Compare commits
76 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b0f27c6f74 | ||
|
8c0af18617 | ||
|
|
353416685a | ||
|
|
0ceec22705 | ||
|
|
3d2110d90f | ||
|
|
b5c47a5ef0 | ||
|
|
fb0d4d24bd | ||
|
|
1170e007d4 | ||
|
|
c85759d777 | ||
|
|
507773618b | ||
|
|
3bc243dd66 | ||
|
|
de93d44786 | ||
|
|
eb32c32063 | ||
|
|
e5cf345273 | ||
|
|
c68ce57488 | ||
|
|
2b161650fe | ||
|
|
dbbef1fb6d | ||
|
|
90518a01a8 | ||
|
|
056e55abbb | ||
|
|
72d437c82e | ||
|
|
3dca29eb41 | ||
|
|
a40b5dcd0b | ||
|
|
fffe86680e | ||
|
|
d5af32e121 | ||
|
|
5141eaafaa | ||
|
|
e5c0afa013 | ||
|
|
4c7c200f92 | ||
|
|
0a709da439 | ||
|
|
1fdef9b608 | ||
|
|
2144e2c2f2 | ||
|
|
93a606b591 | ||
|
|
b00794f236 | ||
|
3da7fe7cee | ||
|
|
dea7600f29 | ||
|
|
7d958a4798 | ||
|
|
a5493b708a | ||
|
|
6e5c2473e7 | ||
|
|
c639233ea1 | ||
|
|
5677440876 | ||
|
|
be3d09d7f4 | ||
|
|
504da9afd8 | ||
|
|
d1cb8967b6 | ||
|
|
107b3a1785 | ||
|
|
e7a06a12bf | ||
|
|
649b20659b | ||
|
|
c9e2af98f3 | ||
|
|
d6d02e398e | ||
|
|
de0b93a4f6 | ||
|
|
ce649ecc66 | ||
|
|
688e7e2823 | ||
|
|
b38311da00 | ||
|
|
8e2ac24830 | ||
|
|
bfa3356d3a | ||
|
|
9f3564936e | ||
|
|
d8fb072826 | ||
|
|
69f0913b3d | ||
|
|
f7012b38da | ||
|
|
768ec6c17b | ||
|
|
ae7d58549d | ||
|
|
ad5d78f08f | ||
|
|
4b92c71839 | ||
|
|
19f1d6693e | ||
|
|
0e87d64ffc | ||
|
|
845f8e9bd1 | ||
|
|
cf9ab18c1f | ||
|
|
ada42ff427 | ||
|
|
fcc71b76d9 | ||
|
|
6a1ccdc644 | ||
|
|
f156be19b4 | ||
|
|
82bdffc1eb | ||
|
|
a396ec77e4 | ||
|
|
21ad3a2ded | ||
|
|
2d7f28e152 | ||
|
|
1764e02d1e | ||
|
|
1bc5c68c3f | ||
|
|
867074d81b |
64
LICENSE
64
LICENSE
@@ -1,51 +1,19 @@
|
||||
go-gemini is available under the terms of the MIT license:
|
||||
Copyright (c) 2020 Adnan Maolood
|
||||
|
||||
Copyright (c) 2020 Adnan Maolood
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
Portions of this program were taken from Go:
|
||||
|
||||
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
27
LICENSE-GO
Normal file
27
LICENSE-GO
Normal file
@@ -0,0 +1,27 @@
|
||||
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
17
README.md
17
README.md
@@ -2,16 +2,19 @@
|
||||
|
||||
[](https://godocs.io/git.sr.ht/~adnano/go-gemini) [](https://builds.sr.ht/~adnano/go-gemini?)
|
||||
|
||||
Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space) in Go.
|
||||
Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space)
|
||||
in Go. It provides an API similar to that of net/http to facilitate the
|
||||
development of Gemini clients and servers.
|
||||
|
||||
It provides an API similar to that of net/http to make it easy to develop Gemini clients and servers.
|
||||
|
||||
Compatible with version v0.14.3 of the Gemini specification.
|
||||
Compatible with version v0.16.0 of the Gemini specification.
|
||||
|
||||
## Usage
|
||||
|
||||
import "git.sr.ht/~adnano/go-gemini"
|
||||
|
||||
Note that some filesystem-related functionality is only available on Go 1.16
|
||||
or later as it relies on the io/fs package.
|
||||
|
||||
## Examples
|
||||
|
||||
There are a few examples provided in the examples directory.
|
||||
@@ -24,3 +27,9 @@ To run an example:
|
||||
Send patches and questions to [~adnano/go-gemini-devel](https://lists.sr.ht/~adnano/go-gemini-devel).
|
||||
|
||||
Subscribe to release announcements on [~adnano/go-gemini-announce](https://lists.sr.ht/~adnano/go-gemini-announce).
|
||||
|
||||
## License
|
||||
|
||||
go-gemini is licensed under the terms of the MIT license (see LICENSE).
|
||||
Portions of this library were adapted from Go and are governed by a BSD-style
|
||||
license (see LICENSE-GO). Those files are marked accordingly.
|
||||
|
||||
@@ -6,53 +6,55 @@ import (
|
||||
"crypto/x509/pkix"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// A Store represents a certificate store.
|
||||
// It generates certificates as needed and automatically rotates expired certificates.
|
||||
// A Store represents a TLS certificate store.
|
||||
// The zero value for Store is an empty store ready to use.
|
||||
//
|
||||
// Certificate scopes must be registered with Register before calling Get or Load.
|
||||
// This prevents the Store from creating or loading unnecessary certificates.
|
||||
// Store can be used to store server certificates.
|
||||
// Servers should provide a hostname or wildcard pattern as a certificate scope.
|
||||
// Servers will most likely use the methods Register, Load and Get.
|
||||
//
|
||||
// Store can also be used to store client certificates.
|
||||
// Clients should provide a hostname as a certificate scope.
|
||||
// Clients will most likely use the methods Add, Load, and Lookup.
|
||||
//
|
||||
// Store is safe for concurrent use by multiple goroutines.
|
||||
type Store struct {
|
||||
// CreateCertificate, if not nil, is called to create a new certificate
|
||||
// to replace a missing or expired certificate. If CreateCertificate
|
||||
// is nil, a certificate with a duration of 1 year will be created.
|
||||
// CreateCertificate, if not nil, is called by Get to create a new
|
||||
// certificate to replace a missing or expired certificate.
|
||||
// The provided scope is suitable for use in a certificate's DNSNames.
|
||||
CreateCertificate func(scope string) (tls.Certificate, error)
|
||||
|
||||
certs map[string]tls.Certificate
|
||||
path string
|
||||
mu sync.RWMutex
|
||||
scopes map[string]struct{}
|
||||
certs map[string]tls.Certificate
|
||||
path string
|
||||
mu sync.RWMutex
|
||||
}
|
||||
|
||||
// Register registers the provided scope with the certificate store.
|
||||
// The scope can either be a hostname or a wildcard pattern (e.g. "*.example.com").
|
||||
// To accept all hostnames, use the special pattern "*".
|
||||
//
|
||||
// Calls to Get will only succeed for registered scopes.
|
||||
// Other methods are not affected.
|
||||
func (s *Store) Register(scope string) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
if s.certs == nil {
|
||||
s.certs = make(map[string]tls.Certificate)
|
||||
if s.scopes == nil {
|
||||
s.scopes = make(map[string]struct{})
|
||||
}
|
||||
s.certs[scope] = tls.Certificate{}
|
||||
s.scopes[scope] = struct{}{}
|
||||
}
|
||||
|
||||
// Add adds a certificate with the given scope to the certificate store.
|
||||
// If a certificate for the given scope already exists, Add will overwrite it.
|
||||
// Add registers the certificate for the given scope.
|
||||
// If a certificate already exists for scope, Add will overwrite it.
|
||||
func (s *Store) Add(scope string, cert tls.Certificate) error {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
if s.certs == nil {
|
||||
s.certs = make(map[string]tls.Certificate)
|
||||
}
|
||||
|
||||
// Parse certificate if not already parsed
|
||||
if cert.Leaf == nil {
|
||||
parsed, err := x509.ParseCertificate(cert.Certificate[0])
|
||||
@@ -62,6 +64,22 @@ func (s *Store) Add(scope string, cert tls.Certificate) error {
|
||||
cert.Leaf = parsed
|
||||
}
|
||||
|
||||
if err := s.write(scope, cert); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
if s.certs == nil {
|
||||
s.certs = make(map[string]tls.Certificate)
|
||||
}
|
||||
s.certs[scope] = cert
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Store) write(scope string, cert tls.Certificate) error {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
if s.path != "" {
|
||||
certPath := filepath.Join(s.path, scope+".crt")
|
||||
keyPath := filepath.Join(s.path, scope+".key")
|
||||
@@ -69,35 +87,37 @@ func (s *Store) Add(scope string, cert tls.Certificate) error {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
s.certs[scope] = cert
|
||||
return nil
|
||||
}
|
||||
|
||||
// Get retrieves a certificate for the given hostname.
|
||||
// If no matching scope has been registered, Get returns an error.
|
||||
// Get generates new certificates as needed and rotates expired certificates.
|
||||
// It calls CreateCertificate to create a new certificate if it is not nil,
|
||||
// otherwise it creates certificates with a duration of 100 years.
|
||||
//
|
||||
// Get is suitable for use in a gemini.Server's GetCertificate field.
|
||||
func (s *Store) Get(hostname string) (*tls.Certificate, error) {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
cert, ok := s.certs[hostname]
|
||||
_, ok := s.scopes[hostname]
|
||||
if !ok {
|
||||
// Try wildcard
|
||||
wildcard := strings.SplitN(hostname, ".", 2)
|
||||
if len(wildcard) == 2 {
|
||||
hostname = "*." + wildcard[1]
|
||||
cert, ok = s.certs[hostname]
|
||||
_, ok = s.scopes[hostname]
|
||||
}
|
||||
}
|
||||
if !ok {
|
||||
// Try "*"
|
||||
cert, ok = s.certs["*"]
|
||||
_, ok = s.scopes["*"]
|
||||
}
|
||||
if !ok {
|
||||
s.mu.RUnlock()
|
||||
return nil, errors.New("unrecognized scope")
|
||||
}
|
||||
cert := s.certs[hostname]
|
||||
s.mu.RUnlock()
|
||||
|
||||
// If the certificate is empty or expired, generate a new one.
|
||||
if cert.Leaf == nil || cert.Leaf.NotAfter.Before(time.Now()) {
|
||||
@@ -114,6 +134,14 @@ func (s *Store) Get(hostname string) (*tls.Certificate, error) {
|
||||
return &cert, nil
|
||||
}
|
||||
|
||||
// Lookup returns the certificate for the provided scope.
|
||||
func (s *Store) Lookup(scope string) (tls.Certificate, bool) {
|
||||
s.mu.RLock()
|
||||
defer s.mu.RUnlock()
|
||||
cert, ok := s.certs[scope]
|
||||
return cert, ok
|
||||
}
|
||||
|
||||
func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
|
||||
if s.CreateCertificate != nil {
|
||||
return s.CreateCertificate(scope)
|
||||
@@ -123,7 +151,7 @@ func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
|
||||
Subject: pkix.Name{
|
||||
CommonName: scope,
|
||||
},
|
||||
Duration: 365 * 24 * time.Hour,
|
||||
Duration: 100 * 365 * 24 * time.Hour,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -132,26 +160,31 @@ func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
|
||||
// The path should lead to a directory containing certificates
|
||||
// and private keys named "scope.crt" and "scope.key" respectively,
|
||||
// where "scope" is the scope of the certificate.
|
||||
// Certificates with scopes that have not been registered will be ignored.
