mirror of
https://codeberg.org/git-pages/git-pages.git
synced 2026-05-17 04:31:38 +00:00
254 lines
6.6 KiB
Go
254 lines
6.6 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"slices"
|
|
"strings"
|
|
"time"
|
|
|
|
securejoin "github.com/cyphar/filepath-securejoin"
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
const fetchTimeout = 30 * time.Second
|
|
|
|
func getPage(w http.ResponseWriter, r *http.Request) error {
|
|
host := GetHost(r)
|
|
|
|
// if the first directory of the path exists under `www/$host`, use it as the root,
|
|
// else use `www/$host/.index`
|
|
path, _ := strings.CutPrefix(r.URL.Path, "/")
|
|
wwwRoot := filepath.Join("www", host, ".index")
|
|
requestPath := path
|
|
if projectName, projectPath, found := strings.Cut(path, "/"); found {
|
|
projectRoot := filepath.Join("www", host, projectName)
|
|
if file, _ := securejoin.OpenInRoot(config.DataDir, projectRoot); file != nil {
|
|
file.Close()
|
|
wwwRoot, requestPath = projectRoot, projectPath
|
|
}
|
|
}
|
|
|
|
// try to serve `$root/$path` first
|
|
file, err := securejoin.OpenInRoot(config.DataDir, filepath.Join(wwwRoot, requestPath))
|
|
if err == nil {
|
|
// if it's a directory, serve `$root/$path/index.html`
|
|
stat, statErr := file.Stat()
|
|
if statErr == nil && stat.IsDir() {
|
|
defer file.Close()
|
|
file, err = securejoin.OpenInRoot(config.DataDir,
|
|
filepath.Join(wwwRoot, requestPath, "index.html"))
|
|
}
|
|
}
|
|
// if whatever we were serving doesn't exist, try to serve `$root/404.html`
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
file, _ = securejoin.OpenInRoot(config.DataDir, filepath.Join(wwwRoot, "404.html"))
|
|
}
|
|
|
|
// acquire read capability to the file being served (if possible)
|
|
reader := io.ReadSeeker(nil)
|
|
if file != nil {
|
|
defer file.Close()
|
|
file, err = securejoin.Reopen(file, unix.O_RDONLY)
|
|
if file != nil {
|
|
defer file.Close()
|
|
reader = file
|
|
}
|
|
}
|
|
|
|
// decide on the HTTP status
|
|
if err != nil {
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
if reader == nil {
|
|
reader = bytes.NewReader([]byte("not found\n"))
|
|
}
|
|
} else {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
reader = bytes.NewReader([]byte("internal server error\n"))
|
|
}
|
|
// serve custom 404 page (if any)
|
|
io.Copy(w, reader)
|
|
} else {
|
|
stat, _ := file.Stat()
|
|
http.ServeContent(w, r, path, stat.ModTime(), reader)
|
|
}
|
|
|
|
return err
|
|
}
|
|
|
|
func getProjectName(w http.ResponseWriter, r *http.Request) (string, error) {
|
|
// path must be either `/` or `/foo/` (`/foo` is accepted as an alias)
|
|
path, _ := strings.CutPrefix(r.URL.Path, "/")
|
|
path, _ = strings.CutSuffix(path, "/")
|
|
if strings.HasPrefix(path, ".") {
|
|
http.Error(w, "this directory name is reserved for system use", http.StatusBadRequest)
|
|
return "", fmt.Errorf("reserved name")
|
|
} else if strings.Contains(path, "/") {
|
|
http.Error(w, "only one level of nesting is allowed", http.StatusBadRequest)
|
|
return "", fmt.Errorf("nesting too deep")
|
|
}
|
|
|
|
if path == "" {
|
|
// path `/` corresponds to pseudo-project `.index`
|
|
return ".index", nil
|
|
} else {
|
|
return path, nil
|
|
}
|
|
}
|
|
|
|
func putPage(w http.ResponseWriter, r *http.Request) error {
|
|
host := GetHost(r)
|
|
|
|
err := Authorize(w, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
projectName, err := getProjectName(w, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
requestBody, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
return fmt.Errorf("body read: %s", err)
|
|
}
|
|
|
|
// request body contains git repository URL `https://codeberg.org/...`
|
|
// request header X-Pages-Branch contains git branch, `pages` by default
|
|
webRoot := fmt.Sprintf("%s/%s", host, projectName)
|
|
repoURL := string(requestBody)
|
|
branch := r.Header.Get("X-Pages-Branch")
|
|
if branch == "" {
|
|
branch = "pages"
|
|
}
|
|
|
|
result := FetchWithTimeout(webRoot, repoURL, branch, fetchTimeout)
|
|
if result.err == nil {
|
|
w.Header().Add("Content-Location", r.URL.String())
|
|
}
|
|
switch result.outcome {
|
|
case FetchError:
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
case FetchTimeout:
|
|
w.WriteHeader(http.StatusGatewayTimeout)
|
|
// HTTP prescribes these response codes to be used
|
|
case FetchNoChange:
|
|
w.WriteHeader(http.StatusNoContent)
|
|
case FetchCreated:
|
|
w.WriteHeader(http.StatusCreated)
|
|
case FetchUpdated:
|
|
w.WriteHeader(http.StatusOK)
|
|
}
|
|
if result.err != nil {
|
|
fmt.Fprintln(w, result.err)
|
|
} else {
|
|
fmt.Fprintln(w, result.head)
|
|
}
|
|
return result.err
|
|
}
|
|
|
|
func postPage(w http.ResponseWriter, r *http.Request) error {
|
|
host := GetHost(r)
|
|
hostParts := strings.Split(host, ".")
