package gemini import ( "bufio" "crypto/tls" "crypto/x509" "log" "net" "net/url" "strconv" "strings" "time" ) // Server is a Gemini server. type Server struct { // Addr specifies the address that the server should listen on. // If Addr is empty, the server will listen on the address ":1965". Addr string // Certificates contains the certificates used by the server. Certificates CertificateStore // ReadTimeout is the maximum duration for reading a request. ReadTimeout time.Duration // WriteTimeout is the maximum duration before timing out // writes of the response. WriteTimeout time.Duration // CreateCertificate, if not nil, will be called to create a new certificate // if the current one is expired or missing. CreateCertificate func(hostname string) (tls.Certificate, error) // registered responders responders map[responderKey]Responder hosts map[string]bool } type responderKey struct { scheme string hostname string } // Register registers a responder for the given pattern. // // Patterns must be in the form of "hostname" or "scheme://hostname". // If no scheme is specified, a scheme of "gemini://" is implied. // Wildcard patterns are supported (e.g. "*.example.com"). func (s *Server) Register(pattern string, responder Responder) { if pattern == "" { panic("gemini: invalid pattern") } if responder == nil { panic("gemini: nil responder") } if s.responders == nil { s.responders = map[responderKey]Responder{} s.hosts = map[string]bool{} } split := strings.SplitN(pattern, "://", 2) var key responderKey if len(split) == 2 { key.scheme = split[0] key.hostname = split[1] } else { key.scheme = "gemini" key.hostname = split[0] } if _, ok := s.responders[key]; ok { panic("gemini: multiple registrations for " + pattern) } s.responders[key] = responder s.hosts[key.hostname] = true } // RegisterFunc registers a responder function for the given pattern. func (s *Server) RegisterFunc(pattern string, responder func(*ResponseWriter, *Request)) { s.Register(pattern, ResponderFunc(responder)) } // ListenAndServe listens for requests at the server's configured address. func (s *Server) ListenAndServe() error { addr := s.Addr if addr == "" { addr = ":1965" } ln, err := net.Listen("tcp", addr) if err != nil { return err } defer ln.Close() return s.Serve(tls.NewListener(ln, &tls.Config{ ClientAuth: tls.RequestClientCert, MinVersion: tls.VersionTLS12, GetCertificate: s.getCertificate, })) } // Serve listens for requests on the provided listener. func (s *Server) Serve(l net.Listener) error { var tempDelay time.Duration // how long to sleep on accept failure for { rw, err := l.Accept() if err != nil { // If this is a temporary error, sleep if ne, ok := err.(net.Error); ok && ne.Temporary() { if tempDelay == 0 { tempDelay = 5 * time.Millisecond } else { tempDelay *= 2 } if max := 1 * time.Second; tempDelay > max { tempDelay = max } log.Printf("gemini: Accept error: %v; retrying in %v", err, tempDelay) time.Sleep(tempDelay) continue } // Otherwise, return the error return err } tempDelay = 0 go s.respond(rw) } } func (s *Server) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { cert, err := s.getCertificateFor(h.ServerName) if err != nil { // Try wildcard wildcard := strings.SplitN(h.ServerName, ".", 2) if len(wildcard) == 2 { cert, err = s.getCertificateFor("*." + wildcard[1]) } } return cert, err } func (s *Server) getCertificateFor(hostname string) (*tls.Certificate, error) { if _, ok := s.hosts[hostname]; !ok { return nil, ErrCertificateNotFound } cert, err := s.Certificates.Lookup(hostname) switch err { case ErrCertificateNotFound, ErrCertificateExpired: if s.CreateCertificate != nil { cert, err := s.CreateCertificate(hostname) if err == nil { s.Certificates.Add(hostname, cert) } return &cert, err } } return cert, err } // respond responds to a connection. func (s *Server) respond(conn net.Conn) { if d := s.ReadTimeout; d != 0 { conn.SetReadDeadline(time.Now().Add(d)) } if d := s.WriteTimeout; d != 0 { conn.SetWriteDeadline(time.Now().Add(d)) } r := bufio.NewReader(conn) w := newResponseWriter(conn) // Read requested URL rawurl, err := r.ReadString('\r') if err != nil { return } // Read terminating line feed if b, err := r.ReadByte(); err != nil { return } else if b != '\n' { w.WriteStatus(StatusBadRequest) } // Trim carriage return rawurl = rawurl[:len(rawurl)-1] // Ensure URL is valid if len(rawurl) > 1024 { w.WriteStatus(StatusBadRequest) } else if url, err := url.Parse(rawurl); err != nil || url.User != nil { // Note that we return an error status if User is specified in the URL w.WriteStatus(StatusBadRequest) } else { // If no scheme is specified, assume a default scheme of gemini:// if url.Scheme == "" { url.Scheme = "gemini" } req := &Request{ URL: url, RemoteAddr: conn.RemoteAddr(), TLS: conn.