|
||||
func (s *Store) Load(path string) error {
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
path = filepath.Clean(path)
|
||||
matches, err := filepath.Glob(filepath.Join(path, "*.crt"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, crtPath := range matches {
|
||||
scope := strings.TrimSuffix(filepath.Base(crtPath), ".crt")
|
||||
if _, ok := s.certs[scope]; !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
keyPath := strings.TrimSuffix(crtPath, ".crt") + ".key"
|
||||
cert, err := tls.LoadX509KeyPair(crtPath, keyPath)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
scope := strings.TrimPrefix(crtPath, path)
|
||||
scope = strings.TrimPrefix(scope, "/")
|
||||
scope = strings.TrimSuffix(scope, ".crt")
|
||||
s.Add(scope, cert)
|
||||
}
|
||||
s.SetPath(path)
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
s.path = path
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -170,5 +203,5 @@ func (s *Store) Entries() map[string]tls.Certificate {
|
||||
func (s *Store) SetPath(path string) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
s.path = path
|
||||
s.path = filepath.Clean(path)
|
||||
}
|
||||
|
||||
16
client.go
16
client.go
@@ -6,7 +6,6 @@ import (
|
||||
"crypto/x509"
|
||||
"net"
|
||||
"net/url"
|
||||
"time"
|
||||
"unicode/utf8"
|
||||
|
||||
"golang.org/x/net/idna"
|
||||
@@ -132,6 +131,9 @@ func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
|
||||
conn.Close()
|
||||
return nil, ctx.Err()
|
||||
case r := <-res:
|
||||
if r.err != nil {
|
||||
conn.Close()
|
||||
}
|
||||
return r.resp, r.err
|
||||
}
|
||||
}
|
||||
@@ -153,7 +155,7 @@ func (c *Client) do(ctx context.Context, conn net.Conn, req *Request) (*Response
|
||||
}
|
||||
|
||||
// Write the request
|
||||
if err := req.Write(w); err != nil {
|
||||
if _, err := req.WriteTo(w); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -175,17 +177,9 @@ func (c *Client) dialContext(ctx context.Context, network, addr string) (net.Con
|
||||
}
|
||||
|
||||
func (c *Client) verifyConnection(cs tls.ConnectionState, hostname string) error {
|
||||
cert := cs.PeerCertificates[0]
|
||||
// Verify hostname
|
||||
if err := verifyHostname(cert, hostname); err != nil {
|
||||
return err
|
||||
}
|
||||
// Check expiration date
|
||||
if !time.Now().Before(cert.NotAfter) {
|
||||
return ErrCertificateExpired
|
||||
}
|
||||
// See if the client trusts the certificate
|
||||
if c.TrustCertificate != nil {
|
||||
cert := cs.PeerCertificates[0]
|
||||
return c.TrustCertificate(hostname, cert)
|
||||
}
|
||||
return nil
|
||||
|
||||
12
doc.go
12
doc.go
@@ -9,7 +9,7 @@ Client is a Gemini client.
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
defer resp.Close()
|
||||
defer resp.Body.Close()
|
||||
// ...
|
||||
|
||||
Server is a Gemini server.
|
||||
@@ -29,18 +29,18 @@ Servers should be configured with certificates:
|
||||
}
|
||||
server.GetCertificate = certificates.Get
|
||||
|
||||
ServeMux is a Gemini request multiplexer.
|
||||
ServeMux can handle requests for multiple hosts and schemes.
|
||||
Mux is a Gemini request multiplexer.
|
||||
Mux can handle requests for multiple hosts and paths.
|
||||
|
||||
mux := &gemini.ServeMux{}
|
||||
mux := &gemini.Mux{}
|
||||
mux.HandleFunc("example.com", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
|
||||
fmt.Fprint(w, "Welcome to example.com")
|
||||
})
|
||||
mux.HandleFunc("example.org/about.gmi", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
|
||||
fmt.Fprint(w, "About example.org")
|
||||
})
|
||||
mux.HandleFunc("http://example.net", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
|
||||
fmt.Fprint(w, "Proxied content from http://example.net")
|
||||
mux.HandleFunc("/images/", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
|
||||
w.WriteHeader(gemini.StatusGone, "Gone forever")
|
||||
})
|
||||
server.Handler = mux
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ func main() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
mux := &gemini.ServeMux{}
|
||||
mux := &gemini.Mux{}
|
||||
mux.HandleFunc("/", profile)
|
||||
mux.HandleFunc("/username", changeUsername)
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
@@ -16,7 +15,6 @@ import (
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"git.sr.ht/~adnano/go-gemini"
|
||||
"git.sr.ht/~adnano/go-gemini/tofu"
|
||||
@@ -61,15 +59,14 @@ Otherwise, this should be safe to trust.
|
||||
=> `
|
||||
|
||||
func trustCertificate(hostname string, cert *x509.Certificate) error {
|
||||
host := tofu.NewHost(hostname, cert.Raw, cert.NotAfter)
|
||||
|
||||
host := tofu.NewHost(hostname, cert.Raw)
|
||||
knownHost, ok := hosts.Lookup(hostname)
|
||||
if ok && time.Now().Before(knownHost.Expires) {
|
||||
if ok {
|
||||
// Check fingerprint
|
||||
if bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
|
||||
return nil
|
||||
if knownHost.Fingerprint != host.Fingerprint {
|
||||
return errors.New("error: fingerprint does not match!")
|
||||
}
|
||||
return errors.New("error: fingerprint does not match!")
|
||||
return nil
|
||||
}
|
||||
|
||||
fmt.Printf(trustPrompt, hostname, host.Fingerprint)
|
||||
@@ -87,7 +84,7 @@ func trustCertificate(hostname string, cert *x509.Certificate) error {
|
||||
}
|
||||
}
|
||||
|
||||
func getInput(prompt string, sensitive bool) (input string, ok bool) {
|
||||
func getInput(prompt string) (input string, ok bool) {
|
||||
fmt.Printf("%s ", prompt)
|
||||
scanner.Scan()
|
||||
return scanner.Text(), true
|
||||
@@ -103,9 +100,9 @@ func do(req *gemini.Request, via []*gemini.Request) (*gemini.Response, error) {
|
||||
return resp, err
|
||||
}
|
||||
|
||||
switch resp.Status().Class() {
|
||||
switch resp.Status.Class() {
|
||||
case gemini.StatusInput:
|
||||
input, ok := getInput(resp.Meta(), resp.Status() == gemini.StatusSensitiveInput)
|
||||
input, ok := getInput(resp.Meta)
|
||||
if !ok {
|
||||
break
|
||||
}
|
||||
@@ -119,7 +116,7 @@ func do(req *gemini.Request, via []*gemini.Request) (*gemini.Response, error) {
|
||||
return resp, errors.New("too many redirects")
|
||||
}
|
||||
|
||||
target, err := url.Parse(resp.Meta())
|
||||
target, err := url.Parse(resp.Meta)
|
||||
if err != nil {
|
||||
return resp, err
|
||||
}
|
||||
@@ -153,11 +150,11 @@ func main() {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
}
|
||||
defer resp.Close()
|
||||
defer resp.Body.Close()
|
||||
|
||||
// Handle response
|
||||
if resp.Status().Class() == gemini.StatusSuccess {
|
||||
_, err := io.Copy(os.Stdout, resp)
|
||||
if resp.Status.Class() == gemini.StatusSuccess {
|
||||
_, err := io.Copy(os.Stdout, resp.Body)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
@@ -22,11 +22,11 @@ func main() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
mux := &gemini.ServeMux{}
|
||||
mux := &gemini.Mux{}
|
||||
mux.Handle("/", gemini.FileServer(os.DirFS("/var/www")))
|
||||
|
||||
server := &gemini.Server{
|
||||
Handler: logMiddleware(mux),
|
||||
Handler: gemini.LoggingMiddleware(mux),
|
||||
ReadTimeout: 30 * time.Second,
|
||||
WriteTimeout: 1 * time.Minute,
|
||||
GetCertificate: certificates.Get,
|
||||
@@ -56,53 +56,3 @@ func main() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func logMiddleware(h gemini.Handler) gemini.Handler {
|
||||
return gemini.HandlerFunc(func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
|
||||
lw := &logResponseWriter{rw: w}
|
||||
h.ServeGemini(ctx, lw, r)
|
||||
host := r.TLS().ServerName
|
||||
log.Printf("gemini: %s %q %d %d", host, r.URL, lw.status, lw.wrote)
|
||||
})
|
||||
}
|
||||
|
||||
type logResponseWriter struct {
|
||||
rw gemini.ResponseWriter
|
||||
status gemini.Status
|
||||
meta string
|
||||
mediatype string
|
||||
wroteHeader bool
|
||||
wrote int
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) SetMediaType(mediatype string) {
|
||||
w.mediatype = mediatype
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) Write(b []byte) (int, error) {
|
||||
if !w.wroteHeader {
|
||||
w.WriteHeader(gemini.StatusSuccess, w.mediatype)
|
||||
}
|
||||
n, err := w.rw.Write(b)
|
||||
w.wrote += n
|
||||
return n, err
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) WriteHeader(status gemini.Status, meta string) {
|
||||
if w.wroteHeader {
|
||||
return
|
||||
}
|
||||
w.status = status
|
||||
w.meta = meta
|
||||
w.wroteHeader = true
|
||||
w.rw.WriteHeader(status, meta)
|
||||
w.wrote += len(meta) + 5
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) Flush() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) Close() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ func main() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
mux := &gemini.ServeMux{}
|
||||
mux := &gemini.Mux{}
|
||||
mux.HandleFunc("/", stream)
|
||||
|
||||
server := &gemini.Server{
|
||||
|
||||
185
fs.go
185
fs.go
@@ -29,88 +29,22 @@ type fileServer struct {
|
||||
fs.FS
|
||||
}
|
||||
|
||||
func (fs fileServer) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
serveFile(w, r, fs, path.Clean(r.URL.Path), true)
|
||||
}
|
||||
|
||||
// ServeContent replies to the request using the content in the
|
||||
// provided Reader. The main benefit of ServeContent over io.Copy
|
||||
// is that it sets the MIME type of the response.
|
||||
//
|
||||
// ServeContent tries to deduce the type from name's file extension.
|
||||
// The name is otherwise unused; it is never sent in the response.
|
||||
func ServeContent(w ResponseWriter, r *Request, name string, content io.Reader) {
|
||||
serveContent(w, name, content)
|
||||
}
|
||||
|
||||
func serveContent(w ResponseWriter, name string, content io.Reader) {
|
||||
// Detect mimetype from file extension
|
||||
ext := path.Ext(name)
|
||||
mimetype := mime.TypeByExtension(ext)
|
||||
w.SetMediaType(mimetype)
|
||||
io.Copy(w, content)
|
||||
}
|
||||
|
||||
// ServeFile responds to the request with the contents of the named file
|
||||
// or directory.
|
||||
//
|
||||
// If the provided file or directory name is a relative path, it is interpreted
|
||||
// relative to the current directory and may ascend to parent directories. If
|
||||
// the provided name is constructed from user input, it should be sanitized
|
||||
// before calling ServeFile.
|
||||
//
|
||||
// As a precaution, ServeFile will reject requests where r.URL.Path contains a
|
||||
// ".." path element; this protects against callers who might unsafely use
|
||||
// path.Join on r.URL.Path without sanitizing it and then use that
|
||||
// path.Join result as the name argument.
|
||||
//
|
||||
// As another special case, ServeFile redirects any request where r.URL.Path
|
||||
// ends in "/index.gmi" to the same path, without the final "index.gmi". To
|
||||
// avoid such redirects either modify the path or use ServeContent.
|
||||
//
|
||||
// Outside of those two special cases, ServeFile does not use r.URL.Path for
|
||||
// selecting the file or directory to serve; only the file or directory
|
||||
// provided in the name argument is used.
|
||||
func ServeFile(w ResponseWriter, r *Request, fsys fs.FS, name string) {
|
||||
if containsDotDot(r.URL.Path) {
|
||||
// Too many programs use r.URL.Path to construct the argument to
|
||||
// serveFile. Reject the request under the assumption that happened
|
||||
// here and ".." may not be wanted.
|
||||
// Note that name might not contain "..", for example if code (still
|
||||
// incorrectly) used path.Join(myDir, r.URL.Path).
|
||||
w.WriteHeader(StatusBadRequest, "invalid URL path")
|
||||
return
|
||||
}
|
||||
serveFile(w, r, fsys, name, false)
|
||||
}
|
||||
|
||||
func containsDotDot(v string) bool {
|
||||
if !strings.Contains(v, "..") {
|
||||
return false
|
||||
}
|
||||
for _, ent := range strings.FieldsFunc(v, isSlashRune) {
|
||||
if ent == ".." {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
|
||||
|
||||
func serveFile(w ResponseWriter, r *Request, fsys fs.FS, name string, redirect bool) {
|
||||
func (fsys fileServer) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
const indexPage = "/index.gmi"
|
||||
|
||||
url := path.Clean(r.URL.Path)
|
||||
|
||||
// Redirect .../index.gmi to .../
|
||||
if strings.HasSuffix(r.URL.Path, indexPage) {
|
||||
w.WriteHeader(StatusPermanentRedirect, "./")
|
||||
if strings.HasSuffix(url, indexPage) {
|
||||
w.WriteHeader(StatusPermanentRedirect, strings.TrimSuffix(url, "index.gmi"))
|
||||
return
|
||||
}
|
||||
|
||||
name := url
|
||||
if name == "/" {
|
||||
name = "."
