Compare commits

...

231 Commits

Author SHA1 Message Date
4985bf0bc8 Add link to ogirinal in readme 2023-05-26 00:45:08 -04:00
f6d3c47816 Export TLS & remove conn in request struct
This makes it possible to fully create another request outside of this module
(which Hnakra will need) and has better parity with net/http.
2023-05-26 00:38:12 -04:00
24d70951c9 Change package URL in go.mod 2023-05-26 00:37:56 -04:00
b436ec8cb5 Change import paths 2023-05-25 18:45:53 -04:00
54f7209f13 Update readme 2023-05-25 18:27:52 -04:00
Adnan Maolood
b0f27c6f74 fs: Prevent invalid directory links
A file with a name like "gemini:example" would previously result in the
following invalid link:

    => gemini:example gemini:example

Fix by prepending a "./" before each filename, so that the resulting
link looks like:

    => ./gemini:example gemini:example
2022-05-07 13:54:56 -04:00
Yujiri
8c0af18617 Fix parsing of list item lines
According to section 5.5.2 of the Gemini specification (v0.16.1), the
space is mandatory.
2022-03-15 11:07:04 -04:00
Adnan Maolood
353416685a doc: Fix Mux documentation 2022-02-16 12:01:55 -05:00
Adnan Maolood
0ceec22705 readme: Update Gemini specification version 2021-12-18 12:51:04 -05:00
Adnan Maolood
3d2110d90f mux: Tweak documentation 2021-06-26 20:26:30 -04:00
Adnan Maolood
b5c47a5ef0 mux: Add more tests 2021-06-26 20:16:38 -04:00
Adnan Maolood
fb0d4d24bd mux: Remove support for handling schemes
Also fix redirection to subtree roots for wildcard patterns and patterns
without a host name.
2021-06-26 18:50:09 -04:00
Adnan Maolood
1170e007d4 fs: Avoid equality check if lengths don't match 2021-04-21 12:48:27 -04:00
Adnan Maolood
c85759d777 fs: Improve redirect behavior 2021-04-21 12:41:56 -04:00
Adnan Maolood
507773618b fs: Refactor 2021-04-21 12:18:52 -04:00
Adnan Maolood
3bc243dd66 fs: Remove ServeContent function 2021-04-21 11:41:40 -04:00
Adnan Maolood
de93d44786 LoggingMiddleware: Prevent writing empty meta 2021-04-21 11:38:34 -04:00
Adnan Maolood
eb32c32063 fs: Fix panic on indexing URL of zero length 2021-04-21 11:36:43 -04:00
Adnan Maolood
e5cf345273 Update README.md 2021-03-24 13:30:46 -04:00
Adnan Maolood
c68ce57488 mux: Add copyright notice 2021-03-24 13:09:53 -04:00
Adnan Maolood
2b161650fe Split LICENSE into two files 2021-03-24 13:08:32 -04:00
Adnan Maolood
dbbef1fb6d Revert "Require Go 1.16"
This reverts commit 0e87d64ffc.
2021-03-23 22:05:12 -04:00
Adnan Maolood
90518a01a8 Revert "Replace uses of ioutil with io"
This reverts commit 19f1d6693e.
2021-03-23 22:02:32 -04:00
Adnan Maolood
056e55abbb response: Remove unnecessary length check 2021-03-20 18:29:40 -04:00
Adnan Maolood
72d437c82e response: Limit response header size 2021-03-20 14:01:45 -04:00
Adnan Maolood
3dca29eb41 response: Don't use bufReadCloser 2021-03-20 13:41:53 -04:00
Adnan Maolood
a40b5dcd0b fs: Fix empty media type for directory index pages 2021-03-20 13:33:15 -04:00
Adnan Maolood
fffe86680e client: Only get cert if TrustCertificate is set 2021-03-20 12:54:41 -04:00
Adnan Maolood
d5af32e121 client: Close connection on error 2021-03-20 12:49:27 -04:00
Adnan Maolood
5141eaafaa Tweak request and response parsing 2021-03-20 12:27:20 -04:00
Adnan Maolood
e5c0afa013 response: Treat empty meta as invalid 2021-03-20 12:07:24 -04:00
Adnan Maolood
4c7c200f92 Remove unused field 2021-03-20 12:05:21 -04:00
Adnan Maolood
0a709da439 Remove charset=utf-8 from default media type 2021-03-20 12:04:42 -04:00
Adnan Maolood
1fdef9b608 Rename ServeMux to Mux 2021-03-15 15:44:35 -04:00
Adnan Maolood
2144e2c2f2 status: Reintroduce StatusSensitiveInput 2021-03-15 15:19:43 -04:00
Adnan Maolood
93a606b591 certificate.Store: Call os.MkdirAll on Load 2021-03-09 08:59:28 -05:00
Adnan Maolood
b00794f236 tofu: Use stricter file permissions 2021-03-09 08:58:36 -05:00
Noah Kleiner
3da7fe7cee tofu: Create path if not exists
This commit is a follow-up to 56774408 which does not take into account
the case that the parent directory of the known_hosts file does not already exist.
2021-03-09 08:50:42 -05:00
Adnan Maolood
dea7600f29 Remove StatusSensitiveInput 2021-03-08 14:08:45 -05:00
Adnan Maolood
7d958a4798 examples/client: Fix certificate trust check 2021-03-08 14:07:18 -05:00
Adnan Maolood
a5493b708a tofu: Fix known host unmarshaling 2021-03-06 15:49:11 -05:00
Adnan Maolood
6e5c2473e7 tofu: Use base64-encoded sha256 fingerprints 2021-03-06 15:24:15 -05:00
Adnan Maolood
c639233ea1 tofu: Fix format in error message 2021-03-06 15:13:06 -05:00
Adnan Maolood
5677440876 tofu: Automatically create file in KnownHosts.Load 2021-03-06 15:11:30 -05:00
Adnan Maolood
be3d09d7f4 certificate.Store: Don't call os.MkdirAll 2021-03-06 13:11:11 -05:00
Adnan Maolood
504da9afd8 certificate.Store: Don't check parent scopes in Lookup
Limit the scopes of client certificates to hostnames only instead of
hostnames and paths.
2021-03-06 12:59:33 -05:00
Adnan Maolood
d1cb8967b6 certificate.Store: Make 100 years the default duration 2021-03-05 23:29:56 -05:00
Adnan Maolood
107b3a1785 Move LoggingMiddleware out of examples/server.go 2021-03-05 11:35:01 -05:00
Adnan Maolood
e7a06a12bf certificate.Store: Clean scope path in Load
Clean the scope path so that trimming the path from the scope works for
relative paths.
2021-03-05 10:51:55 -05:00
Adnan Maolood
649b20659b Revert "certificate: Remove Subject from CreateOptions"
This reverts commit ce649ecc66.
2021-03-04 20:04:46 -05:00
Adnan Maolood
c9e2af98f3 Revert "certificate.Store: Allow using '*' in DNSNames"
This reverts commit de0b93a4f6.
2021-03-04 19:26:13 -05:00
Adnan Maolood
d6d02e398e certificate.Store: Bump default duration to 250 years 2021-03-04 16:55:09 -05:00
Adnan Maolood
de0b93a4f6 certificate.Store: Allow using '*' in DNSNames
This isn't exactly a valid DNSName, but it reduces the number of
certificates that need to be created. Clients should either accept it or
skip checking DNSNames.
2021-03-04 16:40:25 -05:00
Adnan Maolood
ce649ecc66 certificate: Remove Subject from CreateOptions 2021-03-04 16:27:16 -05:00
Adnan Maolood
688e7e2823 certificate: Fix deadlock in Store.Get 2021-03-04 16:20:57 -05:00
Adnan Maolood
b38311da00 certificate.Store: Fix hostname registration check 2021-03-04 16:12:36 -05:00
Adnan Maolood
8e2ac24830 tofu: Remove expiration timestamp from known hosts 2021-03-04 15:37:02 -05:00
Adnan Maolood
bfa3356d3a client: Remove hostname verification check 2021-03-04 14:36:31 -05:00
Adnan Maolood
9f3564936e client: Ignore certificate expiration time 2021-03-04 14:35:51 -05:00
Adnan Maolood
d8fb072826 Rename vendor.go to verify_hostname.go 2021-02-28 23:21:10 -05:00
Adnan Maolood
69f0913b3d Make Response implement io.WriterTo 2021-02-28 22:21:54 -05:00
Adnan Maolood
f7012b38da Request.WriteTo: return int64 2021-02-28 22:20:59 -05:00
Adnan Maolood
768ec6c17b Make Request implement io.WriterTo 2021-02-28 22:16:38 -05:00
Adnan Maolood
ae7d58549d Add message argument to TimeoutHandler 2021-02-28 22:07:24 -05:00
Adnan Maolood
ad5d78f08f Mention that Request methods don't work for clients 2021-02-28 21:59:19 -05:00
Adnan Maolood
4b92c71839 Remove Request.RemoteAddr helper method 2021-02-28 21:52:41 -05:00
Adnan Maolood
19f1d6693e Replace uses of ioutil with io 2021-02-28 21:38:36 -05:00
Adnan Maolood
0e87d64ffc Require Go 1.16 2021-02-28 21:38:17 -05:00
Adnan Maolood
845f8e9bd1 Reintroduce Response.Write method 2021-02-28 20:50:18 -05:00
Adnan Maolood
cf9ab18c1f certificate.Store: Check parent scopes in Lookup 2021-02-28 20:23:32 -05:00
Adnan Maolood
ada42ff427 certificate.Store: Support client certificates 2021-02-28 19:29:25 -05:00
Adnan Maolood
fcc71b76d9 examples/server: Clean up LoggingMiddleware 2021-02-27 14:53:37 -05:00
Adnan Maolood
6a1ccdc644 response: Add tests for maximum-length META 2021-02-27 14:08:31 -05:00
Adnan Maolood
f156be19b4 request: Add RemoteAddr helper function 2021-02-27 14:03:33 -05:00
Adnan Maolood
82bdffc1eb request: Add ServerName helper method 2021-02-27 14:02:30 -05:00
Adnan Maolood
a396ec77e4 request: Cache calls to TLS 2021-02-27 13:59:45 -05:00
Adnan Maolood
21ad3a2ded server: Disallow ServeConn usage after Shutdown 2021-02-24 19:25:52 -05:00
Adnan Maolood
2d7f28e152 Update examples/client.go 2021-02-24 19:21:31 -05:00
Adnan Maolood
1764e02d1e Remove ResponseWriter.Close method 2021-02-24 19:00:09 -05:00
Adnan Maolood
1bc5c68c3f response: Revert to using fields instead of methods 2021-02-24 18:50:40 -05:00
Adnan Maolood
867074d81b examples/client: Fix display of response status 2021-02-24 16:16:42 -05:00
Adnan Maolood
1da23ba07b Revert "Replace uses of ioutil with io"
This reverts commit 48c67bcead.
2021-02-24 14:45:57 -05:00
Adnan Maolood
cbfbeb6c22 Don't require Go 1.16 2021-02-24 14:29:29 -05:00
Adnan Maolood
c3418fdfed Add missing import 2021-02-24 14:28:47 -05:00
Adnan Maolood
6181751e8d Move mimetype registration to gemini.go 2021-02-24 14:27:49 -05:00
Adnan Maolood
48c67bcead Replace uses of ioutil with io 2021-02-24 11:11:10 -05:00
Adnan Maolood
25f441f573 fs: Remove build constraint 2021-02-24 11:01:02 -05:00
Adnan Maolood
cb7879c966 Add NewResponse function 2021-02-24 10:48:17 -05:00
Adnan Maolood
19bfca1cc3 examples/server: Cancel context 2021-02-24 10:27:28 -05:00
Adnan Maolood
991b18d526 examples/server: Add logging middleware 2021-02-24 10:25:08 -05:00
Adnan Maolood
b66b287f94 ResponseWriter: Remove unexported method 2021-02-24 10:01:46 -05:00
Adnan Maolood
bd29d76f66 client: Fix copying of request 2021-02-24 09:48:23 -05:00
Adnan Maolood
1d20a6c3c8 examples/client: Use Response methods 2021-02-24 09:22:25 -05:00
Adnan Maolood
6f46b2fa47 examples/auth: Use Request.TLS method 2021-02-24 09:22:01 -05:00
Adnan Maolood
15385e3095 fs: Fix Go build constraint comment 2021-02-24 09:00:28 -05:00
Adnan Maolood
3101856afa response: Move to methods 2021-02-24 08:43:57 -05:00
Adnan Maolood
094c16297b server: Fix comment 2021-02-24 08:38:08 -05:00
Adnan Maolood
08f5ddd41a TimeoutHandler: Mention returned error 2021-02-24 08:37:52 -05:00
Adnan Maolood
41c95add81 Add unexported method to timeout writer 2021-02-24 08:34:26 -05:00
Adnan Maolood
de339490f4 Move ResponseWriter Conn and TLS methods to Request 2021-02-24 08:24:49 -05:00
Adnan Maolood
b488146cc6 Remove ResponseWriter.Hijack method 2021-02-24 08:22:12 -05:00
Adnan Maolood
069b473c28 Implement TimeoutHandler by wrapping ResponseWriter 2021-02-24 08:18:23 -05:00
Kaleb Elwert
2c2d74bcb2 Only use fs.go when fs.FS is available 2021-02-24 07:41:53 -05:00
Adnan Maolood
3660698a4b Make ResponseWriter an interface
Make ResponseWriter an interface with an unexported method. Implementors
must embed a ResponseWriter from elsewhere. This gives us the
flexibility of an interface while allowing us to add new methods in the
future.
2021-02-24 00:13:46 -05:00
Adnan Maolood
526d232ab0 Remove ErrHandlerTimeout 2021-02-23 22:15:19 -05:00
Adnan Maolood
f08efa330f Move TimeoutHandler to handler.go 2021-02-23 22:12:04 -05:00
Adnan Maolood
310bd16344 Unexport NewResponseWriter 2021-02-23 22:02:47 -05:00
Adnan Maolood
9eae88f00c Reimplement TimeoutHandler 2021-02-23 21:59:16 -05:00
Adnan Maolood
b386a9ba41 response: Change field names 2021-02-23 21:51:42 -05:00
Adnan Maolood
f28a63ff0c Add ResponseWriter.Hijack method 2021-02-23 21:36:29 -05:00
Adnan Maolood
d35dd3d867 ResponseWriter: Add TLS and Conn methods 2021-02-23 20:59:04 -05:00
Adnan Maolood
75abb99518 request: Remove TLS and Conn methods 2021-02-23 20:57:53 -05:00
Adnan Maolood
e8d98ef4ec Move I/O utilities to io.go 2021-02-23 20:49:55 -05:00
Adnan Maolood
a65c3c3d4f Make ResponseWriter a struct
Make ResponseWriter a struct again so that it can be extended in a
backwards-compatible way.
2021-02-23 20:41:16 -05:00
Adnan Maolood
64f9381bbc handler: Mention when the context is canceled 2021-02-23 19:01:12 -05:00
Adnan Maolood
a34cf6dd1b handler: Mention ResponseWriter.Close method 2021-02-23 18:59:20 -05:00
Adnan Maolood
b3e8d9ccf3 client: Clarify usage of contexts 2021-02-23 18:56:18 -05:00
Adnan Maolood
a7c449a3cf Use HandlerFunc to implement StatusHandler 2021-02-23 18:52:00 -05:00
Adnan Maolood
02bbedc330 Update documentation 2021-02-23 18:45:58 -05:00
Adnan Maolood
5cf936d304 Update documentation 2021-02-23 17:52:47 -05:00
Adnan Maolood
f1f933925c Update examples/client.go 2021-02-23 17:52:34 -05:00
Adnan Maolood
e1c04ee605 Make Response an io.ReadCloser 2021-02-23 17:50:47 -05:00
Adnan Maolood
ae3fc2fc73 response: Add Close method 2021-02-23 17:32:23 -05:00
Adnan Maolood
311233a012 request: Fix documentation for TLS 2021-02-23 17:30:46 -05:00
Adnan Maolood
c688defefd request: Add Conn and TLS methods 2021-02-23 17:29:50 -05:00
Adnan Maolood
83c904913f response: Add Conn and TLS methods 2021-02-23 16:36:17 -05:00
Adnan Maolood
833edaf63d server: Cancel context on IO errors 2021-02-23 16:06:57 -05:00
Adnan Maolood
d07e9d99d1 client: Move context handling to do 2021-02-23 16:01:29 -05:00
Adnan Maolood
31e16d5a4c examples/client: Stream response body 2021-02-23 15:56:44 -05:00
Adnan Maolood
9974071657 client: Cancel context on IO errors
Also close the connection when the context expires.
2021-02-23 15:52:47 -05:00
Adnan Maolood
09e3393e4c examples/stream: Simplify 2021-02-23 15:31:41 -05:00
Adnan Maolood
1aa85d0683 timeout: Don't recover from panics 2021-02-23 15:30:44 -05:00
Adnan Maolood
62e22b4cf2 response: Remove TLS field 2021-02-23 15:29:27 -05:00
Adnan Maolood
eee7156b3a Update documentation 2021-02-23 14:29:37 -05:00
Adnan Maolood
d8b5fa716a client: Use present tense in documentation 2021-02-23 12:21:05 -05:00
Adnan Maolood
1080e95bb4 server: Document use of context in ListenAndServe 2021-02-23 12:10:55 -05:00
Adnan Maolood
f722747abd server: Make ErrorLog an interface 2021-02-23 11:10:35 -05:00
Adnan Maolood
4e25d2c3f9 ServeMux.HandleFunc: Take a HandlerFunc argument 2021-02-23 09:49:20 -05:00
Adnan Maolood
5ab7617efd server: Fix Shutdown with no active listeners
Shutdown and Close will hang if there are no active listeners or
connections. Try to close the done channel to avoid that.
2021-02-23 09:28:14 -05:00
Adnan Maolood
89f0b3f94b tofu: Update documentation 2021-02-23 09:21:21 -05:00
Adnan Maolood
964c17b99f text: Update documentation 2021-02-23 09:18:34 -05:00
Adnan Maolood
32f40523ed certificate.Store: Mention GetCertificate usage 2021-02-23 09:10:22 -05:00
Adnan Maolood
8190e819e8 server: Mention certificate store 2021-02-23 09:08:44 -05:00
Adnan Maolood
871a8fe3d2 certificate: Update documentation 2021-02-23 09:05:45 -05:00
Adnan Maolood
a4849c8eef certificate.Store: Update documentation 2021-02-23 09:03:38 -05:00
Adnan Maolood
f6bccb156a certificate.Store: Check '*' scope last 2021-02-23 08:52:12 -05:00
Adnan Maolood
3c9c087a25 certificate.Store: Allow certificate of scope '*' 2021-02-23 08:46:43 -05:00
Adnan Maolood
6de05c4b5d Update examples 2021-02-23 08:43:47 -05:00
Adnan Maolood
4c369072c8 certificate.Store: Remove client certificate support 2021-02-23 08:37:05 -05:00
Adnan Maolood
27299f537d client: Document use of contexts 2021-02-22 21:35:02 -05:00
Adnan Maolood
d61cf6318a server: Document use of contexts 2021-02-22 21:33:23 -05:00
Adnan Maolood
99e6c37d92 server: Remove unused constants 2021-02-22 21:28:18 -05:00
Adnan Maolood
31077afbbe server: Return context.Canceled after Shutdown 2021-02-22 21:27:44 -05:00
Adnan Maolood
3b8b5d6557 examples/stream: Remove /shutdown handler 2021-02-22 21:16:13 -05:00
Adnan Maolood
9aebcd362e examples/server: Shutdown on interrupt signal 2021-02-22 21:14:41 -05:00
Adnan Maolood
35f7958083 server: Revert to closing contexts on Shutdown 2021-02-22 21:13:44 -05:00
Adnan Maolood
c5b304216c examples/stream: Remove usage of Flusher 2021-02-22 20:07:37 -05:00
Adnan Maolood
118e019df0 server: Use channel to communicate shutdown 2021-02-22 20:06:19 -05:00
Adnan Maolood
2c64db3863 Rename ResponseWriter.MediaType to SetMediaType 2021-02-21 18:52:06 -05:00
Adnan Maolood
420f01da2a client: Remove Timeout
Clients should use context.WithTimeout instead.
2021-02-21 16:47:56 -05:00
Adnan Maolood
c3feafa90b Move Flush back to ResponseWriter 2021-02-21 16:06:56 -05:00
Adnan Maolood
0a3db2ce41 server: Don't close pending connections after Shutdown 2021-02-21 16:05:10 -05:00
Adnan Maolood
49dac34aff server: Export ServeConn method 2021-02-21 11:53:15 -05:00
Adnan Maolood
bb444fb364 server: Don't recover from panics 2021-02-21 11:04:45 -05:00
Adnan Maolood
a606c4fcc0 fs: Use better error messages 2021-02-21 09:56:59 -05:00
Adnan Maolood
2ece48b019 Move punycode functions to client.go 2021-02-21 09:43:23 -05:00
Adnan Maolood
a4b976c2dc client: Copy only what is needed from the Request 2021-02-21 09:41:00 -05:00
Adnan Maolood
b784442b6d Use StatusHandler in NotFoundHandler implementation 2021-02-21 09:32:07 -05:00
Adnan Maolood
57e541e103 fs: Remove unused context arguments 2021-02-21 09:29:21 -05:00
Adnan Maolood
c4c616518b Add ErrCertificateExpired 2021-02-21 09:27:12 -05:00
Adnan Maolood
352ad71af8 Remove unused ErrInvalidURL 2021-02-21 09:23:30 -05:00
Adnan Maolood
0722f4008a Update documentation 2021-02-21 00:56:37 -05:00
Adnan Maolood
e3d48b2cad server: Return ErrServerClosed 2021-02-21 00:51:02 -05:00
Adnan Maolood
3fa55b52dd server: Use separate context to cancel listeners
Use a separate context to cancel listeners so that cancelling the
listener does not cancel it's connections.
2021-02-21 00:41:41 -05:00
Adnan Maolood
6c701ad9fe examples/stream: Showcase Server.Shutdown method 2021-02-21 00:29:41 -05:00
Adnan Maolood
7084a226f4 examples: Use context 2021-02-21 00:26:30 -05:00
Adnan Maolood
f6505ae4c4 server: Use explicit context arguments
Replace the Server.Context field with explicit context.Context arguments
to most Server functions.
2021-02-21 00:21:31 -05:00
Adnan Maolood
0c8c945eba client: Inline result type 2021-02-21 00:20:42 -05:00
Adnan Maolood
7668345daa server: Add Context field 2021-02-20 18:52:33 -05:00
Adnan Maolood
0baa66a4e7 Update examples 2021-02-20 18:30:49 -05:00
Adnan Maolood
d479c6391c certificate.Store: Support "*" wildcard pattern 2021-02-20 18:26:15 -05:00
Adnan Maolood
423914d6e0 certificate.Store: Generate certificates by default 2021-02-20 18:25:02 -05:00
Adnan Maolood
15f3e764c5 server: Populate Request.Host field 2021-02-20 18:12:51 -05:00
Adnan Maolood
fadb2aed97 mux: Use StatusHandler instead of RedirectHandler 2021-02-20 16:45:37 -05:00
Adnan Maolood
252fe678fd Rename RedirectHandler to StatusHandler 2021-02-20 16:44:42 -05:00
Adnan Maolood
351fb92c7e Remove NotFound function 2021-02-20 16:42:18 -05:00
Adnan Maolood
2308c6407f server: Make Request.RemoteAddr a net.Addr
A concrete type is better.
2021-02-20 16:27:35 -05:00
Adnan Maolood
8938038797 Make Status a type
Using a type is better than using an integer.
2021-02-20 16:16:32 -05:00
Adnan Maolood
99a8f09c22 TimeoutHandler: Use provided context 2021-02-20 15:52:54 -05:00
Adnan Maolood
e9a68917c9 handler: Make ServeGemini accept a Context 2021-02-20 15:49:14 -05:00
Adnan Maolood
eca2afeb32 examples/client: Remove dependency on go-xdg 2021-02-20 15:42:06 -05:00
Adnan Maolood
28b6232fbf examples/client: Use context 2021-02-20 15:39:47 -05:00
Adnan Maolood
3f4fd10b6d client: Make Get and Do accept a Context
This removes the need for Request.Context.
2021-02-20 15:34:21 -05:00
Adnan Maolood
a7f958b20d server: Make Request.RemoteAddr a string 2021-02-20 13:31:55 -05:00
Adnan Maolood
0ab236c736 client: Allow Request.Host to omit a port 2021-02-20 13:30:55 -05:00
Adnan Maolood
5922cff2e5 Implement TimeoutHandler 2021-02-20 00:49:21 -05:00
Adnan Maolood
64dbb3eecb server: Clarify GetCertificate documentation 2021-02-19 18:53:06 -05:00
Adnan Maolood
69674fcdd5 examples/server: Use certificate.Store 2021-02-19 18:45:19 -05:00
Adnan Maolood
66e03ef1e4 certificate: Implement GetCertificate callback 2021-02-19 18:42:53 -05:00
Adnan Maolood
76967dad2e mux: Reject empty patterns 2021-02-19 18:06:54 -05:00
Adnan Maolood
2e149c9ccd server: Remove Certificates field
Use GetCertificate to retrieve certificates without consulting
Certificates.
2021-02-18 22:22:20 -05:00
Adnan Maolood
229ebb4106 request.Write: Accept an io.Writer 2021-02-18 21:58:37 -05:00
Adnan Maolood
c70ef5c470 client: Remove superfluous call to Flush 2021-02-18 21:55:17 -05:00
Adnan Maolood
6928a1efef request.Write: return error from Flush 2021-02-18 21:54:38 -05:00
Adnan Maolood
a80aae44a9 doc: Update package documentation 2021-02-18 00:38:03 -05:00
Adnan Maolood
aab3ac4dfe response: Implement Write method 2021-02-18 00:07:43 -05:00
Adnan Maolood
a3a995df35 response: Rename statusCode to status 2021-02-18 00:06:34 -05:00
Adnan Maolood
9ed2363b66 response: Ensure that only one header is written 2021-02-17 23:05:24 -05:00
Adnan Maolood
33a1fa4e0d Remove .gitignore 2021-02-17 20:40:53 -05:00
Adnan Maolood
7475687caa examples: Use Server.Handler 2021-02-17 20:35:27 -05:00
Adnan Maolood
6edde376c4 server: Add Handler field and remove Handle methods 2021-02-17 20:31:03 -05:00
Adnan Maolood
f3cd70612b mux: Implement matching of schemes and hostnames 2021-02-17 20:09:42 -05:00
Adnan Maolood
3d6ac90e08 Reverse order of RedirectHandler arguments 2021-02-17 19:53:00 -05:00
Adnan Maolood
b5a3c0adc5 Add utility Handler functions 2021-02-17 19:27:25 -05:00
Adnan Maolood
f81c32a211 examples: Use new ResponseWriter interface 2021-02-17 13:39:23 -05:00
Adnan Maolood
110c2de6de Redesign ResponseWriter interface 2021-02-17 13:36:16 -05:00
Adnan Maolood
8543eca416 status: Fix typo 2021-02-17 12:23:03 -05:00
Adnan Maolood
ec22e762c3 Rename Meta to StatusText
Rename Meta to StatusText and support all status codes.
2021-02-17 12:06:43 -05:00
Adnan Maolood
a3c1804395 Move ResponseWriter.Flush to Flusher interface 2021-02-17 11:44:13 -05:00
Adnan Maolood
fb9b50871c fs: Reject potentially unsafe requests in ServeFile
Reject requests where r.URL.Path contains a ".." path element to protect
against callers who might unsafely use filepath.Join on r.URL.Path
without sanitizing it.
2021-02-17 11:17:13 -05:00
Adnan Maolood
96dc161b4a fs: Add ServeContent function 2021-02-17 11:15:30 -05:00
Adnan Maolood
246b252fd7 examples/server: Use os.DirFS 2021-02-17 09:25:44 -05:00
Adnan Maolood
2e5569d5b5 fs: Fix redirect to canonical file path 2021-02-17 09:24:09 -05:00
Adnan Maolood
8eccefb8c9 fs: Add redirects 2021-02-17 01:38:18 -05:00
Adnan Maolood
995769556c fs: Trim trailing slash from name in ServeFile 2021-02-17 01:36:53 -05:00
Adnan Maolood
73bf1a31b0 fs: Clean paths before handling with FileServer 2021-02-17 00:59:15 -05:00
Adnan Maolood
fa7ec1ac87 fs: Show listing for directories without index files 2021-02-17 00:08:14 -05:00
Adnan Maolood
e3d1fc2785 fs: Remove leading slash before opening files 2021-02-16 23:18:37 -05:00
Adnan Maolood
332dd253d0 Replace uses of ioutil with io 2021-02-16 18:57:24 -05:00
Adnan Maolood
d2001de5f3 fs: Replace FileSystem with io/fs.FS 2021-02-16 18:53:56 -05:00
Adnan Maolood
cf995c86c9 Require Go 1.16 2021-02-16 18:50:42 -05:00
33 changed files with 2005 additions and 1437 deletions

