From c9050e5722120f03fc5c8e632aa785d790f2b513 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 11 Mar 2023 05:07:17 +0000 Subject: [PATCH] Handle Relative Symlinks (#205) enhance #114 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/205 --- integration/get_test.go | 13 ++++++++++++- integration/main_test.go | 2 +- server/certificates/acme_client.go | 2 +- server/database/xorm.go | 2 +- server/gitea/client.go | 6 +++++- 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/integration/get_test.go b/integration/get_test.go index 3a7190a..c0a3a47 100644 --- a/integration/get_test.go +++ b/integration/get_test.go @@ -64,7 +64,7 @@ func TestGetContent(t *testing.T) { assert.True(t, getSize(resp.Body) > 100) assert.Len(t, resp.Header.Get("ETag"), 44) - // TODO: test get of non cachable content (content size > fileCacheSizeLimit) + // TODO: test get of non cacheable content (content size > fileCacheSizeLimit) } func TestCustomDomain(t *testing.T) { @@ -154,6 +154,7 @@ func TestGetNotFound(t *testing.T) { func TestFollowSymlink(t *testing.T) { log.Printf("=== TestFollowSymlink ===\n") + // file symlink resp, err := getTestHTTPSClient().Get("https://cb_pages_tests.localhost.mock.directory:4430/tests_for_pages-server/@main/link") assert.NoError(t, err) if !assert.NotNil(t, resp) { @@ -165,6 +166,16 @@ func TestFollowSymlink(t *testing.T) { body := getBytes(resp.Body) assert.EqualValues(t, 4, len(body)) assert.EqualValues(t, "abc\n", string(body)) + + // relative file links (../index.html file in this case) + resp, err = getTestHTTPSClient().Get("https://cb_pages_tests.localhost.mock.directory:4430/tests_for_pages-server/@main/dir_aim/some/") + assert.NoError(t, err) + if !assert.NotNil(t, resp) { + t.FailNow() + } + assert.EqualValues(t, http.StatusOK, resp.StatusCode) + assert.EqualValues(t, "text/html; charset=utf-8", resp.Header.Get("Content-Type")) + assert.EqualValues(t, "an index\n", string(getBytes(resp.Body))) } func TestLFSSupport(t *testing.T) { diff --git a/integration/main_test.go b/integration/main_test.go index a397110..6566f78 100644 --- a/integration/main_test.go +++ b/integration/main_test.go @@ -23,7 +23,7 @@ func TestMain(m *testing.M) { } defer func() { serverCancel() - log.Println("=== TestMain: Server STOPED ===") + log.Println("=== TestMain: Server STOPPED ===") }() time.Sleep(10 * time.Second) diff --git a/server/certificates/acme_client.go b/server/certificates/acme_client.go index 7737396..ba83e50 100644 --- a/server/certificates/acme_client.go +++ b/server/certificates/acme_client.go @@ -89,7 +89,7 @@ func NewAcmeClient(acmeAccountConf, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeClientRequestLimit: equalizer.NewTokenBucket(5, 1*time.Second), // rate limit is 5 / hour https://letsencrypt.org/docs/failed-validation-limit/ acmeClientFailLimit: equalizer.NewTokenBucket(5, 1*time.Hour), - // checkUserLimit() use this to rate als per user + // checkUserLimit() use this to rate also per user acmeClientCertificateLimitPerUser: map[string]*equalizer.TokenBucket{}, }, nil } diff --git a/server/database/xorm.go b/server/database/xorm.go index 4b43cbb..fb1dc17 100644 --- a/server/database/xorm.go +++ b/server/database/xorm.go @@ -37,7 +37,7 @@ func NewXormDB(dbType, dbConn string) (CertDB, error) { } if err := e.Sync2(new(Cert)); err != nil { - return nil, fmt.Errorf("cound not sync db model :%w", err) + return nil, fmt.Errorf("could not sync db model :%w", err) } return &xDB{ diff --git a/server/gitea/client.go b/server/gitea/client.go index 51647ba..7a2bf63 100644 --- a/server/gitea/client.go +++ b/server/gitea/client.go @@ -112,7 +112,7 @@ func (client *Client) ServeRawContent(targetOwner, targetRepo, ref, resource str if cache, ok := client.responseCache.Get(cacheKey); ok { cache := cache.(FileResponse) cachedHeader, cachedStatusCode := cache.createHttpResponse(cacheKey) - // TODO: check against some timestamp missmatch?!? + // TODO: check against some timestamp mismatch?!? if cache.Exists { if cache.IsSymlink { linkDest := string(cache.Body) @@ -145,6 +145,10 @@ func (client *Client) ServeRawContent(targetOwner, targetRepo, ref, resource str } linkDest := strings.TrimSpace(string(linkDestBytes)) + // handle relative links + // we first remove the link from the path, and make a relative join (resolve parent paths like "/../" too) + linkDest = path.Join(path.Dir(resource), linkDest) + // we store symlink not content to reduce duplicates in cache if err := client.responseCache.Set(cacheKey, FileResponse{ Exists: true,