|
||||
} else {
|
||||
name = strings.Trim(name, "/")
|
||||
name = strings.TrimPrefix(name, "/")
|
||||
}
|
||||
|
||||
f, err := fsys.Open(name)
|
||||
@@ -127,50 +61,89 @@ func serveFile(w ResponseWriter, r *Request, fsys fs.FS, name string, redirect b
|
||||
}
|
||||
|
||||
// Redirect to canonical path
|
||||
if redirect {
|
||||
url := r.URL.Path
|
||||
if len(r.URL.Path) != 0 {
|
||||
if stat.IsDir() {
|
||||
// Add trailing slash
|
||||
if url[len(url)-1] != '/' {
|
||||
w.WriteHeader(StatusPermanentRedirect, path.Base(url)+"/")
|
||||
target := url
|
||||
if target != "/" {
|
||||
target += "/"
|
||||
}
|
||||
if len(r.URL.Path) != len(target) || r.URL.Path != target {
|
||||
w.WriteHeader(StatusPermanentRedirect, target)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
} else if r.URL.Path[len(r.URL.Path)-1] == '/' {
|
||||
// Remove trailing slash
|
||||
if url[len(url)-1] == '/' {
|
||||
w.WriteHeader(StatusPermanentRedirect, "../"+path.Base(url))
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if stat.IsDir() {
|
||||
// Redirect if the directory name doesn't end in a slash
|
||||
url := r.URL.Path
|
||||
if url[len(url)-1] != '/' {
|
||||
w.WriteHeader(StatusRedirect, path.Base(url)+"/")
|
||||
w.WriteHeader(StatusPermanentRedirect, url)
|
||||
return
|
||||
}
|
||||
|
||||
// Use contents of index.gmi if present
|
||||
index, err := fsys.Open(path.Join(name, indexPage))
|
||||
if err == nil {
|
||||
defer index.Close()
|
||||
istat, err := index.Stat()
|
||||
if err == nil {
|
||||
f = index
|
||||
stat = istat
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if stat.IsDir() {
|
||||
// Failed to find index file
|
||||
dirList(w, f)
|
||||
// Use contents of index.gmi if present
|
||||
name = path.Join(name, indexPage)
|
||||
index, err := fsys.Open(name)
|
||||
if err == nil {
|
||||
defer index.Close()
|
||||
f = index
|
||||
} else {
|
||||
// Failed to find index file
|
||||
dirList(w, f)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Detect mimetype from file extension
|
||||
ext := path.Ext(name)
|
||||
mimetype := mime.TypeByExtension(ext)
|
||||
w.SetMediaType(mimetype)
|
||||
io.Copy(w, f)
|
||||
}
|
||||
|
||||
// ServeFile responds to the request with the contents of the named file
|
||||
// or directory. If the provided name is constructed from user input, it
|
||||
// should be sanitized before calling ServeFile.
|
||||
func ServeFile(w ResponseWriter, fsys fs.FS, name string) {
|
||||
const indexPage = "/index.gmi"
|
||||
|
||||
// Ensure name is relative
|
||||
if name == "/" {
|
||||
name = "."
|
||||
} else {
|
||||
name = strings.TrimLeft(name, "/")
|
||||
}
|
||||
|
||||
f, err := fsys.Open(name)
|
||||
if err != nil {
|
||||
w.WriteHeader(toGeminiError(err))
|
||||
return
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
stat, err := f.Stat()
|
||||
if err != nil {
|
||||
w.WriteHeader(toGeminiError(err))
|
||||
return
|
||||
}
|
||||
|
||||
serveContent(w, name, f)
|
||||
if stat.IsDir() {
|
||||
// Use contents of index file if present
|
||||
name = path.Join(name, indexPage)
|
||||
index, err := fsys.Open(name)
|
||||
if err == nil {
|
||||
defer index.Close()
|
||||
f = index
|
||||
} else {
|
||||
// Failed to find index file
|
||||
dirList(w, f)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Detect mimetype from file extension
|
||||
ext := path.Ext(name)
|
||||
mimetype := mime.TypeByExtension(ext)
|
||||
w.SetMediaType(mimetype)
|
||||
io.Copy(w, f)
|
||||
}
|
||||
|
||||
func dirList(w ResponseWriter, f fs.File) {
|
||||
@@ -196,7 +169,7 @@ func dirList(w ResponseWriter, f fs.File) {
|
||||
}
|
||||
link := LineLink{
|
||||
Name: name,
|
||||
URL: (&url.URL{Path: name}).EscapedPath(),
|
||||
URL: "./" + url.PathEscape(name),
|
||||
}
|
||||
fmt.Fprintln(w, link.String())
|
||||
}
|
||||
|
||||
16
gemini.go
16
gemini.go
@@ -11,16 +11,24 @@ func init() {
|
||||
mime.AddExtensionType(".gemini", "text/gemini")
|
||||
}
|
||||
|
||||
var crlf = []byte("\r\n")
|
||||
|
||||
// Errors.
|
||||
var (
|
||||
ErrInvalidRequest = errors.New("gemini: invalid request")
|
||||
ErrInvalidResponse = errors.New("gemini: invalid response")
|
||||
|
||||
ErrCertificateExpired = errors.New("gemini: certificate expired")
|
||||
|
||||
// ErrBodyNotAllowed is returned by ResponseWriter.Write calls
|
||||
// when the response status code does not permit a body.
|
||||
ErrBodyNotAllowed = errors.New("gemini: response status code does not allow body")
|
||||
)
|
||||
|
||||
var crlf = []byte("\r\n")
|
||||
|
||||
func trimCRLF(b []byte) ([]byte, bool) {
|
||||
// Check for CR
|
||||
if len(b) < 2 || b[len(b)-2] != '\r' {
|
||||
return nil, false
|
||||
}
|
||||
// Trim CRLF
|
||||
b = b[:len(b)-2]
|
||||
return b, true
|
||||
}
|
||||
|
||||
36
handler.go
36
handler.go
@@ -14,11 +14,10 @@ import (
|
||||
// ServeGemini should write the response header and data to the ResponseWriter
|
||||
// and then return. Returning signals that the request is finished; it is not
|
||||
// valid to use the ResponseWriter after or concurrently with the completion
|
||||
// of the ServeGemini call. Handlers may also call ResponseWriter.Close to
|
||||
// manually close the connection.
|
||||
// of the ServeGemini call.
|
||||
//
|
||||
// The provided context is canceled when the client's connection is closed,
|
||||
// when ResponseWriter.Close is called, or when the ServeGemini method returns.
|
||||
// The provided context is canceled when the client's connection is closed
|
||||
// or the ServeGemini method returns.
|
||||
//
|
||||
// Handlers should not modify the provided Request.
|
||||
type Handler interface {
|
||||
@@ -80,18 +79,21 @@ func StripPrefix(prefix string, h Handler) Handler {
|
||||
//
|
||||
// The new Handler calls h.ServeGemini to handle each request, but
|
||||
// if a call runs for longer than its time limit, the handler responds with a
|
||||
// 40 Temporary Failure error. After such a timeout, writes by h to
|
||||
// its ResponseWriter will return context.DeadlineExceeded.
|
||||
func TimeoutHandler(h Handler, dt time.Duration) Handler {
|
||||
// 40 Temporary Failure status code and the given message in its response meta.
|
||||
// After such a timeout, writes by h to its ResponseWriter will return
|
||||
// context.DeadlineExceeded.
|
||||
func TimeoutHandler(h Handler, dt time.Duration, message string) Handler {
|
||||
return &timeoutHandler{
|
||||
h: h,
|
||||
dt: dt,
|
||||
h: h,
|
||||
dt: dt,
|
||||
msg: message,
|
||||
}
|
||||
}
|
||||
|
||||
type timeoutHandler struct {
|
||||
h Handler
|
||||
dt time.Duration
|
||||
h Handler
|
||||
dt time.Duration
|
||||
msg string
|
||||
}
|
||||
|
||||
func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
@@ -100,7 +102,7 @@ func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *R
|
||||
|
||||
buf := &bytes.Buffer{}
|
||||
tw := &timeoutWriter{
|
||||
wc: &contextWriter{
|
||||
wr: &contextWriter{
|
||||
ctx: ctx,
|
||||
cancel: cancel,
|
||||
done: ctx.Done(),
|
||||
@@ -119,12 +121,12 @@ func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *R
|
||||
w.WriteHeader(tw.status, tw.meta)
|
||||
w.Write(buf.Bytes())
|
||||
case <-ctx.Done():
|
||||
w.WriteHeader(StatusTemporaryFailure, "Timeout")
|
||||
w.WriteHeader(StatusTemporaryFailure, t.msg)
|
||||
}
|
||||
}
|
||||
|
||||
type timeoutWriter struct {
|
||||
wc io.WriteCloser
|
||||
wr io.Writer
|
||||
status Status
|
||||
meta string
|
||||
mediatype string
|
||||
@@ -139,7 +141,7 @@ func (w *timeoutWriter) Write(b []byte) (int, error) {
|
||||
if !w.wroteHeader {
|
||||
w.WriteHeader(StatusSuccess, w.mediatype)
|
||||
}
|
||||
return w.wc.Write(b)
|
||||
return w.wr.Write(b)
|
||||
}
|
||||
|
||||
func (w *timeoutWriter) WriteHeader(status Status, meta string) {
|
||||
@@ -154,7 +156,3 @@ func (w *timeoutWriter) WriteHeader(status Status, meta string) {
|
||||
func (w *timeoutWriter) Flush() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w *timeoutWriter) Close() error {
|
||||
return w.wc.Close()
|
||||
}
|
||||
|
||||
28
io.go
28
io.go
@@ -1,7 +1,6 @@
|
||||
package gemini
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"context"
|
||||
"io"
|
||||
)
|
||||
@@ -75,30 +74,3 @@ func (nopReadCloser) Read(p []byte) (int, error) {
|
||||
func (nopReadCloser) Close() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
type bufReadCloser struct {
|
||||
br *bufio.Reader // used until empty
|
||||
io.ReadCloser
|
||||
}
|
||||
|
||||
func newBufReadCloser(br *bufio.Reader, rc io.ReadCloser) io.ReadCloser {
|
||||
body := &bufReadCloser{ReadCloser: rc}
|
||||
if br.Buffered() != 0 {
|
||||
body.br = br
|
||||
}
|
||||
return body
|
||||
}
|
||||
|
||||
func (b *bufReadCloser) Read(p []byte) (n int, err error) {
|
||||
if b.br != nil {
|
||||
if n := b.br.Buffered(); len(p) > n {
|
||||
p = p[:n]
|
||||
}
|
||||
n, err = b.br.Read(p)
|
||||
if b.br.Buffered() == 0 {
|
||||
b.br = nil
|
||||
}
|
||||
return n, err
|
||||
}
|
||||
return b.ReadCloser.Read(p)
|
||||
}
|
||||
|
||||
58
middleware.go
Normal file
58
middleware.go
Normal file
@@ -0,0 +1,58 @@
|
||||
package gemini
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
)
|
||||
|
||||
// LoggingMiddleware returns a handler that wraps h and logs Gemini requests
|
||||
// and their responses to the log package's standard logger.
|
||||
// Requests are logged with the format "gemini: {host} {URL} {status code} {bytes written}".
|
||||
func LoggingMiddleware(h Handler) Handler {
|
||||
return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
lw := &logResponseWriter{rw: w}
|
||||
h.ServeGemini(ctx, lw, r)
|
||||
host := r.ServerName()
|
||||
log.Printf("gemini: %s %q %d %d", host, r.URL, lw.Status, lw.Wrote)
|
||||
})
|
||||
}
|
||||
|
||||
type logResponseWriter struct {
|
||||
Status Status
|
||||
Wrote int
|
||||
rw ResponseWriter
|
||||
mediatype string
|
||||
wroteHeader bool
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) SetMediaType(mediatype string) {
|
||||
w.mediatype = mediatype
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) Write(b []byte) (int, error) {
|
||||
if !w.wroteHeader {
|
||||
meta := w.mediatype
|
||||
if meta == "" {
|
||||
// Use default media type
|
||||
meta = defaultMediaType
|
||||
}
|
||||
w.WriteHeader(StatusSuccess, meta)
|
||||
}
|
||||
n, err := w.rw.Write(b)
|
||||
w.Wrote += n
|
||||
return n, err
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) WriteHeader(status Status, meta string) {
|
||||
if w.wroteHeader {
|
||||
return
|
||||
}
|
||||
w.wroteHeader = true
|
||||
w.Status = status
|
||||
w.Wrote += len(meta) + 5
|
||||
w.rw.WriteHeader(status, meta)
|
||||
}
|
||||
|
||||
func (w *logResponseWriter) Flush() error {
|
||||
return nil
|
||||
}
|
||||
172
mux.go
172
mux.go
@@ -1,3 +1,7 @@
|
||||
// Copyright 2009 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE-GO file.