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
*.crt
*.key

64
LICENSE
View File

@ -1,51 +1,19 @@
go-gemini is available under the terms of the MIT license:
Copyright (c) 2020 Adnan Maolood
Copyright (c) 2020 Adnan Maolood
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Portions of this program were taken from Go:
Copyright (c) 2009 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

27
LICENSE-GO Normal file
View File

@ -0,0 +1,27 @@
Copyright (c) 2009 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View File

@ -1,16 +1,21 @@
# go-gemini
[![godocs.io](https://godocs.io/git.sr.ht/~adnano/go-gemini?status.svg)](https://godocs.io/git.sr.ht/~adnano/go-gemini) [![builds.sr.ht status](https://builds.sr.ht/~adnano/go-gemini.svg)](https://builds.sr.ht/~adnano/go-gemini?)
This repository is a fork of [go-gemini](https://godocs.io/git.sr.ht/~adnano/go-gemini)
implementing better parity with net/http and some tweaks required for use in
[Hnakra](https://git.tebibyte.media/sashakoshka/hnakra).
Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space) in Go.
Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space)
in Go. It provides an API similar to that of net/http to facilitate the
development of Gemini clients and servers.
It provides an API similar to that of net/http to make it easy to develop Gemini clients and servers.
Compatible with version v0.14.3 of the Gemini specification.
Compatible with version v0.16.0 of the Gemini specification.
## Usage
import "git.sr.ht/~adnano/go-gemini"
import "git.tebibyte.media/sashakoshka/go-gemini"
Note that some filesystem-related functionality is only available on Go 1.16
or later as it relies on the io/fs package.
## Examples
@ -19,8 +24,8 @@ To run an example:
go run examples/server.go
## Contributing
## License
Send patches and questions to [~adnano/go-gemini-devel](https://lists.sr.ht/~adnano/go-gemini-devel).
Subscribe to release announcements on [~adnano/go-gemini-announce](https://lists.sr.ht/~adnano/go-gemini-announce).
go-gemini is licensed under the terms of the MIT license (see LICENSE).
Portions of this library were adapted from Go and are governed by a BSD-style
license (see LICENSE-GO). Those files are marked accordingly.

View File

@ -1,4 +1,4 @@
// Package certificate provides utility functions for TLS certificates.
// Package certificate provides functions for creating and storing TLS certificates.
package certificate
import (
@ -14,103 +14,9 @@ import (
"math/big"
"net"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
// Dir represents a directory of certificates.
// The zero value for Dir is an empty directory ready to use.
//
// Dir is safe for concurrent use by multiple goroutines.
type Dir struct {
certs map[string]tls.Certificate
path *string
mu sync.RWMutex
}
// Add adds a certificate for the given scope to the directory.
// It tries to parse the certificate if it is not already parsed.
func (d *Dir) Add(scope string, cert tls.Certificate) error {
d.mu.Lock()
defer d.mu.Unlock()
if d.certs == nil {
d.certs = map[string]tls.Certificate{}
}
// Parse certificate if not already parsed
if cert.Leaf == nil {
parsed, err := x509.ParseCertificate(cert.Certificate[0])
if err == nil {
cert.Leaf = parsed
}
}
if d.path != nil {
// Escape slash character
scope = strings.ReplaceAll(scope, "/", ":")
certPath := filepath.Join(*d.path, scope+".crt")
keyPath := filepath.Join(*d.path, scope+".key")
if err := Write(cert, certPath, keyPath); err != nil {
return err
}
}
d.certs[scope] = cert
return nil
}
// Lookup returns the certificate for the provided scope.
func (d *Dir) Lookup(scope string) (tls.Certificate, bool) {
d.mu.RLock()
defer d.mu.RUnlock()
cert, ok := d.certs[scope]
return cert, ok
}
// Entries returns a map of hostnames to certificates.
func (d *Dir) Entries() map[string]tls.Certificate {
certs := map[string]tls.Certificate{}
for key := range d.certs {
certs[key] = d.certs[key]
}
return certs
}
// Load loads certificates from the provided path.
// Add will write certificates to this path.
//
// The directory should contain certificates and private keys
// named scope.crt and scope.key respectively, where scope is
// the scope of the certificate.
func (d *Dir) Load(path string) error {
matches, err := filepath.Glob(filepath.Join(path, "*.crt"))
if err != nil {
return err
}
for _, crtPath := range matches {
keyPath := strings.TrimSuffix(crtPath, ".crt") + ".key"
cert, err := tls.LoadX509KeyPair(crtPath, keyPath)
if err != nil {
continue
}
scope := strings.TrimSuffix(filepath.Base(crtPath), ".crt")
// Unescape slash character
scope = strings.ReplaceAll(scope, ":", "/")
d.Add(scope, cert)
}
d.SetPath(path)
return nil
}
// SetPath sets the directory path.
// Add will write certificates to this path.
func (d *Dir) SetPath(path string) {
d.mu.Lock()
defer d.mu.Unlock()
d.path = &path
}
// CreateOptions configures the creation of a TLS certificate.
type CreateOptions struct {
// Subject Alternate Name values.

