mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-18 18:39:42 +00:00
288 lines
11 KiB
Go
288 lines
11 KiB
Go
package server
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
|
|
"codeberg.org/codeberg/pages/html"
|
|
"codeberg.org/codeberg/pages/server/cache"
|
|
"codeberg.org/codeberg/pages/server/context"
|
|
"codeberg.org/codeberg/pages/server/dns"
|
|
"codeberg.org/codeberg/pages/server/gitea"
|
|
"codeberg.org/codeberg/pages/server/upstream"
|
|
"codeberg.org/codeberg/pages/server/utils"
|
|
"codeberg.org/codeberg/pages/server/version"
|
|
)
|
|
|
|
const (
|
|
headerAccessControlAllowOrigin = "Access-Control-Allow-Origin"
|
|
headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
|
|
)
|
|
|
|
// Handler handles a single HTTP request to the web server.
|
|
func Handler(mainDomainSuffix, rawDomain string,
|
|
giteaClient *gitea.Client,
|
|
rawInfoPage string,
|
|
blacklistedPaths, allowedCorsDomains []string,
|
|
dnsLookupCache, canonicalDomainCache cache.SetGetKey,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
log := log.With().Strs("Handler", []string{string(req.Host), req.RequestURI}).Logger()
|
|
ctx := context.New(w, req)
|
|
|
|
ctx.RespWriter.Header().Set("Server", "CodebergPages/"+version.Version)
|
|
|
|
// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
|
|
ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
|
|
|
// Enable browser caching for up to 10 minutes
|
|
ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")
|
|
|
|
trimmedHost := utils.TrimHostPort(req.Host)
|
|
|
|
// Add HSTS for RawDomain and MainDomainSuffix
|
|
if hsts := getHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" {
|
|
ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
|
|
}
|
|
|
|
// Handle all http methods
|
|
ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
|
|
switch ctx.Req.Method {
|
|
case http.MethodOptions:
|
|
// return Allow header
|
|
ctx.RespWriter.WriteHeader(http.StatusNoContent)
|
|
return
|
|
case http.MethodGet,
|
|
http.MethodHead:
|
|
// end switch case and handle allowed requests
|
|
break
|
|
default:
|
|
// Block all methods not required for static pages
|
|
ctx.String("Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
// Block blacklisted paths (like ACME challenges)
|
|
for _, blacklistedPath := range blacklistedPaths {
|
|
if strings.HasPrefix(ctx.Path(), blacklistedPath) {
|
|
html.ReturnErrorPage(ctx, "requested blacklisted path", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Allow CORS for specified domains
|
|
allowCors := false
|
|
for _, allowedCorsDomain := range allowedCorsDomains {
|
|
if strings.EqualFold(trimmedHost, allowedCorsDomain) {
|
|
allowCors = true
|
|
break
|
|
}
|
|
}
|
|
if allowCors {
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
|
|
}
|
|
|
|
// Prepare request information to Gitea
|
|
pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
|
|
|
|
log.Debug().Msg("preparations")
|
|
if rawDomain != "" && strings.EqualFold(trimmedHost, rawDomain) {
|
|
// Serve raw content from RawDomain
|
|
log.Debug().Msg("raw domain")
|
|
|
|
if len(pathElements) < 2 {
|
|
// https://{RawDomain}/{owner}/{repo}[/@{branch}]/{path} is required
|
|
ctx.Redirect(rawInfoPage, http.StatusTemporaryRedirect)
|
|
return
|
|
}
|
|
|
|
// raw.codeberg.org/example/myrepo/@main/index.html
|
|
if len(pathElements) > 2 && strings.HasPrefix(pathElements[2], "@") {
|
|
log.Debug().Msg("raw domain preparations, now trying with specified branch")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TryIndexPages: false,
|
|
ServeRaw: true,
|
|
TargetOwner: pathElements[0],
|
|
TargetRepo: pathElements[1],
|
|
TargetBranch: pathElements[2][1:],
