454 lines
12 KiB
Go
454 lines
12 KiB
Go
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/tls"
|
|
"errors"
|
|
"fmt"
|
|
"github.com/BurntSushi/toml"
|
|
"io/ioutil"
|
|
"log"
|
|
"mime"
|
|
"net"
|
|
"net/url"
|
|
"os"
|
|
"path/filepath"
|
|
"regexp"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func handleGeminiRequest(conn net.Conn, config Config, accessLogEntries chan LogEntry, errorLogEntries chan string) {
|
|
defer conn.Close()
|
|
var tlsConn (*tls.Conn) = conn.(*tls.Conn)
|
|
var log LogEntry
|
|
log.Time = time.Now()
|
|
log.RemoteAddr = conn.RemoteAddr()
|
|
log.RequestURL = "-"
|
|
log.Status = 0
|
|
defer func() { accessLogEntries <- log }()
|
|
|
|
// Read request
|
|
URL, err := readRequest(conn, &log, errorLogEntries)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
clientCerts := tlsConn.ConnectionState().PeerCertificates
|
|
// Check validity
|
|
// This will fail if any of multiple certs are invalid
|
|
// Maybe we should just require one valid?
|
|
now := time.Now()
|
|
for _, cert := range clientCerts {
|
|
if now.Before(cert.NotBefore) {
|
|
conn.Write([]byte("64 Client certificate not yet valid!\r\n"))
|
|
log.Status = 64
|
|
return
|
|
} else if now.After(cert.NotAfter) {
|
|
conn.Write([]byte("65 Client certificate has expired!\r\n"))
|
|
log.Status = 65
|
|
return
|
|
}
|
|
}
|
|
|
|
// Reject non-gemini schemes
|
|
if URL.Scheme != "gemini" {
|
|
conn.Write([]byte("53 No proxying to non-Gemini content!\r\n"))
|
|
log.Status = 53
|
|
return
|
|
}
|
|
|
|
// Reject requests for content from other servers
|
|
if URL.Hostname() != config.Hostname || (URL.Port() != "" && URL.Port() != strconv.Itoa(config.Port)) {
|
|
conn.Write([]byte("53 No proxying to other hosts or ports!\r\n"))
|
|
log.Status = 53
|
|
return
|
|
}
|
|
|
|
// Fail if there are dots in the path
|
|
if strings.Contains(URL.Path, "..") {
|
|
conn.Write([]byte("50 Your directory traversal technique has been defeated!\r\n"))
|
|
log.Status = 50
|
|
return
|
|
}
|
|
|
|
// Resolve URI path to actual filesystem path
|
|
path := resolvePath(URL.Path, config)
|
|
|
|
// Read Molly files
|
|
if config.ReadMollyFiles {
|
|
parseMollyFiles(path, &config, errorLogEntries)
|
|
}
|
|
// Check for redirects
|
|
for src, dst := range config.TempRedirects {
|
|
if URL.Path == src {
|
|
URL.Path = dst
|
|
conn.Write([]byte("30 " + URL.String() + "\r\n"))
|
|
log.Status = 30
|
|
return
|
|
}
|
|
}
|
|
for src, dst := range config.PermRedirects {
|
|
if URL.Path == src {
|
|
URL.Path = dst
|
|
conn.Write([]byte("31 " + URL.String() + "\r\n"))
|
|
log.Status = 31
|
|
return
|
|
}
|
|
}
|
|
|
|
// Check whether this URL is in a certificate zone
|
|
authorised := true
|
|
for zone, allowedFingerprints := range config.CertificateZones {
|
|
matched, err := regexp.Match(zone, []byte(URL.Path))
|
|
if !matched || err != nil {
|
|
continue
|
|
}
|
|
authorised = false
|
|
for _, clientCert := range clientCerts {
|
|
for _, allowedFingerprint := range allowedFingerprints {
|
|
if getCertFingerprint(clientCert) == allowedFingerprint {
|
|
authorised = true
|
|
break
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if !authorised {
|
|
if len(clientCerts) > 0 {
|
|
conn.Write([]byte("61 Provided certificate not authorised for this resource\r\n"))
|
|
log.Status = 61
|
|
} else {
|
|
conn.Write([]byte("60 A pre-authorised certificate is required to access this resource\r\n"))