207
certificate/store.go Normal file
View File

@ -0,0 +1,207 @@
package certificate
import (
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"errors"
"fmt"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
// A Store represents a TLS certificate store.
// The zero value for Store is an empty store ready to use.
//
// Store can be used to store server certificates.
// Servers should provide a hostname or wildcard pattern as a certificate scope.
// Servers will most likely use the methods Register, Load and Get.
//
// Store can also be used to store client certificates.
// Clients should provide a hostname as a certificate scope.
// Clients will most likely use the methods Add, Load, and Lookup.
//
// Store is safe for concurrent use by multiple goroutines.
type Store struct {
// CreateCertificate, if not nil, is called by Get to create a new
// certificate to replace a missing or expired certificate.
// The provided scope is suitable for use in a certificate's DNSNames.
CreateCertificate func(scope string) (tls.Certificate, error)
scopes map[string]struct{}
certs map[string]tls.Certificate
path string
mu sync.RWMutex
}
// Register registers the provided scope with the certificate store.
// The scope can either be a hostname or a wildcard pattern (e.g. "*.example.com").
// To accept all hostnames, use the special pattern "*".
//
// Calls to Get will only succeed for registered scopes.
// Other methods are not affected.
func (s *Store) Register(scope string) {
s.mu.Lock()
defer s.mu.Unlock()
if s.scopes == nil {
s.scopes = make(map[string]struct{})
}
s.scopes[scope] = struct{}{}
}
// Add registers the certificate for the given scope.
// If a certificate already exists for scope, Add will overwrite it.
func (s *Store) Add(scope string, cert tls.Certificate) error {
// Parse certificate if not already parsed
if cert.Leaf == nil {
parsed, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return err
}
cert.Leaf = parsed
}
if err := s.write(scope, cert); err != nil {
return err
}
s.mu.Lock()
defer s.mu.Unlock()
if s.certs == nil {
s.certs = make(map[string]tls.Certificate)
}
s.certs[scope] = cert
return nil
}
func (s *Store) write(scope string, cert tls.Certificate) error {
s.mu.RLock()
defer s.mu.RUnlock()
if s.path != "" {
certPath := filepath.Join(s.path, scope+".crt")
keyPath := filepath.Join(s.path, scope+".key")
if err := Write(cert, certPath, keyPath); err != nil {
return err
}
}
return nil
}
// Get retrieves a certificate for the given hostname.
// If no matching scope has been registered, Get returns an error.
// Get generates new certificates as needed and rotates expired certificates.
// It calls CreateCertificate to create a new certificate if it is not nil,
// otherwise it creates certificates with a duration of 100 years.
//
// Get is suitable for use in a gemini.Server's GetCertificate field.
func (s *Store) Get(hostname string) (*tls.Certificate, error) {
s.mu.RLock()
_, ok := s.scopes[hostname]
if !ok {
// Try wildcard
wildcard := strings.SplitN(hostname, ".", 2)
if len(wildcard) == 2 {
hostname = "*." + wildcard[1]
_, ok = s.scopes[hostname]
}
}
if !ok {
// Try "*"
_, ok = s.scopes["*"]
}
if !ok {
s.mu.RUnlock()
return nil, errors.New("unrecognized scope")
}
cert := s.certs[hostname]
s.mu.RUnlock()
// If the certificate is empty or expired, generate a new one.
if cert.Leaf == nil || cert.Leaf.NotAfter.Before(time.Now()) {
var err error
cert, err = s.createCertificate(hostname)
if err != nil {
return nil, err
}
if err := s.Add(hostname, cert); err != nil {
return nil, fmt.Errorf("failed to add certificate for %s: %w", hostname, err)
}
}
return &cert, nil
}
// Lookup returns the certificate for the provided scope.
func (s *Store) Lookup(scope string) (tls.Certificate, bool) {
s.mu.RLock()
defer s.mu.RUnlock()
cert, ok := s.certs[scope]
return cert, ok
}
func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
if s.CreateCertificate != nil {
return s.CreateCertificate(scope)
}
return Create(CreateOptions{
DNSNames: []string{scope},
Subject: pkix.Name{
CommonName: scope,
},
Duration: 100 * 365 * 24 * time.Hour,
})
}
// Load loads certificates from the provided path.
// New certificates will be written to this path.
// The path should lead to a directory containing certificates
// and private keys named "scope.crt" and "scope.key" respectively,
// where "scope" is the scope of the certificate.
func (s *Store) Load(path string) error {
if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
return err
}
path = filepath.Clean(path)
matches, err := filepath.Glob(filepath.Join(path, "*.crt"))
if err != nil {
return err
}
for _, crtPath := range matches {
keyPath := strings.TrimSuffix(crtPath, ".crt") + ".key"
cert, err := tls.LoadX509KeyPair(crtPath, keyPath)
if err != nil {
continue
}
scope := strings.TrimPrefix(crtPath, path)
scope = strings.TrimPrefix(scope, "/")
scope = strings.TrimSuffix(scope, ".crt")
s.Add(scope, cert)
}
s.mu.Lock()
defer s.mu.Unlock()
s.path = path
return nil
}
// Entries returns a map of scopes to certificates.
func (s *Store) Entries() map[string]tls.Certificate {
s.mu.RLock()
defer s.mu.RUnlock()
certs := make(map[string]tls.Certificate)
for key := range s.certs {
certs[key] = s.certs[key]
}
return certs
}
// SetPath sets the path that new certificates will be written to.
func (s *Store) SetPath(path string) {
s.mu.Lock()
defer s.mu.Unlock()
s.path = filepath.Clean(path)
}

235
client.go
View File

@ -1,104 +1,106 @@
package gemini
import (
"bufio"
"context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"net"
"time"
"net/url"
"unicode/utf8"
"golang.org/x/net/idna"
)
// A Client is a Gemini client. Its zero value is a usable client.
type Client struct {
// TrustCertificate is called to determine whether the client
// should trust the certificate provided by the server.
// If TrustCertificate is nil, the client will accept any certificate.
// If the returned error is not nil, the certificate will not be trusted
// TrustCertificate is called to determine whether the client should
// trust the certificate provided by the server.
// If TrustCertificate is nil or returns nil, the client will accept
// any certificate. Otherwise, the certificate will not be trusted
// and the request will be aborted.
//
// See the tofu submodule for an implementation of trust on first use.
TrustCertificate func(hostname string, cert *x509.Certificate) error
// Timeout specifies a time limit for requests made by this
// Client. The timeout includes connection time and reading
// the response body. The timer remains running after
// Get or Do return and will interrupt reading of the Response.Body.
//
// A Timeout of zero means no timeout.
Timeout time.Duration
// DialContext specifies the dial function for creating TCP connections.
// If DialContext is nil, the client dials using package net.
DialContext func(ctx context.Context, network, addr string) (net.Conn, error)
}
// Get sends a Gemini request for the given URL.
// The context controls the entire lifetime of a request and its response:
// obtaining a connection, sending the request, and reading the response
// header and body.
//
// An error is returned if there was a Gemini protocol error.
// A non-2x status code doesn't cause an error.
//
// If the returned error is nil, the Response will contain a non-nil Body
// which the user is expected to close.
// If the returned error is nil, the user is expected to close the Response.
//
// For more control over requests, use NewRequest and Client.Do.
func (c *Client) Get(url string) (*Response, error) {
func (c *Client) Get(ctx context.Context, url string) (*Response, error) {
req, err := NewRequest(url)
if err != nil {
return nil, err
}
return c.Do(req)
return c.Do(ctx, req)
}
// Do sends a Gemini request and returns a Gemini response, following
// policy as configured on the client.
// Do sends a Gemini request and returns a Gemini response.
// The context controls the entire lifetime of a request and its response:
// obtaining a connection, sending the request, and reading the response
// header and body.
//
// An error is returned if there was a Gemini protocol error.
// A non-2x status code doesn't cause an error.
//
// If the returned error is nil, the Response will contain a non-nil Body
// which the user is expected to close.
//
// Generally Get will be used instead of Do.
func (c *Client) Do(req *Request) (*Response, error) {
// Punycode request URL host
hostname, port, err := net.SplitHostPort(req.URL.Host)
if err != nil {
// Likely no port
hostname = req.URL.Host
port = "1965"
// If the returned error is nil, the user is expected to close the Response.
func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
if ctx == nil {
panic("nil context")
}
punycode, err := punycodeHostname(hostname)
// Punycode request URL host
host, port := splitHostPort(req.URL.Host)
punycode, err := punycodeHostname(host)
if err != nil {
return nil, err
}
if hostname != punycode {
hostname = punycode
if host != punycode {
host = punycode
// Make a copy of the request
_req := *req
req = &_req
_url := *req.URL
req.URL = &_url
// Copy the URL and update the host
u := new(url.URL)
*u = *req.URL
u.Host = net.JoinHostPort(host, port)
// Set the host
req.URL.Host = net.JoinHostPort(hostname, port)
// Use the new URL in the request so that the server gets
// the punycoded hostname
r := new(Request)
*r = *req
r.URL = u
req = r
}
// Use request host if provided
if req.Host != "" {
hostname, port, err = net.SplitHostPort(req.Host)
if err != nil {
// Port is required
return nil, err
}
// Punycode hostname
hostname, err = punycodeHostname(hostname)
host, port = splitHostPort(req.Host)
host, err = punycodeHostname(host)
if err != nil {
return nil, err
}
}
addr := net.JoinHostPort(host, port)
// Connect to the host
config := &tls.Config{
conn, err := c.dialContext(ctx, "tcp", addr)
if err != nil {
return nil, err
}
// Setup TLS
conn = tls.Client(conn, &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
GetClientCertificate: func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) {
@ -108,89 +110,108 @@ func (c *Client) Do(req *Request) (*Response, error) {
return &tls.Certificate{}, nil
},
VerifyConnection: func(cs tls.ConnectionState) error {
return c.verifyConnection(hostname, punycode, cs)
return c.verifyConnection(cs, host)
},
ServerName: hostname,
ServerName: host,
})
type result struct {
resp *Response
err error
}
ctx := req.Context
if ctx == nil {
ctx = context.Background()
}
res := make(chan result, 1)
go func() {
resp, err := c.do(ctx, conn, req)
res <- result{resp, err}
}()
start := time.Now()
dialer := net.Dialer{
Timeout: c.Timeout,
}
address := net.JoinHostPort(hostname, port)
netConn, err := dialer.DialContext(ctx, "tcp", address)
if err != nil {
return nil, err
}
conn := tls.Client(netConn, config)
// Set connection deadline
if c.Timeout != 0 {
err := conn.SetDeadline(start.Add(c.Timeout))
if err != nil {
return nil, fmt.Errorf("failed to set connection deadline: %w", err)
select {
case <-ctx.Done():
conn.Close()
return nil, ctx.Err()
case r := <-res:
if r.err != nil {
conn.Close()
}
return r.resp, r.err
}
resp, err := c.do(conn, req)
if err != nil {
// If we fail to perform the request/response we have
// to take responsibility for closing the connection.
_ = conn.Close()
return nil, err
}
// Store connection state
state := conn.ConnectionState()
resp.TLS = &state
return resp, nil
}
func (c *Client) do(conn *tls.Conn, req *Request) (*Response, error) {
// Write the request
w := bufio.NewWriter(conn)
err := req.Write(w)
if err != nil {
return nil, fmt.Errorf("failed to write request: %w", err)
func (c *Client) do(ctx context.Context, conn net.Conn, req *Request) (*Response, error) {
ctx, cancel := context.WithCancel(ctx)
done := ctx.Done()
w := &contextWriter{
ctx: ctx,
done: done,
cancel: cancel,
wc: conn,
}
rc := &contextReader{
ctx: ctx,
done: done,
cancel: cancel,
rc: conn,
}
if err := w.Flush(); err != nil {
// Write the request
if _, err := req.WriteTo(w); err != nil {
return nil, err
}
// Read the response
resp, err := ReadResponse(conn)
resp, err := ReadResponse(rc)
if err != nil {
return nil, err
}
resp.conn = conn
return resp, nil
}
func (c *Client) verifyConnection(hostname, punycode string, cs tls.ConnectionState) error {
cert := cs.PeerCertificates[0]
// Verify punycoded hostname
if err := verifyHostname(cert, punycode); err != nil {
return err
}
// Check expiration date
if !time.Now().Before(cert.NotAfter) {
return errors.New("gemini: certificate expired")
func (c *Client) dialContext(ctx context.Context, network, addr string) (net.Conn, error) {
if c.DialContext != nil {
return c.DialContext(ctx, network, addr)
}
return (&net.Dialer{}).DialContext(ctx, network, addr)
}
func (c *Client) verifyConnection(cs tls.ConnectionState, hostname string) error {
// See if the client trusts the certificate
if c.TrustCertificate != nil {
cert := cs.PeerCertificates[0]
return c.TrustCertificate(hostname, cert)
}
return nil
}
func splitHostPort(hostport string) (host, port string) {
var err error
host, port, err = net.SplitHostPort(hostport)
if err != nil {
// Likely no port
host = hostport
port = "1965"
}
return
}
func isASCII(s string) bool {
for i := 0; i < len(s); i++ {
if s[i] >= utf8.RuneSelf {
return false
}
}
return true
}
// punycodeHostname returns the punycoded version of hostname.
func punycodeHostname(hostname string) (string, error) {
if net.ParseIP(hostname) != nil {
return hostname, nil
}
if isASCII(hostname) {
return hostname, nil
}
return idna.Lookup.ToASCII(hostname)
}

28
doc.go
View File

@ -1,10 +1,11 @@
/*
Package gemini implements the Gemini protocol.
Package gemini provides Gemini client and server implementations.
Client is a Gemini client.
client := &gemini.Client{}
resp, err := client.Get("gemini://example.com")
ctx := context.Background()
resp, err := client.Get(ctx, "gemini://example.com")
if err != nil {
// handle error
}
@ -20,26 +21,33 @@ Server is a Gemini server.
Servers should be configured with certificates:
err := server.Certificates.Load("/var/lib/gemini/certs")
certificates := &certificate.Store{}
certificates.Register("localhost")
err := certificates.Load("/var/lib/gemini/certs")
if err != nil {
// handle error
}
server.GetCertificate = certificates.Get
Servers can accept requests for multiple hosts and schemes:
Mux is a Gemini request multiplexer.
Mux can handle requests for multiple hosts and paths.
server.RegisterFunc("example.com", func(w gemini.ResponseWriter, r *gemini.Request) {
mux := &gemini.Mux{}
mux.HandleFunc("example.com", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprint(w, "Welcome to example.com")
})
server.RegisterFunc("example.org", func(w gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprint(w, "Welcome to example.org")
mux.HandleFunc("example.org/about.gmi", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprint(w, "About example.org")
})
server.RegisterFunc("http://example.net", func(w gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprint(w, "Proxied content from http://example.net")
mux.HandleFunc("/images/", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
w.WriteHeader(gemini.StatusGone, "Gone forever")
})
server.Handler = mux
To start the server, call ListenAndServe:
err := server.ListenAndServe()
ctx := context.Background()
err := server.ListenAndServe(ctx)
if err != nil {
// handle error
}

View File

@ -3,16 +3,15 @@
package main
import (
"context"
"crypto/sha512"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"fmt"
"log"
"time"
"git.sr.ht/~adnano/go-gemini"
"git.sr.ht/~adnano/go-gemini/certificate"
"git.tebibyte.media/sashakoshka/go-gemini"
"git.tebibyte.media/sashakoshka/go-gemini/certificate"
)
type User struct {
@ -25,26 +24,24 @@ var (
)
func main() {
var mux gemini.ServeMux
certificates := &certificate.Store{}
certificates.Register("localhost")
if err := certificates.Load("/var/lib/gemini/certs"); err != nil {
log.Fatal(err)
}
mux := &gemini.Mux{}
mux.HandleFunc("/", profile)
mux.HandleFunc("/username", changeUsername)
var server gemini.Server
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
log.Fatal(err)
server := &gemini.Server{
Handler: mux,
ReadTimeout: 30 * time.Second,
WriteTimeout: 1 * time.Minute,
GetCertificate: certificates.Get,
}
server.GetCertificate = func(hostname string) (tls.Certificate, error) {
return certificate.Create(certificate.CreateOptions{
Subject: pkix.Name{
CommonName: hostname,
},
DNSNames: []string{hostname},
Duration: time.Hour,
})
}
server.Handle("localhost", &mux)
if err := server.ListenAndServe(); err != nil {
if err := server.ListenAndServe(context.Background()); err != nil {
log.Fatal(err)
}
}
@ -54,12 +51,13 @@ func fingerprint(cert *x509.Certificate) string {
return string(b[:])
}
func profile(w gemini.ResponseWriter, r *gemini.Request) {
if len(r.TLS.PeerCertificates) == 0 {
w.Status(gemini.StatusCertificateRequired)
func profile(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
tls := r.TLS
if len(tls.PeerCertificates) == 0 {
w.WriteHeader(gemini.StatusCertificateRequired, "Certificate required")
return
}
fingerprint := fingerprint(r.TLS.PeerCertificates[0])
fingerprint := fingerprint(tls.PeerCertificates[0])
user, ok := users[fingerprint]
if !ok {
user = &User{}
@ -69,23 +67,24 @@ func profile(w gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprintln(w, "=> /username Change username")
}
func changeUsername(w gemini.ResponseWriter, r *gemini.Request) {
if len(r.TLS.PeerCertificates) == 0 {
w.Status(gemini.StatusCertificateRequired)
func changeUsername(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
tls := r.TLS
if len(tls.PeerCertificates) == 0 {
w.WriteHeader(gemini.StatusCertificateRequired, "Certificate required")
return
}
username, err := gemini.QueryUnescape(r.URL.RawQuery)
if err != nil || username == "" {
w.Header(gemini.StatusInput, "Username")
w.WriteHeader(gemini.StatusInput, "Username")
return
}
fingerprint := fingerprint(r.TLS.PeerCertificates[0])
fingerprint := fingerprint(tls.PeerCertificates[0])
user, ok := users[fingerprint]
if !ok {
user = &User{}
users[fingerprint] = user
}
user.Name = username
w.Header(gemini.StatusRedirect, "/")
w.WriteHeader(gemini.StatusRedirect, "/")
}

View File

@ -11,7 +11,7 @@ import (
"os"
"time"
"git.sr.ht/~adnano/go-gemini/certificate"
"git.tebibyte.media/sashakoshka/go-gemini/certificate"
)
func main() {

View File

@ -6,20 +6,18 @@ package main
import (
"bufio"
"bytes"
"context"
"crypto/x509"
"errors"
"fmt"
"io/ioutil"
"io"
"log"
"net/url"
"os"
"path/filepath"
"time"
"git.sr.ht/~adnano/go-gemini"
"git.sr.ht/~adnano/go-gemini/tofu"
"git.sr.ht/~adnano/go-xdg"
"git.tebibyte.media/sashakoshka/go-gemini"
"git.tebibyte.media/sashakoshka/go-gemini/tofu"
)
var (
@ -28,9 +26,16 @@ var (
scanner *bufio.Scanner
)
func xdgDataHome() string {
if s, ok := os.LookupEnv("XDG_DATA_HOME"); ok {
return s
}
return filepath.Join(os.Getenv("HOME"), ".local", "share")
}
func init() {
// Load known hosts file
path := filepath.Join(xdg.DataHome(), "gemini", "known_hosts")
path := filepath.Join(xdgDataHome(), "gemini", "known_hosts")
err := hosts.Load(path)
if err != nil {
log.Fatal(err)
@ -54,15 +59,14 @@ Otherwise, this should be safe to trust.
=> `
func trustCertificate(hostname string, cert *x509.Certificate) error {
host := tofu.NewHost(hostname, cert.Raw, cert.NotAfter)
host := tofu.NewHost(hostname, cert.Raw)
knownHost, ok := hosts.Lookup(hostname)
if ok && time.Now().Before(knownHost.Expires) {
if ok {
// Check fingerprint
if bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
return nil
if knownHost.Fingerprint != host.Fingerprint {
return errors.New("error: fingerprint does not match!")
}
return errors.New("error: fingerprint does not match!")
return nil
}
fmt.Printf(trustPrompt, hostname, host.Fingerprint)
@ -80,7 +84,7 @@ func trustCertificate(hostname string, cert *x509.Certificate) error {
}
}
func getInput(prompt string, sensitive bool) (input string, ok bool) {
func getInput(prompt string) (input string, ok bool) {
fmt.Printf("%s ", prompt)
scanner.Scan()
return scanner.Text(), true
@ -90,14 +94,15 @@ func do(req *gemini.Request, via []*gemini.Request) (*gemini.Response, error) {
client := gemini.Client{
TrustCertificate: trustCertificate,
}
resp, err := client.Do(req)
ctx := context.Background()
resp, err := client.Do(ctx, req)
if err != nil {
return resp, err
}
switch gemini.StatusClass(resp.Status) {
switch resp.Status.Class() {
case gemini.StatusInput:
input, ok := getInput(resp.Meta, resp.Status == gemini.StatusSensitiveInput)
input, ok := getInput(resp.Meta)
if !ok {
break
}
@ -148,12 +153,11 @@ func main() {
defer resp.Body.Close()
// Handle response
if gemini.StatusClass(resp.Status) == gemini.StatusSuccess {
body, err := ioutil.ReadAll(resp.Body)
if resp.Status.Class() == gemini.StatusSuccess {
_, err := io.Copy(os.Stdout, resp.Body)
if err != nil {
log.Fatal(err)
}
fmt.Print(string(body))
} else {
fmt.Printf("%d %s\n", resp.Status, resp.Meta)
os.Exit(1)

