mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-05 14:07:01 +00:00
fffb8ffcb6
closes #244 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/261 Co-authored-by: crapStone <crapstone01@gmail.com> Co-committed-by: crapStone <crapstone01@gmail.com>
113 lines
3.6 KiB
Go
113 lines
3.6 KiB
Go
package handler
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
|
|
"codeberg.org/codeberg/pages/html"
|
|
"codeberg.org/codeberg/pages/server/cache"
|
|
"codeberg.org/codeberg/pages/server/context"
|
|
"codeberg.org/codeberg/pages/server/gitea"
|
|
)
|
|
|
|
const (
|
|
headerAccessControlAllowOrigin = "Access-Control-Allow-Origin"
|
|
headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
|
|
defaultPagesRepo = "pages"
|
|
)
|
|
|
|
// Handler handles a single HTTP request to the web server.
|
|
func Handler(mainDomainSuffix, rawDomain string,
|
|
giteaClient *gitea.Client,
|
|
blacklistedPaths, allowedCorsDomains []string,
|
|
defaultPagesBranches []string,
|
|
dnsLookupCache, canonicalDomainCache, redirectsCache cache.SetGetKey,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
log := log.With().Strs("Handler", []string{req.Host, req.RequestURI}).Logger()
|
|
ctx := context.New(w, req)
|
|
|
|
ctx.RespWriter.Header().Set("Server", "pages-server")
|
|
|
|
// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
|
|
ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
|
|
|
// Enable browser caching for up to 10 minutes
|
|
ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")
|
|
|
|
trimmedHost := ctx.TrimHostPort()
|
|
|
|
// Add HSTS for RawDomain and MainDomainSuffix
|
|
if hsts := getHSTSHeader(trimmedHost, mainDomainSuffix, rawDomain); hsts != "" {
|
|
ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
|
|
}
|
|
|
|
// Handle all http methods
|
|
ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
|
|
switch ctx.Req.Method {
|
|
case http.MethodOptions:
|
|
// return Allow header
|
|
ctx.RespWriter.WriteHeader(http.StatusNoContent)
|
|
return
|
|
case http.MethodGet,
|
|
http.MethodHead:
|
|
// end switch case and handle allowed requests
|
|
break
|
|
default:
|
|
// Block all methods not required for static pages
|
|
ctx.String("Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
// Block blacklisted paths (like ACME challenges)
|
|
for _, blacklistedPath := range blacklistedPaths {
|
|
if strings.HasPrefix(ctx.Path(), blacklistedPath) {
|
|
html.ReturnErrorPage(ctx, "requested path is blacklisted", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Allow CORS for specified domains
|
|
allowCors := false
|
|
for _, allowedCorsDomain := range allowedCorsDomains {
|
|
if strings.EqualFold(trimmedHost, allowedCorsDomain) {
|
|
allowCors = true
|
|
break
|
|
}
|
|
}
|
|
if allowCors {
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
|
|
}
|
|
|
|
// Prepare request information to Gitea
|
|
pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
|
|
|
|
if rawDomain != "" && strings.EqualFold(trimmedHost, rawDomain) {
|
|
log.Debug().Msg("raw domain request detected")
|
|
handleRaw(log, ctx, giteaClient,
|
|
mainDomainSuffix,
|
|
trimmedHost,
|
|
pathElements,
|
|
canonicalDomainCache, redirectsCache)
|
|
} else if strings.HasSuffix(trimmedHost, mainDomainSuffix) {
|
|
log.Debug().Msg("subdomain request detected")
|
|
handleSubDomain(log, ctx, giteaClient,
|
|
mainDomainSuffix,
|
|
defaultPagesBranches,
|
|
trimmedHost,
|
|
pathElements,
|
|
canonicalDomainCache, redirectsCache)
|
|
} else {
|
|
log.Debug().Msg("custom domain request detected")
|
|
handleCustomDomain(log, ctx, giteaClient,
|
|
mainDomainSuffix,
|
|
trimmedHost,
|
|
pathElements,
|
|
defaultPagesBranches[0],
|
|
dnsLookupCache, canonicalDomainCache, redirectsCache)
|
|
}
|
|
}
|
|
}
|