sashakoshka/step
sashakoshka/step
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
main
step/http/handler.go

396 lines
9.8 KiB
Go
Raw Permalink Blame History

package http
import "net"
import "log"
import "fmt"
import "time"
import "path"
import "io/fs"
import "slices"
import "errors"
import "strings"
import "strconv"
import "context"
import "net/http"
import "path/filepath"
import "git.tebibyte.media/sashakoshka/step"
import "git.tebibyte.media/sashakoshka/go-util/sync"
import "git.tebibyte.media/sashakoshka/go-util/container"
var errRateLimit = errors.New("rate limit")
type rateLimitEntry struct {
time time.Time
duration time.Duration
}
type DirectoryData struct {
Name string
Entries []fs.DirEntry
}
type Handler struct {
Environment *step.Environment
Directories bool
StepExt ucontainer.Set[string]
Index []string
ErrorDocument string
DirectoryDocument string
DenyAll ucontainer.Set[string]
RateLimit time.Duration
TrustXForwardedFor bool
TrustCFConnectingIP bool
rateLimitMap usync.Monitor[map[string] rateLimitEntry]
}
func (this *Handler) Init (ctx context.Context) error {
this.rateLimitMap.Set(make(map[string] rateLimitEntry))
return nil
}
func (this *Handler) Configure (config step.Meta) error {
var err error
var rateLimit float64
if rateLimitStr := config.Get("http.rate-limit"); rateLimitStr != "" {
rateLimit, err = strconv.ParseFloat(rateLimitStr, 64)
if err != nil { return err }
}
this.Directories = config.Get("http.serve-directories") == "true"
this.StepExt = ucontainer.NewSet(slices.Clone(config["http.step-extension"])...)
this.Index = slices.Clone(config["http.index-file"])
this.ErrorDocument = config.Get("http.error-document")
this.DirectoryDocument = config.Get("http.directory-document")
this.DenyAll = ucontainer.NewSet("step.meta")
this.RateLimit = time.Duration(rateLimit * float64(time.Second))
this.TrustXForwardedFor = config.Get("http.trust-x-forwarded-for") == "true"
this.TrustCFConnectingIP = config.Get("http.trust-cf-connecting-ip") == "true"
if len(this.StepExt) == 0 {
this.StepExt.Add(".step")
}
if len(this.Index) == 0 {
this.Index = []string { "index.step", "index.html", "index" }
}
return nil
}
func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
filesystem := this.Environment.GetFS()
// get the real client IP
remoteAddrStr := req.RemoteAddr
realRemoteAddr := req.RemoteAddr
if addr := req.Header.Get("CF-Connecting-IP"); addr != "" {
if this.TrustCFConnectingIP {
realRemoteAddr = addr
remoteAddrStr = fmt.Sprintf("%s --CF-> %s", addr, req.RemoteAddr)
}
} else if addr := req.Header.Get("X-Forwarded-For"); addr != "" {
if this.TrustXForwardedFor {
realRemoteAddr = addr
remoteAddrStr = fmt.Sprintf("%s --XF-> %s", addr, req.RemoteAddr)
}
}
// make clone of req with correct ip because modifying req directly is
// forbidden
req = req.Clone(req.Context())
req.RemoteAddr = realRemoteAddr
log.Println("(i)", req.Method, req.URL, "from", remoteAddrStr)
// rate limit
err := this.rateLimit(req, "", this.RateLimit)
if err != nil {
this.serveError(res, req, http.StatusTooManyRequests, req.URL, false)
return
}
// normalize path
pat := req.URL.Path
if !strings.HasPrefix(pat, "/") {
pat = "/" + pat
req.URL.Path = pat
}
hasTrailingSlash := strings.HasSuffix(pat, "/")
pat = path.Clean(req.URL.Path)
name := pathToName(pat)
// access control
if this.DenyAll.Has(name) {
this.serveError(res, req, http.StatusForbidden, req.URL, false)
return
}
info, err := statFile(filesystem, name)
if err != nil {
this.serveError(res, req, http.StatusNotFound, req.URL, false)
return
}
if info.IsDir() {
// ensure the path ends with a /
if !hasTrailingSlash {
http.Redirect(res, req, pat + "/", http.StatusMovedPermanently)
return
}
// try to find an index
for _, base := range this.Index {
currentPath := path.Join(pat, base)
info, err := statFile(filesystem, pathToName(currentPath))
if err != nil { continue }
if info.IsDir() { continue }
this.serveFile(res, req, currentPath)
return
}
if !this.Directories {
this.serveError(res, req, http.StatusForbidden, req.URL, false)
return
}
this.serveDirectory(res, req, pat)
return
}
this.serveFile(res, req, pat)
}
func (this *Handler) Trim () {
table, done := this.rateLimitMap.Borrow()
defer done()
if len(table) < 128 { return }
keys := make([]string, 0, len(table) / 3)
for key, entry := range table {
duration := time.Hour
if entry.duration != 0 {
duration = entry.duration
}
if time.Since(entry.time) > duration {
keys = append(keys, key)
}
}
for _, key := range keys {
delete(table, key)
}
}
func (this *Handler) serveFile (
res http.ResponseWriter,
req *http.Request,
pat string,
) {
name := pathToName(pat)
if !this.StepExt.Has(filepath.Ext(name)) {
// just a normal file
http.ServeFileFS(res, req, this.Environment.GetFS(), name)