|
||||
|
||||
package gemini
|
||||
|
||||
import (
|
||||
@@ -10,7 +14,7 @@ import (
|
||||
"sync"
|
||||
)
|
||||
|
||||
// ServeMux is a Gemini request multiplexer.
|
||||
// Mux is a Gemini request multiplexer.
|
||||
// It matches the URL of each incoming request against a list of registered
|
||||
// patterns and calls the handler for the pattern that
|
||||
// most closely matches the URL.
|
||||
@@ -28,58 +32,42 @@ import (
|
||||
// the pattern "/" matches all paths not matched by other registered
|
||||
// patterns, not just the URL with Path == "/".
|
||||
//
|
||||
// Patterns may also contain schemes and hostnames.
|
||||
// Wildcard patterns can be used to match multiple hostnames (e.g. "*.example.com").
|
||||
// Patterns may optionally begin with a host name, restricting matches to
|
||||
// URLs on that host only. Host-specific patterns take precedence over
|
||||
// general patterns, so that a handler might register for the two patterns
|
||||
// "/search" and "search.example.com/" without also taking over requests
|
||||
// for "gemini://example.com/".
|
||||
//
|
||||
// The following are examples of valid patterns, along with the scheme,
|
||||
// hostname, and path that they match.
|
||||
//
|
||||
// Pattern │ Scheme │ Hostname │ Path
|
||||
// ─────────────────────────────┼────────┼──────────┼─────────────
|
||||
// /file │ gemini │ * │ /file
|
||||
// /directory/ │ gemini │ * │ /directory/*
|
||||
// hostname/file │ gemini │ hostname │ /file
|
||||
// hostname/directory/ │ gemini │ hostname │ /directory/*
|
||||
// scheme://hostname/file │ scheme │ hostname │ /file
|
||||
// scheme://hostname/directory/ │ scheme │ hostname │ /directory/*
|
||||
// //hostname/file │ * │ hostname │ /file
|
||||
// //hostname/directory/ │ * │ hostname │ /directory/*
|
||||
// scheme:///file │ scheme │ * │ /file
|
||||
// scheme:///directory/ │ scheme │ * │ /directory/*
|
||||
// ///file │ * │ * │ /file
|
||||
// ///directory/ │ * │ * │ /directory/*
|
||||
//
|
||||
// A pattern without a hostname will match any hostname.
|
||||
// If a pattern begins with "//", it will match any scheme.
|
||||
// Otherwise, a pattern with no scheme is treated as though it has a
|
||||
// scheme of "gemini".
|
||||
// Wildcard patterns can be used to match multiple hostnames. For example,
|
||||
// the pattern "*.example.com" will match requests for "blog.example.com"
|
||||
// and "gemini.example.com", but not "example.org".
|
||||
//
|
||||
// If a subtree has been registered and a request is received naming the
|
||||
// subtree root without its trailing slash, ServeMux redirects that
|
||||
// subtree root without its trailing slash, Mux redirects that
|
||||
// request to the subtree root (adding the trailing slash). This behavior can
|
||||
// be overridden with a separate registration for the path without
|
||||
// the trailing slash. For example, registering "/images/" causes ServeMux
|
||||
// the trailing slash. For example, registering "/images/" causes Mux
|
||||
// to redirect a request for "/images" to "/images/", unless "/images" has
|
||||
// been registered separately.
|
||||
//
|
||||
// ServeMux also takes care of sanitizing the URL request path and
|
||||
// Mux also takes care of sanitizing the URL request path and
|
||||
// redirecting any request containing . or .. elements or repeated slashes
|
||||
// to an equivalent, cleaner URL.
|
||||
type ServeMux struct {
|
||||
type Mux struct {
|
||||
mu sync.RWMutex
|
||||
m map[muxKey]Handler
|
||||
m map[hostpath]Handler
|
||||
es []muxEntry // slice of entries sorted from longest to shortest
|
||||
}
|
||||
|
||||
type muxKey struct {
|
||||
scheme string
|
||||
host string
|
||||
path string
|
||||
type hostpath struct {
|
||||
host string
|
||||
path string
|
||||
}
|
||||
|
||||
type muxEntry struct {
|
||||
handler Handler
|
||||
key muxKey
|
||||
host string
|
||||
path string
|
||||
}
|
||||
|
||||
// cleanPath returns the canonical path for p, eliminating . and .. elements.
|
||||
@@ -106,24 +94,17 @@ func cleanPath(p string) string {
|
||||
|
||||
// Find a handler on a handler map given a path string.
|
||||
// Most-specific (longest) pattern wins.
|
||||
func (mux *ServeMux) match(key muxKey) Handler {
|
||||
func (mux *Mux) match(host, path string) Handler {
|
||||
// Check for exact match first.
|
||||
if r, ok := mux.m[key]; ok {
|
||||
return r
|
||||
} else if r, ok := mux.m[muxKey{"", key.host, key.path}]; ok {
|
||||
return r
|
||||
} else if r, ok := mux.m[muxKey{key.scheme, "", key.path}]; ok {
|
||||
return r
|
||||
} else if r, ok := mux.m[muxKey{"", "", key.path}]; ok {
|
||||
return r
|
||||
if h, ok := mux.m[hostpath{host, path}]; ok {
|
||||
return h
|
||||
}
|
||||
|
||||
// Check for longest valid match. mux.es contains all patterns
|
||||
// that end in / sorted from longest to shortest.
|
||||
for _, e := range mux.es {
|
||||
if (e.key.scheme == "" || key.scheme == e.key.scheme) &&
|
||||
(e.key.host == "" || key.host == e.key.host) &&
|
||||
strings.HasPrefix(key.path, e.key.path) {
|
||||
if len(e.host) == len(host) && e.host == host &&
|
||||
strings.HasPrefix(path, e.path) {
|
||||
return e.handler
|
||||
}
|
||||
}
|
||||
@@ -134,31 +115,32 @@ func (mux *ServeMux) match(key muxKey) Handler {
|
||||
// This occurs when a handler for path + "/" was already registered, but
|
||||
// not for path itself. If the path needs appending to, it creates a new
|
||||
// URL, setting the path to u.Path + "/" and returning true to indicate so.
|
||||
func (mux *ServeMux) redirectToPathSlash(key muxKey, u *url.URL) (*url.URL, bool) {
|
||||
func (mux *Mux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) {
|
||||
mux.mu.RLock()
|
||||
shouldRedirect := mux.shouldRedirectRLocked(key)
|
||||
shouldRedirect := mux.shouldRedirectRLocked(host, path)
|
||||
mux.mu.RUnlock()
|
||||
if !shouldRedirect {
|
||||
return u, false
|
||||
}
|
||||
return u.ResolveReference(&url.URL{Path: key.path + "/"}), true
|
||||
return u.ResolveReference(&url.URL{Path: path + "/"}), true
|
||||
}
|
||||
|
||||
// shouldRedirectRLocked reports whether the given path and host should be redirected to
|
||||
// path+"/". This should happen if a handler is registered for path+"/" but
|
||||
// not path -- see comments at ServeMux.
|
||||
func (mux *ServeMux) shouldRedirectRLocked(key muxKey) bool {
|
||||
if _, exist := mux.m[key]; exist {
|
||||
// not path -- see comments at Mux.
|
||||
func (mux *Mux) shouldRedirectRLocked(host, path string) bool {
|
||||
if _, exist := mux.m[hostpath{host, path}]; exist {
|
||||
return false
|
||||
}
|
||||
|
||||
n := len(key.path)
|
||||
n := len(path)
|
||||
if n == 0 {
|
||||
return false
|
||||
}
|
||||
if _, exist := mux.m[muxKey{key.scheme, key.host, key.path + "/"}]; exist {
|
||||
return key.path[n-1] != '/'
|
||||
if _, exist := mux.m[hostpath{host, path + "/"}]; exist {
|
||||
return path[n-1] != '/'
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -177,14 +159,18 @@ func getWildcard(hostname string) (string, bool) {
|
||||
// the path is not in its canonical form, the handler will be an
|
||||
// internally-generated handler that redirects to the canonical path. If the
|
||||
// host contains a port, it is ignored when matching handlers.
|
||||
func (mux *ServeMux) Handler(r *Request) Handler {
|
||||
scheme := r.URL.Scheme
|
||||
func (mux *Mux) Handler(r *Request) Handler {
|
||||
// Disallow non-Gemini schemes
|
||||
if r.URL.Scheme != "gemini" {
|
||||
return NotFoundHandler()
|
||||
}
|
||||
|
||||
host := r.URL.Hostname()
|
||||
path := cleanPath(r.URL.Path)
|
||||
|
||||
// If the given path is /tree and its handler is not registered,
|
||||
// redirect for /tree/.
|
||||
if u, ok := mux.redirectToPathSlash(muxKey{scheme, host, path}, r.URL); ok {
|
||||
if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok {
|
||||
return StatusHandler(StatusPermanentRedirect, u.String())
|
||||
}
|
||||
|
||||
@@ -197,29 +183,43 @@ func (mux *ServeMux) Handler(r *Request) Handler {
|
||||
mux.mu.RLock()
|
||||
defer mux.mu.RUnlock()
|
||||
|
||||
h := mux.match(muxKey{scheme, host, path})
|
||||
h := mux.match(host, path)
|
||||
|
||||
if h == nil {
|
||||
// Try wildcard
|
||||
if wildcard, ok := getWildcard(host); ok {
|
||||
h = mux.match(muxKey{scheme, wildcard, path})
|
||||
if u, ok := mux.redirectToPathSlash(wildcard, path, r.URL); ok {
|
||||
return StatusHandler(StatusPermanentRedirect, u.String())
|
||||
}
|
||||
h = mux.match(wildcard, path)
|
||||
}
|
||||
}
|
||||
|
||||
if h == nil {
|
||||
// Try empty host
|
||||
if u, ok := mux.redirectToPathSlash("", path, r.URL); ok {
|
||||
return StatusHandler(StatusPermanentRedirect, u.String())
|
||||
}
|
||||
h = mux.match("", path)
|
||||
}
|
||||
|
||||
if h == nil {
|
||||
h = NotFoundHandler()
|
||||
}
|
||||
|
||||
return h
|
||||
}
|
||||
|
||||
// ServeGemini dispatches the request to the handler whose
|
||||
// pattern most closely matches the request URL.
|
||||
func (mux *ServeMux) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
func (mux *Mux) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
|
||||
h := mux.Handler(r)
|
||||
h.ServeGemini(ctx, w, r)
|
||||
}
|
||||
|
||||
// Handle registers the handler for the given pattern.
|
||||
// If a handler already exists for pattern, Handle panics.
|
||||
func (mux *ServeMux) Handle(pattern string, handler Handler) {
|
||||
func (mux *Mux) Handle(pattern string, handler Handler) {
|
||||
if pattern == "" {
|
||||
panic("gemini: invalid pattern")
|
||||
}
|
||||
@@ -230,48 +230,32 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
|
||||
mux.mu.Lock()
|
||||
defer mux.mu.Unlock()
|
||||
|
||||
var key muxKey
|
||||
if strings.HasPrefix(pattern, "//") {
|
||||
// match any scheme
|
||||
key.scheme = ""
|
||||
pattern = pattern[2:]
|
||||
} else {
|
||||
// extract scheme
|
||||
cut := strings.Index(pattern, "://")
|
||||
if cut == -1 {
|
||||
// default scheme of gemini
|
||||
key.scheme = "gemini"
|
||||
} else {
|
||||
key.scheme = pattern[:cut]
|
||||
pattern = pattern[cut+3:]
|
||||
}
|
||||
}
|
||||
|
||||
var host, path string
|
||||
// extract hostname and path
|
||||
cut := strings.Index(pattern, "/")
|
||||
if cut == -1 {
|
||||
key.host = pattern
|
||||
key.path = "/"
|
||||
host = pattern
|
||||
path = "/"
|
||||
} else {
|
||||
key.host = pattern[:cut]
|
||||
key.path = pattern[cut:]
|
||||
host = pattern[:cut]
|
||||
path = pattern[cut:]
|
||||
}
|
||||
|
||||
// strip port from hostname
|
||||
if hostname, _, err := net.SplitHostPort(key.host); err == nil {
|
||||
key.host = hostname
|
||||
if hostname, _, err := net.SplitHostPort(host); err == nil {
|
||||
host = hostname
|
||||
}
|
||||
|
||||
if _, exist := mux.m[key]; exist {
|
||||
if _, exist := mux.m[hostpath{host, path}]; exist {
|
||||
panic("gemini: multiple registrations for " + pattern)
|
||||
}
|
||||
|
||||
if mux.m == nil {
|
||||
mux.m = make(map[muxKey]Handler)
|
||||
mux.m = make(map[hostpath]Handler)
|
||||
}
|
||||
mux.m[key] = handler
|
||||
e := muxEntry{handler, key}
|
||||
if key.path[len(key.path)-1] == '/' {
|
||||
mux.m[hostpath{host, path}] = handler
|
||||
e := muxEntry{handler, host, path}
|
||||
if path[len(path)-1] == '/' {
|
||||
mux.es = appendSorted(mux.es, e)
|
||||
}
|
||||
}
|
||||
@@ -279,9 +263,7 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
|
||||
func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
|
||||
n := len(es)
|
||||
i := sort.Search(n, func(i int) bool {
|
||||
return len(es[i].key.scheme) < len(e.key.scheme) ||
|
||||
len(es[i].key.host) < len(es[i].key.host) ||
|
||||
len(es[i].key.path) < len(e.key.path)
|
||||
return len(es[i].path) < len(e.path)
|
||||
})
|
||||
if i == n {
|
||||
return append(es, e)
|
||||
@@ -294,6 +276,6 @@ func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
|
||||
}
|
||||
|
||||
// HandleFunc registers the handler function for the given pattern.
