mirror of
https://code.rocketnine.space/tslocum/twins.git
synced 2024-11-27 11:48:13 +01:00
543 lines
12 KiB
Go
543 lines
12 KiB
Go
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net"
|
|
"net/url"
|
|
"os"
|
|
"os/exec"
|
|
"path"
|
|
"path/filepath"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
"unicode/utf8"
|
|
|
|
"github.com/h2non/filetype"
|
|
)
|
|
|
|
const (
|
|
readTimeout = 30 * time.Second
|
|
|
|
urlMaxLength = 1024
|
|
)
|
|
|
|
const (
|
|
statusInput = 10
|
|
statusSensitiveInput = 11
|
|
|
|
statusSuccess = 20
|
|
|
|
statusRedirectTemporary = 30
|
|
statusRedirectPermanent = 31
|
|
|
|
statusTemporaryFailure = 40
|
|
statusUnavailable = 41
|
|
statusCGIError = 42
|
|
statusProxyError = 43
|
|
|
|
statusPermanentFailure = 50
|
|
statusNotFound = 51
|
|
statusGone = 52
|
|
statusProxyRequestRefused = 53
|
|
statusBadRequest = 59
|
|
)
|
|
|
|
func writeHeader(c net.Conn, code int, meta string) {
|
|
fmt.Fprintf(c, "%d %s\r\n", code, meta)
|
|
|
|
if verbose {
|
|
log.Printf("< %d %s\n", code, meta)
|
|
}
|
|
}
|
|
|
|
func writeStatus(c net.Conn, code int) {
|
|
var meta string
|
|
switch code {
|
|
case statusTemporaryFailure:
|
|
meta = "Temporary failure"
|
|
case statusProxyError:
|
|
meta = "Proxy error"
|
|
case statusBadRequest:
|
|
meta = "Bad request"
|
|
case statusNotFound:
|
|
meta = "Not found"
|
|
case statusProxyRequestRefused:
|
|
meta = "Proxy request refused"
|
|
}
|
|
writeHeader(c, code, meta)
|
|
}
|
|
|
|
func serveDirectory(c net.Conn, request *url.URL, dirPath string) {
|
|
var (
|
|
files []os.FileInfo
|
|
numDirs int
|
|
numFiles int
|
|
)
|
|
err := filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
} else if path == dirPath {
|
|
return nil
|
|
}
|
|
files = append(files, info)
|
|
if info.IsDir() || info.Mode()&os.ModeSymlink != 0 {
|
|
numDirs++
|
|
} else {
|
|
numFiles++
|
|
}
|
|
if info.IsDir() {
|
|
return filepath.SkipDir
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
writeStatus(c, statusTemporaryFailure)
|
|
return
|
|
}
|
|
// List directories first
|
|
sort.Slice(files, func(i, j int) bool {
|
|
iDir := files[i].IsDir() || files[i].Mode()&os.ModeSymlink != 0
|
|
jDir := files[j].IsDir() || files[j].Mode()&os.ModeSymlink != 0
|
|
if iDir != jDir {
|
|
return iDir
|
|
}
|
|
return i < j
|
|
})
|
|
|
|
writeHeader(c, statusSuccess, "text/gemini; charset=utf-8")
|
|
|
|
fmt.Fprintf(c, "# %s\r\n", request.Path)
|
|
if numDirs > 0 || numFiles > 0 {
|
|
if numDirs > 0 {
|
|
if numDirs == 1 {
|
|
c.Write([]byte("1 directory"))
|
|
} else {
|
|
fmt.Fprintf(c, "%d directories", numDirs)
|
|
}
|
|
}
|
|
if numFiles > 0 {
|
|
if numDirs > 0 {
|
|
c.Write([]byte(" and "))
|
|
}
|
|
if numDirs == 1 {
|
|
c.Write([]byte("1 file"))
|
|
} else {
|
|
fmt.Fprintf(c, "%d files", numFiles)
|
|
}
|
|
}
|
|
c.Write([]byte("\r\n\n"))
|
|
}
|
|
|
|
if request.Path != "/" {
|
|
c.Write([]byte("=> ../ ../\r\n\r\n"))
|
|
}
|
|
|
|
for _, info := range files {
|
|
fileName := info.Name()
|
|
filePath := url.PathEscape(info.Name())
|
|
if info.IsDir() || info.Mode()&os.ModeSymlink != 0 {
|
|
fileName += "/"
|
|
filePath += "/"
|
|
}
|
|
|
|
