1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
|
package gmi
import (
"bufio"
"crypto/tls"
"crypto/x509"
"errors"
"log"
"net"
"net/url"
"path"
"sort"
"strconv"
"strings"
"sync"
"time"
)
// Server errors.
var (
ErrBodyNotAllowed = errors.New("gemini: response status code does not allow for body")
ErrCertificateExpired = errors.New("gemini: certificate expired")
)
// Server is a Gemini server.
type Server struct {
// Addr specifies the address that the server should listen on.
// If Addr is empty, the server will listen on the address ":1965".
Addr string
// CertificateStore contains the certificates used by the server.
CertificateStore CertificateStore
// GetCertificate, if not nil, will be called to retrieve the certificate
// to use for a given hostname.
// If the certificate is nil, the connection will be aborted.
GetCertificate func(hostname string, store *CertificateStore) *tls.Certificate
// registered handlers
handlers map[handlerKey]Handler
}
type handlerKey struct {
Scheme string
Host string
}
// Handle registers a handler for the given hostname.
// A default scheme of gemini:// is assumed.
func (s *Server) Handle(hostname string, handler Handler) {
if hostname == "" {
panic("gmi: invalid hostname")
}
if handler == nil {
panic("gmi: nil handler")
}
if s.handlers == nil {
s.handlers = map[handlerKey]Handler{}
}
s.HandleScheme("gemini", hostname, handler)
}
func (s *Server) HandleFunc(hostname string, handler func(*ResponseWriter, *Request)) {
s.Handle(hostname, HandlerFunc(handler))
}
// HandleScheme registers a handler for the given scheme and hostname.
func (s *Server) HandleScheme(scheme string, hostname string, handler Handler) {
s.handlers[handlerKey{scheme, hostname}] = handler
}
func (s *Server) HandleSchemeFunc(scheme string, hostname string, handler func(*ResponseWriter, *Request)) {
s.HandleScheme(scheme, hostname, HandlerFunc(handler))
}
type handlerEntry struct {
scheme string
host string
h Handler
}
// ListenAndServe listens for requests at the server's configured address.
func (s *Server) ListenAndServe() error {
addr := s.Addr
if addr == "" {
addr = ":1965"
}
ln, err := net.Listen("tcp", addr)
if err != nil {
return err
}
defer ln.Close()
config := &tls.Config{
ClientAuth: tls.RequestClientCert,
MinVersion: tls.VersionTLS12,
GetCertificate: func(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
if s.GetCertificate != nil {
return s.GetCertificate(h.ServerName, &s.CertificateStore), nil
}
return s.CertificateStore.Lookup(h.ServerName)
},
}
tlsListener := tls.NewListener(ln, config)
return s.Serve(tlsListener)
}
// Serve listens for requests on the provided listener.
func (s *Server) Serve(l net.Listener) error {
var tempDelay time.Duration // how long to sleep on accept failure
for {
rw, err := l.Accept()
if err != nil {
// If this is a temporary error, sleep
if ne, ok := err.(net.Error); ok && ne.Temporary() {
if tempDelay == 0 {
tempDelay = 5 * time.Millisecond
} else {
tempDelay *= 2
}
if max := 1 * time.Second; tempDelay > max {
tempDelay = max
}
log.Printf("gemini: Accept error: %v; retrying in %v", err, tempDelay)
time.Sleep(tempDelay)
continue
}
// Otherwise, return the error
return err
}
tempDelay = 0
go s.respond(rw)
}
}
// ResponseWriter is used by a Gemini handler to construct a Gemini response.
type ResponseWriter struct {
w *bufio.Writer
bodyAllowed bool
wroteHeader bool
mimetype string
}
func newResponseWriter(conn net.Conn) *ResponseWriter {
return &ResponseWriter{
w: bufio.NewWriter(conn),
}
}
// WriteHeader writes the response header.
// If the header has already been written, WriteHeader does nothing.
//
// Meta contains more information related to the response status.
// For successful responses, Meta should contain the mimetype of the response.
// For failure responses, Meta should contain a short description of the failure.
// Meta should not be longer than 1024 bytes.
func (r *ResponseWriter) WriteHeader(status int, meta string) {
if r.wroteHeader {
return
}
r.w.WriteString(strconv.Itoa(status))
r.w.WriteByte(' ')
r.w.WriteString(meta)
r.w.Write(crlf)
// Only allow body to be written on successful status codes.
if status/10 == StatusClassSuccess {
r.bodyAllowed = true
}
r.wroteHeader = true
}
// SetMimetype sets the mimetype that will be written for a successful response.