|
||||
func (mux *ServeMux) HandleFunc(pattern string, handler HandlerFunc) {
|
||||
func (mux *Mux) HandleFunc(pattern string, handler HandlerFunc) {
|
||||
mux.Handle(pattern, handler)
|
||||
}
|
||||
|
||||
411
mux_test.go
411
mux_test.go
@@ -2,6 +2,7 @@ package gemini
|
||||
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"net/url"
|
||||
"testing"
|
||||
)
|
||||
@@ -10,7 +11,222 @@ type nopHandler struct{}
|
||||
|
||||
func (*nopHandler) ServeGemini(context.Context, ResponseWriter, *Request) {}
|
||||
|
||||
func TestServeMuxMatch(t *testing.T) {
|
||||
type nopResponseWriter struct {
|
||||
Status Status
|
||||
Meta string
|
||||
}
|
||||
|
||||
func (w *nopResponseWriter) WriteHeader(status Status, meta string) {
|
||||
w.Status = status
|
||||
w.Meta = meta
|
||||
}
|
||||
|
||||
func (nopResponseWriter) SetMediaType(mediatype string) {}
|
||||
func (nopResponseWriter) Write(b []byte) (int, error) { return 0, io.EOF }
|
||||
func (nopResponseWriter) Flush() error { return nil }
|
||||
|
||||
func TestMux(t *testing.T) {
|
||||
type Test struct {
|
||||
URL string
|
||||
Pattern string
|
||||
Redirect string
|
||||
NotFound bool
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
Patterns []string
|
||||
Tests []Test
|
||||
}{
|
||||
{
|
||||
Patterns: []string{"/a", "/b/", "/b/c/d", "/b/c/d/"},
|
||||
Tests: []Test{
|
||||
{
|
||||
URL: "gemini://example.com",
|
||||
Redirect: "gemini://example.com/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/",
|
||||
NotFound: true,
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/c",
|
||||
NotFound: true,
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/a",
|
||||
Pattern: "/a",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/a/",
|
||||
NotFound: true,
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b",
|
||||
Redirect: "gemini://example.com/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b/",
|
||||
Pattern: "/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b/c",
|
||||
Pattern: "/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b/c/d",
|
||||
Pattern: "/b/c/d",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b/c/d/e/",
|
||||
Pattern: "/b/c/d/",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Patterns: []string{
|
||||
"/", "/a", "/b/",
|
||||
"example.com", "example.com/a", "example.com/b/",
|
||||
"*.example.com", "*.example.com/a", "*.example.com/b/",
|
||||
},
|
||||
Tests: []Test{
|
||||
{
|
||||
URL: "gemini://example.net/",
|
||||
Pattern: "/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.net/a",
|
||||
Pattern: "/a",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.net/b",
|
||||
Redirect: "gemini://example.net/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.net/b/",
|
||||
Pattern: "/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/",
|
||||
Pattern: "example.com",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b",
|
||||
Redirect: "gemini://example.com/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/b/",
|
||||
Pattern: "example.com/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://a.example.com/",
|
||||
Pattern: "*.example.com",
|
||||
},
|
||||
{
|
||||
URL: "gemini://b.example.com/a",
|
||||
Pattern: "*.example.com/a",
|
||||
},
|
||||
{
|
||||
URL: "gemini://c.example.com/b",
|
||||
Redirect: "gemini://c.example.com/b/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://d.example.com/b/",
|
||||
Pattern: "*.example.com/b/",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Patterns: []string{"example.net", "*.example.org"},
|
||||
Tests: []Test{
|
||||
{
|
||||
// The following redirect occurs as a result of cleaning
|
||||
// the path provided to the Mux. This happens even if there
|
||||
// are no matching handlers.
|
||||
URL: "gemini://example.com",
|
||||
Redirect: "gemini://example.com/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.com/",
|
||||
NotFound: true,
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.net",
|
||||
Redirect: "gemini://example.net/",
|
||||
},
|
||||
{
|
||||
URL: "gemini://example.org/",
|
||||
NotFound: true,
|
||||
},
|
||||
{
|
||||
URL: "gemini://gemini.example.org",
|
||||
Redirect: "gemini://gemini.example.org/",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
type handler struct {
|
||||
nopHandler
|
||||
Pattern string
|
||||
}
|
||||
|
||||
mux := &Mux{}
|
||||
for _, pattern := range test.Patterns {
|
||||
mux.Handle(pattern, &handler{
|
||||
Pattern: pattern,
|
||||
})
|
||||
}
|
||||
|
||||
for _, test := range test.Tests {
|
||||
u, err := url.Parse(test.URL)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
req := &Request{URL: u}
|
||||
|
||||
h := mux.Handler(req)
|
||||
|
||||
if h, ok := h.(*handler); ok {
|
||||
if h.Pattern != test.Pattern {
|
||||
t.Errorf("wrong pattern for %q: expected %q, got %q", test.URL, test.Pattern, h.Pattern)
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
// Check redirects and NotFounds
|
||||
w := &nopResponseWriter{}
|
||||
h.ServeGemini(context.Background(), w, req)
|
||||
|
||||
switch w.Status {
|
||||
case StatusNotFound:
|
||||
if !test.NotFound {
|
||||
t.Errorf("expected pattern for %q, got NotFound", test.URL)
|
||||
}
|
||||
|
||||
case StatusPermanentRedirect:
|
||||
if test.Redirect == "" {
|
||||
t.Errorf("expected pattern for %q, got redirect to %q", test.URL, w.Meta)
|
||||
break
|
||||
}
|
||||
|
||||
res, err := url.Parse(test.Redirect)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if w.Meta != res.String() {
|
||||
t.Errorf("bad redirect for %q: expected %q, got %q", test.URL, res.String(), w.Meta)
|
||||
}
|
||||
|
||||
default:
|
||||
t.Errorf("unexpected response for %q: %d %s", test.URL, w.Status, w.Meta)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestMuxMatch(t *testing.T) {
|
||||
type Match struct {
|
||||
URL string
|
||||
Ok bool
|
||||
@@ -21,7 +237,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
Matches []Match
|
||||
}{
|
||||
{
|
||||
// scheme: gemini, hostname: *, path: /*
|
||||
// hostname: *, path: /*
|
||||
Pattern: "/",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
@@ -34,7 +250,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: *, path: /path
|
||||
// hostname: *, path: /path
|
||||
Pattern: "/path",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
@@ -47,7 +263,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: *, path: /subtree/*
|
||||
// hostname: *, path: /subtree/*
|
||||
Pattern: "/subtree/",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/subtree/", true},
|
||||
@@ -62,7 +278,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: example.com, path: /*
|
||||
// hostname: example.com, path: /*
|
||||
Pattern: "example.com",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
@@ -75,7 +291,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: example.com, path: /path
|
||||
// hostname: example.com, path: /path
|
||||
Pattern: "example.com/path",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
@@ -88,7 +304,7 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: example.com, path: /subtree/*
|
||||
// hostname: example.com, path: /subtree/*
|
||||
Pattern: "example.com/subtree/",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/subtree/", true},
|
||||
@@ -102,170 +318,6 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
{"http://example.com/subtree/", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: example.com, path: /*
|
||||
Pattern: "http://example.com",
|
||||
Matches: []Match{
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.com/", true},
|
||||
{"http://example.com/path.gmi", true},
|
||||
{"http://example.com/path/", true},
|
||||
{"http://example.org/path", false},
|
||||
{"gemini://example.com/path", false},
|
||||
{"gemini://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: example.com, path: /path
|
||||
Pattern: "http://example.com/path",
|
||||
Matches: []Match{
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.com/", false},
|
||||
{"http://example.com/path.gmi", false},
|
||||
{"http://example.com/path/", false},
|
||||
{"http://example.org/path", false},
|
||||
{"gemini://example.com/path", false},
|
||||
{"gemini://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: example.com, path: /subtree/*
|
||||
Pattern: "http://example.com/subtree/",
|
||||
Matches: []Match{
|
||||
{"http://example.com/subtree/", true},
|
||||
{"http://example.com/subtree/nested/", true},
|
||||
{"http://example.com/subtree/nested/file", true},
|
||||
{"http://example.org/subtree/", false},
|
||||
{"http://example.org/subtree/nested/", false},
|
||||
{"http://example.org/subtree/nested/file", false},
|
||||
{"http://example.com/subtree", false},
|
||||
{"http://www.example.com/subtree/", false},
|
||||
{"gemini://example.com/subtree/", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: example.com, path: /*
|
||||
Pattern: "//example.com",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
{"gemini://example.com/", true},
|
||||
{"gemini://example.com/path.gmi", true},
|
||||
{"gemini://example.com/path/", true},
|
||||
{"gemini://example.org/path", false},
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: example.com, path: /path
|
||||
Pattern: "//example.com/path",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
{"gemini://example.com/", false},
|
||||
{"gemini://example.com/path.gmi", false},
|
||||
{"gemini://example.com/path/", false},
|
||||
{"gemini://example.org/path", false},
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: example.com, path: /subtree/*
|
||||
Pattern: "//example.com/subtree/",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/subtree/", true},
|
||||
{"gemini://example.com/subtree/nested/", true},
|
||||
{"gemini://example.com/subtree/nested/file", true},
|
||||
{"gemini://example.org/subtree/", false},
|
||||
{"gemini://example.org/subtree/nested/", false},
|
||||
{"gemini://example.org/subtree/nested/file", false},
|
||||
{"gemini://example.com/subtree", false},
|
||||
{"gemini://www.example.com/subtree/", false},
|
||||
{"http://example.com/subtree/", true},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: *, path: /*
|
||||
Pattern: "http://",
|
||||
Matches: []Match{
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.com/", true},
|
||||
{"http://example.com/path.gmi", true},
|
||||
{"http://example.com/path/", true},
|
||||
{"http://example.org/path", true},
|
||||
{"gemini://example.com/path", false},
|
||||
{"gemini://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: *, path: /path
|
||||
Pattern: "http:///path",
|
||||
Matches: []Match{
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.com/", false},
|
||||
{"http://example.com/path.gmi", false},
|
||||
{"http://example.com/path/", false},
|
||||
{"http://example.org/path", true},
|
||||
{"gemini://example.com/path", false},
|
||||
{"gemini://example.org/path", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: *, path: /subtree/*
|
||||
Pattern: "http:///subtree/",
|
||||
Matches: []Match{
|
||||
{"http://example.com/subtree/", true},
|
||||
{"http://example.com/subtree/nested/", true},
|
||||
{"http://example.com/subtree/nested/file", true},
|
||||
{"http://example.org/subtree/", true},
|
||||
{"http://example.org/subtree/nested/", true},
|
||||
{"http://example.org/subtree/nested/file", true},
|
||||
{"http://example.com/subtree", false},
|
||||
{"http://www.example.com/subtree/", true},
|
||||
{"gemini://example.com/subtree/", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: *, path: /*
|
||||
Pattern: "//",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
{"gemini://example.com/", true},
|
||||
{"gemini://example.com/path.gmi", true},
|
||||
{"gemini://example.com/path/", true},
|
||||
{"gemini://example.org/path", true},
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.org/path", true},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: *, path: /path
|
||||
Pattern: "///path",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/path", true},
|
||||
{"gemini://example.com/", false},
|
||||
{"gemini://example.com/path.gmi", false},
|
||||
{"gemini://example.com/path/", false},
|
||||
{"gemini://example.org/path", true},
|
||||
{"http://example.com/path", true},
|
||||
{"http://example.org/path", true},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: *, hostname: *, path: /subtree/*
|
||||
Pattern: "///subtree/",
|
||||
Matches: []Match{
|
||||
{"gemini://example.com/subtree/", true},
|
||||
{"gemini://example.com/subtree/nested/", true},
|
||||
{"gemini://example.com/subtree/nested/file", true},
|
||||
{"gemini://example.org/subtree/", true},
|
||||
{"gemini://example.org/subtree/nested/", true},
|
||||
{"gemini://example.org/subtree/nested/file", true},
|
||||
{"gemini://example.com/subtree", false},
|
||||
{"gemini://www.example.com/subtree/", true},
|
||||
{"http://example.com/subtree/", true},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: gemini, hostname: *.example.com, path: /*
|
||||
Pattern: "*.example.com",
|
||||
@@ -277,25 +329,14 @@ func TestServeMuxMatch(t *testing.T) {
|
||||
{"http://www.example.com/", false},
|
||||
},
|
||||
},
|
||||
{
|
||||
// scheme: http, hostname: *.example.com, path: /*
|
||||
Pattern: "http://*.example.com",
|
||||
Matches: []Match{
|
||||
{"http://mail.example.com/", true},
|
||||
{"http://www.example.com/index.gmi", true},
|
||||
{"http://example.com/", false},
|
||||
{"http://a.b.example.com/", false},
|
||||
{"gemini://www.example.com/", false},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for i, test := range tests {
|
||||
for _, test := range tests {
|
||||
h := &nopHandler{}
|
||||
var mux ServeMux
|
||||
var mux Mux
|
||||
mux.Handle(test.Pattern, h)
|
||||
|
||||
for _, match := range tests[i].Matches {
|
||||
for _, match := range test.Matches {
|
||||
u, err := url.Parse(match.URL)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
|
||||
65
request.go
65
request.go
@@ -29,6 +29,7 @@ type Request struct {
|
||||
Certificate *tls.Certificate
|
||||
|
||||
conn net.Conn
|
||||
tls *tls.ConnectionState
|
||||
}
|
||||
|
||||
// NewRequest returns a new request.