|
|
log.Status = 60
|
|
}
|
|
return
|
|
}
|
|
|
|
// Check whether this URL is in a configured CGI path
|
|
for _, cgiPath := range config.CGIPaths {
|
|
inCGIPath, err := regexp.Match(cgiPath, []byte(path))
|
|
if err != nil || !inCGIPath {
|
|
continue
|
|
}
|
|
info, err := os.Stat(path)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if info.Mode().Perm()&0111 == 0111 {
|
|
handleCGI(config, path, URL, &log, errorLogEntries, conn)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Check whether this URL is mapped to an SCGI app
|
|
for scgi_url, scgi_socket := range config.SCGIPaths {
|
|
matched, err := regexp.Match(scgi_url, []byte(URL.Path))
|
|
if matched && err == nil {
|
|
handleSCGI(scgi_socket, config, URL, &log, conn)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Fail if file does not exist or perms aren't right
|
|
info, err := os.Stat(path)
|
|
if os.IsNotExist(err) || os.IsPermission(err) {
|
|
conn.Write([]byte("51 Not found!\r\n"))
|
|
log.Status = 51
|
|
return
|
|
} else if err != nil {
|
|
conn.Write([]byte("40 Temporary failure!\r\n"))
|
|
log.Status = 40
|
|
return
|
|
} else if uint64(info.Mode().Perm())&0444 != 0444 {
|
|
conn.Write([]byte("51 Not found!\r\n"))
|
|
log.Status = 51
|
|
return
|
|
}
|
|
|
|
// Paranoid security measure:
|
|
// Fail if the URL has mapped to our TLS files or the log
|
|
if path == config.CertPath || path == config.KeyPath || path == config.AccessLog || path == config.ErrorLog {
|
|
conn.Write([]byte("51 Not found!\r\n"))
|
|
log.Status = 51
|
|
return
|
|
}
|
|
|
|
// Don't serve Molly files
|
|
if !info.IsDir() && filepath.Base(path) == ".molly" {
|
|
conn.Write([]byte("51 Not found!\r\n"))
|
|
log.Status = 51
|
|
return
|
|
}
|
|
|
|
// Handle directories
|
|
if info.IsDir() {
|
|
// Redirect to add trailing slash if missing
|
|
// (otherwise relative links don't work properly)
|
|
if !strings.HasSuffix(URL.Path, "/") {
|
|
conn.Write([]byte(fmt.Sprintf("31 %s\r\n", URL.String()+"/")))
|
|
log.Status = 31
|
|
return
|
|
}
|
|
// Check for index.gmi if path is a directory
|
|
index_path := filepath.Join(path, "index."+config.GeminiExt)
|
|
index_info, err := os.Stat(index_path)
|
|
if err == nil && uint64(index_info.Mode().Perm())&0444 == 0444 {
|
|
serveFile(index_path, &log, conn, config, errorLogEntries)
|
|
// Serve a generated listing
|
|
} else {
|
|
conn.Write([]byte("20 text/gemini\r\n"))
|
|
log.Status = 20
|
|
conn.Write([]byte(generateDirectoryListing(URL, path, config)))
|
|
}
|
|
return
|
|
}
|
|
|
|
// Otherwise, serve the file contents
|
|
serveFile(path, &log, conn, config, errorLogEntries)
|
|
return
|
|
|
|
}
|
|
|
|
func readRequest(conn net.Conn, log *LogEntry, errorLog chan string) (*url.URL, error) {
|
|
reader := bufio.NewReaderSize(conn, 1024)
|
|
request, overflow, err := reader.ReadLine()
|
|
if overflow {
|
|
conn.Write([]byte("59 Request too long!\r\n"))
|
|
log.Status = 59
|
|
return nil, errors.New("Request too long")
|
|
} else if err != nil {
|
|
errorLog <- "Error reading request: " + err.Error()
|
|
conn.Write([]byte("40 Unknown error reading request!\r\n"))
|
|
log.Status = 40
|
|
return nil, errors.New("Error reading request")
|
|
}
|
|
|
|
// Parse request as URL
|
|
URL, err := url.Parse(string(request))
|
|
if err != nil {
|
|
errorLog <- "Error parsing request URL " + string(request) + ": " + err.Error()