return
}
this.serveDocument(res, req, name)
}
func (this *Handler) serveDirectory (
res http.ResponseWriter,
req *http.Request,
pat string,
) {
name := pathToName(pat)
entries, err := readDir(this.Environment.GetFS(), name)
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, false)
return
}
if this.DirectoryDocument == "" {
this.serveFile(res, req, pat)
return
}
document, err := this.Environment.Load(this.DirectoryDocument)
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, false)
return
}
err = document.Execute(res, step.ExecutionData {
Data: DirectoryData {
Name: name,
Entries: entries,
},
})
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, false)
return
}
}
func (this *Handler) serveDocument (
res http.ResponseWriter,
req *http.Request,
name string,
) {
// parse
document, err := this.Environment.Load(name)
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, false)
return
}
// rate limit (again)
if rateLimit, err := strconv.ParseFloat(document.Meta.Get("rate-limit"), 64); err == nil {
err := this.rateLimit(req, name, time.Duration(rateLimit * float64(time.Second)))
if err != nil {
this.serveError(res, req, http.StatusTooManyRequests, req.URL, false)
return
}
}
// set up HTTP response recorder
recorder := HTTPResponseRecorder { }
defer recorder.Reset()
resetRecorder := func () {
recorder.Reset()
recorder.Head = res.Header().Clone()
}
if contentType := document.Meta.Get("content-type"); contentType != "" {
recorder.Header().Set("Content-Type", contentType)
}
if status := document.Meta.Get("status"); status != "" {
if status, err := strconv.Atoi(status); err == nil {
recorder.Status = status
}
}
// execute document
data := HTTPData { }
data.Res = WrappedResponseWriter {
responseWriter: &recorder,
resetFunc: resetRecorder,
Header: WrappedHeader {
Header: recorder.Header(),
},
}
data.Req = req
err = document.Execute(&recorder, step.ExecutionData {
Data: data,
})
if errors.Is(err, step.ErrExecutionCanceled) { err = nil }
var httpError Error
if errors.As(err, &httpError) {
this.serveError (
res, req,
httpError.Status, httpError.Message, false)
return
}
var httpRedirect Redirect
if errors.As(err, &httpRedirect) {
recorder.WriteHeaderValues(res)
http.Redirect(res, req, httpRedirect.Location, httpRedirect.Status)
return
}
if err != nil {
this.serveError (
res, req,
http.StatusInternalServerError, err, false)
return
}
// play back recorded response
recorder.WriteHeaderValues(res)
recorder.WriteHeaderStatus(res)
_, err = recorder.WriteBody(res)
if err != nil {
this.logErr(name, err)
return
}
}
func (this *Handler) serveError (
res http.ResponseWriter,
req *http.Request,
status int,
message any,
safeMode bool,
) {
log.Printf("ERR %d %s: %v\n", status, http.StatusText(status), message)
if safeMode || this.ErrorDocument == "" {
res.Header().Add("Content-Type", "text/plain")
res.WriteHeader(status)
if message == nil {
fmt.Fprintf(res, "%d %s\n", status, http.StatusText(status))
} else {
fmt.Fprintf(res, "%d %s: %v\n", status, http.StatusText(status), message)
}
return
}
document, err := this.Environment.Load(this.ErrorDocument)
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, true)
return
}
res.WriteHeader(status)
err = document.Execute(res, step.ExecutionData {
Data: Error {
Status: status,
Message: message,
},
})
if err != nil {
this.serveError(res, req, http.StatusInternalServerError, err, true)
return
}
}
func (this *Handler) logErr (name string, err error) {
log.Printf("ERR %s: %v\n", name, err)
}
func (this *Handler) rateLimit (req *http.Request, resource string, duration time.Duration) error {
if duration == 0 { return nil }
host, _, _ := net.SplitHostPort(req.RemoteAddr)
key := fmt.Sprintf("%s|%s", host, resource)
table, done := this.rateLimitMap.Borrow()
defer done()
if entry, ok := table[key]; ok {
if time.Since(entry.time) < duration {
return errRateLimit
}
}
table[key] = rateLimitEntry {
time: time.Now(),
duration: duration,
}
return nil
}
func statFile (filesystem fs.FS, name string) (fs.FileInfo, error) {
if filesystem, ok := filesystem.(fs.StatFS); ok {
return filesystem.Stat(name)
}
file, err := filesystem.Open(name)
if err != nil { return nil, err }
defer file.Close()
return file.Stat()
}
func pathToName (pat string) string {
if strings.HasPrefix(pat, "/") {
pat = strings.TrimPrefix(pat, "/")
}
if pat == "" {
return "."
}
return pat
}
func readDir (filesystem fs.FS, name string) ([]fs.DirEntry, error) {
if filesystem, ok := filesystem.(fs.ReadDirFS); ok {
return filesystem.ReadDir(name)
}
dir, err := filesystem.Open(name)
if err != nil { return nil, err }
defer dir.Close()
if dir, ok := dir.(fs.ReadDirFile); ok {
return dir.ReadDir(0)
}
return nil, nil
}
Reference in New Issue View Git Blame Copy Permalink