|
||||
@@ -50,60 +51,78 @@ func NewRequest(rawurl string) (*Request, error) {
|
||||
// for specialized applications; most code should use the Server
|
||||
// to read requests and handle them via the Handler interface.
|
||||
func ReadRequest(r io.Reader) (*Request, error) {
|
||||
// Read URL
|
||||
// Limit request size
|
||||
r = io.LimitReader(r, 1026)
|
||||
br := bufio.NewReaderSize(r, 1026)
|
||||
rawurl, err := br.ReadString('\r')
|
||||
b, err := br.ReadBytes('\n')
|
||||
if err != nil {
|
||||
if err == io.EOF {
|
||||
return nil, ErrInvalidRequest
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
// Read terminating line feed
|
||||
if b, err := br.ReadByte(); err != nil {
|
||||
return nil, err
|
||||
} else if b != '\n' {
|
||||
// Read URL
|
||||
rawurl, ok := trimCRLF(b)
|
||||
if !ok {
|
||||
return nil, ErrInvalidRequest
|
||||
}
|
||||
// Trim carriage return
|
||||
rawurl = rawurl[:len(rawurl)-1]
|
||||
// Validate URL
|
||||
if len(rawurl) > 1024 {
|
||||
if len(rawurl) == 0 {
|
||||
return nil, ErrInvalidRequest
|
||||
}
|
||||
u, err := url.Parse(rawurl)
|
||||
u, err := url.Parse(string(rawurl))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &Request{URL: u}, nil
|
||||
}
|
||||
|
||||
// Write writes a Gemini request in wire format.
|
||||
// WriteTo writes r to w in the Gemini request format.
|
||||
// This method consults the request URL only.
|
||||
func (r *Request) Write(w io.Writer) error {
|
||||
func (r *Request) WriteTo(w io.Writer) (int64, error) {
|
||||
bw := bufio.NewWriterSize(w, 1026)
|
||||
url := r.URL.String()
|
||||
if len(url) > 1024 {
|
||||
return ErrInvalidRequest
|
||||
return 0, ErrInvalidRequest
|
||||
}
|
||||
if _, err := bw.WriteString(url); err != nil {
|
||||
return err
|
||||
var wrote int64
|
||||
n, err := bw.WriteString(url)
|
||||
wrote += int64(n)
|
||||
if err != nil {
|
||||
return wrote, err
|
||||
}
|
||||
if _, err := bw.Write(crlf); err != nil {
|
||||
return err
|
||||
n, err = bw.Write(crlf)
|
||||
wrote += int64(n)
|
||||
if err != nil {
|
||||
return wrote, err
|
||||
}
|
||||
return bw.Flush()
|
||||
return wrote, bw.Flush()
|
||||
}
|
||||
|
||||
// Conn returns the network connection on which the request was received.
|
||||
// Conn returns nil for client requests.
|
||||
func (r *Request) Conn() net.Conn {
|
||||
return r.conn
|
||||
}
|
||||
|
||||
// TLS returns information about the TLS connection on which the
|
||||
// request was received.
|
||||
// TLS returns nil for client requests.
|
||||
func (r *Request) TLS() *tls.ConnectionState {
|
||||
if tlsConn, ok := r.conn.(*tls.Conn); ok {
|
||||
state := tlsConn.ConnectionState()
|
||||
return &state
|
||||
if r.tls == nil {
|
||||
if tlsConn, ok := r.conn.(*tls.Conn); ok {
|
||||
state := tlsConn.ConnectionState()
|
||||
r.tls = &state
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return r.tls
|
||||
}
|
||||
|
||||
// ServerName returns the value of the TLS Server Name Indication extension
|
||||
// sent by the client.
|
||||
// ServerName returns an empty string for client requests.
|
||||
func (r *Request) ServerName() string {
|
||||
if tls := r.TLS(); tls != nil {
|
||||
return tls.ServerName
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -2,7 +2,6 @@ package gemini
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"io"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -36,25 +35,25 @@ func TestReadRequest(t *testing.T) {
|
||||
},
|
||||
{
|
||||
Raw: "\r\n",
|
||||
URL: &url.URL{},
|
||||
Err: ErrInvalidRequest,
|
||||
},
|
||||
{
|
||||
Raw: "gemini://example.com\n",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidRequest,
|
||||
},
|
||||
{
|
||||
Raw: "gemini://example.com",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidRequest,
|
||||
},
|
||||
{
|
||||
// 1030 bytes
|
||||
Raw: maxURL + "xxxxxx",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidRequest,
|
||||
},
|
||||
{
|
||||
// 1027 bytes
|
||||
Raw: maxURL + "x" + "\r\n",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidRequest,
|
||||
},
|
||||
{
|
||||
// 1024 bytes
|
||||
@@ -119,7 +118,7 @@ func TestWriteRequest(t *testing.T) {
|
||||
t.Logf("%s", test.Req.URL)
|
||||
var b strings.Builder
|
||||
bw := bufio.NewWriter(&b)
|
||||
err := test.Req.Write(bw)
|
||||
_, err := test.Req.WriteTo(bw)
|
||||
if err != test.Err {
|
||||
t.Errorf("expected err = %v, got %v", test.Err, err)
|
||||
}
|
||||
|
||||
168
response.go
168
response.go
@@ -3,117 +3,104 @@ package gemini
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
// The default media type for responses.
|
||||
const defaultMediaType = "text/gemini; charset=utf-8"
|
||||
const defaultMediaType = "text/gemini"
|
||||
|
||||
// Response represents the response from a Gemini request.
|
||||
//
|
||||
// The Client returns Responses from servers once the response
|
||||
// header has been received. The response body is streamed on demand
|
||||
// as the response is read. If the network connection fails or the server
|
||||
// terminates the response, Read calls return an error.
|
||||
//
|
||||
// It is the caller's responsibility to close the response.
|
||||
// as the Body field is read.
|
||||
type Response struct {
|
||||
status Status
|
||||
meta string
|
||||
body io.ReadCloser
|
||||
conn net.Conn
|
||||
}
|
||||
// Status is the response status code.
|
||||
Status Status
|
||||
|
||||
// NewResponse returns a new response with the provided status, meta, and body.
|
||||
func NewResponse(status Status, meta string, body io.ReadCloser) *Response {
|
||||
return &Response{
|
||||
status: status,
|
||||
meta: meta,
|
||||
body: body,
|
||||
}
|
||||
// Meta returns the response meta.
|
||||
// For successful responses, the meta should contain the media type of the response.
|
||||
// For failure responses, the meta should contain a short description of the failure.
|
||||
Meta string
|
||||
|
||||
// Body represents the response body.
|
||||
//
|
||||
// The response body is streamed on demand as the Body field
|
||||
// is read. If the network connection fails or the server
|
||||
// terminates the response, Body.Read calls return an error.
|
||||
//
|
||||
// The Gemini client guarantees that Body is always
|
||||
// non-nil, even on responses without a body or responses with
|
||||
// a zero-length body. It is the caller's responsibility to
|
||||
// close Body.
|
||||
Body io.ReadCloser
|
||||
|
||||
conn net.Conn
|
||||
}
|
||||
|
||||
// ReadResponse reads a Gemini response from the provided io.ReadCloser.
|
||||
func ReadResponse(r io.ReadCloser) (*Response, error) {
|
||||
resp := &Response{}
|
||||
br := bufio.NewReader(r)
|
||||
|
||||
// Read the status
|
||||
statusB := make([]byte, 2)
|
||||
if _, err := br.Read(statusB); err != nil {
|
||||
// Limit response header size
|
||||
lr := io.LimitReader(r, 1029)
|
||||
// Wrap the reader to remove the limit later on
|
||||
wr := &struct{ io.Reader }{lr}
|
||||
br := bufio.NewReader(wr)
|
||||
|
||||
// Read response header
|
||||
b, err := br.ReadBytes('\n')
|
||||
if err != nil {
|
||||
if err == io.EOF {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
status, err := strconv.Atoi(string(statusB))
|
||||
if len(b) < 3 {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
|
||||
// Read the status
|
||||
status, err := strconv.Atoi(string(b[:2]))
|
||||
if err != nil {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
resp.status = Status(status)
|
||||
resp.Status = Status(status)
|
||||
|
||||
// Read one space
|
||||
if b, err := br.ReadByte(); err != nil {
|
||||
return nil, err
|
||||
} else if b != ' ' {
|
||||
if b[2] != ' ' {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
|
||||
// Read the meta
|
||||
meta, err := br.ReadString('\r')
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// Trim carriage return
|
||||
meta = meta[:len(meta)-1]
|
||||
// Ensure meta is less than or equal to 1024 bytes
|
||||
if len(meta) > 1024 {
|
||||
meta, ok := trimCRLF(b[3:])
|
||||
if !ok {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
if resp.status.Class() == StatusSuccess && meta == "" {
|
||||
// Use default media type
|
||||
meta = defaultMediaType
|
||||
}
|
||||
resp.meta = meta
|
||||
|
||||
// Read terminating newline
|
||||
if b, err := br.ReadByte(); err != nil {
|
||||
return nil, err
|
||||
} else if b != '\n' {
|
||||
if len(meta) == 0 {
|
||||
return nil, ErrInvalidResponse
|
||||
}
|
||||
resp.Meta = string(meta)
|
||||
|
||||
if resp.status.Class() == StatusSuccess {
|
||||
resp.body = newBufReadCloser(br, r)
|
||||
if resp.Status.Class() == StatusSuccess {
|
||||
// Use unlimited reader
|
||||
wr.Reader = r
|
||||
|
||||
type readCloser struct {
|
||||
io.Reader
|
||||
io.Closer
|
||||
}
|
||||
resp.Body = readCloser{br, r}
|
||||
} else {
|
||||
resp.body = nopReadCloser{}
|
||||
resp.Body = nopReadCloser{}
|
||||
r.Close()
|
||||
}
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
// Status returns the response status code.
|
||||
func (r *Response) Status() Status {
|
||||
return r.status
|
||||
}
|
||||
|
||||
// Meta returns the response meta.
|
||||
// For successful responses, the meta should contain the media type of the response.
|
||||
// For failure responses, the meta should contain a short description of the failure.
|
||||
func (r *Response) Meta() string {
|
||||
return r.meta
|
||||
}
|
||||
|
||||
// Read reads data from the response body.
|
||||
// The response body is streamed on demand as Read is called.
