From c1df2f068b8fac7afaa98d63056945c5f7497c75 Mon Sep 17 00:00:00 2001 From: Dependency bot Date: Sun, 19 May 2024 01:11:30 +0000 Subject: [PATCH 1/8] fix(deps): update golang.org/x/exp digest to 9bf2ced (#335) --- go.mod | 2 +- go.sum | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index e4d880d..518dff0 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/rs/zerolog v1.27.0 github.com/stretchr/testify v1.8.4 github.com/urfave/cli/v2 v2.3.0 - golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 xorm.io/xorm v1.3.2 ) diff --git a/go.sum b/go.sum index 0687af6..ae24fc3 100644 --- a/go.sum +++ b/go.sum @@ -254,8 +254,8 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -784,8 +784,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= -golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -807,8 +807,9 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -864,8 +865,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -999,8 +1001,9 @@ golang.org/x/tools v0.0.0-20200410194907-79a7a3126eef/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From b54cd38d0be564dad2dce2e25c82dffed7bc4428 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 19 May 2024 16:18:11 +0000 Subject: [PATCH 2/8] Fix Dockerfile binary location (#337) I know get the following ``` docker run --rm pages-server:test 12:40PM ERR A fatal error occurred error="could not create new gitea client: Get \"/api/v1/version\": unsupported protocol scheme \"\"" ``` which I am not sure is OK as doing the same with v5.1 results in ``` docker run --platform linux/amd64 --rm -it codeberg.org/codeberg/pages-server:v5.1 ACME client has wrong config: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory ``` The error is the same though what I get when building of 8cba7f9c8ad591b2c2ebef8f0978343ab3a14ead (just before merging the multi-arch PR). Not sure if this ERR is expected but it should be unrelated to the multiarch approach. Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/337 Reviewed-by: crapStone Co-authored-by: pat-s Co-committed-by: pat-s --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9c05cda..6106317 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,13 +16,14 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=1 \ xgo -x -v --targets=${TARGETOS}/${TARGETARCH} -tags='sqlite sqlite_unlock_notify netgo' -ldflags='-s -w -extldflags "-static" -linkmode external' -out pages . +RUN mv -vf /build/pages-* /go/src/codeberg.org/codeberg/pages/pages # Use a scratch image as the base image for the final container, # which will contain only the built binary and the CA certificates FROM scratch # Copy the built binary and the CA certificates from the build container to the final container -COPY --from=build /go/src/codeberg.org/codeberg/pages/ /pages +COPY --from=build /go/src/codeberg.org/codeberg/pages/pages /pages COPY --from=build \ /etc/ssl/certs/ca-certificates.crt \ /etc/ssl/certs/ca-certificates.crt From 69361c69c143ab3edce230269d8a5084b16fb580 Mon Sep 17 00:00:00 2001 From: Dependency bot Date: Mon, 20 May 2024 00:39:02 +0000 Subject: [PATCH 3/8] chore(deps): update pipelinecomponents/yamllint docker tag to v0.31.2 (#336) --- .woodpecker/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 5efcca1..0dde00e 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -28,7 +28,7 @@ steps: branch: renovate/* yamllint: - image: pipelinecomponents/yamllint:0.31.1 + image: pipelinecomponents/yamllint:0.31.2 depends_on: [] commands: - yamllint . From 885cfac2ec4f04f5a62401a71f4e598b06445f74 Mon Sep 17 00:00:00 2001 From: Dependency bot Date: Sun, 26 May 2024 01:26:39 +0000 Subject: [PATCH 4/8] chore(deps): update golangci/golangci-lint docker tag to v1.58.2 (#341) --- .woodpecker/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 0dde00e..cf59edc 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -8,7 +8,7 @@ when: steps: lint: depends_on: [] - image: golangci/golangci-lint:v1.58.1 + image: golangci/golangci-lint:v1.58.2 commands: - go version - go install mvdan.cc/gofumpt@latest From eea009c7febce63ed21b8184af244181aa266a35 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 26 May 2024 14:34:03 +0000 Subject: [PATCH 5/8] Allow building PR images on demand (#340) Triggered when the label is set