View File

@ -10,7 +10,7 @@ import (
"io"
"os"
"git.sr.ht/~adnano/go-gemini"
"git.tebibyte.media/sashakoshka/go-gemini"
)
func main() {

View File

@ -5,37 +5,54 @@
package main
import (
"crypto/tls"
"crypto/x509/pkix"
"context"
"log"
"os"
"os/signal"
"time"
"git.sr.ht/~adnano/go-gemini"
"git.sr.ht/~adnano/go-gemini/certificate"
"git.tebibyte.media/sashakoshka/go-gemini"
"git.tebibyte.media/sashakoshka/go-gemini/certificate"
)
func main() {
var server gemini.Server
server.ReadTimeout = 30 * time.Second
server.WriteTimeout = 1 * time.Minute
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
certificates := &certificate.Store{}
certificates.Register("localhost")
if err := certificates.Load("/var/lib/gemini/certs"); err != nil {
log.Fatal(err)
}
server.GetCertificate = func(hostname string) (tls.Certificate, error) {
return certificate.Create(certificate.CreateOptions{
Subject: pkix.Name{
CommonName: hostname,
},
DNSNames: []string{hostname},
Duration: 365 * 24 * time.Hour,
})
mux := &gemini.Mux{}
mux.Handle("/", gemini.FileServer(os.DirFS("/var/www")))
server := &gemini.Server{
Handler: gemini.LoggingMiddleware(mux),
ReadTimeout: 30 * time.Second,
WriteTimeout: 1 * time.Minute,
GetCertificate: certificates.Get,
}
var mux gemini.ServeMux
mux.Handle("/", gemini.FileServer(gemini.Dir("/var/www")))
// Listen for interrupt signal
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt)
server.Handle("localhost", &mux)
if err := server.ListenAndServe(); err != nil {
errch := make(chan error)
go func() {
ctx := context.Background()
errch <- server.ListenAndServe(ctx)
}()
select {
case err := <-errch:
log.Fatal(err)
case <-c:
// Shutdown the server
log.Println("Shutting down...")
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
err := server.Shutdown(ctx)
if err != nil {
log.Fatal(err)
}
}
}

View File

@ -6,66 +6,49 @@ package main
import (
"context"
"crypto/tls"
"crypto/x509/pkix"
"fmt"
"log"
"time"
"git.sr.ht/~adnano/go-gemini"
"git.sr.ht/~adnano/go-gemini/certificate"
"git.tebibyte.media/sashakoshka/go-gemini"
"git.tebibyte.media/sashakoshka/go-gemini/certificate"
)
func main() {
var server gemini.Server
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
certificates := &certificate.Store{}
certificates.Register("localhost")
if err := certificates.Load("/var/lib/gemini/certs"); err != nil {
log.Fatal(err)
}
server.GetCertificate = func(hostname string) (tls.Certificate, error) {
return certificate.Create(certificate.CreateOptions{
Subject: pkix.Name{
CommonName: hostname,
},
DNSNames: []string{hostname},
Duration: 365 * 24 * time.Hour,
})
mux := &gemini.Mux{}
mux.HandleFunc("/", stream)
server := &gemini.Server{
Handler: mux,
ReadTimeout: 30 * time.Second,
WriteTimeout: 1 * time.Minute,
GetCertificate: certificates.Get,
}
server.HandleFunc("localhost", stream)
if err := server.ListenAndServe(); err != nil {
ctx := context.Background()
if err := server.ListenAndServe(ctx); err != nil {
log.Fatal(err)
}
}
// stream writes an infinite stream to w.
func stream(w gemini.ResponseWriter, r *gemini.Request) {
ch := make(chan string)
ctx, cancel := context.WithCancel(context.Background())
go func(ctx context.Context) {
for {
select {
case <-ctx.Done():
return
default:
ch <- fmt.Sprint(time.Now().UTC())
}
time.Sleep(time.Second)
}
// Close channel when finished.
// In this example this will never be reached.
close(ch)
}(ctx)
func stream(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
for {
s, ok := <-ch
if !ok {
break
select {
case <-ctx.Done():
return
default:
}
fmt.Fprintln(w, s)
fmt.Fprintln(w, time.Now().UTC())
if err := w.Flush(); err != nil {
cancel()
return
}
time.Sleep(time.Second)
}
}

241
fs.go
View File

@ -1,127 +1,186 @@
// +build go1.16
package gemini
import (
"context"
"errors"
"fmt"
"io"
"io/fs"
"mime"
"os"
"net/url"
"path"
"sort"
"strings"
)
func init() {
// Add Gemini mime types
mime.AddExtensionType(".gmi", "text/gemini")
mime.AddExtensionType(".gemini", "text/gemini")
}
// A FileSystem implements access to a collection of named files. The elements
// in a file path are separated by slash ('/', U+002F) characters, regardless
// of host operating system convention.
type FileSystem interface {
Open(name string) (File, error)
}
// A File is returned by a FileSystem's Open method and can be served by the
// FileServer implementation.
//
// The methods should behave the same as those on an *os.File.
type File interface {
Stat() (os.FileInfo, error)
Read([]byte) (int, error)
Close() error
}
// A Dir implements FileSystem using the native file system restricted
// to a specific directory tree.
//
// While the FileSystem.Open method takes '/'-separated paths, a Dir's string
// value is a filename on the native file system, not a URL, so it is separated
// by filepath.Separator, which isn't necessarily '/'.
//
// Note that Dir could expose sensitive files and directories. Dir will follow
// symlinks pointing out of the directory tree, which can be especially
// dangerous if serving from a directory in which users are able to create
// arbitrary symlinks. Dir will also allow access to files and directories
// starting with a period, which could expose sensitive directories like .git
// or sensitive files like .htpasswd. To exclude files with a leading period,
// remove the files/directories from the server or create a custom FileSystem
// implementation.
//
// An empty Dir is treated as ".".
type Dir string
// Open implements FileSystem using os.Open, opening files for reading
// rooted and relative to the directory d.
func (d Dir) Open(name string) (File, error) {
return os.Open(path.Join(string(d), name))
}
// FileServer returns a handler that serves Gemini requests with the contents
// of the provided file system.
//
// To use the operating system's file system implementation, use gemini.Dir:
// To use the operating system's file system implementation, use os.DirFS:
//
// gemini.FileServer(gemini.Dir("/tmp"))
func FileServer(fsys FileSystem) Handler {
// gemini.FileServer(os.DirFS("/tmp"))
func FileServer(fsys fs.FS) Handler {
return fileServer{fsys}
}
type fileServer struct {
FileSystem
fs.FS
}
func (fs fileServer) ServeGemini(w ResponseWriter, r *Request) {
ServeFile(w, fs, r.URL.Path)
}
func (fsys fileServer) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
const indexPage = "/index.gmi"
// ServeFile responds to the request with the contents of the named file
// or directory.
//
// If the provided file or directory name is a relative path, it is interpreted
// relative to the current directory and may ascend to parent directories. If
// the provided name is constructed from user input, it should be sanitized
// before calling ServeFile.
func ServeFile(w ResponseWriter, fsys FileSystem, name string) {
f, err := openFile(fsys, name)
if err != nil {
w.Status(StatusNotFound)
url := path.Clean(r.URL.Path)
// Redirect .../index.gmi to .../
if strings.HasSuffix(url, indexPage) {
w.WriteHeader(StatusPermanentRedirect, strings.TrimSuffix(url, "index.gmi"))
return
}
// Detect mimetype
ext := path.Ext(name)
mimetype := mime.TypeByExtension(ext)
w.Meta(mimetype)
// Copy file to response writer
_, _ = io.Copy(w, f)
}
func openFile(fsys FileSystem, name string) (File, error) {
name := url
if name == "/" {
name = "."
} else {
name = strings.TrimPrefix(name, "/")
}
f, err := fsys.Open(name)
if err != nil {
return nil, err
w.WriteHeader(toGeminiError(err))
return
}
defer f.Close()
stat, err := f.Stat()
if err != nil {
return nil, err
w.WriteHeader(toGeminiError(err))
return
}
if stat.Mode().IsRegular() {
return f, nil
// Redirect to canonical path
if len(r.URL.Path) != 0 {
if stat.IsDir() {
target := url
if target != "/" {
target += "/"
}
if len(r.URL.Path) != len(target) || r.URL.Path != target {
w.WriteHeader(StatusPermanentRedirect, target)
return
}
} else if r.URL.Path[len(r.URL.Path)-1] == '/' {
// Remove trailing slash
w.WriteHeader(StatusPermanentRedirect, url)
return
}
}
if stat.IsDir() {
// Try opening index.gmi
f, err := fsys.Open(path.Join(name, "index.gmi"))
if err != nil {
return nil, err
}
stat, err := f.Stat()
if err != nil {
return nil, err
}
if stat.Mode().IsRegular() {
return f, nil
// Use contents of index.gmi if present
name = path.Join(name, indexPage)
index, err := fsys.Open(name)
if err == nil {
defer index.Close()
f = index
} else {
// Failed to find index file
dirList(w, f)
return
}
}
return nil, os.ErrNotExist
// Detect mimetype from file extension
ext := path.Ext(name)
mimetype := mime.TypeByExtension(ext)
w.SetMediaType(mimetype)
io.Copy(w, f)
}
// ServeFile responds to the request with the contents of the named file
// or directory. If the provided name is constructed from user input, it
// should be sanitized before calling ServeFile.
func ServeFile(w ResponseWriter, fsys fs.FS, name string) {
const indexPage = "/index.gmi"
// Ensure name is relative
if name == "/" {
name = "."
} else {
name = strings.TrimLeft(name, "/")
}
f, err := fsys.Open(name)
if err != nil {
w.WriteHeader(toGeminiError(err))
return
}
defer f.Close()
stat, err := f.Stat()
if err != nil {
w.WriteHeader(toGeminiError(err))
return
}
if stat.IsDir() {
// Use contents of index file if present
name = path.Join(name, indexPage)
index, err := fsys.Open(name)
if err == nil {
defer index.Close()
f = index
} else {
// Failed to find index file
dirList(w, f)
return
}
}
// Detect mimetype from file extension
ext := path.Ext(name)
mimetype := mime.TypeByExtension(ext)
w.SetMediaType(mimetype)
io.Copy(w, f)
}
func dirList(w ResponseWriter, f fs.File) {
var entries []fs.DirEntry
var err error
d, ok := f.(fs.ReadDirFile)
if ok {
entries, err = d.ReadDir(-1)
}
if !ok || err != nil {
w.WriteHeader(StatusTemporaryFailure, "Error reading directory")
return
}
sort.Slice(entries, func(i, j int) bool {
return entries[i].Name() < entries[j].Name()
})
for _, entry := range entries {
name := entry.Name()
if entry.IsDir() {
name += "/"
}
link := LineLink{
Name: name,
URL: "./" + url.PathEscape(name),
}
fmt.Fprintln(w, link.String())
}
}
func toGeminiError(err error) (status Status, meta string) {
if errors.Is(err, fs.ErrNotExist) {
return StatusNotFound, "Not found"
}
if errors.Is(err, fs.ErrPermission) {
return StatusNotFound, "Forbidden"
}
return StatusTemporaryFailure, "Internal server error"
}

View File

@ -2,27 +2,33 @@ package gemini
import (
"errors"
"mime"
)
var crlf = []byte("\r\n")
func init() {
// Add Gemini mime types
mime.AddExtensionType(".gmi", "text/gemini")
mime.AddExtensionType(".gemini", "text/gemini")
}
// Errors.
var (
ErrInvalidURL = errors.New("gemini: invalid URL")
ErrInvalidRequest = errors.New("gemini: invalid request")
ErrInvalidResponse = errors.New("gemini: invalid response")
// ErrBodyNotAllowed is returned by ResponseWriter.Write calls
// when the response status code does not permit a body.
ErrBodyNotAllowed = errors.New("gemini: response status code does not allow body")
// ErrServerClosed is returned by the Server's Serve and ListenAndServe
// methods after a call to Shutdown or Close.
ErrServerClosed = errors.New("gemini: server closed")
// ErrAbortHandler is a sentinel panic value to abort a handler.
// While any panic from ServeGemini aborts the response to the client,
// panicking with ErrAbortHandler also suppresses logging of a stack
// trace to the server's error log.
ErrAbortHandler = errors.New("net/http: abort Handler")
)
var crlf = []byte("\r\n")
func trimCRLF(b []byte) ([]byte, bool) {
// Check for CR
if len(b) < 2 || b[len(b)-2] != '\r' {
return nil, false
}
// Trim CRLF
b = b[:len(b)-2]
return b, true
}

2
go.mod
View File

@ -1,4 +1,4 @@
module git.sr.ht/~adnano/go-gemini
module git.tebibyte.media/sashakoshka/go-gemini
go 1.15

158
handler.go Normal file
View File

@ -0,0 +1,158 @@
package gemini
import (
"bytes"
"context"
"io"
"net/url"
"strings"
"time"
)
// A Handler responds to a Gemini request.
//
// ServeGemini should write the response header and data to the ResponseWriter
// and then return. Returning signals that the request is finished; it is not
// valid to use the ResponseWriter after or concurrently with the completion
// of the ServeGemini call.
//
// The provided context is canceled when the client's connection is closed
// or the ServeGemini method returns.
//
// Handlers should not modify the provided Request.
type Handler interface {
ServeGemini(context.Context, ResponseWriter, *Request)
}
// The HandlerFunc type is an adapter to allow the use of ordinary functions
// as Gemini handlers. If f is a function with the appropriate signature,
// HandlerFunc(f) is a Handler that calls f.
type HandlerFunc func(context.Context, ResponseWriter, *Request)
// ServeGemini calls f(ctx, w, r).
func (f HandlerFunc) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
f(ctx, w, r)
}
// StatusHandler returns a request handler that responds to each request
// with the provided status code and meta.
func StatusHandler(status Status, meta string) Handler {
return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
w.WriteHeader(status, meta)
})
}
// NotFoundHandler returns a simple request handler that replies to each
// request with a “51 Not found” reply.
func NotFoundHandler() Handler {
return StatusHandler(StatusNotFound, "Not found")
}
// StripPrefix returns a handler that serves Gemini requests by removing the
// given prefix from the request URL's Path (and RawPath if set) and invoking
// the handler h. StripPrefix handles a request for a path that doesn't begin
// with prefix by replying with a Gemini 51 not found error. The prefix must
// match exactly: if the prefix in the request contains escaped characters the
// reply is also a Gemini 51 not found error.
func StripPrefix(prefix string, h Handler) Handler {
if prefix == "" {
return h
}
return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
p := strings.TrimPrefix(r.URL.Path, prefix)
rp := strings.TrimPrefix(r.URL.RawPath, prefix)
if len(p) < len(r.URL.Path) && (r.URL.RawPath == "" || len(rp) < len(r.URL.RawPath)) {
r2 := new(Request)
*r2 = *r
r2.URL = new(url.URL)
*r2.URL = *r.URL
r2.URL.Path = p
r2.URL.RawPath = rp
h.ServeGemini(ctx, w, r2)
} else {
w.WriteHeader(StatusNotFound, "Not found")
}
})
}
// TimeoutHandler returns a Handler that runs h with the given time limit.
//
// The new Handler calls h.ServeGemini to handle each request, but
// if a call runs for longer than its time limit, the handler responds with a
// 40 Temporary Failure status code and the given message in its response meta.
// After such a timeout, writes by h to its ResponseWriter will return
// context.DeadlineExceeded.
func TimeoutHandler(h Handler, dt time.Duration, message string) Handler {
return &timeoutHandler{
h: h,
dt: dt,
msg: message,
}
}
type timeoutHandler struct {
h Handler
dt time.Duration
msg string
}
func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
ctx, cancel := context.WithTimeout(ctx, t.dt)
defer cancel()
buf := &bytes.Buffer{}
tw := &timeoutWriter{
wr: &contextWriter{
ctx: ctx,
cancel: cancel,
done: ctx.Done(),
wc: nopCloser{buf},
},
}
done := make(chan struct{})
go func() {
t.h.ServeGemini(ctx, tw, r)
close(done)
}()
select {
case <-done:
w.WriteHeader(tw.status, tw.meta)
w.Write(buf.Bytes())
case <-ctx.Done():
w.WriteHeader(StatusTemporaryFailure, t.msg)
}
}
type timeoutWriter struct {
wr io.Writer
status Status
meta string
mediatype string
wroteHeader bool
}
func (w *timeoutWriter) SetMediaType(mediatype string) {
w.mediatype = mediatype
}
func (w *timeoutWriter) Write(b []byte) (int, error) {
if !w.wroteHeader {
w.WriteHeader(StatusSuccess, w.mediatype)
}
return w.wr.Write(b)
}
func (w *timeoutWriter) WriteHeader(status Status, meta string) {
if w.wroteHeader {
return
}
w.status = status
w.meta = meta
w.wroteHeader = true
}
func (w *timeoutWriter) Flush() error {
return nil
}