c.Write([]byte("=> " + fileName + " " + filePath + "\r\n"))
|
|
|
|
if info.IsDir() || info.Mode()&os.ModeSymlink != 0 {
|
|
c.Write([]byte("\r\n"))
|
|
continue
|
|
}
|
|
|
|
modified := "Never"
|
|
if !info.ModTime().IsZero() {
|
|
modified = info.ModTime().Format("2006-01-02 3:04 PM")
|
|
}
|
|
c.Write([]byte(modified + " - " + formatFileSize(info.Size()) + "\r\n\r\n"))
|
|
}
|
|
}
|
|
|
|
func serveFile(c net.Conn, request *url.URL, requestData, filePath string, listDir bool) {
|
|
fi, err := os.Stat(filePath)
|
|
if err != nil {
|
|
writeStatus(c, statusNotFound)
|
|
return
|
|
}
|
|
|
|
originalPath := filePath
|
|
|
|
var fetchIndex bool
|
|
if mode := fi.Mode(); mode.IsDir() {
|
|
if requestData[len(requestData)-1] != '/' {
|
|
// Add trailing slash
|
|
log.Println(requestData)
|
|
writeHeader(c, statusRedirectPermanent, requestData+"/")
|
|
return
|
|
}
|
|
|
|
fetchIndex = true
|
|
|
|
_, err := os.Stat(path.Join(filePath, "index.gemini"))
|
|
if err == nil {
|
|
filePath = path.Join(filePath, "index.gemini")
|
|
} else {
|
|
filePath = path.Join(filePath, "index.gmi")
|
|
}
|
|
}
|
|
|
|
fi, err = os.Stat(filePath)
|
|
if os.IsNotExist(err) {
|
|
if fetchIndex && listDir {
|
|
serveDirectory(c, request, originalPath)
|
|
return
|
|
}
|
|
writeStatus(c, statusNotFound)
|
|
return
|
|
} else if err != nil {
|
|
writeStatus(c, statusTemporaryFailure)
|
|
return
|
|
}
|
|
|
|
// Open file
|
|
file, _ := os.Open(filePath)
|
|
defer file.Close()
|
|
|
|
// Read file header
|
|
buf := make([]byte, 261)
|
|
n, _ := file.Read(buf)
|
|
|
|
// Write header
|
|
var mimeType string
|
|
if strings.HasSuffix(filePath, ".html") && strings.HasSuffix(filePath, ".htm") {
|
|
mimeType = "text/html; charset=utf-8"
|
|
} else if strings.HasSuffix(filePath, ".txt") && strings.HasSuffix(filePath, ".text") {
|
|
mimeType = "text/plain; charset=utf-8"
|
|
} else if !strings.HasSuffix(filePath, ".gmi") && !strings.HasSuffix(filePath, ".gemini") {
|
|
kind, _ := filetype.Match(buf[:n])
|
|
if kind != filetype.Unknown {
|
|
mimeType = kind.MIME.Value
|
|
}
|
|
}
|
|
if mimeType == "" {
|
|
mimeType = "text/gemini; charset=utf-8"
|
|
}
|
|
writeHeader(c, statusSuccess, mimeType)
|
|
|
|
// Write body
|
|
c.Write(buf[:n])
|
|
io.Copy(c, file)
|
|
}
|
|
|
|
func serveProxy(c net.Conn, requestData, proxyURL string) {
|
|
original := proxyURL
|
|
|
|
tlsConfig := &tls.Config{}
|
|
if strings.HasPrefix(proxyURL, "gemini://") {
|
|
proxyURL = proxyURL[9:]
|
|
} else if strings.HasPrefix(proxyURL, "gemini-insecure://") {
|
|
proxyURL = proxyURL[18:]
|
|
tlsConfig.InsecureSkipVerify = true
|
|
}
|
|
proxy, err := tls.Dial("tcp", proxyURL, tlsConfig)
|
|
if err != nil {
|
|
writeStatus(c, statusProxyError)
|
|
return
|
|
}
|
|
defer proxy.Close()
|
|
|
|
// Forward request
|
|
proxy.Write([]byte(requestData))
|
|
proxy.Write([]byte("\r\n"))
|
|
|
|
// Forward response
|
|
io.Copy(c, proxy)
|
|
|
|
if verbose {
|
|
log.Printf("< %s\n", original)
|
|
}
|
|
}
|
|
|
|
func serveCommand(c net.Conn, userInput string, command []string) {
|
|
var args []string
|
|
if len(command) > 0 {
|
|
args = command[1:]
|
|
}
|
|
cmd := exec.Command(command[0], args...)