in a PR. Helps to test changes in PRs. Co-authored-by: crapStone Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/340 Reviewed-by: crapStone Co-authored-by: pat-s Co-committed-by: pat-s --- .woodpecker/build.yml | 17 +++++++++++++++++ README.md | 11 +++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index f2cb615..a86c7fe 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -114,6 +114,23 @@ steps: - event: ['push'] branch: ${CI_REPO_DEFAULT_BRANCH} + 'Publish PR image': + image: woodpeckerci/plugin-docker-buildx:3.2.1 + depends_on: test + settings: + registry: codeberg.org + dockerfile: Dockerfile + platforms: linux/amd64 + repo: codeberg.org/codeberg/pages-server + tags: next + username: + from_secret: bot_user + password: + from_secret: bot_token + when: + evaluate: 'CI_COMMIT_PULL_REQUEST_LABELS contains "build_pr_image"' + event: pull_request + docker-tag: depends_on: vendor image: woodpeckerci/plugin-docker-buildx:3.2.1 diff --git a/README.md b/README.md index a1d6424..34143f1 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,9 @@ but forward the requests on the IP level to the Pages Server. You can check out a proof of concept in the `examples/haproxy-sni` folder, and especially have a look at [this section of the haproxy.cfg](https://codeberg.org/Codeberg/pages-server/src/branch/main/examples/haproxy-sni/haproxy.cfg#L38). +If you want to test a change, you can open a PR and ask for the label `build_pr_image` to be added. +This will trigger a build of the PR which will build a docker image to be used for testing. + ### Environment Variables - `HOST` & `PORT` (default: `[::]` & `443`): listen address. @@ -72,14 +75,14 @@ and especially have a look at [this section of the haproxy.cfg](https://codeberg - `GITEA_ROOT` (default: `https://codeberg.org`): root of the upstream Gitea instance. - `GITEA_API_TOKEN` (default: empty): API token for the Gitea instance to access non-public (e.g. limited) repos. - `RAW_INFO_PAGE` (default: ): info page for raw resources, shown if no resource is provided. -- `ACME_API` (default: ): set this to to use invalid certificates without any verification (great for debugging). +- `ACME_API` (default: ): set this to to use invalid certificates without any verification (great for debugging). ZeroSSL might be better in the future as it doesn't have rate limits and doesn't clash with the official Codeberg certificates (which are using Let's Encrypt), but I couldn't get it to work yet. - `ACME_EMAIL` (default: `noreply@example.email`): Set the email sent to the ACME API server to receive, for example, renewal reminders. - `ACME_EAB_KID` & `ACME_EAB_HMAC` (default: don't use EAB): EAB credentials, for example for ZeroSSL. - `ACME_ACCEPT_TERMS` (default: use self-signed certificate): Set this to "true" to accept the Terms of Service of your ACME provider. - `ACME_USE_RATE_LIMITS` (default: true): Set this to false to disable rate limits, e.g. with ZeroSSL. - `ENABLE_HTTP_SERVER` (default: false): Set this to true to enable the HTTP-01 challenge and redirect all other HTTP requests to HTTPS. Currently only works with port 80. -- `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard. +- `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard. See for available values & additional environment variables. - `NO_DNS_01` (default: `false`): Disable the use of ACME DNS. This means that the wildcard certificate is self-signed and all domains and subdomains will have a distinct certificate. Because this may lead to a rate limit from the ACME provider, this option is not recommended for Gitea/Forgejo instances with open registrations or a great number of users/orgs. - `LOG_LEVEL` (default: warn): Set this to specify the level of logging. @@ -104,7 +107,7 @@ Previous maintainers: ### First steps -The code of this repository is split in several modules. +The code of this repository is split in several modules. The [Architecture is explained](https://codeberg.org/Codeberg/pages-server/wiki/Architecture) in the wiki. The `cmd` folder holds the data necessary for interacting with the service via the cli. @@ -117,7 +120,7 @@ Thank you very much. Make sure you have [golang](https://go.dev) v1.21 or newer and [just](https://just.systems/man/en/) installed. -run `just dev` +run `just dev` now these pages should work: - From 77a8439ea7b59e40b88598589ca4653e4959b24b Mon Sep 17 00:00:00 2001 From: crapStone Date: Sun, 26 May 2024 14:45:03 +0000 Subject: [PATCH 6/8] Rename gitea to forge in cli args and env variables (#339) This PR renames `gitea` in cli args to `forge` and `GITEA` in environment variables to `FORGE` and adds the gitea names as aliases for the forge names. Also closes #311 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/339 --- cli/flags.go | 24 ++++++----- config/assets/test_config.toml | 4 +- config/config.go | 4 +- config/setup.go | 12 +++--- config/setup_test.go | 73 +++++++++++++++++++++++----------- example_config.toml | 2 +- server/gitea/client.go | 9 +++-- server/handler/handler_test.go | 2 +- server/startup.go | 2 +- 9 files changed, 81 insertions(+), 51 deletions(-) diff --git a/cli/flags.go b/cli/flags.go index f7a7dc8..934ef8d 100644 --- a/cli/flags.go +++ b/cli/flags.go @@ -22,29 +22,31 @@ var ( ServerFlags = append(CertStorageFlags, []cli.Flag{ // ############# - // ### Gitea ### + // ### Forge ### // ############# - // GiteaRoot specifies the root URL of the Gitea instance, without a trailing slash. + // ForgeRoot specifies the root URL of the Forge instance, without a trailing slash. &cli.StringFlag{ - Name: "gitea-root", - Usage: "specifies the root URL of the Gitea instance, without a trailing slash.", - EnvVars: []string{"GITEA_ROOT"}, + Name: "forge-root", + Aliases: []string{"gitea-root"}, + Usage: "specifies the root URL of the Forgejo/Gitea instance, without a trailing slash.", + EnvVars: []string{"FORGE_ROOT", "GITEA_ROOT"}, }, - // GiteaApiToken specifies an api token for the Gitea instance + // ForgeApiToken specifies an api token for the Forge instance &cli.StringFlag{ - Name: "gitea-api-token", - Usage: "specifies an api token for the Gitea instance", - EnvVars: []string{"GITEA_API_TOKEN"}, + Name: "forge-api-token", + Aliases: []string{"gitea-api-token"}, + Usage: "specifies an api token for the Forgejo/Gitea instance", + EnvVars: []string{"FORGE_API_TOKEN", "GITEA_API_TOKEN"}, }, &cli.BoolFlag{ Name: "enable-lfs-support", - Usage: "enable lfs support, require gitea >= v1.17.0 as backend", + Usage: "enable lfs support, gitea must be version v1.17.0 or higher", EnvVars: []string{"ENABLE_LFS_SUPPORT"}, Value: false, }, &cli.BoolFlag{ Name: "enable-symlink-support", - Usage: "follow symlinks if enabled, require gitea >= v1.18.0 as backend", + Usage: "follow symlinks if enabled, gitea must be version v1.18.0 or higher", EnvVars: []string{"ENABLE_SYMLINK_SUPPORT"}, Value: false, }, diff --git a/config/assets/test_config.toml b/config/assets/test_config.toml index 6a2f0d0..acb2c55 100644 --- a/config/assets/test_config.toml +++ b/config/assets/test_config.toml @@ -10,8 +10,8 @@ rawDomain = 'raw.codeberg.page' allowedCorsDomains = ['fonts.codeberg.org', 'design.codeberg.org'] blacklistedPaths = ['do/not/use'] -[gitea] -root = 'codeberg.org' +[forge] +root = 'https://codeberg.org' token = 'XXXXXXXX' lfsEnabled = true followSymlinks = true diff --git a/config/config.go b/config/config.go index 0146e0f..2accbf5 100644 --- a/config/config.go +++ b/config/config.go @@ -3,7 +3,7 @@ package config type Config struct { LogLevel string `default:"warn"` Server ServerConfig - Gitea GiteaConfig + Forge ForgeConfig Database DatabaseConfig ACME ACMEConfig } @@ -20,7 +20,7 @@ type ServerConfig struct { BlacklistedPaths []string } -type GiteaConfig struct { +type ForgeConfig struct { Root string Token string LFSEnabled bool `default:"false"` diff --git a/config/setup.go b/config/setup.go index 6a2aa62..f1388fe 100644 --- a/config/setup.go +++ b/config/setup.go @@ -51,7 +51,7 @@ func MergeConfig(ctx *cli.Context, config *Config) { } mergeServerConfig(ctx, &config.Server) - mergeGiteaConfig(ctx, &config.Gitea) + mergeForgeConfig(ctx, &config.Forge) mergeDatabaseConfig(ctx, &config.Database) mergeACMEConfig(ctx, &config.ACME) } @@ -89,12 +89,12 @@ func mergeServerConfig(ctx *cli.Context, config *ServerConfig) { config.BlacklistedPaths = append(config.BlacklistedPaths, ALWAYS_BLACKLISTED_PATHS...) } -func mergeGiteaConfig(ctx *cli.Context, config *GiteaConfig) { - if ctx.IsSet("gitea-root") { - config.Root = ctx.String("gitea-root") +func mergeForgeConfig(ctx *cli.Context, config *ForgeConfig) { + if ctx.IsSet("forge-root") { + config.Root = ctx.String("forge-root") } - if ctx.IsSet("gitea-api-token") { - config.Token = ctx.String("gitea-api-token") + if ctx.IsSet("forge-api-token") { + config.Token = ctx.String("forge-api-token") } if ctx.IsSet("enable-lfs-support") { config.LFSEnabled = ctx.Bool("enable-lfs-support") diff --git a/config/setup_test.go b/config/setup_test.go index 1a32740..6ca9712 100644 --- a/config/setup_test.go +++ b/config/setup_test.go @@ -110,7 +110,7 @@ func TestValuesReadFromConfigFileShouldBeOverwrittenByArgs(t *testing.T) { } expectedConfig.LogLevel = "debug" - expectedConfig.Gitea.Root = "not-codeberg.org" + expectedConfig.Forge.Root = "not-codeberg.org" expectedConfig.ACME.AcceptTerms = true expectedConfig.Server.Host = "172.17.0.2" expectedConfig.Server.BlacklistedPaths = append(expectedConfig.Server.BlacklistedPaths, ALWAYS_BLACKLISTED_PATHS...) @@ -122,7 +122,7 @@ func TestValuesReadFromConfigFileShouldBeOverwrittenByArgs(t *testing.T) { []string{ "--config-file", "assets/test_config.toml", "--log-level", "debug", - "--gitea-root", "not-codeberg.org", + "--forge-root", "not-codeberg.org", "--acme-accept-terms", "--host", "172.17.0.2", }, @@ -146,7 +146,7 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T AllowedCorsDomains: []string{"original"}, BlacklistedPaths: []string{"original"}, }, - Gitea: GiteaConfig{ + Forge: ForgeConfig{ Root: "original", Token: "original", LFSEnabled: false, @@ -186,7 +186,7 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T AllowedCorsDomains: []string{"changed"}, BlacklistedPaths: append([]string{"changed"}, ALWAYS_BLACKLISTED_PATHS...), }, - Gitea: GiteaConfig{ + Forge: ForgeConfig{ Root: "changed", Token: "changed", LFSEnabled: true, @@ -227,9 +227,9 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T "--port", "8443", "--http-port", "443", "--enable-http-server", - // Gitea - "--gitea-root", "changed", - "--gitea-api-token", "changed", + // Forge + "--forge-root", "changed", + "--forge-api-token", "changed", "--enable-lfs-support", "--enable-symlink-support", "--default-mime-type", "changed", @@ -366,11 +366,11 @@ func TestMergeServerConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgE } } -func TestMergeGiteaConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T) { +func TestMergeForgeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T) { runApp( t, func(ctx *cli.Context) error { - cfg := &GiteaConfig{ + cfg := &ForgeConfig{ Root: "original", Token: "original", LFSEnabled: false, @@ -379,9 +379,9 @@ func TestMergeGiteaConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *test ForbiddenMimeTypes: []string{"original"}, } - mergeGiteaConfig(ctx, cfg) + mergeForgeConfig(ctx, cfg) - expectedConfig := &GiteaConfig{ + expectedConfig := &ForgeConfig{ Root: "changed", Token: "changed", LFSEnabled: true, @@ -395,8 +395,8 @@ func TestMergeGiteaConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *test return nil }, []string{ - "--gitea-root", "changed", - "--gitea-api-token", "changed", + "--forge-root", "changed", + "--forge-api-token", "changed", "--enable-lfs-support", "--enable-symlink-support", "--default-mime-type", "changed", @@ -405,25 +405,25 @@ func TestMergeGiteaConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *test ) } -func TestMergeGiteaConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgExists(t *testing.T) { +func TestMergeForgeConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgExists(t *testing.T) { type testValuePair struct { args []string - callback func(*GiteaConfig) + callback func(*ForgeConfig) } testValuePairs := []testValuePair{ - {args: []string{"--gitea-root", "changed"}, callback: func(gc *GiteaConfig) { gc.Root = "changed" }}, - {args: []string{"--gitea-api-token", "changed"}, callback: func(gc *GiteaConfig) { gc.Token = "changed" }}, - {args: []string{"--enable-lfs-support"}, callback: func(gc *GiteaConfig) { gc.LFSEnabled = true }}, - {args: []string{"--enable-symlink-support"}, callback: func(gc *GiteaConfig) { gc.FollowSymlinks = true }}, - {args: []string{"--default-mime-type", "changed"}, callback: func(gc *GiteaConfig) { gc.DefaultMimeType = "changed" }}, - {args: []string{"--forbidden-mime-types", "changed"}, callback: func(gc *GiteaConfig) { gc.ForbiddenMimeTypes = []string{"changed"} }}, + {args: []string{"--forge-root", "changed"}, callback: func(gc *ForgeConfig) { gc.Root = "changed" }}, + {args: []string{"--forge-api-token", "changed"}, callback: func(gc *ForgeConfig) { gc.Token = "changed" }}, + {args: []string{"--enable-lfs-support"}, callback: func(gc *ForgeConfig) { gc.LFSEnabled = true }}, + {args: []string{"--enable-symlink-support"}, callback: func(gc *ForgeConfig) { gc.FollowSymlinks = true }}, + {args: []string{"--default-mime-type", "changed"}, callback: func(gc *ForgeConfig) { gc.DefaultMimeType = "changed" }}, + {args: []string{"--forbidden-mime-types", "changed"}, callback: func(gc *ForgeConfig) { gc.ForbiddenMimeTypes = []string{"changed"} }}, } for _, pair := range testValuePairs { runApp( t, func(ctx *cli.Context) error { - cfg := GiteaConfig{ + cfg := ForgeConfig{ Root: "original", Token: "original", LFSEnabled: false, @@ -435,7 +435,7 @@ func TestMergeGiteaConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgEx expectedConfig := cfg pair.callback(&expectedConfig) - mergeGiteaConfig(ctx, &cfg) + mergeForgeConfig(ctx, &cfg) expectedConfig.ForbiddenMimeTypes = fixArrayFromCtx(ctx, "forbidden-mime-types", expectedConfig.ForbiddenMimeTypes) @@ -448,6 +448,33 @@ func TestMergeGiteaConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgEx } } +func TestMergeForgeConfigShouldReplaceValuesGivenGiteaOptionsExist(t *testing.T) { + runApp( + t, + func(ctx *cli.Context) error { + cfg := &ForgeConfig{ + Root: "original", + Token: "original", + } + + mergeForgeConfig(ctx, cfg) + + expectedConfig := &ForgeConfig{ + Root: "changed", + Token: "changed", + } + + assert.Equal(t, expectedConfig, cfg) + + return nil + }, + []string{ + "--gitea-root", "changed", + "--gitea-api-token", "changed", + }, + ) +} + func TestMergeDatabaseConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T) { runApp( t, diff --git a/example_config.toml b/example_config.toml index 30e77c4..c8dacb2 100644 --- a/example_config.toml +++ b/example_config.toml @@ -11,7 +11,7 @@ pagesBranches = ["pages"] allowedCorsDomains = [] blacklistedPaths = [] -[gitea] +[forge] root = 'https://codeberg.org' token = 'ASDF1234' lfsEnabled = true diff --git a/server/gitea/client.go b/server/gitea/client.go index 5955bfb..3abb487 100644 --- a/server/gitea/client.go +++ b/server/gitea/client.go @@ -57,12 +57,13 @@ type Client struct { defaultMimeType string } -func NewClient(cfg config.GiteaConfig, respCache cache.ICache) (*Client, error) { - rootURL, err := url.Parse(cfg.Root) +func NewClient(cfg config.ForgeConfig, respCache cache.ICache) (*Client, error) { + // url.Parse returns valid on almost anything... + rootURL, err := url.ParseRequestURI(cfg.Root) if err != nil { - return nil, err + return nil, fmt.Errorf("invalid forgejo/gitea root url: %w", err) } - giteaRoot := strings.Trim(rootURL.String(), "/") + giteaRoot := strings.TrimSuffix(rootURL.String(), "/") stdClient := http.Client{Timeout: 10 * time.Second} diff --git a/server/handler/handler_test.go b/server/handler/handler_test.go index 4cb859a..0ae7962 100644 --- a/server/handler/handler_test.go +++ b/server/handler/handler_test.go @@ -13,7 +13,7 @@ import ( ) func TestHandlerPerformance(t *testing.T) { - cfg := config.GiteaConfig{ + cfg := config.ForgeConfig{ Root: "https://codeberg.org", Token: "", LFSEnabled: false, diff --git a/server/startup.go b/server/startup.go index fd89803..95c3c5c 100644 --- a/server/startup.go +++ b/server/startup.go @@ -77,7 +77,7 @@ func Serve(ctx *cli.Context) error { // clientResponseCache stores responses from the Gitea server clientResponseCache := cache.NewInMemoryCache() - giteaClient, err := gitea.NewClient(cfg.Gitea, clientResponseCache) + giteaClient, err := gitea.NewClient(cfg.Forge, clientResponseCache) if err != nil { return fmt.Errorf("could not create new gitea client: %v", err) } From b9a9467dba4ee3d2b2004339075c3a8b86c04fe5 Mon Sep 17 00:00:00 2001 From: Dependency bot Date: Sun, 26 May 2024 17:11:00 +0000 Subject: [PATCH 7/8] chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v4 (#332) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [woodpeckerci/plugin-docker-buildx](https://codeberg.org/woodpecker-plugins/docker-buildx) ([source](https://codeberg.org/woodpecker-plugins/docker-buildx.git)) | major | `3.2.1` -> `4.0.0` | --- ### Release Notes