76
io.go Normal file
View File

@ -0,0 +1,76 @@
package gemini
import (
"context"
"io"
)
type contextReader struct {
ctx context.Context
done <-chan struct{}
cancel func()
rc io.ReadCloser
}
func (r *contextReader) Read(p []byte) (int, error) {
select {
case <-r.done:
r.rc.Close()
return 0, r.ctx.Err()
default:
}
n, err := r.rc.Read(p)
if err != nil {
r.cancel()
}
return n, err
}
func (r *contextReader) Close() error {
r.cancel()
return r.rc.Close()
}
type contextWriter struct {
ctx context.Context
done <-chan struct{}
cancel func()
wc io.WriteCloser
}
func (w *contextWriter) Write(b []byte) (int, error) {
select {
case <-w.done:
w.wc.Close()
return 0, w.ctx.Err()
default:
}
n, err := w.wc.Write(b)
if err != nil {
w.cancel()
}
return n, err
}
func (w *contextWriter) Close() error {
w.cancel()
return w.wc.Close()
}
type nopCloser struct {
io.Writer
}
func (nopCloser) Close() error {
return nil
}
type nopReadCloser struct{}
func (nopReadCloser) Read(p []byte) (int, error) {
return 0, io.EOF
}
func (nopReadCloser) Close() error {
return nil
}

58
middleware.go Normal file
View File

@ -0,0 +1,58 @@
package gemini
import (
"context"
"log"
)
// LoggingMiddleware returns a handler that wraps h and logs Gemini requests
// and their responses to the log package's standard logger.
// Requests are logged with the format "gemini: {host} {URL} {status code} {bytes written}".
func LoggingMiddleware(h Handler) Handler {
return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
lw := &logResponseWriter{rw: w}
h.ServeGemini(ctx, lw, r)
host := r.ServerName()
log.Printf("gemini: %s %q %d %d", host, r.URL, lw.Status, lw.Wrote)
})
}
type logResponseWriter struct {
Status Status
Wrote int
rw ResponseWriter
mediatype string
wroteHeader bool
}
func (w *logResponseWriter) SetMediaType(mediatype string) {
w.mediatype = mediatype
}
func (w *logResponseWriter) Write(b []byte) (int, error) {
if !w.wroteHeader {
meta := w.mediatype
if meta == "" {
// Use default media type
meta = defaultMediaType
}
w.WriteHeader(StatusSuccess, meta)
}
n, err := w.rw.Write(b)
w.Wrote += n
return n, err
}
func (w *logResponseWriter) WriteHeader(status Status, meta string) {
if w.wroteHeader {
return
}
w.wroteHeader = true
w.Status = status
w.Wrote += len(meta) + 5
w.rw.WriteHeader(status, meta)
}
func (w *logResponseWriter) Flush() error {
return nil
}

187
mux.go
View File

@ -1,6 +1,12 @@
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE-GO file.
package gemini
import (
"context"
"net"
"net/url"
"path"
"sort"
@ -8,13 +14,7 @@ import (
"sync"
)
// The following code is modified from the net/http package.
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// ServeMux is a Gemini request multiplexer.
// Mux is a Gemini request multiplexer.
// It matches the URL of each incoming request against a list of registered
// patterns and calls the handler for the pattern that
// most closely matches the URL.
@ -32,26 +32,42 @@ import (
// the pattern "/" matches all paths not matched by other registered
// patterns, not just the URL with Path == "/".
//
// Patterns may optionally begin with a host name, restricting matches to
// URLs on that host only. Host-specific patterns take precedence over
// general patterns, so that a handler might register for the two patterns
// "/search" and "search.example.com/" without also taking over requests
// for "gemini://example.com/".
//
// Wildcard patterns can be used to match multiple hostnames. For example,
// the pattern "*.example.com" will match requests for "blog.example.com"
// and "gemini.example.com", but not "example.org".
//
// If a subtree has been registered and a request is received naming the
// subtree root without its trailing slash, ServeMux redirects that
// subtree root without its trailing slash, Mux redirects that
// request to the subtree root (adding the trailing slash). This behavior can
// be overridden with a separate registration for the path without
// the trailing slash. For example, registering "/images/" causes ServeMux
// the trailing slash. For example, registering "/images/" causes Mux
// to redirect a request for "/images" to "/images/", unless "/images" has
// been registered separately.
//
// ServeMux also takes care of sanitizing the URL request path and
// Mux also takes care of sanitizing the URL request path and
// redirecting any request containing . or .. elements or repeated slashes
// to an equivalent, cleaner URL.
type ServeMux struct {
type Mux struct {
mu sync.RWMutex
m map[string]muxEntry
es []muxEntry // slice of entries sorted from longest to shortest.
m map[hostpath]Handler
es []muxEntry // slice of entries sorted from longest to shortest
}
type hostpath struct {
host string
path string
}
type muxEntry struct {
r Handler
pattern string
handler Handler
host string
path string
}
// cleanPath returns the canonical path for p, eliminating . and .. elements.
@ -78,18 +94,18 @@ func cleanPath(p string) string {
// Find a handler on a handler map given a path string.
// Most-specific (longest) pattern wins.
func (mux *ServeMux) match(path string) Handler {
func (mux *Mux) match(host, path string) Handler {
// Check for exact match first.
v, ok := mux.m[path]
if ok {
return v.r
if h, ok := mux.m[hostpath{host, path}]; ok {
return h
}
// Check for longest valid match. mux.es contains all patterns
// that end in / sorted from longest to shortest.
for _, e := range mux.es {
if strings.HasPrefix(path, e.pattern) {
return e.r
if len(e.host) == len(host) && e.host == host &&
strings.HasPrefix(path, e.path) {
return e.handler
}
}
return nil
@ -99,23 +115,21 @@ func (mux *ServeMux) match(path string) Handler {
// This occurs when a handler for path + "/" was already registered, but
// not for path itself. If the path needs appending to, it creates a new
// URL, setting the path to u.Path + "/" and returning true to indicate so.
func (mux *ServeMux) redirectToPathSlash(path string, u *url.URL) (*url.URL, bool) {
func (mux *Mux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) {
mux.mu.RLock()
shouldRedirect := mux.shouldRedirectRLocked(path)
shouldRedirect := mux.shouldRedirectRLocked(host, path)
mux.mu.RUnlock()
if !shouldRedirect {
return u, false
}
path = path + "/"
u = &url.URL{Path: path, RawQuery: u.RawQuery}
return u, true
return u.ResolveReference(&url.URL{Path: path + "/"}), true
}
// shouldRedirectRLocked reports whether the given path and host should be redirected to
// path+"/". This should happen if a handler is registered for path+"/" but
// not path -- see comments at ServeMux.
func (mux *ServeMux) shouldRedirectRLocked(path string) bool {
if _, exist := mux.m[path]; exist {
// not path -- see comments at Mux.
func (mux *Mux) shouldRedirectRLocked(host, path string) bool {
if _, exist := mux.m[hostpath{host, path}]; exist {
return false
}
@ -123,65 +137,125 @@ func (mux *ServeMux) shouldRedirectRLocked(path string) bool {
if n == 0 {
return false
}
if _, exist := mux.m[path+"/"]; exist {
if _, exist := mux.m[hostpath{host, path + "/"}]; exist {
return path[n-1] != '/'
}
return false
}
// ServeGemini dispatches the request to the handler whose
// pattern most closely matches the request URL.
func (mux *ServeMux) ServeGemini(w ResponseWriter, r *Request) {
func getWildcard(hostname string) (string, bool) {
if net.ParseIP(hostname) == nil {
split := strings.SplitN(hostname, ".", 2)
if len(split) == 2 {
return "*." + split[1], true
}
}
return "", false
}
// Handler returns the handler to use for the given request, consulting
// r.URL.Scheme, r.URL.Host, and r.URL.Path. It always returns a non-nil handler. If
// the path is not in its canonical form, the handler will be an
// internally-generated handler that redirects to the canonical path. If the
// host contains a port, it is ignored when matching handlers.
func (mux *Mux) Handler(r *Request) Handler {
// Disallow non-Gemini schemes
if r.URL.Scheme != "gemini" {
return NotFoundHandler()
}
host := r.URL.Hostname()
path := cleanPath(r.URL.Path)
// If the given path is /tree and its handler is not registered,
// redirect for /tree/.
if u, ok := mux.redirectToPathSlash(path, r.URL); ok {
w.Header(StatusRedirect, u.String())
return
if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok {
return StatusHandler(StatusPermanentRedirect, u.String())
}
if path != r.URL.Path {
u := *r.URL
u.Path = path
w.Header(StatusRedirect, u.String())
return
return StatusHandler(StatusPermanentRedirect, u.String())
}
mux.mu.RLock()
defer mux.mu.RUnlock()
resp := mux.match(path)
if resp == nil {
w.Status(StatusNotFound)
return
h := mux.match(host, path)
if h == nil {
// Try wildcard
if wildcard, ok := getWildcard(host); ok {
if u, ok := mux.redirectToPathSlash(wildcard, path, r.URL); ok {
return StatusHandler(StatusPermanentRedirect, u.String())
}
h = mux.match(wildcard, path)
}
}
resp.ServeGemini(w, r)
if h == nil {
// Try empty host
if u, ok := mux.redirectToPathSlash("", path, r.URL); ok {
return StatusHandler(StatusPermanentRedirect, u.String())
}
h = mux.match("", path)
}
if h == nil {
h = NotFoundHandler()
}
return h
}
// ServeGemini dispatches the request to the handler whose
// pattern most closely matches the request URL.
func (mux *Mux) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
h := mux.Handler(r)
h.ServeGemini(ctx, w, r)
}
// Handle registers the handler for the given pattern.
// If a handler already exists for pattern, Handle panics.
func (mux *ServeMux) Handle(pattern string, handler Handler) {
mux.mu.Lock()
defer mux.mu.Unlock()
func (mux *Mux) Handle(pattern string, handler Handler) {
if pattern == "" {
panic("gemini: invalid pattern")
}
if handler == nil {
panic("gemini: nil handler")
}
if _, exist := mux.m[pattern]; exist {
mux.mu.Lock()
defer mux.mu.Unlock()
var host, path string
// extract hostname and path
cut := strings.Index(pattern, "/")
if cut == -1 {
host = pattern
path = "/"
} else {
host = pattern[:cut]
path = pattern[cut:]
}
// strip port from hostname
if hostname, _, err := net.SplitHostPort(host); err == nil {
host = hostname
}
if _, exist := mux.m[hostpath{host, path}]; exist {
panic("gemini: multiple registrations for " + pattern)
}
if mux.m == nil {
mux.m = make(map[string]muxEntry)
mux.m = make(map[hostpath]Handler)
}
e := muxEntry{handler, pattern}
mux.m[pattern] = e
if pattern[len(pattern)-1] == '/' {
mux.m[hostpath{host, path}] = handler
e := muxEntry{handler, host, path}
if path[len(path)-1] == '/' {
mux.es = appendSorted(mux.es, e)
}
}
@ -189,7 +263,7 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
n := len(es)
i := sort.Search(n, func(i int) bool {
return len(es[i].pattern) < len(e.pattern)
return len(es[i].path) < len(e.path)
})
if i == n {
return append(es, e)
@ -202,9 +276,6 @@ func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
}
// HandleFunc registers the handler function for the given pattern.
func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Request)) {
if handler == nil {
panic("gemini: nil handler")
}
mux.Handle(pattern, HandlerFunc(handler))
func (mux *Mux) HandleFunc(pattern string, handler HandlerFunc) {
mux.Handle(pattern, handler)
}

356
mux_test.go Normal file
View File

@ -0,0 +1,356 @@
package gemini
import (
"context"
"io"
"net/url"
"testing"
)
type nopHandler struct{}
func (*nopHandler) ServeGemini(context.Context, ResponseWriter, *Request) {}
type nopResponseWriter struct {
Status Status
Meta string
}
func (w *nopResponseWriter) WriteHeader(status Status, meta string) {
w.Status = status
w.Meta = meta
}
func (nopResponseWriter) SetMediaType(mediatype string) {}
func (nopResponseWriter) Write(b []byte) (int, error) { return 0, io.EOF }
func (nopResponseWriter) Flush() error { return nil }
func TestMux(t *testing.T) {
type Test struct {
URL string
Pattern string
Redirect string
NotFound bool
}
tests := []struct {
Patterns []string
Tests []Test
}{
{
Patterns: []string{"/a", "/b/", "/b/c/d", "/b/c/d/"},
Tests: []Test{
{
URL: "gemini://example.com",
Redirect: "gemini://example.com/",
},
{
URL: "gemini://example.com/",
NotFound: true,
},
{
URL: "gemini://example.com/c",
NotFound: true,
},
{
URL: "gemini://example.com/a",
Pattern: "/a",
},
{
URL: "gemini://example.com/a/",
NotFound: true,
},
{
URL: "gemini://example.com/b",
Redirect: "gemini://example.com/b/",
},
{
URL: "gemini://example.com/b/",
Pattern: "/b/",
},
{
URL: "gemini://example.com/b/c",
Pattern: "/b/",
},
{
URL: "gemini://example.com/b/c/d",
Pattern: "/b/c/d",
},
{
URL: "gemini://example.com/b/c/d/e/",
Pattern: "/b/c/d/",
},
},
},
{
Patterns: []string{
"/", "/a", "/b/",
"example.com", "example.com/a", "example.com/b/",
"*.example.com", "*.example.com/a", "*.example.com/b/",
},
Tests: []Test{
{
URL: "gemini://example.net/",
Pattern: "/",
},
{
URL: "gemini://example.net/a",
Pattern: "/a",
},
{
URL: "gemini://example.net/b",
Redirect: "gemini://example.net/b/",
},
{
URL: "gemini://example.net/b/",
Pattern: "/b/",
},
{
URL: "gemini://example.com/",
Pattern: "example.com",
},
{
URL: "gemini://example.com/b",
Redirect: "gemini://example.com/b/",
},
{
URL: "gemini://example.com/b/",
Pattern: "example.com/b/",
},
{
URL: "gemini://a.example.com/",
Pattern: "*.example.com",
},
{
URL: "gemini://b.example.com/a",
Pattern: "*.example.com/a",
},
{
URL: "gemini://c.example.com/b",
Redirect: "gemini://c.example.com/b/",
},
{
URL: "gemini://d.example.com/b/",
Pattern: "*.example.com/b/",
},
},
},
{
Patterns: []string{"example.net", "*.example.org"},
Tests: []Test{
{
// The following redirect occurs as a result of cleaning
// the path provided to the Mux. This happens even if there
// are no matching handlers.
URL: "gemini://example.com",
Redirect: "gemini://example.com/",
},
{
URL: "gemini://example.com/",
NotFound: true,
},
{
URL: "gemini://example.net",
Redirect: "gemini://example.net/",
},
{
URL: "gemini://example.org/",
NotFound: true,
},
{
URL: "gemini://gemini.example.org",
Redirect: "gemini://gemini.example.org/",
},
},
},
}
for _, test := range tests {
type handler struct {
nopHandler
Pattern string
}
mux := &Mux{}
for _, pattern := range test.Patterns {
mux.Handle(pattern, &handler{
Pattern: pattern,
})
}
for _, test := range test.Tests {
u, err := url.Parse(test.URL)
if err != nil {
panic(err)
}
req := &Request{URL: u}
h := mux.Handler(req)
if h, ok := h.(*handler); ok {
if h.Pattern != test.Pattern {
t.Errorf("wrong pattern for %q: expected %q, got %q", test.URL, test.Pattern, h.Pattern)
}
continue
}
// Check redirects and NotFounds
w := &nopResponseWriter{}
h.ServeGemini(context.Background(), w, req)
switch w.Status {
case StatusNotFound:
if !test.NotFound {
t.Errorf("expected pattern for %q, got NotFound", test.URL)
}
case StatusPermanentRedirect:
if test.Redirect == "" {
t.Errorf("expected pattern for %q, got redirect to %q", test.URL, w.Meta)
break
}
res, err := url.Parse(test.Redirect)
if err != nil {
panic(err)
}
if w.Meta != res.String() {
t.Errorf("bad redirect for %q: expected %q, got %q", test.URL, res.String(), w.Meta)
}
default:
t.Errorf("unexpected response for %q: %d %s", test.URL, w.Status, w.Meta)
}
}
}
}
func TestMuxMatch(t *testing.T) {
type Match struct {
URL string
Ok bool
}
tests := []struct {
Pattern string
Matches []Match
}{
{
// hostname: *, path: /*
Pattern: "/",
Matches: []Match{
{"gemini://example.com/path", true},
{"gemini://example.com/", true},
{"gemini://example.com/path.gmi", true},
{"gemini://example.com/path/", true},
{"gemini://example.org/path", true},
{"http://example.com/path", false},
{"http://example.org/path", false},
},
},
{
// hostname: *, path: /path
Pattern: "/path",
Matches: []Match{
{"gemini://example.com/path", true},
{"gemini://example.com/", false},
{"gemini://example.com/path.gmi", false},
{"gemini://example.com/path/", false},
{"gemini://example.org/path", true},
{"http://example.com/path", false},
{"http://example.org/path", false},
},
},
{
// hostname: *, path: /subtree/*
Pattern: "/subtree/",
Matches: []Match{
{"gemini://example.com/subtree/", true},
{"gemini://example.com/subtree/nested/", true},
{"gemini://example.com/subtree/nested/file", true},
{"gemini://example.org/subtree/", true},
{"gemini://example.org/subtree/nested/", true},
{"gemini://example.org/subtree/nested/file", true},
{"gemini://example.com/subtree", false},
{"gemini://www.example.com/subtree/", true},
{"http://example.com/subtree/", false},
},
},
{
// hostname: example.com, path: /*
Pattern: "example.com",
Matches: []Match{
{"gemini://example.com/path", true},
{"gemini://example.com/", true},
{"gemini://example.com/path.gmi", true},
{"gemini://example.com/path/", true},
{"gemini://example.org/path", false},
{"http://example.com/path", false},
{"http://example.org/path", false},
},
},
{
// hostname: example.com, path: /path
Pattern: "example.com/path",
Matches: []Match{
{"gemini://example.com/path", true},
{"gemini://example.com/", false},
{"gemini://example.com/path.gmi", false},
{"gemini://example.com/path/", false},
{"gemini://example.org/path", false},
{"http://example.com/path", false},
{"http://example.org/path", false},
},
},
{
// hostname: example.com, path: /subtree/*
Pattern: "example.com/subtree/",
Matches: []Match{
{"gemini://example.com/subtree/", true},
{"gemini://example.com/subtree/nested/", true},
{"gemini://example.com/subtree/nested/file", true},
{"gemini://example.org/subtree/", false},
{"gemini://example.org/subtree/nested/", false},
{"gemini://example.org/subtree/nested/file", false},
{"gemini://example.com/subtree", false},
{"gemini://www.example.com/subtree/", false},
{"http://example.com/subtree/", false},
},
},
{
// scheme: gemini, hostname: *.example.com, path: /*
Pattern: "*.example.com",
Matches: []Match{
{"gemini://mail.example.com/", true},
{"gemini://www.example.com/index.gmi", true},
{"gemini://example.com/", false},
{"gemini://a.b.example.com/", false},
{"http://www.example.com/", false},
},
},
}
for _, test := range tests {
h := &nopHandler{}
var mux Mux
mux.Handle(test.Pattern, h)
for _, match := range test.Matches {
u, err := url.Parse(match.URL)
if err != nil {
panic(err)
}
got := mux.Handler(&Request{URL: u})
if match.Ok {
if h != got {
t.Errorf("expected %s to match %s", test.Pattern, match.URL)
}
} else {
if h == got {
t.Errorf("expected %s not to match %s", test.Pattern, match.URL)
}
}
}
}
}