|
|
|
|
var buf bytes.Buffer
|
|
if userInput != "" {
|
|
cmd.Stdin = strings.NewReader(userInput + "\n")
|
|
}
|
|
cmd.Stdout = &buf
|
|
cmd.Stderr = &buf
|
|
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
writeStatus(c, statusProxyError)
|
|
return
|
|
}
|
|
|
|
writeHeader(c, statusSuccess, "text/gemini; charset=utf-8")
|
|
c.Write(buf.Bytes())
|
|
|
|
if verbose {
|
|
log.Printf("< %s\n", command)
|
|
}
|
|
}
|
|
|
|
func scanCRLF(data []byte, atEOF bool) (advance int, token []byte, err error) {
|
|
if atEOF && len(data) == 0 {
|
|
return 0, nil, nil
|
|
}
|
|
if i := bytes.IndexByte(data, '\r'); i >= 0 {
|
|
// We have a full newline-terminated line.
|
|
return i + 1, data[0:i], nil
|
|
}
|
|
// If we're at EOF, we have a final, non-terminated line. Return it.
|
|
if atEOF {
|
|
return len(data), data, nil
|
|
}
|
|
// Request more data.
|
|
return 0, nil, nil
|
|
}
|
|
|
|
func replaceWithUserInput(command []string, userInput string) []string {
|
|
newCommand := make([]string, len(command))
|
|
copy(newCommand, command)
|
|
for i, piece := range newCommand {
|
|
if strings.Contains(piece, "$USERINPUT") {
|
|
newCommand[i] = strings.ReplaceAll(piece, "$USERINPUT", userInput)
|
|
}
|
|
}
|
|
return newCommand
|
|
}
|
|
|
|
func handleConn(c *tls.Conn) {
|
|
if verbose {
|
|
t := time.Now()
|
|
defer func() {
|
|
d := time.Since(t)
|
|
if d > time.Second {
|
|
d = d.Round(time.Second)
|
|
} else {
|
|
d = d.Round(time.Millisecond)
|
|
}
|
|
log.Printf("took %s", d)
|
|
}()
|
|
}
|
|
|
|
defer c.Close()
|
|
c.SetReadDeadline(time.Now().Add(readTimeout))
|
|
|
|
var requestData string
|
|
scanner := bufio.NewScanner(c)
|
|
scanner.Split(scanCRLF)
|
|
if scanner.Scan() {
|
|
requestData = scanner.Text()
|
|
}
|
|
if err := scanner.Err(); err != nil {
|
|
log.Println(scanner.Text(), "FAILED")
|
|
writeStatus(c, statusBadRequest)
|
|
return
|
|
}
|
|
|
|
state := c.ConnectionState()
|
|
certs := state.PeerCertificates
|
|
var clientCertKeys [][]byte
|
|
for _, cert := range certs {
|
|
pubKey, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
clientCertKeys = append(clientCertKeys, pubKey)
|
|
}
|
|
|
|
if verbose {
|
|
log.Printf("> %s\n", requestData)
|
|
}
|
|
|
|
if len(requestData) > urlMaxLength || !utf8.ValidString(requestData) {
|
|
writeStatus(c, statusBadRequest)
|
|
return
|
|
}
|
|
|
|
request, err := url.Parse(requestData)
|
|
if err != nil {
|
|
writeStatus(c, statusBadRequest)
|
|
return
|
|
}
|
|
|
|
requestHostname := request.Hostname()
|
|
if requestHostname == "" || strings.ContainsRune(requestHostname, ' ') {
|
|
writeStatus(c, statusBadRequest)
|
|
return
|
|
}
|
|
|
|
var requestPort int
|
|
if request.Port() != "" {
|
|
requestPort, err = strconv.Atoi(request.Port())
|
|
if err != nil {
|
|
requestPort = 0
|
|
}
|
|
}
|
|
|
|
if request.Scheme == "" {
|
|
request.Scheme = "gemini"
|
|
}
|
|
if request.Scheme != "gemini" || (requestPort > 0 && requestPort != config.port) {
|
|
writeStatus(c, statusProxyRequestRefused)
|
|
}
|
|
|
|
if request.Path == "" {
|
|
// Redirect to /
|
|
writeHeader(c, statusRedirectPermanent, requestData+"/")
|
|
return
|
|
}
|
|
|
|
pathBytes := []byte(request.Path)
|
|
strippedPath := request.Path
|
|
if strippedPath[0] == '/' {
|
|
strippedPath = strippedPath[1:]
|
|
}
|
|
requestQuery, err := url.QueryUnescape(request.RawQuery)
|
|
if err != nil {
|
|
writeStatus(c, statusBadRequest)
|
|
return
|
|
}
|
|
|
|
var matchedHost bool