|
|
conn.Write([]byte("59 Error parsing URL!\r\n"))
|
|
log.Status = 59
|
|
return nil, errors.New("Bad URL in request")
|
|
}
|
|
log.RequestURL = URL.String()
|
|
|
|
// Set implicit scheme
|
|
if URL.Scheme == "" {
|
|
URL.Scheme = "gemini"
|
|
}
|
|
|
|
return URL, nil
|
|
}
|
|
|
|
func resolvePath(path string, config Config) string {
|
|
// Handle tildes
|
|
if strings.HasPrefix(path, "/~") {
|
|
bits := strings.Split(path, "/")
|
|
username := bits[1][1:]
|
|
new_prefix := filepath.Join(config.DocBase, config.HomeDocBase, username)
|
|
path = strings.Replace(path, bits[1], new_prefix, 1)
|
|
path = filepath.Clean(path)
|
|
} else {
|
|
path = filepath.Join(config.DocBase, path)
|
|
}
|
|
return path
|
|
}
|
|
|
|
func parseMollyFiles(path string, config *Config, errorLogEntries chan string) {
|
|
// Build list of directories to check
|
|
var dirs []string
|
|
dirs = append(dirs, path)
|
|
for {
|
|
if path == filepath.Clean(config.DocBase) {
|
|
break
|
|
}
|
|
subpath := filepath.Dir(path)
|
|
dirs = append(dirs, subpath)
|
|
path = subpath
|
|
}
|
|
// Initialise MollyFile using main Config
|
|
var mollyFile MollyFile
|
|
mollyFile.GeminiExt = config.GeminiExt
|
|
mollyFile.DefaultLang = config.DefaultLang
|
|
mollyFile.DirectorySort = config.DirectorySort
|
|
mollyFile.DirectoryReverse = config.DirectoryReverse
|
|
mollyFile.DirectoryTitles = config.DirectoryTitles
|
|
// Parse files in reverse order
|
|
for i := len(dirs) - 1; i >= 0; i-- {
|
|
dir := dirs[i]
|
|
// Break out of the loop if a directory doesn't exist
|
|
_, err := os.Stat(dir)
|
|
if os.IsNotExist(err) {
|
|
break
|
|
}
|
|
// Construct path for a .molly file in this dir
|
|
mollyPath := filepath.Join(dir, ".molly")
|
|
_, err = os.Stat(mollyPath)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
// If the file exists and we can read it, try to parse it
|
|
_, err = toml.DecodeFile(mollyPath, &mollyFile)
|
|
if err != nil {
|
|
errorLogEntries <- "Error parsing .molly file " + mollyPath + ": " + err.Error()
|
|
continue
|
|
}
|
|
// Overwrite main Config using MollyFile
|
|
config.GeminiExt = mollyFile.GeminiExt
|
|
config.DefaultLang = mollyFile.DefaultLang
|
|
config.DirectorySort = mollyFile.DirectorySort
|
|
config.DirectoryReverse = mollyFile.DirectoryReverse
|
|
config.DirectoryTitles = mollyFile.DirectoryTitles
|
|
for key, value := range mollyFile.TempRedirects {
|
|
config.TempRedirects[key] = value
|
|
}
|
|
for key, value := range mollyFile.PermRedirects {
|
|
config.PermRedirects[key] = value
|
|
}
|
|
for key, value := range mollyFile.MimeOverrides {
|
|
config.MimeOverrides[key] = value
|
|
}
|
|
}
|
|
}
|
|
|
|
func generateDirectoryListing(URL *url.URL, path string, config Config) string {
|
|
var listing string
|
|
files, err := ioutil.ReadDir(path)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
listing = "# Directory listing\n\n"
|
|
// Override with .mollyhead file
|
|
header_path := filepath.Join(path, ".mollyhead")
|
|
_, err = os.Stat(header_path)
|
|
if err == nil {
|
|
header, err := ioutil.ReadFile(header_path)
|
|
if err == nil {
|
|
listing = string(header)
|
|
}
|
|
}
|
|
// Do "up" link first
|
|
if URL.Path != "/" {
|
|
if strings.HasSuffix(URL.Path, "/") {
|
|
URL.Path = URL.Path[:len(URL.Path)-1]
|
|
}
|
|
up := filepath.Dir(URL.Path)
|
|
listing += fmt.Sprintf("=> %s %s\n", up, "..")