|
||||
func (r *Response) Read(p []byte) (n int, err error) {
|
||||
return r.body.Read(p)
|
||||
}
|
||||
|
||||
// Close closes the response body.
|
||||
func (r *Response) Close() error {
|
||||
return r.body.Close()
|
||||
}
|
||||
|
||||
// Conn returns the network connection on which the response was received.
|
||||
func (r *Response) Conn() net.Conn {
|
||||
return r.conn
|
||||
@@ -129,6 +116,29 @@ func (r *Response) TLS() *tls.ConnectionState {
|
||||
return nil
|
||||
}
|
||||
|
||||
// WriteTo writes r to w in the Gemini response format, including the
|
||||
// header and body.
|
||||
//
|
||||
// This method consults the Status, Meta, and Body fields of the response.
|
||||
// The Response Body is closed after it is sent.
|
||||
func (r *Response) WriteTo(w io.Writer) (int64, error) {
|
||||
var wrote int64
|
||||
n, err := fmt.Fprintf(w, "%02d %s\r\n", r.Status, r.Meta)
|
||||
wrote += int64(n)
|
||||
if err != nil {
|
||||
return wrote, err
|
||||
}
|
||||
if r.Body != nil {
|
||||
defer r.Body.Close()
|
||||
n, err := io.Copy(w, r.Body)
|
||||
wrote += n
|
||||
if err != nil {
|
||||
return wrote, err
|
||||
}
|
||||
}
|
||||
return wrote, nil
|
||||
}
|
||||
|
||||
// A ResponseWriter interface is used by a Gemini handler to construct
|
||||
// a Gemini response.
|
||||
//
|
||||
@@ -136,8 +146,8 @@ func (r *Response) TLS() *tls.ConnectionState {
|
||||
// has returned.
|
||||
type ResponseWriter interface {
|
||||
// SetMediaType sets the media type that will be sent by Write for a
|
||||
// successful response. If no media type is set, a default of
|
||||
// "text/gemini; charset=utf-8" will be used.
|
||||
// successful response. If no media type is set, a default media type of
|
||||
// "text/gemini" will be used.
|
||||
//
|
||||
// Setting the media type after a call to Write or WriteHeader has
|
||||
// no effect.
|
||||
@@ -148,7 +158,7 @@ type ResponseWriter interface {
|
||||
// If WriteHeader has not yet been called, Write calls WriteHeader with
|
||||
// StatusSuccess and the media type set in SetMediaType before writing the data.
|
||||
// If no media type was set, Write uses a default media type of
|
||||
// "text/gemini; charset=utf-8".
|
||||
// "text/gemini".
|
||||
Write([]byte) (int, error)
|
||||
|
||||
// WriteHeader sends a Gemini response header with the provided
|
||||
@@ -165,24 +175,18 @@ type ResponseWriter interface {
|
||||
|
||||
// Flush sends any buffered data to the client.
|
||||
Flush() error
|
||||
|
||||
// Close closes the connection.
|
||||
// Any blocked Write operations will be unblocked and return errors.
|
||||
Close() error
|
||||
}
|
||||
|
||||
type responseWriter struct {
|
||||
bw *bufio.Writer
|
||||
cl io.Closer
|
||||
mediatype string
|
||||
wroteHeader bool
|
||||
bodyAllowed bool
|
||||
}
|
||||
|
||||
func newResponseWriter(w io.WriteCloser) *responseWriter {
|
||||
func newResponseWriter(w io.Writer) *responseWriter {
|
||||
return &responseWriter{
|
||||
bw: bufio.NewWriter(w),
|
||||
cl: w,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -228,7 +232,3 @@ func (w *responseWriter) Flush() error {
|
||||
// Write errors from WriteHeader will be returned here.
|
||||
return w.bw.Flush()
|
||||
}
|
||||
|
||||
func (w *responseWriter) Close() error {
|
||||
return w.cl.Close()
|
||||
}
|
||||
|
||||
@@ -38,6 +38,15 @@ func TestReadWriteResponse(t *testing.T) {
|
||||
Meta: "/redirect",
|
||||
SkipWrite: true, // skip write test since result won't match Raw
|
||||
},
|
||||
{
|
||||
Raw: "32 " + maxURL + "\r\n",
|
||||
Status: 32,
|
||||
Meta: maxURL,
|
||||
},
|
||||
{
|
||||
Raw: "33 " + maxURL + "xxxx" + "\r\n",
|
||||
Err: ErrInvalidResponse,
|
||||
},
|
||||
{
|
||||
Raw: "99 Unknown status code\r\n",
|
||||
Status: 99,
|
||||
@@ -57,15 +66,15 @@ func TestReadWriteResponse(t *testing.T) {
|
||||
},
|
||||
{
|
||||
Raw: "",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidResponse,
|
||||
},
|
||||
{
|
||||
Raw: "10 Search query",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidResponse,
|
||||
},
|
||||
{
|
||||
Raw: "20 text/gemini\nHello, world!",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidResponse,
|
||||
},
|
||||
{
|
||||
Raw: "20 text/gemini\rHello, world!",
|
||||
@@ -73,7 +82,7 @@ func TestReadWriteResponse(t *testing.T) {
|
||||
},
|
||||
{
|
||||
Raw: "20 text/gemini\r",
|
||||
Err: io.EOF,
|
||||
Err: ErrInvalidResponse,
|
||||
},
|
||||
{
|
||||
Raw: "abcdefghijklmnopqrstuvwxyz",
|
||||
@@ -87,17 +96,17 @@ func TestReadWriteResponse(t *testing.T) {
|
||||
if err != test.Err {
|
||||
t.Errorf("expected err = %v, got %v", test.Err, err)
|
||||
}
|
||||
if test.Err != nil {
|
||||
if err != nil {
|
||||
// No response
|
||||
continue
|
||||
}
|
||||
if resp.status != test.Status {
|
||||
t.Errorf("expected status = %d, got %d", test.Status, resp.status)
|
||||
if resp.Status != test.Status {
|
||||
t.Errorf("expected status = %d, got %d", test.Status, resp.Status)
|
||||
}
|
||||
if resp.meta != test.Meta {
|
||||
t.Errorf("expected meta = %s, got %s", test.Meta, resp.meta)
|
||||
if resp.Meta != test.Meta {
|
||||
t.Errorf("expected meta = %s, got %s", test.Meta, resp.Meta)
|
||||
}
|
||||
b, _ := ioutil.ReadAll(resp.body)
|
||||
b, _ := ioutil.ReadAll(resp.Body)
|
||||
body := string(b)
|
||||
if body != test.Body {
|
||||
t.Errorf("expected body = %#v, got %#v", test.Body, body)
|
||||
|
||||
21
server.go
21
server.go
@@ -282,14 +282,17 @@ func (srv *Server) serve(ctx context.Context, l net.Listener) error {
|
||||
return err
|
||||
}
|
||||
tempDelay = 0
|
||||
go srv.ServeConn(ctx, rw)
|
||||
go srv.serveConn(ctx, rw, false)
|
||||
}
|
||||
}
|
||||
|
||||
func (srv *Server) trackConn(conn *net.Conn, cancel context.CancelFunc) bool {
|
||||
func (srv *Server) trackConn(conn *net.Conn, cancel context.CancelFunc, external bool) bool {
|
||||
srv.mu.Lock()
|
||||
defer srv.mu.Unlock()
|
||||
if srv.closed && !srv.shutdown {
|
||||
// Reject the connection under the following conditions:
|
||||
// - Shutdown or Close has been called and conn is external (from ServeConn)
|
||||
// - Close (not Shutdown) has been called and conn is internal (from Serve)
|
||||
if srv.closed && (external || !srv.shutdown) {
|
||||
return false
|
||||
}
|
||||
if srv.conns == nil {
|
||||
@@ -309,15 +312,17 @@ func (srv *Server) deleteConn(conn *net.Conn) {
|
||||
// It closes the connection when the response has been completed.
|
||||
// If the provided context expires before the response has completed,
|
||||
// ServeConn closes the connection and returns the context's error.
|
||||
//
|
||||
// Note that ServeConn can be used during a Shutdown.
|
||||
func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
|
||||
return srv.serveConn(ctx, conn, true)
|
||||
}
|
||||
|
||||
func (srv *Server) serveConn(ctx context.Context, conn net.Conn, external bool) error {
|
||||
defer conn.Close()
|
||||
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
|
||||
if !srv.trackConn(&conn, cancel) {
|
||||
if !srv.trackConn(&conn, cancel, external) {
|
||||
return context.Canceled
|
||||
}
|
||||
defer srv.tryCloseDone()
|
||||
@@ -332,7 +337,7 @@ func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
|
||||
|
||||
errch := make(chan error, 1)
|
||||
go func() {
|
||||
errch <- srv.serveConn(ctx, conn)
|
||||
errch <- srv.goServeConn(ctx, conn)
|
||||
}()
|
||||
|
||||
select {
|
||||
@@ -343,7 +348,7 @@ func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
|
||||
}
|
||||
}
|
||||
|
||||
func (srv *Server) serveConn(ctx context.Context, conn net.Conn) error {
|
||||
func (srv *Server) goServeConn(ctx context.Context, conn net.Conn) error {
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
done := ctx.Done()
|
||||
cw := &contextWriter{
|
||||
|
||||
4
text.go
4
text.go
@@ -125,8 +125,8 @@ func ParseLines(r io.Reader, handler func(Line)) error {
|
||||
name = strings.TrimLeft(name, spacetab)
|
||||
line = LineLink{url, name}
|
||||
}
|
||||
} else if strings.HasPrefix(text, "*") {
|
||||
text = text[1:]
|
||||
} else if strings.HasPrefix(text, "* ") {
|
||||
text = text[2:]
|
||||
text = strings.TrimLeft(text, spacetab)
|
||||
line = LineListItem(text)
|
||||
} else if strings.HasPrefix(text, "###") {
|
||||
|
||||
142
tofu/tofu.go
142
tofu/tofu.go
@@ -4,17 +4,16 @@ package tofu
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"crypto/sha512"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// KnownHosts represents a list of known hosts.
|
||||
@@ -84,7 +83,11 @@ func (k *KnownHosts) WriteTo(w io.Writer) (int64, error) {
|
||||
|
||||
// Load loads the known hosts entries from the provided path.
|
||||
func (k *KnownHosts) Load(path string) error {
|
||||
f, err := os.Open(path)
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
f, err := os.OpenFile(path, os.O_CREATE|os.O_RDONLY, 0644)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -133,6 +136,9 @@ func (k *KnownHosts) Parse(r io.Reader) error {
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if h.Algorithm != "sha256" {
|
||||
continue
|
||||
}
|
||||
|
||||
k.hosts[h.Hostname] = h
|
||||
}
|
||||
@@ -143,22 +149,17 @@ func (k *KnownHosts) Parse(r io.Reader) error {
|
||||
// TOFU implements basic trust on first use.
|
||||
//
|
||||
// If the host is not on file, it is added to the list.
|
||||
// If the host on file is expired, a new entry is added to the list.
|
||||
// If the fingerprint does not match the one on file, an error is returned.
|
||||
func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error {
|
||||
host := NewHost(hostname, cert.Raw, cert.NotAfter)
|
||||
|
||||
host := NewHost(hostname, cert.Raw)
|
||||
knownHost, ok := k.Lookup(hostname)
|
||||
if !ok || time.Now().After(knownHost.Expires) {
|
||||
if !ok {
|
||||
k.Add(host)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Check fingerprint
|
||||
if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
|
||||
if host.Fingerprint != knownHost.Fingerprint {
|
||||
return fmt.Errorf("fingerprint for %q does not match", hostname)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -266,21 +267,16 @@ func (p *PersistentHosts) Entries() []Host {
|
||||
// TOFU implements trust on first use with a persistent set of known hosts.
|
||||
//
|
||||
// If the host is not on file, it is added to the list.
|
||||
// If the host on file is expired, a new entry is added to the list.
|
||||
// If the fingerprint does not match the one on file, an error is returned.
|
||||
func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error {
|
||||
host := NewHost(hostname, cert.Raw, cert.NotAfter)
|
||||
|
||||
host := NewHost(hostname, cert.Raw)
|
||||
knownHost, ok := p.Lookup(hostname)
|
||||
if !ok || time.Now().After(knownHost.Expires) {
|
||||
if !ok {
|
||||
return p.Add(host)
|
||||
}
|
||||
|
||||
// Check fingerprint
|
||||
if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
|
||||
if host.Fingerprint != knownHost.Fingerprint {
|
||||
return fmt.Errorf("fingerprint for %q does not match", hostname)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -291,22 +287,20 @@ func (p *PersistentHosts) Close() error {
|
||||
|
||||
// Host represents a host entry with a fingerprint using a certain algorithm.