|
|
TargetPath: path.Join(pathElements[3:]...),
|
|
}, true); works {
|
|
log.Trace().Msg("tryUpstream: serve raw domain with specified branch")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
return
|
|
}
|
|
log.Debug().Msg("missing branch info")
|
|
html.ReturnErrorPage(ctx, "missing branch info", http.StatusFailedDependency)
|
|
return
|
|
}
|
|
|
|
log.Debug().Msg("raw domain preparations, now trying with default branch")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TryIndexPages: false,
|
|
ServeRaw: true,
|
|
TargetOwner: pathElements[0],
|
|
TargetRepo: pathElements[1],
|
|
TargetPath: path.Join(pathElements[2:]...),
|
|
}, true); works {
|
|
log.Trace().Msg("tryUpstream: serve raw domain with default branch")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
} else {
|
|
html.ReturnErrorPage(ctx,
|
|
fmt.Sprintf("raw domain could not find repo '%s/%s' or repo is empty", targetOpt.TargetOwner, targetOpt.TargetRepo),
|
|
http.StatusNotFound)
|
|
}
|
|
return
|
|
|
|
} else if strings.HasSuffix(trimmedHost, mainDomainSuffix) {
|
|
// Serve pages from subdomains of MainDomainSuffix
|
|
log.Debug().Msg("main domain suffix")
|
|
|
|
targetOwner := strings.TrimSuffix(trimmedHost, mainDomainSuffix)
|
|
targetRepo := pathElements[0]
|
|
|
|
if targetOwner == "www" {
|
|
// www.codeberg.page redirects to codeberg.page // TODO: rm hardcoded - use cname?
|
|
ctx.Redirect("https://"+string(mainDomainSuffix[1:])+string(ctx.Path()), http.StatusPermanentRedirect)
|
|
return
|
|
}
|
|
|
|
// Check if the first directory is a repo with the second directory as a branch
|
|
// example.codeberg.page/myrepo/@main/index.html
|
|
if len(pathElements) > 1 && strings.HasPrefix(pathElements[1], "@") {
|
|
if targetRepo == "pages" {
|
|
// example.codeberg.org/pages/@... redirects to example.codeberg.org/@...
|
|
ctx.Redirect("/"+strings.Join(pathElements[1:], "/"), http.StatusTemporaryRedirect)
|
|
return
|
|
}
|
|
|
|
log.Debug().Msg("main domain preparations, now trying with specified repo & branch")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TargetOwner: targetOwner,
|
|
TargetRepo: pathElements[0],
|
|
TargetBranch: pathElements[1][1:],
|
|
TargetPath: path.Join(pathElements[2:]...),
|
|
}, true); works {
|
|
log.Trace().Msg("tryUpstream: serve with specified repo and branch")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
} else {
|
|
html.ReturnErrorPage(ctx,
|
|
fmt.Sprintf("explizite set branch %q do not exist at '%s/%s'", targetOpt.TargetBranch, targetOpt.TargetOwner, targetOpt.TargetRepo),
|
|
http.StatusFailedDependency)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Check if the first directory is a branch for the "pages" repo
|
|
// example.codeberg.page/@main/index.html
|
|
if strings.HasPrefix(pathElements[0], "@") {
|
|
log.Debug().Msg("main domain preparations, now trying with specified branch")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TargetOwner: targetOwner,
|
|
TargetRepo: "pages",
|
|
TargetBranch: pathElements[0][1:],
|
|
TargetPath: path.Join(pathElements[1:]...),
|
|
}, true); works {
|
|
log.Trace().Msg("tryUpstream: serve default pages repo with specified branch")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
} else {
|
|
html.ReturnErrorPage(ctx,
|
|
fmt.Sprintf("explizite set branch %q do not exist at '%s/%s'", targetOpt.TargetBranch, targetOpt.TargetOwner, targetOpt.TargetRepo),
|
|
http.StatusFailedDependency)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Check if the first directory is a repo with a "pages" branch
|
|
// example.codeberg.page/myrepo/index.html
|
|
// example.codeberg.page/pages/... is not allowed here.
