mirrors/git-pages
1
0
Fork 0
mirror of https://codeberg.org/git-pages/git-pages.git synced 2026-05-18 13:11:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
125 Commits 3 Branches 14 Tags
51606aac9887da2271cd2d04589f1f623f8599b5
Commit Graph

96 Commits

Author SHA1 Message Date
Catherine
51606aac98 Replace hardcoded limits with a config file section. 2025-09-21 19:00:36 +00:00
Catherine
21227ce59f Only send Access-Control-Allow-Origin: in response to a CORS request. 
This saves a bit of bandwidth. NFC otherwise.
 2025-09-21 08:19:08 +00:00
Catherine
2af2975713 Add tar+gzip and tar+zstd compressed archive support. 2025-09-21 06:25:10 +00:00
Catherine
382bee9b4e Don't send Access-Control-Max-Age: in response to GET requests. 
This header only has meaning in an `OPTIONS` response.
 2025-09-21 06:05:17 +00:00
Catherine
b5ab776a23 Use Cache-Control: max-age=60, stale-while-revalidate=3600. 
This is a way to avoid blocking on network requests in the browser
while ensuring the content is served very fresh.
 2025-09-21 05:31:06 +00:00
Catherine
5b471f6677 Add a feature flag for testing h2c:// performance. 2025-09-21 04:38:06 +00:00
Catherine
a10e28210a Enable h2c:// (cleartext HTTP/2) protocol on all http:// sockets. 
This allows git-pages and Caddy to efficiently use the same connection
for many pipelined requests, which I hope will reduce contention when
some bot decides to send fifty requests in the same millisecond.

This commit also changes built-in Caddy configuration to use HTTP/2
cleartext only when talking to the backend.
 2025-09-21 03:36:14 +00:00
Catherine
403821a150 Return status 413 Request Entity Too Large where appropriate. 2025-09-21 03:35:18 +00:00
Catherine
d2d4a27667 Return status 415 Unsupported Media Type in PUT handler. 
Before this commit, an unparseable media type would return 200 OK.
 2025-09-21 03:33:42 +00:00
Catherine
5765fa7ffa Proxy requests for unknown sites via wildcard fallback URL (if any). 2025-09-21 02:39:44 +00:00
Catherine
d5302e4358 [breaking-change] Allow multiple wildcard domains to be configured. 2025-09-21 00:29:51 +00:00
Catherine
acf948ac6b Remove code for migrating from v1 data layout. 2025-09-20 20:10:40 +00:00
Catherine
7e9cd17b70 Add a -get-manifest option for debugging. 
This isn't done via a socket to avoid potential misconfiguration
leading to authentication bypass.
 2025-09-20 20:07:15 +00:00
Catherine
bdc119d630 Remove leading . path segments from tar archive member filenames. 2025-09-20 15:42:17 +00:00
miyuko
2f525f3bb7 Strip Content-Type parameters when looking at the type. 2025-09-20 16:12:23 +01:00
Catherine
26647411ed Fix tar file extractor. 2025-09-20 14:57:53 +00:00
Catherine
960a40d736 Add Honeybadger.io observability support. 
It's not yet clear how useful it is, but it's at least something.
 2025-09-20 14:19:55 +00:00
Catherine
e5f1bac0ed Remove outdated comment. NFC 2025-09-20 08:38:55 +00:00
Catherine
f5ffd70824 Rename X-Pages-Outcome response header to X-Pages-Update. 2025-09-20 08:34:56 +00:00
Catherine
ddf0de8435 Record non-fatal problems in manifest and report them. 
This feature keeps complex features like `_redirects` debuggable.
 2025-09-20 08:33:11 +00:00
Catherine
bd294982b2 Disallow Host: values starting with a dot. 
Although these should never appear in first place, allowing them
to proceed into application logic may cause conflicts with reserved
manifest names.
 2025-09-20 07:41:34 +00:00
Catherine
15b2f1ea39 Allow zip and tar archive uploads PUT request. 2025-09-20 07:16:10 +00:00
Catherine
95814dd3f3 Parse _redirects file and store rules in manifest. 2025-09-20 07:16:10 +00:00
Catherine
3acab677e0 Split up backend.go. NFC 2025-09-20 04:39:13 +00:00
Catherine
7178885bfb Add a dedicated error type to report missing blob or manifest. 2025-09-20 04:24:36 +00:00
Catherine
412c2c2e3a Fix issues found by staticcheck. NFC 2025-09-20 03:55:58 +00:00
Catherine
5f7e5a1271 Don't ask backend for bare IP address sites. 2025-09-19 20:32:02 +00:00
Catherine
cbbd2bcd7e Expose Fly.io region in Server header. 2025-09-19 19:01:41 +00:00
Catherine
93ffee538c Precompute total site size in manifest. 2025-09-19 18:38:47 +00:00
Catherine
e92b48b99f Expose site manifest to authorized clients. 
As the rules for serving a site get more complex, being able to see
the git-pages' view of the site structure will become increasingly
valuable.