View File

@ -1,28 +0,0 @@
package gemini
import (
"net"
"unicode/utf8"
"golang.org/x/net/idna"
)
func isASCII(s string) bool {
for i := 0; i < len(s); i++ {
if s[i] >= utf8.RuneSelf {
return false
}
}
return true
}
// punycodeHostname returns the punycoded version of hostname.
func punycodeHostname(hostname string) (string, error) {
if net.ParseIP(hostname) != nil {
return hostname, nil
}
if isASCII(hostname) {
return hostname, nil
}
return idna.Lookup.ToASCII(hostname)
}

View File

@ -12,7 +12,8 @@ func QueryEscape(query string) string {
return strings.ReplaceAll(url.PathEscape(query), "+", "%2B")
}
// QueryUnescape is identical to url.PathUnescape.
// QueryUnescape unescapes a Gemini URL query.
// It is identical to url.PathUnescape.
func QueryUnescape(query string) (string, error) {
return url.PathUnescape(query)
}

View File

@ -2,24 +2,19 @@ package gemini
import (
"bufio"
"context"
"crypto/tls"
"io"
"net"
"net/url"
)
// A Request represents a Gemini request received by a server or to be sent
// by a client.
//
// The field semantics differ slightly between client and server usage.
type Request struct {
// URL specifies the URL being requested (for server
// requests) or the URL to access (for client requests).
// URL specifies the URL being requested.
URL *url.URL
// For client requests, Host optionally specifies the server to
// connect to. It must be of the form "host:port".
// connect to. It may be of the form "host" or "host:port".
// If empty, the value of URL.Host is used.
// For international domain names, Host may be in Punycode or
// Unicode form. Use golang.org/x/net/idna to convert it to
@ -32,35 +27,10 @@ type Request struct {
// This field is ignored by the Gemini server.
Certificate *tls.Certificate
// RemoteAddr allows Gemini servers and other software to record
// the network address that sent the request, usually for
// logging. This field is not filled in by ReadRequest and
// has no defined format. The Gemini server in this package
// sets RemoteAddr to an "IP:port" address before invoking a
// handler.
// This field is ignored by the Gemini client.
RemoteAddr net.Addr
// TLS allows Gemini servers and other software to record
// information about the TLS connection on which the request
// was received. This field is not filled in by ReadRequest.
// The Gemini server in this package sets the field for
// TLS-enabled connections before invoking a handler;
// otherwise it leaves the field nil.
// This field is ignored by the Gemini client.
TLS *tls.ConnectionState
// Context specifies the context to use for outgoing requests.
// The context controls the entire lifetime of a request and its
// response: obtaining a connection, sending the request, and
// reading the response header and body.
// If Context is nil, the background context will be used.
// This field is ignored by the Gemini server.
Context context.Context
}
// NewRequest returns a new request.
//
// The returned Request is suitable for use with Client.Do.
//
// Callers should be careful that the URL query is properly escaped.
@ -79,44 +49,59 @@ func NewRequest(rawurl string) (*Request, error) {
// for specialized applications; most code should use the Server
// to read requests and handle them via the Handler interface.
func ReadRequest(r io.Reader) (*Request, error) {
// Read URL
// Limit request size
r = io.LimitReader(r, 1026)
br := bufio.NewReaderSize(r, 1026)
rawurl, err := br.ReadString('\r')
b, err := br.ReadBytes('\n')
if err != nil {
if err == io.EOF {
return nil, ErrInvalidRequest
}
return nil, err
}
// Read terminating line feed
if b, err := br.ReadByte(); err != nil {
return nil, err
} else if b != '\n' {
// Read URL
rawurl, ok := trimCRLF(b)
if !ok {
return nil, ErrInvalidRequest
}
// Trim carriage return
rawurl = rawurl[:len(rawurl)-1]
// Validate URL
if len(rawurl) > 1024 {
if len(rawurl) == 0 {
return nil, ErrInvalidRequest
}
u, err := url.Parse(rawurl)
u, err := url.Parse(string(rawurl))
if err != nil {
return nil, err
}
return &Request{URL: u}, nil
}
// Write writes a Gemini request in wire format.
// WriteTo writes r to w in the Gemini request format.
// This method consults the request URL only.
func (r *Request) Write(w *bufio.Writer) error {
func (r *Request) WriteTo(w io.Writer) (int64, error) {
bw := bufio.NewWriterSize(w, 1026)
url := r.URL.String()
if len(url) > 1024 {
return ErrInvalidRequest
return 0, ErrInvalidRequest
}
if _, err := w.WriteString(url); err != nil {
return err
var wrote int64
n, err := bw.WriteString(url)
wrote += int64(n)
if err != nil {
return wrote, err
}
if _, err := w.Write(crlf); err != nil {
return err
n, err = bw.Write(crlf)
wrote += int64(n)
if err != nil {
return wrote, err
}
return nil
return wrote, bw.Flush()
}
// ServerName returns the value of the TLS Server Name Indication extension
// sent by the client.
// ServerName returns an empty string for client requests.
func (r *Request) ServerName() string {
if tls := r.TLS; tls != nil {
return tls.ServerName
}
return ""
}

View File

@ -2,7 +2,6 @@ package gemini
import (
"bufio"
"io"
"net/url"
"strings"
"testing"
@ -36,25 +35,25 @@ func TestReadRequest(t *testing.T) {
},
{
Raw: "\r\n",
URL: &url.URL{},
Err: ErrInvalidRequest,
},
{
Raw: "gemini://example.com\n",
Err: io.EOF,
Err: ErrInvalidRequest,
},
{
Raw: "gemini://example.com",
Err: io.EOF,
Err: ErrInvalidRequest,
},
{
// 1030 bytes
Raw: maxURL + "xxxxxx",
Err: io.EOF,
Err: ErrInvalidRequest,
},
{
// 1027 bytes
Raw: maxURL + "x" + "\r\n",
Err: io.EOF,
Err: ErrInvalidRequest,
},
{
// 1024 bytes
@ -119,7 +118,7 @@ func TestWriteRequest(t *testing.T) {
t.Logf("%s", test.Req.URL)
var b strings.Builder
bw := bufio.NewWriter(&b)
err := test.Req.Write(bw)
_, err := test.Req.WriteTo(bw)
if err != test.Err {
t.Errorf("expected err = %v, got %v", test.Err, err)
}

View File

@ -3,23 +3,27 @@ package gemini
import (
"bufio"
"crypto/tls"
"fmt"
"io"
"net"
"strconv"
)
// The default media type for responses.
const defaultMediaType = "text/gemini"
// Response represents the response from a Gemini request.
//
// The Client returns Responses from servers once the response
// header has been received. The response body is streamed on demand
// as the Body field is read.
type Response struct {
// Status contains the response status code.
Status int
// Status is the response status code.
Status Status
// Meta contains more information related to the response status.
// For successful responses, Meta should contain the media type of the response.
// For failure responses, Meta should contain a short description of the failure.
// Meta should not be longer than 1024 bytes.
// Meta returns the response meta.
// For successful responses, the meta should contain the media type of the response.
// For failure responses, the meta should contain a short description of the failure.
Meta string
// Body represents the response body.
@ -34,201 +38,197 @@ type Response struct {
// close Body.
Body io.ReadCloser
// TLS contains information about the TLS connection on which the
// response was received. It is nil for unencrypted responses.
TLS *tls.ConnectionState
conn net.Conn
}
// ReadResponse reads a Gemini response from the provided io.ReadCloser.
func ReadResponse(rc io.ReadCloser) (*Response, error) {
func ReadResponse(r io.ReadCloser) (*Response, error) {
resp := &Response{}
br := bufio.NewReader(rc)
// Read the status
statusB := make([]byte, 2)
if _, err := br.Read(statusB); err != nil {
// Limit response header size
lr := io.LimitReader(r, 1029)
// Wrap the reader to remove the limit later on
wr := &struct{ io.Reader }{lr}
br := bufio.NewReader(wr)
// Read response header
b, err := br.ReadBytes('\n')
if err != nil {
if err == io.EOF {
return nil, ErrInvalidResponse
}
return nil, err
}
status, err := strconv.Atoi(string(statusB))
if len(b) < 3 {
return nil, ErrInvalidResponse
}
// Read the status
status, err := strconv.Atoi(string(b[:2]))
if err != nil {
return nil, ErrInvalidResponse
}
resp.Status = status
resp.Status = Status(status)
// Read one space
if b, err := br.ReadByte(); err != nil {
return nil, err
} else if b != ' ' {
if b[2] != ' ' {
return nil, ErrInvalidResponse
}
// Read the meta
meta, err := br.ReadString('\r')
if err != nil {
return nil, err
}
// Trim carriage return
meta = meta[:len(meta)-1]
// Ensure meta is less than or equal to 1024 bytes
if len(meta) > 1024 {
meta, ok := trimCRLF(b[3:])
if !ok {
return nil, ErrInvalidResponse
}
// Default mime type of text/gemini; charset=utf-8
if StatusClass(status) == StatusSuccess && meta == "" {
meta = "text/gemini; charset=utf-8"
}
resp.Meta = meta
// Read terminating newline
if b, err := br.ReadByte(); err != nil {
return nil, err
} else if b != '\n' {
if len(meta) == 0 {
return nil, ErrInvalidResponse
}
resp.Meta = string(meta)
if StatusClass(status) == StatusSuccess {
resp.Body = newReadCloserBody(br, rc)
if resp.Status.Class() == StatusSuccess {
// Use unlimited reader
wr.Reader = r
type readCloser struct {
io.Reader
io.Closer
}
resp.Body = readCloser{br, r}
} else {
resp.Body = nopReadCloser{}
rc.Close()
r.Close()
}
return resp, nil
}
type nopReadCloser struct{}
func (nopReadCloser) Read(p []byte) (int, error) {
return 0, io.EOF
// Conn returns the network connection on which the response was received.
func (r *Response) Conn() net.Conn {
return r.conn
}
func (nopReadCloser) Close() error {
// TLS returns information about the TLS connection on which the
// response was received.
func (r *Response) TLS() *tls.ConnectionState {
if tlsConn, ok := r.conn.(*tls.Conn); ok {
state := tlsConn.ConnectionState()
return &state
}
return nil
}
type readCloserBody struct {
br *bufio.Reader // used until empty
io.ReadCloser
}
func newReadCloserBody(br *bufio.Reader, rc io.ReadCloser) io.ReadCloser {
body := &readCloserBody{ReadCloser: rc}
if br.Buffered() != 0 {
body.br = br
// WriteTo writes r to w in the Gemini response format, including the
// header and body.
//
// This method consults the Status, Meta, and Body fields of the response.
// The Response Body is closed after it is sent.
func (r *Response) WriteTo(w io.Writer) (int64, error) {
var wrote int64
n, err := fmt.Fprintf(w, "%02d %s\r\n", r.Status, r.Meta)
wrote += int64(n)
if err != nil {
return wrote, err
}
return body
}
func (b *readCloserBody) Read(p []byte) (n int, err error) {
if b.br != nil {
if n := b.br.Buffered(); len(p) > n {
p = p[:n]
if r.Body != nil {
defer r.Body.Close()
n, err := io.Copy(w, r.Body)
wrote += n
if err != nil {
return wrote, err
}
n, err = b.br.Read(p)
if b.br.Buffered() == 0 {
b.br = nil
}
return n, err
}
return b.ReadCloser.Read(p)
return wrote, nil
}
// A ResponseWriter interface is used by a Gemini handler
// to construct a Gemini response.
// A ResponseWriter interface is used by a Gemini handler to construct
// a Gemini response.
//
// A ResponseWriter may not be used after the Handler.ServeGemini method
// has returned.
type ResponseWriter interface {
// Header sets the response header.
Header(status int, meta string)
// Status sets the response status code.
// It also sets the response meta to Meta(status).
Status(status int)
// Meta sets the response meta.
// SetMediaType sets the media type that will be sent by Write for a
// successful response. If no media type is set, a default media type of
// "text/gemini" will be used.
//
// For successful responses, meta should contain the media type of the response.
// For failure responses, meta should contain a short description of the failure.
// The response meta should not be greater than 1024 bytes.
Meta(meta string)
// Setting the media type after a call to Write or WriteHeader has
// no effect.
SetMediaType(mediatype string)
// Write writes data to the connection as part of the response body.
// If the response status does not allow for a response body, Write returns
// ErrBodyNotAllowed.
// Write writes the data to the connection as part of a Gemini response.
//
// Write writes the response header if it has not already been written.
// It writes a successful status code if one is not set.
// If WriteHeader has not yet been called, Write calls WriteHeader with
// StatusSuccess and the media type set in SetMediaType before writing the data.
// If no media type was set, Write uses a default media type of
// "text/gemini".
Write([]byte) (int, error)
// Flush writes any buffered data to the underlying io.Writer.
// WriteHeader sends a Gemini response header with the provided
// status code and meta.
//
// Flush writes the response header if it has not already been written.
// It writes a failure status code if one is not set.
// If WriteHeader is not called explicitly, the first call to Write
// will trigger an implicit call to WriteHeader with a successful
// status code and the media type set in SetMediaType.
//
// The provided code must be a valid Gemini status code.
// The provided meta must not be longer than 1024 bytes.
// Only one header may be written.
WriteHeader(status Status, meta string)
// Flush sends any buffered data to the client.
Flush() error
}
type responseWriter struct {
b *bufio.Writer
status int
meta string
bw *bufio.Writer
mediatype string
wroteHeader bool
bodyAllowed bool
}
// NewResponseWriter returns a ResponseWriter that uses the provided io.Writer.
func NewResponseWriter(w io.Writer) ResponseWriter {
func newResponseWriter(w io.Writer) *responseWriter {
return &responseWriter{
b: bufio.NewWriter(w),
bw: bufio.NewWriter(w),
}
}
func (w *responseWriter) Header(status int, meta string) {
w.status = status
w.meta = meta
}
func (w *responseWriter) Status(status int) {
w.status = status
w.meta = Meta(status)
}
func (w *responseWriter) Meta(meta string) {
w.meta = meta
func (w *responseWriter) SetMediaType(mediatype string) {
w.mediatype = mediatype
}
func (w *responseWriter) Write(b []byte) (int, error) {
if !w.wroteHeader {
w.writeHeader(StatusSuccess)
meta := w.mediatype
if meta == "" {
// Use default media type
meta = defaultMediaType
}
w.WriteHeader(StatusSuccess, meta)
}
if !w.bodyAllowed {
return 0, ErrBodyNotAllowed
}
return w.b.Write(b)
return w.bw.Write(b)
}
func (w *responseWriter) writeHeader(defaultStatus int) {
status := w.status
if status == 0 {
status = defaultStatus
func (w *responseWriter) WriteHeader(status Status, meta string) {
if w.wroteHeader {
return
}
meta := w.meta
if StatusClass(status) == StatusSuccess {
if status.Class() == StatusSuccess {
w.bodyAllowed = true
if meta == "" {
meta = "text/gemini"
}
}
w.b.WriteString(strconv.Itoa(status))
w.b.WriteByte(' ')
w.b.WriteString(meta)
w.b.Write(crlf)
w.bw.WriteString(strconv.Itoa(int(status)))
w.bw.WriteByte(' ')
w.bw.WriteString(meta)
w.bw.Write(crlf)
w.wroteHeader = true
}
func (w *responseWriter) Flush() error {
if !w.wroteHeader {
w.writeHeader(StatusTemporaryFailure)
w.WriteHeader(StatusTemporaryFailure, "Temporary failure")
}
// Write errors from writeHeader will be returned here.
return w.b.Flush()
// Write errors from WriteHeader will be returned here.
return w.bw.Flush()
}