|
|
|
|
projectName, err := getProjectName(w, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
allowRepoURL := ""
|
|
if slices.Equal(hostParts[1:], strings.Split(config.Wildcard.Domain, ".")) {
|
|
userName := hostParts[0]
|
|
repoName := projectName
|
|
if repoName == ".index" {
|
|
repoName = fmt.Sprintf(config.Wildcard.IndexRepo, userName)
|
|
}
|
|
allowRepoURL = fmt.Sprintf(config.Wildcard.CloneURL, userName, repoName)
|
|
} else {
|
|
if err := Authorize(w, r); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if r.Header.Get("Content-Type") != "application/json" {
|
|
http.Error(w, "only JSON payload is allowed", http.StatusBadRequest)
|
|
return fmt.Errorf("invalid content type")
|
|
}
|
|
|
|
if r.Header.Get("X-Forgejo-Event") != "push" {
|
|
http.Error(w, "only push events are allowed", http.StatusBadRequest)
|
|
return fmt.Errorf("invalid event")
|
|
}
|
|
|
|
requestBody, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
return fmt.Errorf("body read: %s", err)
|
|
}
|
|
|
|
var event map[string]any
|
|
err = json.NewDecoder(bytes.NewReader(requestBody)).Decode(&event)
|
|
if err != nil {
|
|
http.Error(w, fmt.Sprintf("invalid request body: %s", err), http.StatusBadRequest)
|
|
return err
|
|
}
|
|
|
|
eventRef := event["ref"].(string)
|
|
if eventRef != "refs/heads/pages" {
|
|
w.WriteHeader(http.StatusOK)
|
|
return nil
|
|
}
|
|
|
|
webRoot := fmt.Sprintf("%s/%s", host, projectName)
|
|
|
|
repoURL := event["repository"].(map[string]any)["clone_url"].(string)
|
|
if allowRepoURL != "" && repoURL != allowRepoURL {
|
|
http.Error(w,
|
|
fmt.Sprintf("wildcard domain requires repository to be %s", allowRepoURL),
|
|
http.StatusUnauthorized,
|
|
)
|
|
return fmt.Errorf("invalid clone URL")
|
|
}
|
|
|
|
result := FetchWithTimeout(webRoot, repoURL, "pages", fetchTimeout)
|
|
switch result.outcome {
|
|
case FetchError:
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
case FetchTimeout:
|
|
w.WriteHeader(http.StatusGatewayTimeout)
|
|
default:
|
|
w.WriteHeader(http.StatusOK)
|
|
}
|
|
if result.err != nil {
|
|
fmt.Fprintln(w, result.err)
|
|
}
|
|
return result.err
|
|
}
|
|
|
|
func ServePages(w http.ResponseWriter, r *http.Request) {
|
|
log.Println("pages:", r.Method, r.Host, r.URL)
|
|
err := error(nil)
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
err = getPage(w, r)
|
|
case http.MethodPut:
|
|
err = putPage(w, r)
|
|
case http.MethodPost:
|
|
err = postPage(w, r)
|
|
default:
|
|
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
|
err = fmt.Errorf("method %s not allowed", r.Method)
|
|
}
|
|
if err != nil {
|
|
log.Println("pages err:", err)
|
|
}
|
|
}
|