|
|
for hostname := range config.Hosts {
|
|
if requestHostname != hostname {
|
|
continue
|
|
}
|
|
matchedHost = true
|
|
|
|
for _, serve := range config.Hosts[hostname].Paths {
|
|
matchedRegexp := serve.r != nil && serve.r.Match(pathBytes)
|
|
matchedPrefix := serve.r == nil && strings.HasPrefix(request.Path, serve.Path)
|
|
if !matchedRegexp && !matchedPrefix {
|
|
continue
|
|
}
|
|
|
|
requireInput := serve.Input != "" || serve.SensitiveInput != ""
|
|
if requestQuery == "" && requireInput {
|
|
if serve.Input != "" {
|
|
writeHeader(c, statusInput, serve.Input)
|
|
return
|
|
} else if serve.SensitiveInput != "" {
|
|
writeHeader(c, statusSensitiveInput, serve.SensitiveInput)
|
|
return
|
|
}
|
|
}
|
|
|
|
if matchedRegexp {
|
|
if serve.Proxy != "" {
|
|
serveProxy(c, requestData, serve.Proxy)
|
|
return
|
|
} else if serve.FastCGI != "" {
|
|
contentType := "text/gemini; charset=utf-8"
|
|
if serve.Type != "" {
|
|
contentType = serve.Type
|
|
}
|
|
writeHeader(c, statusSuccess, contentType)
|
|
|
|
filePath := path.Join(serve.Root, request.Path[1:])
|
|
serveFastCGI(c, config.fcgiPools[serve.FastCGI], request, filePath)
|
|
return
|
|
} else if serve.cmd != nil {
|
|
if requireInput {
|
|
newCommand := replaceWithUserInput(serve.cmd, requestQuery)
|
|
if newCommand != nil {
|
|
serveCommand(c, "", newCommand)
|
|
return
|
|
}
|
|
}
|
|
serveCommand(c, requestQuery, serve.cmd)
|
|
return
|
|
}
|
|
serveFile(c, request, requestData, path.Join(serve.Root, strippedPath), serve.ListDirectory)
|
|
return
|
|
} else if matchedPrefix {
|
|
if serve.Proxy != "" {
|
|
serveProxy(c, requestData, serve.Proxy)
|
|
return
|
|
} else if serve.FastCGI != "" {
|
|
contentType := "text/gemini; charset=utf-8"
|
|
if serve.Type != "" {
|
|
contentType = serve.Type
|
|
}
|
|
writeHeader(c, statusSuccess, contentType)
|
|
|
|
filePath := path.Join(serve.Root, request.Path[1:])
|
|
serveFastCGI(c, config.fcgiPools[serve.FastCGI], request, filePath)
|
|
return
|
|
} else if serve.cmd != nil {
|
|
if requireInput {
|
|
newCommand := replaceWithUserInput(serve.cmd, requestQuery)
|
|
if newCommand != nil {
|
|
serveCommand(c, "", newCommand)
|
|
return
|
|
}
|
|
}
|
|
serveCommand(c, requestQuery, serve.cmd)
|
|
return
|
|
}
|
|
filePath := request.Path[len(serve.Path):]
|
|
if len(filePath) > 0 && filePath[0] == '/' {
|
|
filePath = filePath[1:]
|
|
}
|
|
serveFile(c, request, requestData, path.Join(serve.Root, filePath), serve.ListDirectory)
|
|
return
|
|
}
|
|
}
|
|
break
|
|
}
|
|
|
|
if matchedHost {
|
|
writeStatus(c, statusNotFound)
|
|
} else {
|
|
writeStatus(c, statusProxyRequestRefused)
|
|
}
|
|
}
|
|
|
|
func getCertificate(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
host := config.Hosts[info.ServerName]
|
|
if host != nil {
|
|
return host.cert, nil
|
|
}
|
|
for _, host := range config.Hosts {
|
|
return host.cert, nil
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func handleListener(l net.Listener) {
|
|
for {
|
|
conn, err := l.Accept()
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
go handleConn(conn.(*tls.Conn))
|
|
}
|
|
}
|
|
|
|
func listen(address string) {
|
|
tlsConfig := &tls.Config{
|
|
ClientAuth: tls.RequestClientCert,
|
|
GetCertificate: getCertificate,
|
|
}
|
|
|
|
listener, err := tls.Listen("tcp", address, tlsConfig)
|
|
if err != nil {
|
|
log.Fatalf("failed to listen on %s: %s", address, err)
|
|
}
|
|
|
|
handleListener(listener)
|
|
}
|