woodpecker-plugins/docker-buildx (woodpeckerci/plugin-docker-buildx) ### [`v4.0.0`](https://codeberg.org/woodpecker-plugins/docker-buildx/releases/tag/v4.0.0) [Compare Source](https://codeberg.org/woodpecker-plugins/docker-buildx/compare/v3.2.1...v4.0.0) - chore(deps): update docker docker tag to v26.1.0 - chore(deps): update docker/buildx-bin docker tag to v0.14.0 ([#​155](https://github.com/woodpecker-plugins/docker-buildx/issues/155))
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: woodpecker-bot Co-authored-by: crapStone Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/332 Co-authored-by: Dependency bot Co-committed-by: Dependency bot --- .woodpecker/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index a86c7fe..ea38374 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -29,7 +29,7 @@ steps: docker-dryrun: depends_on: vendor - image: woodpeckerci/plugin-docker-buildx:3.2.1 + image: woodpeckerci/plugin-docker-buildx:4.0.0 settings: dockerfile: Dockerfile platforms: linux/amd64 @@ -99,7 +99,7 @@ steps: docker-next: depends_on: vendor - image: woodpeckerci/plugin-docker-buildx:3.2.1 + image: woodpeckerci/plugin-docker-buildx:4.0.0 settings: registry: codeberg.org dockerfile: Dockerfile @@ -133,7 +133,7 @@ steps: docker-tag: depends_on: vendor - image: woodpeckerci/plugin-docker-buildx:3.2.1 + image: woodpeckerci/plugin-docker-buildx:4.0.0 settings: registry: codeberg.org dockerfile: Dockerfile From 2c41e11f2ff0565456f9b2d74c79d961266226c7 Mon Sep 17 00:00:00 2001 From: crapStone Date: Sun, 26 May 2024 20:05:46 +0000 Subject: [PATCH 8/8] Use hashicorp's LRU cache for DNS & certificates (#315) Taken from #301 Co-authored-by: Moritz Marquardt Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/315 --- flake.lock | 6 ++--- flake.nix | 1 + go.mod | 1 + go.sum | 2 ++ server/certificates/certificates.go | 34 +++++++++++++++++-------- server/dns/dns.go | 20 +++++++++------ server/handler/handler.go | 4 +-- server/handler/handler_custom_domain.go | 6 ++--- server/handler/handler_test.go | 2 +- server/startup.go | 7 ++--- 10 files changed, 50 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index b14ba48..c74fe33 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714030708, - "narHash": "sha256-JOGPOxa8N6ySzB7SQBsh0OVz+UXZriyahgvfNHMIY0Y=", + "lastModified": 1716715802, + "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d52b31f7f4d80f8bf38f0253652125579c35ff", + "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f981ed1..61f3b55 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,7 @@ gcc go gofumpt + golangci-lint gopls gotools go-tools diff --git a/go.mod b/go.mod index 518dff0..bb3a05a 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/creasty/defaults v1.7.0 github.com/go-acme/lego/v4 v4.5.3 github.com/go-sql-driver/mysql v1.6.0 + github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/joho/godotenv v1.4.0 github.com/lib/pq v1.10.7 github.com/mattn/go-sqlite3 v1.14.16 diff --git a/go.sum b/go.sum index ae24fc3..5875472 100644 --- a/go.sum +++ b/go.sum @@ -323,6 +323,8 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= +github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= diff --git a/server/certificates/certificates.go b/server/certificates/certificates.go index 67219dd..ff34775 100644 --- a/server/certificates/certificates.go +++ b/server/certificates/certificates.go @@ -14,6 +14,7 @@ import ( "github.com/go-acme/lego/v4/certificate" "github.com/go-acme/lego/v4/challenge/tlsalpn01" "github.com/go-acme/lego/v4/lego" + "github.com/hashicorp/golang-lru/v2/expirable" "github.com/reugn/equalizer" "github.com/rs/zerolog/log" @@ -31,11 +32,14 @@ func TLSConfig(mainDomainSuffix string, giteaClient *gitea.Client, acmeClient *AcmeClient, firstDefaultBranch string, - keyCache, challengeCache, dnsLookupCache, canonicalDomainCache cache.ICache, + challengeCache, canonicalDomainCache cache.ICache, certDB database.CertDB, noDNS01 bool, rawDomain string, ) *tls.Config { + // every cert is at most 24h in the cache and 7 