// The provided mimetype will only be used if Write is called without calling
// WriteHeader.
// If the mimetype is not set, it will default to "text/gemini".
func (r *ResponseWriter) SetMimetype(mimetype string) {
r.mimetype = mimetype
}
// Write writes the response body.
// If the response status does not allow for a response body, Write returns
// ErrBodyNotAllowed.
//
// If WriteHeader has not yet been called, Write calls
// WriteHeader(StatusSuccess, mimetype) where mimetype is the mimetype set in
// SetMimetype. If no mimetype is set, a default of "text/gemini" will be used.
func (r *ResponseWriter) Write(b []byte) (int, error) {
if !r.wroteHeader {
mimetype := r.mimetype
if mimetype == "" {
mimetype = "text/gemini"
}
r.WriteHeader(StatusSuccess, mimetype)
}
if !r.bodyAllowed {
return 0, ErrBodyNotAllowed
}
return r.w.Write(b)
}
// respond responds to a connection.
func (s *Server) respond(conn net.Conn) {
r := bufio.NewReader(conn)
rw := newResponseWriter(conn)
// Read requested URL
rawurl, err := r.ReadString('\r')
if err != nil {
return
}
// Read terminating line feed
if b, err := r.ReadByte(); err != nil {
return
} else if b != '\n' {
rw.WriteHeader(StatusBadRequest, "Bad request")
}
// Trim carriage return
rawurl = rawurl[:len(rawurl)-1]
// Ensure URL is valid
if len(rawurl) > 1024 {
rw.WriteHeader(StatusBadRequest, "Bad request")
} else if url, err := url.Parse(rawurl); err != nil || url.User != nil {
// Note that we return an error status if User is specified in the URL
rw.WriteHeader(StatusBadRequest, "Bad request")
} else {
// Gather information about the request
req := &Request{
URL: url,
RemoteAddr: conn.RemoteAddr(),
TLS: conn.(*tls.Conn).ConnectionState(),
}
s.handler(req).Serve(rw, req)
}
rw.w.Flush()
conn.Close()
}
func (s *Server) handler(req *Request) Handler {
if h, ok := s.handlers[handlerKey{req.URL.Scheme, req.URL.Hostname()}]; ok {
return h
}
return NotFoundHandler()
}
// A Handler responds to a Gemini request.
type Handler interface {
// Serve accepts a Request and constructs a Response.
Serve(*ResponseWriter, *Request)
}
// Input responds to the request with a request for input using the given prompt.
func Input(rw *ResponseWriter, req *Request, prompt string) {
rw.WriteHeader(StatusInput, prompt)
}
// InputHandler returns a simple handler that responds to each request with
// a request for input.
func InputHandler(prompt string) Handler {
return HandlerFunc(func(rw *ResponseWriter, req *Request) {
Input(rw, req, prompt)
})
}
// WithInput either responds to the request with StatusInput if no input
// is provided, or calls f with the input when provided.
func WithInput(rw *ResponseWriter, req *Request, prompt string, f func(string)) {
input := req.URL.RawQuery
if input == "" {
Input(rw, req, prompt)
return
}
f(input)
}
// Sensitive responds to the request with a request for sensitive input
// using the given prompt.
func SensitiveInput(rw *ResponseWriter, req *Request, prompt string) {
rw.WriteHeader(StatusSensitiveInput, prompt)
}
// SensitiveInputHandler returns a simpler handler that responds to each request
// with a request for sensitive input.
func SensitiveInputHandler(prompt string) Handler {
return HandlerFunc(func(rw *ResponseWriter, req *Request) {
SensitiveInput(rw, req, prompt)
})
}
// WithSensitiveInput either responds to the request with StatusSensitiveInput
// if no input is provided, or calls f with the input when provided.
func WithSensitiveInput(rw *ResponseWriter, req *Request, prompt string, f func(string)) {
input := req.URL.RawQuery
if input == "" {
SensitiveInput(rw, req, prompt)
return
}
f(input)
}
// Redirect replies to the request with a redirect to the given URL.
func Redirect(rw *ResponseWriter, req *Request, url string) {
rw.WriteHeader(StatusRedirect, url)
}
// RedirectHandler returns a simple handler that responds to each request with
// a redirect to the given URL.