View File

@ -7,13 +7,14 @@ import (
"testing"
)
func TestReadResponse(t *testing.T) {
func TestReadWriteResponse(t *testing.T) {
tests := []struct {
Raw string
Status int
Meta string
Body string
Err error
Raw string
Status Status
Meta string
Body string
Err error
SkipWrite bool
}{
{
Raw: "20 text/gemini\r\nHello, world!\nWelcome to my capsule.",
@ -32,9 +33,19 @@ func TestReadResponse(t *testing.T) {
Meta: "/redirect",
},
{
Raw: "31 /redirect\r\nThis body is ignored.",
Status: 31,
Meta: "/redirect",
Raw: "31 /redirect\r\nThis body is ignored.",
Status: 31,
Meta: "/redirect",
SkipWrite: true, // skip write test since result won't match Raw
},
{
Raw: "32 " + maxURL + "\r\n",
Status: 32,
Meta: maxURL,
},
{
Raw: "33 " + maxURL + "xxxx" + "\r\n",
Err: ErrInvalidResponse,
},
{
Raw: "99 Unknown status code\r\n",
@ -55,15 +66,15 @@ func TestReadResponse(t *testing.T) {
},
{
Raw: "",
Err: io.EOF,
Err: ErrInvalidResponse,
},
{
Raw: "10 Search query",
Err: io.EOF,
Err: ErrInvalidResponse,
},
{
Raw: "20 text/gemini\nHello, world!",
Err: io.EOF,
Err: ErrInvalidResponse,
},
{
Raw: "20 text/gemini\rHello, world!",
@ -71,7 +82,7 @@ func TestReadResponse(t *testing.T) {
},
{
Raw: "20 text/gemini\r",
Err: io.EOF,
Err: ErrInvalidResponse,
},
{
Raw: "abcdefghijklmnopqrstuvwxyz",
@ -85,7 +96,7 @@ func TestReadResponse(t *testing.T) {
if err != test.Err {
t.Errorf("expected err = %v, got %v", test.Err, err)
}
if test.Err != nil {
if err != nil {
// No response
continue
}
@ -101,4 +112,24 @@ func TestReadResponse(t *testing.T) {
t.Errorf("expected body = %#v, got %#v", test.Body, body)
}
}
for _, test := range tests {
if test.Err != nil || test.SkipWrite {
continue
}
var b strings.Builder
w := newResponseWriter(nopCloser{&b})
w.WriteHeader(test.Status, test.Meta)
io.Copy(w, strings.NewReader(test.Body))
if err := w.Flush(); err != nil {
t.Error(err)
continue
}
got := b.String()
if got != test.Raw {
t.Errorf("expected %#v, got %#v", test.Raw, got)
}
}
}

538
server.go
View File

@ -6,13 +6,8 @@ import (
"errors"
"log"
"net"
"runtime"
"strings"
"sync"
"sync/atomic"
"time"
"git.sr.ht/~adnano/go-gemini/certificate"
)
// A Server defines parameters for running a Gemini server. The zero value for
@ -23,6 +18,9 @@ type Server struct {
// See net.Dial for details of the address format.
Addr string
// The Handler to invoke.
Handler Handler
// ReadTimeout is the maximum duration for reading the entire
// request.
//
@ -35,90 +33,155 @@ type Server struct {
// A WriteTimeout of zero means no timeout.
WriteTimeout time.Duration
// Certificates contains one or more certificates to present to the
// other side of the connection.
Certificates certificate.Dir
// GetCertificate, if not nil, will be called to retrieve a new certificate
// if the current one is expired or missing.
GetCertificate func(hostname string) (tls.Certificate, error)
// GetCertificate returns a TLS certificate based on the given
// hostname.
//
// If GetCertificate is nil or returns nil, then no certificate
// will be used and the connection will be aborted.
//
// See the certificate submodule for a certificate store that creates
// and rotates certificates as needed.
GetCertificate func(hostname string) (*tls.Certificate, error)
// ErrorLog specifies an optional logger for errors accepting connections,
// unexpected behavior from handlers, and underlying file system errors.
// If nil, logging is done via the log package's standard logger.
ErrorLog *log.Logger
ErrorLog interface {
Printf(format string, v ...interface{})
}
// registered handlers
handlers map[handlerKey]Handler
hosts map[string]bool
hmu sync.Mutex
listeners map[*net.Listener]struct{}
conns map[*net.Conn]struct{}
done int32
listeners map[*net.Listener]context.CancelFunc
conns map[*net.Conn]context.CancelFunc
closed bool // true if Close or Shutdown called
shutdown bool // true if Shutdown called
doneChan chan struct{}
mu sync.Mutex
}
type handlerKey struct {
scheme string
hostname string
func (srv *Server) isClosed() bool {
srv.mu.Lock()
defer srv.mu.Unlock()
return srv.closed
}
// Handle registers the handler for the given pattern.
// If a handler already exists for pattern, Handle panics.
// done returns a channel that's closed when the server is closed and
// all listeners and connections are closed.
func (srv *Server) done() chan struct{} {
srv.mu.Lock()
defer srv.mu.Unlock()
return srv.doneLocked()
}
func (srv *Server) doneLocked() chan struct{} {
if srv.doneChan == nil {
srv.doneChan = make(chan struct{})
}
return srv.doneChan
}
// tryCloseDone closes srv.done() if the server is closed and
// there are no active listeners or connections.
func (srv *Server) tryCloseDone() {
srv.mu.Lock()
defer srv.mu.Unlock()
srv.tryCloseDoneLocked()
}
func (srv *Server) tryCloseDoneLocked() {
if !srv.closed {
return
}
if len(srv.listeners) == 0 && len(srv.conns) == 0 {
ch := srv.doneLocked()
select {
case <-ch:
default:
close(ch)
}
}
}
// Close immediately closes all active net.Listeners and connections.
// For a graceful shutdown, use Shutdown.
func (srv *Server) Close() error {
srv.mu.Lock()
{
if srv.closed {
srv.mu.Unlock()
return nil
}
srv.closed = true
srv.tryCloseDoneLocked()
// Close all active connections and listeners.
for _, cancel := range srv.listeners {
cancel()
}
for _, cancel := range srv.conns {
cancel()
}
}
srv.mu.Unlock()
select {
case <-srv.done():
return nil
}
}
// Shutdown gracefully shuts down the server without interrupting any
// active connections. Shutdown works by first closing all open listeners
// and then waiting indefinitely for connections to close.
// If the provided context expires before the shutdown is complete,
// Shutdown returns the context's error.
//
// The pattern must be in the form of "hostname" or "scheme://hostname".
// If no scheme is specified, a scheme of "gemini://" is implied.
// Wildcard patterns are supported (e.g. "*.example.com").
// To handle any hostname, use the wildcard pattern "*".
func (srv *Server) Handle(pattern string, handler Handler) {
srv.hmu.Lock()
defer srv.hmu.Unlock()
// When Shutdown is called, Serve and ListenAndServe immediately
// return an error. Make sure the program doesn't exit and waits instead for
// Shutdown to return.
//
// Once Shutdown has been called on a server, it may not be reused;
// future calls to methods such as Serve will return an error.
func (srv *Server) Shutdown(ctx context.Context) error {
srv.mu.Lock()
{
if srv.closed {
srv.mu.Unlock()
return nil
}
srv.closed = true
srv.shutdown = true
if pattern == "" {
panic("gemini: invalid pattern")
}
if handler == nil {
panic("gemini: nil handler")
}
if srv.handlers == nil {
srv.handlers = map[handlerKey]Handler{}
srv.hosts = map[string]bool{}
}
srv.tryCloseDoneLocked()
split := strings.SplitN(pattern, "://", 2)
var key handlerKey
if len(split) == 2 {
key.scheme = split[0]
key.hostname = split[1]
} else {
key.scheme = "gemini"
key.hostname = split[0]
// Close all active listeners.
for _, cancel := range srv.listeners {
cancel()
}
}
srv.mu.Unlock()
if _, ok := srv.handlers[key]; ok {
panic("gemini: multiple registrations for " + pattern)
// Wait for active connections to finish.
select {
case <-ctx.Done():
return ctx.Err()
case <-srv.done():
return nil
}
srv.handlers[key] = handler
srv.hosts[key.hostname] = true
}
// HandleFunc registers the handler function for the given pattern.
func (srv *Server) HandleFunc(pattern string, handler func(ResponseWriter, *Request)) {
srv.Handle(pattern, HandlerFunc(handler))
}
// ListenAndServe listens for requests at the server's configured address.
// ListenAndServe listens on the TCP network address srv.Addr and then calls
// Serve to handle requests on incoming connections.
// Serve to handle requests on incoming connections. If the provided
// context expires, ListenAndServe closes l and returns the context's error.
//
// If srv.Addr is blank, ":1965" is used.
//
// ListenAndServe always returns a non-nil error. After Shutdown or Close, the
// returned error is ErrServerClosed.
func (srv *Server) ListenAndServe() error {
if atomic.LoadInt32(&srv.done) == 1 {
return ErrServerClosed
// ListenAndServe always returns a non-nil error.
// After Shutdown or Closed, the returned error is context.Canceled.
func (srv *Server) ListenAndServe(ctx context.Context) error {
if srv.isClosed() {
return context.Canceled
}
addr := srv.Addr
@ -126,26 +189,37 @@ func (srv *Server) ListenAndServe() error {
addr = ":1965"
}
ln, err := net.Listen("tcp", addr)
l, err := net.Listen("tcp", addr)
if err != nil {
return err
}
defer ln.Close()
return srv.Serve(tls.NewListener(ln, &tls.Config{
l = tls.NewListener(l, &tls.Config{
ClientAuth: tls.RequestClientCert,
MinVersion: tls.VersionTLS12,
GetCertificate: srv.getCertificate,
}))
})
return srv.Serve(ctx, l)
}
func (srv *Server) trackListener(l *net.Listener) {
func (srv *Server) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
if srv.GetCertificate == nil {
return nil, errors.New("gemini: GetCertificate is nil")
}
return srv.GetCertificate(h.ServerName)
}
func (srv *Server) trackListener(l *net.Listener, cancel context.CancelFunc) bool {
srv.mu.Lock()
defer srv.mu.Unlock()
if srv.listeners == nil {
srv.listeners = make(map[*net.Listener]struct{})
if srv.closed {
return false
}
srv.listeners[l] = struct{}{}
if srv.listeners == nil {
srv.listeners = make(map[*net.Listener]context.CancelFunc)
}
srv.listeners[l] = cancel
return true
}
func (srv *Server) deleteListener(l *net.Listener) {
@ -155,29 +229,42 @@ func (srv *Server) deleteListener(l *net.Listener) {
}
// Serve accepts incoming connections on the Listener l, creating a new
// service goroutine for each. The service goroutines read requests and
// then calls the appropriate Handler to reply to them.
// service goroutine for each. The service goroutines read the requests and
// then call the appropriate Handler to reply to them. If the provided
// context expires, Serve closes l and returns the context's error.
//
// Serve always returns a non-nil error and closes l. After Shutdown or Close,
// the returned error is ErrServerClosed.
func (srv *Server) Serve(l net.Listener) error {
// Serve always closes l and returns a non-nil error.
// After Shutdown or Close, the returned error is context.Canceled.
func (srv *Server) Serve(ctx context.Context, l net.Listener) error {
defer l.Close()
srv.trackListener(&l)
lnctx, cancel := context.WithCancel(ctx)
defer cancel()
if !srv.trackListener(&l, cancel) {
return context.Canceled
}
defer srv.tryCloseDone()
defer srv.deleteListener(&l)
if atomic.LoadInt32(&srv.done) == 1 {
return ErrServerClosed
errch := make(chan error, 1)
go func() {
errch <- srv.serve(ctx, l)
}()
select {
case <-lnctx.Done():
return lnctx.Err()
case err := <-errch:
return err
}
}
func (srv *Server) serve(ctx context.Context, l net.Listener) error {
var tempDelay time.Duration // how long to sleep on accept failure
for {
rw, err := l.Accept()
if err != nil {
if atomic.LoadInt32(&srv.done) == 1 {
return ErrServerClosed
}
// If this is a temporary error, sleep
if ne, ok := err.(net.Error); ok && ne.Temporary() {
if tempDelay == 0 {
@ -192,159 +279,27 @@ func (srv *Server) Serve(l net.Listener) error {
time.Sleep(tempDelay)
continue
}
// Otherwise, return the error
return err
}
tempDelay = 0
go srv.respond(rw)
go srv.serveConn(ctx, rw, false)
}
}
func (srv *Server) closeListenersLocked() error {
var err error
for ln := range srv.listeners {
if cerr := (*ln).Close(); cerr != nil && err == nil {
err = cerr
}
delete(srv.listeners, ln)
}
return err
}
// Close immediately closes all active net.Listeners and connections.
// For a graceful shutdown, use Shutdown.
//
// Close returns any error returned from closing the Server's
// underlying Listener(s).
func (srv *Server) Close() error {
func (srv *Server) trackConn(conn *net.Conn, cancel context.CancelFunc, external bool) bool {
srv.mu.Lock()
defer srv.mu.Unlock()
if !atomic.CompareAndSwapInt32(&srv.done, 0, 1) {
return ErrServerClosed
// Reject the connection under the following conditions:
// - Shutdown or Close has been called and conn is external (from ServeConn)
// - Close (not Shutdown) has been called and conn is internal (from Serve)
if srv.closed && (external || !srv.shutdown) {
return false
}
err := srv.closeListenersLocked()
// Close active connections
for conn := range srv.conns {
(*conn).Close()
delete(srv.conns, conn)
}
return err
}
func (srv *Server) numConns() int {
srv.mu.Lock()
defer srv.mu.Unlock()
return len(srv.conns)
}
// shutdownPollInterval is how often we poll for quiescence
// during Server.Shutdown. This is lower during tests, to
// speed up tests.
// Ideally we could find a solution that doesn't involve polling,
// but which also doesn't have a high runtime cost (and doesn't
// involve any contentious mutexes), but that is left as an
// exercise for the reader.
var shutdownPollInterval = 500 * time.Millisecond
// Shutdown gracefully shuts down the server without interrupting any
// active connections. Shutdown works by first closing all open
// listeners and then waiting indefinitely for connections
// to close and then shut down.
// If the provided context expires before the shutdown is complete,
// Shutdown returns the context's error, otherwise it returns any
// error returned from closing the Server's underlying Listener(s).
//
// When Shutdown is called, Serve, ListenAndServe, and
// ListenAndServeTLS immediately return ErrServerClosed. Make sure the
// program doesn't exit and waits instead for Shutdown to return.
//
// Once Shutdown has been called on a server, it may not be reused;
// future calls to methods such as Serve will return ErrServerClosed.
func (srv *Server) Shutdown(ctx context.Context) error {
if !atomic.CompareAndSwapInt32(&srv.done, 0, 1) {
return ErrServerClosed
}
srv.mu.Lock()
err := srv.closeListenersLocked()
srv.mu.Unlock()
// Wait for active connections to close
ticker := time.NewTicker(shutdownPollInterval)
defer ticker.Stop()
for {
if srv.numConns() == 0 {
return err
}
select {
case <-ctx.Done():
return ctx.Err()
case <-ticker.C:
}
}
}
// getCertificate retrieves a certificate for the given client hello.
func (srv *Server) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
cert, err := srv.lookupCertificate(h.ServerName, h.ServerName)
if err != nil {
// Try wildcard
wildcard := strings.SplitN(h.ServerName, ".", 2)
if len(wildcard) == 2 {
// Use the wildcard pattern as the hostname.
hostname := "*." + wildcard[1]
cert, err = srv.lookupCertificate(hostname, hostname)
}
// Try "*" wildcard
if err != nil {
// Use the server name as the hostname
// since "*" is not a valid hostname.
cert, err = srv.lookupCertificate("*", h.ServerName)
}
}
return cert, err
}
// lookupCertificate retrieves the certificate for the given hostname,
// if and only if the provided pattern is registered.
// If no certificate is found in the certificate store or the certificate
// is expired, it calls GetCertificate to retrieve a new certificate.
func (srv *Server) lookupCertificate(pattern, hostname string) (*tls.Certificate, error) {
srv.hmu.Lock()
_, ok := srv.hosts[pattern]
srv.hmu.Unlock()
if !ok {
return nil, errors.New("hostname not registered")
}
cert, ok := srv.Certificates.Lookup(hostname)
if !ok || cert.Leaf != nil && cert.Leaf.NotAfter.Before(time.Now()) {
if srv.GetCertificate != nil {
cert, err := srv.GetCertificate(hostname)
if err == nil {
if err := srv.Certificates.Add(hostname, cert); err != nil {
srv.logf("gemini: Failed to write new certificate for %s: %s", hostname, err)
}
}
return &cert, err
}
return nil, errors.New("no certificate")
}
return &cert, nil
}
func (srv *Server) trackConn(conn *net.Conn) {
srv.mu.Lock()
defer srv.mu.Unlock()
if srv.conns == nil {
srv.conns = make(map[*net.Conn]struct{})
srv.conns = make(map[*net.Conn]context.CancelFunc)
}
srv.conns[conn] = struct{}{}
srv.conns[conn] = cancel
return true
}
func (srv *Server) deleteConn(conn *net.Conn) {
@ -353,20 +308,24 @@ func (srv *Server) deleteConn(conn *net.Conn) {
delete(srv.conns, conn)
}
// respond responds to a connection.
func (srv *Server) respond(conn net.Conn) {
// ServeConn serves a Gemini response over the provided connection.
// It closes the connection when the response has been completed.
// If the provided context expires before the response has completed,
// ServeConn closes the connection and returns the context's error.
func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
return srv.serveConn(ctx, conn, true)
}
func (srv *Server) serveConn(ctx context.Context, conn net.Conn, external bool) error {
defer conn.Close()
defer func() {
if err := recover(); err != nil && err != ErrAbortHandler {
const size = 64 << 10
buf := make([]byte, size)
buf = buf[:runtime.Stack(buf, false)]
srv.logf("gemini: panic serving %v: %v\n%s", conn.RemoteAddr(), err, buf)
}
}()
ctx, cancel := context.WithCancel(ctx)
defer cancel()
srv.trackConn(&conn)
if !srv.trackConn(&conn, cancel, external) {
return context.Canceled
}
defer srv.tryCloseDone()
defer srv.deleteConn(&conn)
if d := srv.ReadTimeout; d != 0 {
@ -376,51 +335,55 @@ func (srv *Server) respond(conn net.Conn) {
conn.SetWriteDeadline(time.Now().Add(d))
}
w := NewResponseWriter(conn)
errch := make(chan error, 1)
go func() {
errch <- srv.goServeConn(ctx, conn)
}()
req, err := ReadRequest(conn)
if err != nil {
w.Status(StatusBadRequest)
w.Flush()
return
select {
case <-ctx.Done():
return ctx.Err()
case err := <-errch:
return err
}
}
func (srv *Server) goServeConn(ctx context.Context, conn net.Conn) error {
ctx, cancel := context.WithCancel(ctx)
done := ctx.Done()
cw := &contextWriter{
ctx: ctx,
done: done,
cancel: cancel,
wc: conn,
}
r := &contextReader{
ctx: ctx,
done: done,
cancel: cancel,
rc: conn,
}
// Store information about the TLS connection
w := newResponseWriter(cw)
req, err := ReadRequest(r)
if err != nil {
w.WriteHeader(StatusBadRequest, "Bad request")
return w.Flush()
}
if tlsConn, ok := conn.(*tls.Conn); ok {
state := tlsConn.ConnectionState()
req.TLS = &state
}
// Store remote address
req.RemoteAddr = conn.RemoteAddr()
h := srv.handler(req)
h := srv.Handler
if h == nil {
w.Status(StatusNotFound)
w.Flush()
return
w.WriteHeader(StatusNotFound, "Not found")
return w.Flush()
}
h.ServeGemini(w, req)
w.Flush()
}
func (srv *Server) handler(r *Request) Handler {
srv.hmu.Lock()
defer srv.hmu.Unlock()
if h, ok := srv.handlers[handlerKey{r.URL.Scheme, r.URL.Hostname()}]; ok {
return h
}
wildcard := strings.SplitN(r.URL.Hostname(), ".", 2)
if len(wildcard) == 2 {
if h, ok := srv.handlers[handlerKey{r.URL.Scheme, "*." + wildcard[1]}]; ok {
return h
}
}
if h, ok := srv.handlers[handlerKey{r.URL.Scheme, "*"}]; ok {
return h
}
return nil
h.ServeGemini(ctx, w, req)
return w.Flush()
}
func (srv *Server) logf(format string, args ...interface{}) {
@ -430,32 +393,3 @@ func (srv *Server) logf(format string, args ...interface{}) {
log.Printf(format, args...)
}
}
// A Handler responds to a Gemini request.
//
// ServeGemini should write the response header and data to the ResponseWriter
// and then return. Returning signals that the request is finished; it is not
// valid to use the ResponseWriter after or concurrently with the completion
// of the ServeGemini call.
//
// Handlers should not modify the provided Request.
//
// If ServeGemini panics, the server (the caller of ServeGemini) assumes that
// the effect of the panic was isolated to the active request. It recovers
// the panic, logs a stack trace to the server error log, and closes the
// network connection. To abort a handler so the client sees an interrupted
// response but the server doesn't log an error, panic with the value
// ErrAbortHandler.
type Handler interface {
ServeGemini(ResponseWriter, *Request)
}
// The HandlerFunc type is an adapter to allow the use of ordinary functions
// as Gemini handlers. If f is a function with the appropriate signature,
// HandlerFunc(f) is a Handler that calls f.
type HandlerFunc func(ResponseWriter, *Request)
// ServeGemini calls f(w, r).
func (f HandlerFunc) ServeGemini(w ResponseWriter, r *Request) {
f(w, r)
}