days before expiry the cert is renewed + keyCache := expirable.NewLRU[string, *tls.Certificate](32, nil, 24*time.Hour) + return &tls.Config{ // check DNS name & get certificate from Let's Encrypt GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { @@ -86,7 +90,7 @@ func TLSConfig(mainDomainSuffix string, } } else { var targetRepo, targetBranch string - targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch, dnsLookupCache) + targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch) if targetOwner == "" { // DNS not set up, return main certificate to redirect to the docs domain = mainDomainSuffix @@ -107,7 +111,7 @@ func TLSConfig(mainDomainSuffix string, if tlsCertificate, ok := keyCache.Get(domain); ok { // we can use an existing certificate object - return tlsCertificate.(*tls.Certificate), nil + return tlsCertificate, nil } var tlsCertificate *tls.Certificate @@ -132,9 +136,8 @@ func TLSConfig(mainDomainSuffix string, } } - if err := keyCache.Set(domain, tlsCertificate, 15*time.Minute); err != nil { - return nil, err - } + keyCache.Add(domain, tlsCertificate) + return tlsCertificate, nil }, NextProtos: []string{ @@ -186,11 +189,10 @@ func (c *AcmeClient) retrieveCertFromDB(sni, mainDomainSuffix string, useDnsProv // TODO: document & put into own function if !strings.EqualFold(sni, mainDomainSuffix) { - tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0]) + tlsCertificate.Leaf, err = leaf(&tlsCertificate) if err != nil { - return nil, fmt.Errorf("error parsing leaf tlsCert: %w", err) + return nil, err } - // renew certificates 7 days before they expire if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) { // TODO: use ValidTill of custom cert struct @@ -291,6 +293,7 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew } leaf, err := leaf(&tlsCertificate) if err == nil && leaf.NotAfter.After(time.Now()) { + tlsCertificate.Leaf = leaf // avoid sending a mock cert instead of a still valid cert, instead abuse CSR field to store time to try again at renew.CSR = []byte(strconv.FormatInt(time.Now().Add(6*time.Hour).Unix(), 10)) if err := keyDatabase.Put(name, renew); err != nil { @@ -388,11 +391,20 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, acmeClient *Acm } } -// leaf returns the parsed leaf certificate, either from c.leaf or by parsing +// leaf returns the parsed leaf certificate, either from c.Leaf or by parsing // the corresponding c.Certificate[0]. +// After successfully parsing the cert c.Leaf gets set to the parsed cert. func leaf(c *tls.Certificate) (*x509.Certificate, error) { if c.Leaf != nil { return c.Leaf, nil } - return x509.ParseCertificate(c.Certificate[0]) + + leaf, err := x509.ParseCertificate(c.Certificate[0]) + if err != nil { + return nil, fmt.Errorf("tlsCert - failed to parse leaf: %w", err) + } + + c.Leaf = leaf + + return leaf, err } diff --git a/server/dns/dns.go b/server/dns/dns.go index 970f0c0..e29e42c 100644 --- a/server/dns/dns.go +++ b/server/dns/dns.go @@ -5,22 +5,26 @@ import ( "strings" "time" - "codeberg.org/codeberg/pages/server/cache" + "github.com/hashicorp/golang-lru/v2/expirable" ) -// lookupCacheTimeout specifies the timeout for the DNS lookup cache. -var lookupCacheTimeout = 15 * time.Minute +const ( + lookupCacheValidity = 30 * time.Second + defaultPagesRepo = "pages" +) -var defaultPagesRepo = "pages" +// TODO(#316): refactor to not use global variables +var lookupCache *expirable.LRU[string, string] = expirable.NewLRU[string, string](4096, nil, lookupCacheValidity) // GetTargetFromDNS searches for CNAME or TXT entries on the request domain ending with MainDomainSuffix. // If everything is fine, it returns the target data. -func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string, dnsLookupCache cache.ICache) (targetOwner, targetRepo, targetBranch string) { +func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string) (targetOwner, targetRepo, targetBranch string) { // Get CNAME or TXT var cname string var err error - if cachedName, ok := dnsLookupCache.Get(domain); ok { - cname = cachedName.