(*tls.Conn).ConnectionState(), } resp := s.responder(req) if resp != nil { resp.Respond(w, req) } else { w.WriteStatus(StatusNotFound) } } w.b.Flush() conn.Close() } func (s *Server) responder(r *Request) Responder { if h, ok := s.responders[responderKey{r.URL.Scheme, r.URL.Hostname()}]; ok { return h } wildcard := strings.SplitN(r.URL.Hostname(), ".", 2) if len(wildcard) == 2 { if h, ok := s.responders[responderKey{r.URL.Scheme, "*." + wildcard[1]}]; ok { return h } } return nil } // ResponseWriter is used by a Gemini handler to construct a Gemini response. type ResponseWriter struct { b *bufio.Writer bodyAllowed bool wroteHeader bool mimetype string } func newResponseWriter(conn net.Conn) *ResponseWriter { return &ResponseWriter{ b: bufio.NewWriter(conn), } } // WriteHeader writes the response header. // If the header has already been written, WriteHeader does nothing. // // Meta contains more information related to the response status. // For successful responses, Meta should contain the mimetype of the response. // For failure responses, Meta should contain a short description of the failure. // Meta should not be longer than 1024 bytes. func (w *ResponseWriter) WriteHeader(status Status, meta string) { if w.wroteHeader { return } w.b.WriteString(strconv.Itoa(int(status))) w.b.WriteByte(' ') w.b.WriteString(meta) w.b.Write(crlf) // Only allow body to be written on successful status codes. if status.Class() == StatusClassSuccess { w.bodyAllowed = true } w.wroteHeader = true } // WriteStatus writes the response header with the given status code. // // WriteStatus is equivalent to WriteHeader(status, status.Message()) func (w *ResponseWriter) WriteStatus(status Status) { w.WriteHeader(status, status.Message()) } // SetMimetype sets the mimetype that will be written for a successful response. // If the mimetype is not set, it will default to "text/gemini". func (w *ResponseWriter) SetMimetype(mimetype string) { w.mimetype = mimetype } // Write writes the response body. // If the response status does not allow for a response body, Write returns // ErrBodyNotAllowed. // // If the response header has not yet been written, Write calls WriteHeader // with StatusSuccess and the mimetype set in SetMimetype. func (w *ResponseWriter) Write(b []byte) (int, error) { if !w.wroteHeader { mimetype := w.mimetype if mimetype == "" { mimetype = "text/gemini" } w.WriteHeader(StatusSuccess, mimetype) } if !w.bodyAllowed { return 0, ErrBodyNotAllowed } return w.b.Write(b) } // A Responder responds to a Gemini request. type Responder interface { // Respond accepts a Request and constructs a Response. Respond(*ResponseWriter, *Request) } // Input returns the request query. // If no input is provided, it responds with StatusInput. func Input(w *ResponseWriter, r *Request, prompt string) (string, bool) { if r.URL.ForceQuery || r.URL.RawQuery != "" { query, err := url.QueryUnescape(r.URL.RawQuery) return query, err == nil } w.WriteHeader(StatusInput, prompt) return "", false } // SensitiveInput returns the request query. // If no input is provided, it responds with StatusSensitiveInput. func SensitiveInput(w *ResponseWriter, r *Request, prompt string) (string, bool) { if r.URL.ForceQuery || r.URL.RawQuery != "" { query, err := url.QueryUnescape(r.URL.RawQuery) return query, err == nil } w.WriteHeader(StatusSensitiveInput, prompt) return "", false } // Certificate returns the request certificate. If one is not provided, // it returns nil and responds with StatusCertificateRequired. func Certificate(w *ResponseWriter, r *Request) (*x509.Certificate, bool) { if len(r.TLS.PeerCertificates) == 0 { w.WriteStatus(StatusCertificateRequired) return nil, false } return r.TLS.PeerCertificates[0], true } // ResponderFunc is a wrapper around a bare function that implements Responder. type ResponderFunc func(*ResponseWriter, *Request) func (f ResponderFunc) Respond(w *ResponseWriter, r *Request) { f(w, r) }