|
||||
type Host struct {
|
||||
Hostname string // hostname
|
||||
Algorithm string // fingerprint algorithm e.g. SHA-512
|
||||
Fingerprint Fingerprint // fingerprint
|
||||
Expires time.Time // unix time of the fingerprint expiration date
|
||||
Hostname string // hostname
|
||||
Algorithm string // fingerprint algorithm e.g. sha256
|
||||
Fingerprint string // fingerprint
|
||||
}
|
||||
|
||||
// NewHost returns a new host with a SHA-512 fingerprint of
|
||||
// NewHost returns a new host with a SHA256 fingerprint of
|
||||
// the provided raw data.
|
||||
func NewHost(hostname string, raw []byte, expires time.Time) Host {
|
||||
sum := sha512.Sum512(raw)
|
||||
func NewHost(hostname string, raw []byte) Host {
|
||||
sum := sha256.Sum256(raw)
|
||||
|
||||
return Host{
|
||||
Hostname: hostname,
|
||||
Algorithm: "SHA-512",
|
||||
Fingerprint: sum[:],
|
||||
Expires: expires,
|
||||
Algorithm: "sha256",
|
||||
Fingerprint: base64.StdEncoding.EncodeToString(sum[:]),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -324,95 +318,19 @@ func (h Host) String() string {
|
||||
b.WriteByte(' ')
|
||||
b.WriteString(h.Algorithm)
|
||||
b.WriteByte(' ')
|
||||
b.WriteString(h.Fingerprint.String())
|
||||
b.WriteByte(' ')
|
||||
b.WriteString(strconv.FormatInt(h.Expires.Unix(), 10))
|
||||
b.WriteString(h.Fingerprint)
|
||||
return b.String()
|
||||
}
|
||||
|
||||
// UnmarshalText unmarshals the host from the provided text.
|
||||
func (h *Host) UnmarshalText(text []byte) error {
|
||||
const format = "hostname algorithm hex-fingerprint expiry-unix-ts"
|
||||
|
||||
parts := bytes.Split(text, []byte(" "))
|
||||
if len(parts) != 4 {
|
||||
return fmt.Errorf("expected the format %q", format)
|
||||
}
|
||||
|
||||
if len(parts[0]) == 0 {
|
||||
return errors.New("empty hostname")
|
||||
if len(parts) != 3 {
|
||||
return fmt.Errorf("expected the format 'hostname algorithm fingerprint'")
|
||||
}
|
||||
|
||||
h.Hostname = string(parts[0])
|
||||
|
||||
algorithm := string(parts[1])
|
||||
if algorithm != "SHA-512" {
|
||||
return fmt.Errorf("unsupported algorithm %q", algorithm)
|
||||
}
|
||||
|
||||
h.Algorithm = algorithm
|
||||
|
||||
fingerprint := make([]byte, 0, sha512.Size)
|
||||
scanner := bufio.NewScanner(bytes.NewReader(parts[2]))
|
||||
scanner.Split(scanFingerprint)
|
||||
|
||||
for scanner.Scan() {
|
||||
b, err := strconv.ParseUint(scanner.Text(), 16, 8)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse fingerprint hash: %w", err)
|
||||
}
|
||||
fingerprint = append(fingerprint, byte(b))
|
||||
}
|
||||
|
||||
if len(fingerprint) != sha512.Size {
|
||||
return fmt.Errorf("invalid fingerprint size %d, expected %d",
|
||||
len(fingerprint), sha512.Size)
|
||||
}
|
||||
|
||||
h.Fingerprint = fingerprint
|
||||
|
||||
unix, err := strconv.ParseInt(string(parts[3]), 10, 0)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid unix timestamp: %w", err)
|
||||
}
|
||||
|
||||
h.Expires = time.Unix(unix, 0)
|
||||
|
||||
h.Algorithm = string(parts[1])
|
||||
h.Fingerprint = string(parts[2])
|
||||
return nil
|
||||
}
|
||||
|
||||
func scanFingerprint(data []byte, atEOF bool) (advance int, token []byte, err error) {
|
||||
if atEOF && len(data) == 0 {
|
||||
return 0, nil, nil
|
||||
}
|
||||
if i := bytes.IndexByte(data, ':'); i >= 0 {
|
||||
// We have a full newline-terminated line.
|
||||
return i + 1, data[0:i], nil
|
||||
}
|
||||
|
||||
// If we're at EOF, we have a final, non-terminated hex byte
|
||||
if atEOF {
|
||||
return len(data), data, nil
|
||||
}
|
||||
|
||||
// Request more data.
|
||||
return 0, nil, nil
|
||||
}
|
||||
|
||||
// Fingerprint represents a fingerprint.
|
||||
type Fingerprint []byte
|
||||
|
||||
// String returns a string representation of the fingerprint.
|
||||
func (f Fingerprint) String() string {
|
||||
var sb strings.Builder
|
||||
|
||||
for i, b := range f {
|
||||
if i > 0 {
|
||||
sb.WriteByte(':')
|
||||
}
|
||||
|
||||
fmt.Fprintf(&sb, "%02X", b)
|
||||
}
|
||||
|
||||
return sb.String()
|
||||
}
|
||||
|
||||
212
vendor.go
212
vendor.go
@@ -1,212 +0,0 @@
|
||||
// Hostname verification code from the crypto/x509 package.
|
||||
// Modified to allow Common Names in the short term, until new certificates
|
||||
// can be issued with SANs.
|
||||
|
||||
// Copyright 2011 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package gemini
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"net"
|
||||
"strings"
|
||||
"unicode/utf8"
|
||||
)
|
||||
|
||||
var oidExtensionSubjectAltName = []int{2, 5, 29, 17}
|
||||
|
||||
func hasSANExtension(c *x509.Certificate) bool {
|
||||
for _, e := range c.Extensions {
|
||||
if e.Id.Equal(oidExtensionSubjectAltName) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func validHostnamePattern(host string) bool { return validHostname(host, true) }
|
||||
func validHostnameInput(host string) bool { return validHostname(host, false) }
|
||||
|
||||
// validHostname reports whether host is a valid hostname that can be matched or
|
||||
// matched against according to RFC 6125 2.2, with some leniency to accommodate
|
||||
// legacy values.
|
||||
func validHostname(host string, isPattern bool) bool {
|
||||
if !isPattern {
|
||||
host = strings.TrimSuffix(host, ".")
|
||||
}
|
||||
if len(host) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
for i, part := range strings.Split(host, ".") {
|
||||
if part == "" {
|
||||
// Empty label.
|
||||
return false
|
||||
}
|
||||
if isPattern && i == 0 && part == "*" {
|
||||
// Only allow full left-most wildcards, as those are the only ones
|
||||
// we match, and matching literal '*' characters is probably never
|
||||
// the expected behavior.
|
||||
continue
|
||||
}
|
||||
for j, c := range part {
|
||||
if 'a' <= c && c <= 'z' {
|
||||
continue
|
||||
}
|
||||
if '0' <= c && c <= '9' {
|
||||
continue
|
||||
}
|
||||
if 'A' <= c && c <= 'Z' {
|
||||
continue
|
||||
}
|
||||
if c == '-' && j != 0 {
|
||||
continue
|
||||
}
|
||||
if c == '_' {
|
||||
// Not a valid character in hostnames, but commonly
|
||||
// found in deployments outside the WebPKI.
|
||||
continue
|
||||
}
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// commonNameAsHostname reports whether the Common Name field should be
|
||||
// considered the hostname that the certificate is valid for. This is a legacy
|
||||
// behavior, disabled by default or if the Subject Alt Name extension is present.
|
||||
//
|
||||
// It applies the strict validHostname check to the Common Name field, so that
|
||||
// certificates without SANs can still be validated against CAs with name
|
||||
// constraints if there is no risk the CN would be matched as a hostname.
|
||||
// See NameConstraintsWithoutSANs and issue 24151.
|
||||
func commonNameAsHostname(c *x509.Certificate) bool {
|
||||
return !hasSANExtension(c) && validHostnamePattern(c.Subject.CommonName)
|
||||
}
|
||||
|
||||
func matchExactly(hostA, hostB string) bool {
|
||||
if hostA == "" || hostA == "." || hostB == "" || hostB == "." {
|
||||
return false
|
||||
}
|
||||
return toLowerCaseASCII(hostA) == toLowerCaseASCII(hostB)
|
||||
}
|
||||
|
||||
func matchHostnames(pattern, host string) bool {
|
||||
pattern = toLowerCaseASCII(pattern)
|
||||
host = toLowerCaseASCII(strings.TrimSuffix(host, "."))
|
||||
|
||||
if len(pattern) == 0 || len(host) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
patternParts := strings.Split(pattern, ".")
|
||||
hostParts := strings.Split(host, ".")
|
||||
|
||||
if len(patternParts) != len(hostParts) {
|
||||
return false
|
||||
}
|
||||
|
||||
for i, patternPart := range patternParts {
|
||||
if i == 0 && patternPart == "*" {
|
||||
continue
|
||||
}
|
||||
if patternPart != hostParts[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// toLowerCaseASCII returns a lower-case version of in. See RFC 6125 6.4.1. We use
|
||||
// an explicitly ASCII function to avoid any sharp corners resulting from
|
||||
// performing Unicode operations on DNS labels.
|
||||
func toLowerCaseASCII(in string) string {
|
||||
// If the string is already lower-case then there's nothing to do.
|
||||
isAlreadyLowerCase := true
|
||||
for _, c := range in {
|
||||
if c == utf8.RuneError {
|
||||
// If we get a UTF-8 error then there might be
|
||||
// upper-case ASCII bytes in the invalid sequence.
|
||||
isAlreadyLowerCase = false
|
||||
break
|
||||
}
|
||||
if 'A' <= c && c <= 'Z' {
|
||||
isAlreadyLowerCase = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if isAlreadyLowerCase {
|
||||
return in
|
||||
}
|
||||
|
||||
out := []byte(in)
|
||||
for i, c := range out {
|
||||
if 'A' <= c && c <= 'Z' {
|
||||
out[i] += 'a' - 'A'
|
||||
}
|
||||
}
|
||||
return string(out)
|
||||
}
|
||||
|
||||
// verifyHostname returns nil if c is a valid certificate for the named host.
|
||||
// Otherwise it returns an error describing the mismatch.
|
||||
//
|
||||
// IP addresses can be optionally enclosed in square brackets and are checked
|
||||
// against the IPAddresses field. Other names are checked case insensitively
|
||||
// against the DNSNames field. If the names are valid hostnames, the certificate
|
||||
// fields can have a wildcard as the left-most label.
|
||||
//
|
||||
// The legacy Common Name field is ignored unless it's a valid hostname, the
|
||||
// certificate doesn't have any Subject Alternative Names, and the GODEBUG
|
||||
// environment variable is set to "x509ignoreCN=0". Support for Common Name is
|
||||
// deprecated will be entirely removed in the future.
|
||||
func verifyHostname(c *x509.Certificate, h string) error {
|
||||
// IP addresses may be written in [ ].
|
||||
candidateIP := h
|
||||
if len(h) >= 3 && h[0] == '[' && h[len(h)-1] == ']' {
|
||||
candidateIP = h[1 : len(h)-1]
|
||||
}
|
||||
if ip := net.ParseIP(candidateIP); ip != nil {
|
||||
// We only match IP addresses against IP SANs.
|
||||
// See RFC 6125, Appendix B.2.
|
||||
for _, candidate := range c.IPAddresses {
|
||||
if ip.Equal(candidate) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return x509.HostnameError{c, candidateIP}
|
||||
}
|
||||
|
||||
names := c.DNSNames
|
||||
if commonNameAsHostname(c) {
|
||||
names = []string{c.Subject.CommonName}
|
||||
}
|
||||
|
||||
candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
|
||||
validCandidateName := validHostnameInput(candidateName)
|
||||
|
||||
for _, match := range names {
|
||||
// Ideally, we'd only match valid hostnames according to RFC 6125 like
|
||||
// browsers (more or less) do, but in practice Go is used in a wider
|
||||
// array of contexts and can't even assume DNS resolution. Instead,
|
||||
// always allow perfect matches, and only apply wildcard and trailing
|
||||
// dot processing to valid hostnames.
|
||||
if validCandidateName && validHostnamePattern(match) {
|
||||
if matchHostnames(match, candidateName) {
|
||||
return nil
|
||||
}
|
||||
} else {
|
||||
if matchExactly(match, candidateName) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return x509.HostnameError{c, h}
|
||||
}
|
||||
Reference in New Issue
Block a user