View File

@ -1,39 +1,50 @@
package gemini
// Status represents a Gemini status code.
type Status int
// Gemini status codes.
const (
StatusInput = 10
StatusSensitiveInput = 11
StatusSuccess = 20
StatusRedirect = 30
StatusPermanentRedirect = 31
StatusTemporaryFailure = 40
StatusServerUnavailable = 41
StatusCGIError = 42
StatusProxyError = 43
StatusSlowDown = 44
StatusPermanentFailure = 50
StatusNotFound = 51
StatusGone = 52
StatusProxyRequestRefused = 53
StatusBadRequest = 59
StatusCertificateRequired = 60
StatusCertificateNotAuthorized = 61
StatusCertificateNotValid = 62
StatusInput Status = 10
StatusSensitiveInput Status = 11
StatusSuccess Status = 20
StatusRedirect Status = 30
StatusPermanentRedirect Status = 31
StatusTemporaryFailure Status = 40
StatusServerUnavailable Status = 41
StatusCGIError Status = 42
StatusProxyError Status = 43
StatusSlowDown Status = 44
StatusPermanentFailure Status = 50
StatusNotFound Status = 51
StatusGone Status = 52
StatusProxyRequestRefused Status = 53
StatusBadRequest Status = 59
StatusCertificateRequired Status = 60
StatusCertificateNotAuthorized Status = 61
StatusCertificateNotValid Status = 62
)
// StatusClass returns the status class for this status code.
// Class returns the status class for the status code.
// 1x becomes 10, 2x becomes 20, and so on.
func StatusClass(status int) int {
return (status / 10) * 10
func (s Status) Class() Status {
return (s / 10) * 10
}
// Meta returns a description of the provided status code appropriate
// for use in a response.
//
// Meta returns an empty string for input, success, and redirect status codes.
func Meta(status int) string {
switch status {
// String returns a text for the status code.
// It returns the empty string if the status code is unknown.
func (s Status) String() string {
switch s {
case StatusInput:
return "Input"
case StatusSensitiveInput:
return "Sensitive input"
case StatusSuccess:
return "Success"
case StatusRedirect:
return "Redirect"
case StatusPermanentRedirect:
return "Permanent redirect"
case StatusTemporaryFailure:
return "Temporary failure"
case StatusServerUnavailable:

23
text.go
View File

@ -9,38 +9,39 @@ import (
// Line represents a line of a Gemini text response.
type Line interface {
// String formats the line for use in a Gemini text response.
String() string
line() // private function to prevent other packages from implementing Line
}
// A link line.
// LineLink is a link line.
type LineLink struct {
URL string
Name string
}
// A preformatting toggle line.
// LinePreformattingToggle is a preformatting toggle line.
type LinePreformattingToggle string
// A preformatted text line.
// LinePreformattedText is a preformatted text line.
type LinePreformattedText string
// A first-level heading line.
// LineHeading1 is a first-level heading line.
type LineHeading1 string
// A second-level heading line.
// LineHeading2 is a second-level heading line.
type LineHeading2 string
// A third-level heading line.
// LineHeading3 is a third-level heading line.
type LineHeading3 string
// An unordered list item line.
// LineListItem is an unordered list item line.
type LineListItem string
// A quote line.
// LineQuote is a quote line.
type LineQuote string
// A text line.
// LineText is a text line.
type LineText string
func (l LineLink) String() string {
@ -124,8 +125,8 @@ func ParseLines(r io.Reader, handler func(Line)) error {
name = strings.TrimLeft(name, spacetab)
line = LineLink{url, name}
}
} else if strings.HasPrefix(text, "*") {
text = text[1:]
} else if strings.HasPrefix(text, "* ") {
text = text[2:]
text = strings.TrimLeft(text, spacetab)
line = LineListItem(text)
} else if strings.HasPrefix(text, "###") {

View File

@ -4,17 +4,16 @@ package tofu
import (
"bufio"
"bytes"
"crypto/sha512"
"crypto/sha256"
"crypto/x509"
"errors"
"encoding/base64"
"fmt"
"io"
"os"
"path/filepath"
"sort"
"strconv"
"strings"
"sync"
"time"
)
// KnownHosts represents a list of known hosts.
@ -84,7 +83,11 @@ func (k *KnownHosts) WriteTo(w io.Writer) (int64, error) {
// Load loads the known hosts entries from the provided path.
func (k *KnownHosts) Load(path string) error {
f, err := os.Open(path)
if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
return err
}
f, err := os.OpenFile(path, os.O_CREATE|os.O_RDONLY, 0644)
if err != nil {
return err
}
@ -133,6 +136,9 @@ func (k *KnownHosts) Parse(r io.Reader) error {
if err != nil {
continue
}
if h.Algorithm != "sha256" {
continue
}
k.hosts[h.Hostname] = h
}
@ -143,22 +149,17 @@ func (k *KnownHosts) Parse(r io.Reader) error {
// TOFU implements basic trust on first use.
//
// If the host is not on file, it is added to the list.
// If the host on file is expired, a new entry is added to the list.
// If the fingerprint does not match the one on file, an error is returned.
func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error {
host := NewHost(hostname, cert.Raw, cert.NotAfter)
host := NewHost(hostname, cert.Raw)
knownHost, ok := k.Lookup(hostname)
if !ok || time.Now().After(knownHost.Expires) {
if !ok {
k.Add(host)
return nil
}
// Check fingerprint
if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
if host.Fingerprint != knownHost.Fingerprint {
return fmt.Errorf("fingerprint for %q does not match", hostname)
}
return nil
}
@ -217,7 +218,8 @@ type PersistentHosts struct {
writer *HostWriter
}
// NewPersistentHosts returns a new persistent set of known hosts.
// NewPersistentHosts returns a new persistent set of known hosts that stores
// known hosts in hosts and writes new hosts to writer.
func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts {
return &PersistentHosts{
hosts,
@ -265,21 +267,16 @@ func (p *PersistentHosts) Entries() []Host {
// TOFU implements trust on first use with a persistent set of known hosts.
//
// If the host is not on file, it is added to the list.
// If the host on file is expired, a new entry is added to the list.
// If the fingerprint does not match the one on file, an error is returned.
func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error {
host := NewHost(hostname, cert.Raw, cert.NotAfter)
host := NewHost(hostname, cert.Raw)
knownHost, ok := p.Lookup(hostname)
if !ok || time.Now().After(knownHost.Expires) {
if !ok {
return p.Add(host)
}
// Check fingerprint
if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
if host.Fingerprint != knownHost.Fingerprint {
return fmt.Errorf("fingerprint for %q does not match", hostname)
}
return nil
}
@ -290,22 +287,20 @@ func (p *PersistentHosts) Close() error {
// Host represents a host entry with a fingerprint using a certain algorithm.
type Host struct {
Hostname string // hostname
Algorithm string // fingerprint algorithm e.g. SHA-512
Fingerprint Fingerprint // fingerprint
Expires time.Time // unix time of the fingerprint expiration date
Hostname string // hostname
Algorithm string // fingerprint algorithm e.g. sha256
Fingerprint string // fingerprint
}
// NewHost returns a new host with a SHA-512 fingerprint of
// NewHost returns a new host with a SHA256 fingerprint of
// the provided raw data.
func NewHost(hostname string, raw []byte, expires time.Time) Host {
sum := sha512.Sum512(raw)
func NewHost(hostname string, raw []byte) Host {
sum := sha256.Sum256(raw)
return Host{
Hostname: hostname,
Algorithm: "SHA-512",
Fingerprint: sum[:],
Expires: expires,
Algorithm: "sha256",
Fingerprint: base64.StdEncoding.EncodeToString(sum[:]),
}
}
@ -323,95 +318,19 @@ func (h Host) String() string {
b.WriteByte(' ')
b.WriteString(h.Algorithm)
b.WriteByte(' ')
b.WriteString(h.Fingerprint.String())
b.WriteByte(' ')
b.WriteString(strconv.FormatInt(h.Expires.Unix(), 10))
b.WriteString(h.Fingerprint)
return b.String()
}
// UnmarshalText unmarshals the host from the provided text.
func (h *Host) UnmarshalText(text []byte) error {
const format = "hostname algorithm hex-fingerprint expiry-unix-ts"
parts := bytes.Split(text, []byte(" "))
if len(parts) != 4 {
return fmt.Errorf("expected the format %q", format)
}
if len(parts[0]) == 0 {
return errors.New("empty hostname")
if len(parts) != 3 {
return fmt.Errorf("expected the format 'hostname algorithm fingerprint'")
}
h.Hostname = string(parts[0])
algorithm := string(parts[1])
if algorithm != "SHA-512" {
return fmt.Errorf("unsupported algorithm %q", algorithm)
}
h.Algorithm = algorithm
fingerprint := make([]byte, 0, sha512.Size)
scanner := bufio.NewScanner(bytes.NewReader(parts[2]))
scanner.Split(scanFingerprint)
for scanner.Scan() {
b, err := strconv.ParseUint(scanner.Text(), 16, 8)
if err != nil {
return fmt.Errorf("failed to parse fingerprint hash: %w", err)
}
fingerprint = append(fingerprint, byte(b))
}
if len(fingerprint) != sha512.Size {
return fmt.Errorf("invalid fingerprint size %d, expected %d",
len(fingerprint), sha512.Size)
}
h.Fingerprint = fingerprint
unix, err := strconv.ParseInt(string(parts[3]), 10, 0)
if err != nil {
return fmt.Errorf("invalid unix timestamp: %w", err)
}
h.Expires = time.Unix(unix, 0)
h.Algorithm = string(parts[1])
h.Fingerprint = string(parts[2])
return nil
}
func scanFingerprint(data []byte, atEOF bool) (advance int, token []byte, err error) {
if atEOF && len(data) == 0 {
return 0, nil, nil
}
if i := bytes.IndexByte(data, ':'); i >= 0 {
// We have a full newline-terminated line.
return i + 1, data[0:i], nil
}
// If we're at EOF, we have a final, non-terminated hex byte
if atEOF {
return len(data), data, nil
}
// Request more data.
return 0, nil, nil
}
// Fingerprint represents a fingerprint.
type Fingerprint []byte
// String returns a string representation of the fingerprint.
func (f Fingerprint) String() string {
var sb strings.Builder
for i, b := range f {
if i > 0 {
sb.WriteByte(':')
}
fmt.Fprintf(&sb, "%02X", b)
}
return sb.String()
}

212
vendor.go
View File

@ -1,212 +0,0 @@
// Hostname verification code from the crypto/x509 package.
// Modified to allow Common Names in the short term, until new certificates
// can be issued with SANs.
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package gemini
import (
"crypto/x509"
"net"
"strings"
"unicode/utf8"
)
var oidExtensionSubjectAltName = []int{2, 5, 29, 17}
func hasSANExtension(c *x509.Certificate) bool {
for _, e := range c.Extensions {
if e.Id.Equal(oidExtensionSubjectAltName) {
return true
}
}
return false
}
func validHostnamePattern(host string) bool { return validHostname(host, true) }
func validHostnameInput(host string) bool { return validHostname(host, false) }
// validHostname reports whether host is a valid hostname that can be matched or
// matched against according to RFC 6125 2.2, with some leniency to accommodate
// legacy values.
func validHostname(host string, isPattern bool) bool {
if !isPattern {
host = strings.TrimSuffix(host, ".")
}
if len(host) == 0 {
return false
}
for i, part := range strings.Split(host, ".") {
if part == "" {
// Empty label.
return false
}
if isPattern && i == 0 && part == "*" {
// Only allow full left-most wildcards, as those are the only ones
// we match, and matching literal '*' characters is probably never
// the expected behavior.
continue
}
for j, c := range part {
if 'a' <= c && c <= 'z' {
continue
}
if '0' <= c && c <= '9' {
continue
}
if 'A' <= c && c <= 'Z' {
continue
}
if c == '-' && j != 0 {
continue
}
if c == '_' {
// Not a valid character in hostnames, but commonly
// found in deployments outside the WebPKI.
continue
}
return false
}
}
return true
}
// commonNameAsHostname reports whether the Common Name field should be
// considered the hostname that the certificate is valid for. This is a legacy
// behavior, disabled by default or if the Subject Alt Name extension is present.
//
// It applies the strict validHostname check to the Common Name field, so that
// certificates without SANs can still be validated against CAs with name
// constraints if there is no risk the CN would be matched as a hostname.
// See NameConstraintsWithoutSANs and issue 24151.
func commonNameAsHostname(c *x509.Certificate) bool {
return !hasSANExtension(c) && validHostnamePattern(c.Subject.CommonName)
}
func matchExactly(hostA, hostB string) bool {
if hostA == "" || hostA == "." || hostB == "" || hostB == "." {
return false
}
return toLowerCaseASCII(hostA) == toLowerCaseASCII(hostB)
}
func matchHostnames(pattern, host string) bool {
pattern = toLowerCaseASCII(pattern)
host = toLowerCaseASCII(strings.TrimSuffix(host, "."))
if len(pattern) == 0 || len(host) == 0 {
return false
}
patternParts := strings.Split(pattern, ".")
hostParts := strings.Split(host, ".")
if len(patternParts) != len(hostParts) {
return false
}
for i, patternPart := range patternParts {
if i == 0 && patternPart == "*" {
continue
}
if patternPart != hostParts[i] {
return false
}
}
return true
}
// toLowerCaseASCII returns a lower-case version of in. See RFC 6125 6.4.1. We use
// an explicitly ASCII function to avoid any sharp corners resulting from
// performing Unicode operations on DNS labels.
func toLowerCaseASCII(in string) string {
// If the string is already lower-case then there's nothing to do.
isAlreadyLowerCase := true
for _, c := range in {
if c == utf8.RuneError {
// If we get a UTF-8 error then there might be
// upper-case ASCII bytes in the invalid sequence.
isAlreadyLowerCase = false
break
}
if 'A' <= c && c <= 'Z' {
isAlreadyLowerCase = false
break
}
}
if isAlreadyLowerCase {
return in
}
out := []byte(in)
for i, c := range out {
if 'A' <= c && c <= 'Z' {
out[i] += 'a' - 'A'
}
}
return string(out)
}
// verifyHostname returns nil if c is a valid certificate for the named host.
// Otherwise it returns an error describing the mismatch.
//
// IP addresses can be optionally enclosed in square brackets and are checked
// against the IPAddresses field. Other names are checked case insensitively
// against the DNSNames field. If the names are valid hostnames, the certificate
// fields can have a wildcard as the left-most label.
//
// The legacy Common Name field is ignored unless it's a valid hostname, the
// certificate doesn't have any Subject Alternative Names, and the GODEBUG
// environment variable is set to "x509ignoreCN=0". Support for Common Name is
// deprecated will be entirely removed in the future.
func verifyHostname(c *x509.Certificate, h string) error {
// IP addresses may be written in [ ].
candidateIP := h
if len(h) >= 3 && h[0] == '[' && h[len(h)-1] == ']' {
candidateIP = h[1 : len(h)-1]
}
if ip := net.ParseIP(candidateIP); ip != nil {
// We only match IP addresses against IP SANs.
// See RFC 6125, Appendix B.2.
for _, candidate := range c.IPAddresses {
if ip.Equal(candidate) {
return nil
}
}
return x509.HostnameError{c, candidateIP}
}
names := c.DNSNames
if commonNameAsHostname(c) {
names = []string{c.Subject.CommonName}
}
candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
validCandidateName := validHostnameInput(candidateName)
for _, match := range names {
// Ideally, we'd only match valid hostnames according to RFC 6125 like
// browsers (more or less) do, but in practice Go is used in a wider
// array of contexts and can't even assume DNS resolution. Instead,
// always allow perfect matches, and only apply wildcard and trailing
// dot processing to valid hostnames.
if validCandidateName && validHostnamePattern(match) {
if matchHostnames(match, candidateName) {
return nil
}
} else {
if matchExactly(match, candidateName) {
return nil
}
}
}
return x509.HostnameError{c, h}
}