// If permanent is true, the handler will respond with a permanent redirect.
func RedirectHandler(url string) Handler {
return HandlerFunc(func(rw *ResponseWriter, req *Request) {
Redirect(rw, req, url)
})
}
// PermanentRedirect replies to the request with a permanent redirect to the given URL.
func PermanentRedirect(rw *ResponseWriter, req *Request, url string) {
rw.WriteHeader(StatusRedirectPermanent, url)
}
// PermanentRedirectHandler returns a simple handler that responds to each request with
// a redirect to the given URL.
func PermanentRedirectHandler(url string) Handler {
return HandlerFunc(func(rw *ResponseWriter, req *Request) {
PermanentRedirect(rw, req, url)
})
}
// NotFound replies to the request with the NotFound status code.
func NotFound(rw *ResponseWriter, req *Request) {
rw.WriteHeader(StatusNotFound, "Not found")
}
// NotFoundHandler returns a simple handler that responds to each request with
// the status code NotFound.
func NotFoundHandler() Handler {
return HandlerFunc(NotFound)
}
// Gone replies to the request with the Gone status code.
func Gone(rw *ResponseWriter, req *Request) {
rw.WriteHeader(StatusGone, "Gone")
}
// GoneHandler returns a simple handler that responds to each request with
// the status code Gone.
func GoneHandler() Handler {
return HandlerFunc(Gone)
}
// CertificateRequired responds to the request with the CertificateRequired
// status code.
func CertificateRequired(rw *ResponseWriter, req *Request) {
rw.WriteHeader(StatusCertificateRequired, "Certificate required")
}
// CertificateNotAuthorized responds to the request with
// the CertificateNotAuthorized status code.
func CertificateNotAuthorized(rw *ResponseWriter, req *Request) {
rw.WriteHeader(StatusCertificateNotAuthorized, "Certificate not authorized")
}
// WithCertificate either responds with CertificateRequired if the client did
// not provide a certificate, or calls f with the first ceritificate provided.
func WithCertificate(rw *ResponseWriter, req *Request, f func(*x509.Certificate)) {
if len(req.TLS.PeerCertificates) == 0 {
CertificateRequired(rw, req)
return
}
cert := req.TLS.PeerCertificates[0]
f(cert)
}
// CertificateHandler returns a simple handler that requests a certificate from
// clients if they did not provide one, and calls f with the first certificate
// if they did.
func CertificateHandler(f func(*x509.Certificate)) Handler {
return HandlerFunc(func(rw *ResponseWriter, req *Request) {
WithCertificate(rw, req, f)
})
}
// HandlerFunc is a wrapper around a bare function that implements Handler.
type HandlerFunc func(*ResponseWriter, *Request)
func (f HandlerFunc) Serve(rw *ResponseWriter, req *Request) {
f(rw, req)
}
// The following code is modified from the net/http package.
// ServeMux is a Gemini request multiplexer.
// It matches the URL of each incoming request against a list of registered
// patterns and calls the handler for the pattern that
// most closely matches the URL.
//
// Patterns name fixed, rooted paths, like "/favicon.ico",
// or rooted subtrees, like "/images/" (note the trailing slash).
// Longer patterns take precedence over shorter ones, so that
// if there are handlers registered for both "/images/"
// and "/images/thumbnails/", the latter handler will be
// called for paths beginning "/images/thumbnails/" and the
// former will receive requests for any other paths in the
// "/images/" subtree.
//
// Note that since a pattern ending in a slash names a rooted subtree,
// the pattern "/" matches all paths not matched by other registered
// patterns, not just the URL with Path == "/".
//
// If a subtree has been registered and a request is received naming the
// subtree root without its trailing slash, ServeMux redirects that
// request to the subtree root (adding the trailing slash). This behavior can
// be overridden with a separate registration for the path without
// the trailing slash. For example, registering "/images/" causes ServeMux
// to redirect a request for "/images" to "/images/", unless "/images" has
// been registered separately.
//
// ServeMux also takes care of sanitizing the URL request path and
// redirecting any request containing . or .. elements or repeated slashes
// to an equivalent, cleaner URL.
type ServeMux struct {
mu sync.RWMutex
m map[string]muxEntry
es []muxEntry // slice of entries sorted from longest to shortest.
}
type muxEntry struct {
h Handler
pattern string
}
// cleanPath returns the canonical path for p, eliminating . and .. elements.
func cleanPath(p string) string {
if p == "" {
return "/"
}
if p[0] != '/' {
p = "/" + p
}
np := path.Clean(p)
// path.Clean removes trailing slash except for root;
// put the trailing slash back if necessary.
if p[len(p)-1] == '/' && np != "/" {
// Fast path for common case of p being the string we want:
if len(p) == len(np)+1 && strings.HasPrefix(p, np) {
np = p
} else {
np += "/"
}
}
return np
}
// Find a handler on a handler map given a path string.
