, fasthttp.StatusForbidden)
return return
} }
@ -62,7 +62,7 @@ func Handler(mainDomainSuffix, rawDomain []byte,
// Allow CORS for specified domains // Allow CORS for specified domains
allowCors := false allowCors := false
for _, allowedCorsDomain := range allowedCorsDomains { for _, allowedCorsDomain := range allowedCorsDomains {
if bytes.Equal(trimmedHost, allowedCorsDomain) { if bytes.Equal(trimmedHost, []byte(allowedCorsDomain)) {
allowCors = true allowCors = true
break break
} }

10
server/upstream/upstream_std.go
View file

@ -70,7 +70,7 @@ func (o *Options) Upstream(ctx *context.Context, giteaClient *gitea.Client) (fin
} }
// compatibility fix for GitHub Pages (/example → /example.html) // compatibility fix for GitHub Pages (/example → /example.html)
optionsForIndexPages.appendTrailingSlash = false optionsForIndexPages.appendTrailingSlash = false
optionsForIndexPages.redirectIfExists = strings.TrimSuffix(ctx.Req.URL.Path, "/") + ".html" optionsForIndexPages.redirectIfExists = strings.TrimSuffix(ctx.Path(), "/") + ".html"
optionsForIndexPages.TargetPath = o.TargetPath + ".html" optionsForIndexPages.TargetPath = o.TargetPath + ".html"
if optionsForIndexPages.Upstream(ctx, giteaClient) { if optionsForIndexPages.Upstream(ctx, giteaClient) {
return true return true
@ -100,12 +100,12 @@ func (o *Options) Upstream(ctx *context.Context, giteaClient *gitea.Client) (fin
// Append trailing slash if missing (for index files), and redirect to fix filenames in general // Append trailing slash if missing (for index files), and redirect to fix filenames in general
// o.appendTrailingSlash is only true when looking for index pages // o.appendTrailingSlash is only true when looking for index pages
if o.appendTrailingSlash && !strings.HasSuffix(ctx.Req.URL.Path, "/") { if o.appendTrailingSlash && !strings.HasSuffix(ctx.Path(), "/") {
ctx.Redirect(ctx.Req.URL.Path+"/", http.StatusTemporaryRedirect) ctx.Redirect(ctx.Path()+"/", http.StatusTemporaryRedirect)
return true return true
} }
if strings.HasSuffix(ctx.Req.URL.Path, "/index.html") { if strings.HasSuffix(ctx.Path(), "/index.html") {
ctx.Redirect(strings.TrimSuffix(ctx.Req.URL.Path, "index.html"), http.StatusTemporaryRedirect) ctx.Redirect(strings.TrimSuffix(ctx.Path(), "index.html"), http.StatusTemporaryRedirect)
return true return true
} }
if o.redirectIfExists != "" { if o.redirectIfExists != "" {