|
|
}
|
|
// Sort files
|
|
sort.SliceStable(files, func(i, j int) bool {
|
|
if config.DirectoryReverse {
|
|
i, j = j, i
|
|
}
|
|
if config.DirectorySort == "Name" {
|
|
return files[i].Name() < files[j].Name()
|
|
} else if config.DirectorySort == "Size" {
|
|
return files[i].Size() < files[j].Size()
|
|
} else if config.DirectorySort == "Time" {
|
|
return files[i].ModTime().Before(files[j].ModTime())
|
|
}
|
|
return false // Should not happen
|
|
})
|
|
// Format lines
|
|
for _, file := range files {
|
|
// Skip dotfiles
|
|
if strings.HasPrefix(file.Name(), ".") {
|
|
continue
|
|
}
|
|
// Only list world readable files
|
|
if uint64(file.Mode().Perm())&0444 != 0444 {
|
|
continue
|
|
}
|
|
listing += fmt.Sprintf("=> %s %s\n", url.PathEscape(file.Name()), generatePrettyFileLabel(file, path, config))
|
|
}
|
|
return listing
|
|
}
|
|
|
|
func generatePrettyFileLabel(info os.FileInfo, path string, config Config) string {
|
|
var size string
|
|
if info.IsDir() {
|
|
size = " "
|
|
} else if info.Size() < 1024 {
|
|
size = fmt.Sprintf("%4d B", info.Size())
|
|
} else if info.Size() < (1024 << 10) {
|
|
size = fmt.Sprintf("%4d KiB", info.Size()>>10)
|
|
} else if info.Size() < 1024<<20 {
|
|
size = fmt.Sprintf("%4d MiB", info.Size()>>20)
|
|
} else if info.Size() < 1024<<30 {
|
|
size = fmt.Sprintf("%4d GiB", info.Size()>>30)
|
|
} else if info.Size() < 1024<<40 {
|
|
size = fmt.Sprintf("%4d TiB", info.Size()>>40)
|
|
} else {
|
|
size = "GIGANTIC"
|
|
}
|
|
|
|
name := info.Name()
|
|
if config.DirectoryTitles && filepath.Ext(name) == "."+config.GeminiExt {
|
|
name = readHeading(path, info)
|
|
}
|
|
if len(name) > 40 {
|
|
name = info.Name()[:36] + "..."
|
|
}
|
|
if info.IsDir() {
|
|
name += "/"
|
|
}
|
|
return fmt.Sprintf("%-40s %s %v", name, size, info.ModTime().Format("Jan _2 2006"))
|
|
}
|
|
|
|
func readHeading(path string, info os.FileInfo) string {
|
|
filePath := filepath.Join(path, info.Name())
|
|
file, err := os.Open(filePath)
|
|
if err != nil {
|
|
return info.Name()
|
|
}
|
|
defer file.Close()
|
|
|
|
scanner := bufio.NewScanner(file)
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
if strings.HasPrefix(line, "# ") {
|
|
return strings.TrimSpace(line[1:])
|
|
}
|
|
}
|
|
return info.Name()
|
|
}
|
|
|
|
func serveFile(path string, log *LogEntry, conn net.Conn, config Config, errorLog chan string) {
|
|
// Get MIME type of files
|
|
ext := filepath.Ext(path)
|
|
var mimeType string
|
|
if ext == "."+config.GeminiExt {
|
|
mimeType = "text/gemini"
|
|
} else {
|
|
mimeType = mime.TypeByExtension(ext)
|
|
}
|
|
// Override extension-based MIME type
|
|
for pathRegex, newType := range config.MimeOverrides {
|
|
overridden, err := regexp.Match(pathRegex, []byte(path))
|
|
if err == nil && overridden {
|
|
mimeType = newType
|
|
}
|
|
}
|
|
// Set a generic MIME type if the extension wasn't recognised
|
|
if mimeType == "" {
|
|
mimeType = "application/octet-stream"
|
|
}
|
|
// Add lang parameter
|
|
if mimeType == "text/gemini" && config.DefaultLang != "" {
|
|
mimeType += "; lang=" + config.DefaultLang
|
|
}
|
|
|
|
contents, err := ioutil.ReadFile(path)
|
|
if err != nil {
|
|
conn.Write([]byte("50 Error!\r\n"))
|
|
log.Status = 50
|
|
return
|
|
}
|
|
conn.Write([]byte(fmt.Sprintf("20 %s\r\n", mimeType)))
|
|
log.Status = 20
|
|
conn.Write(contents)
|
|
}
|