Unauthorized clients are rejected to make enumeration more difficult.
While git-pages isn't designed to serve sensitive data, it is prudent
to recognize that someone somewhere will do it anyway.
 2025-09-19 16:58:01 +00:00
Catherine
dbfdd5d418 Refactor Protobuf schema. 
This is to prepare for making manifest debug representation accessible.

- change `Entry.size` to `uint32` so that it's serialized as a number
  in protoJSON export
- rename `Manifest.files` to `Manifest.contents`
- leave size and data for the root directory empty, same as with
  non-root directories fetched from git
 2025-09-19 15:20:35 +00:00
Catherine
d89f03e665 Upgrade protobuf schema to edition 2023. NFCI 
Also, some renames for consistency:
- `Manifest.repoURL`→`Manifest.repo_url`
- `Manifest.tree`→`Manifest.files`
 2025-09-19 14:12:08 +00:00
Catherine
46d54503ee Fix DNS allowlist not applying to POST requests. 2025-09-19 14:10:26 +00:00
Catherine
df6ca018a5 Unpublish site when pushing an empty repository. 2025-09-19 05:41:01 +00:00
Catherine
5f3edfedf9 Add DELETE method support. 2025-09-19 04:08:22 +00:00
Catherine
9810a346f0 Refactor authorization code. NFC 2025-09-19 04:08:22 +00:00
Catherine
5024802fd4 Start listening before lengthy initialization. 2025-09-19 01:09:19 +00:00
Catherine
82bfe278bf [security] Restrict X-Pages-Branch to shared secret authorization only. 2025-09-19 00:57:54 +00:00
Catherine
512d5e928a Clearly indicate insecure mode at startup. 2025-09-19 00:36:35 +00:00
Catherine
af5deb60c6 [breaking-change] Accept multiple index repository patterns. 2025-09-18 23:51:20 +00:00
Catherine
3393c077b5 Add DNS allowlist authorization. 
Also, improve authorization docs and tighten rules for `INSECURE`.
 2025-09-18 21:53:55 +00:00
Catherine
929aedfd2c Use strings.Trim{Prefix,Suffix}. NFC 2025-09-18 20:05:59 +00:00
Catherine
877d375af7 Fold domain names to lowercase when constructing a web root. 
Currently all domains with uppercase letters in them (as presented in
the `Host:` header during registration) are broken.
 2025-09-18 19:40:51 +00:00
Catherine
3c46169ba6 Refactor authentication code. 2025-09-18 19:23:59 +00:00
Catherine
0ed4fd2fc2 Fetch repositories to /tmp, not in-memory. 2025-09-18 04:32:23 +00:00
Catherine
07a736382c Automatically set GOMEMLIMIT at 90% of available memory. 
Or at the ratio specified by `AUTOMEMLIMIT`.
 2025-09-18 03:31:51 +00:00
Catherine
fb9f4a7c4a Allow configuring log format. 
In a production environment the timestamp will be appended by the log
service.
 2025-09-18 02:00:49 +00:00
Catherine
bd6e377e43 Allow explicit authorization to bypass wildcard URL restriction. 2025-09-18 01:56:06 +00:00
Catherine
bbd7964e0c Revert "Expose metadata when running on bunny.net magic containers." 
This reverts commit 705685e918.
 2025-09-18 01:42:17 +00:00
Catherine
2ca9a4c244 Revert "Log successful health check." 
This reverts commit 82f24d5508.
 2025-09-18 01:40:51 +00:00