// Most-specific (longest) pattern wins.
func (mux *ServeMux) match(path string) (h Handler, pattern string) {
// Check for exact match first.
v, ok := mux.m[path]
if ok {
return v.h, v.pattern
}
// Check for longest valid match. mux.es contains all patterns
// that end in / sorted from longest to shortest.
for _, e := range mux.es {
if strings.HasPrefix(path, e.pattern) {
return e.h, e.pattern
}
}
return nil, ""
}
// redirectToPathSlash determines if the given path needs appending "/" to it.
// This occurs when a handler for path + "/" was already registered, but
// not for path itself. If the path needs appending to, it creates a new
// URL, setting the path to u.Path + "/" and returning true to indicate so.
func (mux *ServeMux) redirectToPathSlash(path string, u *url.URL) (*url.URL, bool) {
mux.mu.RLock()
shouldRedirect := mux.shouldRedirectRLocked(path)
mux.mu.RUnlock()
if !shouldRedirect {
return u, false
}
path = path + "/"
u = &url.URL{Path: path, RawQuery: u.RawQuery}
return u, true
}
// shouldRedirectRLocked reports whether the given path and host should be redirected to
// path+"/". This should happen if a handler is registered for path+"/" but
// not path -- see comments at ServeMux.
func (mux *ServeMux) shouldRedirectRLocked(path string) bool {
if _, exist := mux.m[path]; exist {
return false
}
n := len(path)
if n == 0 {
return false
}
if _, exist := mux.m[path+"/"]; exist {
return path[n-1] != '/'
}
return false
}
// Handler returns the handler to use for the given request.
// It consults r.URL.Path. It always returns a non-nil handler.
// If the path is not in its canonical form, the
// handler will be an internally-generated handler that redirects
// to the canonical path. If the host contains a port, it is ignored
// when matching handlers.
//
// Handler also returns the registered pattern that matches the
// request or, in the case of internally-generated redirects,
// the pattern that will match after following the redirect.
//
// If there is no registered handler that applies to the request,
// Handler returns a "not found" handler and an empty pattern.
func (mux *ServeMux) Handler(r *Request) (h Handler, pattern string) {
path := cleanPath(r.URL.Path)
// If the given path is /tree and its handler is not registered,
// redirect for /tree/.
if u, ok := mux.redirectToPathSlash(path, r.URL); ok {
return RedirectHandler(u.String()), u.Path
}
if path != r.URL.Path {
_, pattern = mux.handler(path)
url := *r.URL
url.Path = path
return RedirectHandler(url.String()), pattern
}
return mux.handler(r.URL.Path)
}
// handler is the main implementation of Handler.
// The path is known to be in canonical form.
func (mux *ServeMux) handler(path string) (h Handler, pattern string) {
mux.mu.RLock()
defer mux.mu.RUnlock()
h, pattern = mux.match(path)
if h == nil {
h, pattern = NotFoundHandler(), ""
}
return
}
// Serve dispatches the request to the handler whose
// pattern most closely matches the request URL.
func (mux *ServeMux) Serve(w *ResponseWriter, r *Request) {
h, _ := mux.Handler(r)
h.Serve(w, r)
}
// Handle registers the handler for the given pattern.
// If a handler already exists for pattern, Handle panics.
func (mux *ServeMux) Handle(pattern string, handler Handler) {
mux.mu.Lock()
defer mux.mu.Unlock()
if pattern == "" {
panic("gmi: invalid pattern")
}
if handler == nil {
panic("gmi: nil handler")
}
if _, exist := mux.m[pattern]; exist {
panic("gmi: multiple registrations for " + pattern)
}
if mux.m == nil {
mux.m = make(map[string]muxEntry)
}
e := muxEntry{h: handler, pattern: pattern}
mux.m[pattern] = e
if pattern[len(pattern)-1] == '/' {
mux.es = appendSorted(mux.es, e)
}
}
func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
n := len(es)
i := sort.Search(n, func(i int) bool {
return len(es[i].pattern) < len(e.pattern)
})
if i == n {
return append(es, e)
}
// we now know that i points at where we want to insert
es = append(es, muxEntry{}) // try to grow the slice in place, any entry works.
copy(es[i+1:], es[i:]) // move shorter entries down
es[i] = e
return es
}
// HandleFunc registers the handler function for the given pattern.
func (mux *ServeMux) HandleFunc(pattern string, handler func(*ResponseWriter, *Request)) {
if handler == nil {
panic("gmi: nil handler")
}
mux.Handle(pattern, HandlerFunc(handler))
}
|