(string) + + if entry, ok := lookupCache.Get(domain); ok { + cname = entry } else { cname, err = net.LookupCNAME(domain) cname = strings.TrimSuffix(cname, ".") @@ -38,7 +42,7 @@ func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string, dnsLo } } } - _ = dnsLookupCache.Set(domain, cname, lookupCacheTimeout) + _ = lookupCache.Add(domain, cname) } if cname == "" { return diff --git a/server/handler/handler.go b/server/handler/handler.go index ffc3400..c038c2d 100644 --- a/server/handler/handler.go +++ b/server/handler/handler.go @@ -23,7 +23,7 @@ const ( func Handler( cfg config.ServerConfig, giteaClient *gitea.Client, - dnsLookupCache, canonicalDomainCache, redirectsCache cache.ICache, + canonicalDomainCache, redirectsCache cache.ICache, ) http.HandlerFunc { return func(w http.ResponseWriter, req *http.Request) { log.Debug().Msg("\n----------------------------------------------------------") @@ -108,7 +108,7 @@ func Handler( trimmedHost, pathElements, cfg.PagesBranches[0], - dnsLookupCache, canonicalDomainCache, redirectsCache) + canonicalDomainCache, redirectsCache) } } } diff --git a/server/handler/handler_custom_domain.go b/server/handler/handler_custom_domain.go index 82953f9..852001a 100644 --- a/server/handler/handler_custom_domain.go +++ b/server/handler/handler_custom_domain.go @@ -19,10 +19,10 @@ func handleCustomDomain(log zerolog.Logger, ctx *context.Context, giteaClient *g trimmedHost string, pathElements []string, firstDefaultBranch string, - dnsLookupCache, canonicalDomainCache, redirectsCache cache.ICache, + canonicalDomainCache, redirectsCache cache.ICache, ) { // Serve pages from custom domains - targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHost, mainDomainSuffix, firstDefaultBranch, dnsLookupCache) + targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHost, mainDomainSuffix, firstDefaultBranch) if targetOwner == "" { html.ReturnErrorPage(ctx, "could not obtain repo owner from custom domain", @@ -53,7 +53,7 @@ func handleCustomDomain(log zerolog.Logger, ctx *context.Context, giteaClient *g return } else if canonicalDomain != trimmedHost { // only redirect if the target is also a codeberg page! - targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], mainDomainSuffix, firstDefaultBranch, dnsLookupCache) + targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], mainDomainSuffix, firstDefaultBranch) if targetOwner != "" { ctx.Redirect("https://"+canonicalDomain+"/"+targetOpt.TargetPath, http.StatusTemporaryRedirect) return diff --git a/server/handler/handler_test.go b/server/handler/handler_test.go index 0ae7962..765b3b1 100644 --- a/server/handler/handler_test.go +++ b/server/handler/handler_test.go @@ -29,7 +29,7 @@ func TestHandlerPerformance(t *testing.T) { AllowedCorsDomains: []string{"raw.codeberg.org", "fonts.codeberg.org", "design.codeberg.org"}, PagesBranches: []string{"pages"}, } - testHandler := Handler(serverCfg, giteaClient, cache.NewInMemoryCache(), cache.NewInMemoryCache(), cache.NewInMemoryCache()) + testHandler := Handler(serverCfg, giteaClient, cache.NewInMemoryCache(), cache.NewInMemoryCache()) testCase := func(uri string, status int) { t.Run(uri, func(t *testing.T) { diff --git a/server/startup.go b/server/startup.go index 95c3c5c..6642d83 100644 --- a/server/startup.go +++ b/server/startup.go @@ -66,12 +66,9 @@ func Serve(ctx *cli.Context) error { } defer closeFn() - keyCache := cache.NewInMemoryCache() challengeCache := cache.NewInMemoryCache() // canonicalDomainCache stores canonical domains canonicalDomainCache := cache.NewInMemoryCache() - // dnsLookupCache stores DNS lookups for custom domains - dnsLookupCache := cache.NewInMemoryCache() // redirectsCache stores redirects in _redirects files redirectsCache := cache.NewInMemoryCache() // clientResponseCache stores responses from the Gitea server @@ -104,7 +101,7 @@ func Serve(ctx *cli.Context) error { giteaClient, acmeClient, cfg.Server.PagesBranches[0], - keyCache, challengeCache, dnsLookupCache, canonicalDomainCache, + challengeCache, canonicalDomainCache, certDB, cfg.ACME.NoDNS01, cfg.Server.RawDomain, @@ -134,7 +131,7 @@ func Serve(ctx *cli.Context) error { } // Create ssl handler based on settings - sslHandler := handler.Handler(cfg.Server, giteaClient, dnsLookupCache, canonicalDomainCache, redirectsCache) + sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache) // Start the ssl listener log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())