|
|
log.Debug().Msg("main domain preparations, now trying with specified repo")
|
|
if pathElements[0] != "pages" {
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TargetOwner: targetOwner,
|
|
TargetRepo: pathElements[0],
|
|
TargetBranch: "pages",
|
|
TargetPath: path.Join(pathElements[1:]...),
|
|
}, false); works {
|
|
log.Debug().Msg("tryBranch, now trying upstream 5")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Try to use the "pages" repo on its default branch
|
|
// example.codeberg.page/index.html
|
|
log.Debug().Msg("main domain preparations, now trying with default repo/branch")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TargetOwner: targetOwner,
|
|
TargetRepo: "pages",
|
|
TargetPath: path.Join(pathElements...),
|
|
}, false); works {
|
|
log.Debug().Msg("tryBranch, now trying upstream 6")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
return
|
|
}
|
|
|
|
// Couldn't find a valid repo/branch
|
|
html.ReturnErrorPage(ctx,
|
|
fmt.Sprintf("couldn't find a valid repo[%s]", targetRepo),
|
|
http.StatusFailedDependency)
|
|
return
|
|
} else {
|
|
trimmedHostStr := string(trimmedHost)
|
|
|
|
// Serve pages from custom domains
|
|
targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHostStr, string(mainDomainSuffix), dnsLookupCache)
|
|
if targetOwner == "" {
|
|
html.ReturnErrorPage(ctx,
|
|
"could not obtain repo owner from custom domain",
|
|
http.StatusFailedDependency)
|
|
return
|
|
}
|
|
|
|
pathParts := pathElements
|
|
canonicalLink := false
|
|
if strings.HasPrefix(pathElements[0], "@") {
|
|
targetBranch = pathElements[0][1:]
|
|
pathParts = pathElements[1:]
|
|
canonicalLink = true
|
|
}
|
|
|
|
// Try to use the given repo on the given branch or the default branch
|
|
log.Debug().Msg("custom domain preparations, now trying with details from DNS")
|
|
if targetOpt, works := tryBranch(log, ctx, giteaClient, &upstream.Options{
|
|
TargetOwner: targetOwner,
|
|
TargetRepo: targetRepo,
|
|
TargetBranch: targetBranch,
|
|
TargetPath: path.Join(pathParts...),
|
|
}, canonicalLink); works {
|
|
canonicalDomain, valid := upstream.CheckCanonicalDomain(giteaClient, targetOpt.TargetOwner, targetOpt.TargetRepo, targetOpt.TargetBranch, trimmedHostStr, string(mainDomainSuffix), canonicalDomainCache)
|
|
if !valid {
|
|
html.ReturnErrorPage(ctx, "domain not specified in <code>.domains</code> file", http.StatusMisdirectedRequest)
|
|
return
|
|
} else if canonicalDomain != trimmedHostStr {
|
|
// only redirect if the target is also a codeberg page!
|
|
targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], string(mainDomainSuffix), dnsLookupCache)
|
|
if targetOwner != "" {
|
|
ctx.Redirect("https://"+canonicalDomain+string(targetOpt.TargetPath), http.StatusTemporaryRedirect)
|
|
return
|
|
}
|
|
|
|
html.ReturnErrorPage(ctx, "target is no codeberg page", http.StatusFailedDependency)
|
|
return
|
|
}
|
|
|
|
log.Debug().Msg("tryBranch, now trying upstream 7")
|
|
tryUpstream(ctx, giteaClient, mainDomainSuffix, trimmedHost, targetOpt, canonicalDomainCache)
|
|
return
|
|
}
|
|
|
|
html.ReturnErrorPage(ctx, "could not find target for custom domain", http.StatusFailedDependency)
|
|
return
|
|
}
|
|
}
|
|
}
|