rio/internal/repo/repo.go

218 lines
4.9 KiB
Go
Raw Normal View History

2024-01-01 13:19:19 +00:00
package repo
2023-12-31 12:26:56 +00:00
//go:generate mockgen -destination mock_repo_test.go -package repo code.gitea.io/sdk/gitea Client
2023-12-31 12:26:56 +00:00
import (
"errors"
"strings"
"time"
"git.polynom.me/rio/internal/constants"
2024-01-01 13:19:19 +00:00
2023-12-31 12:26:56 +00:00
"github.com/patrickmn/go-cache"
log "github.com/sirupsen/logrus"
)
var (
2023-12-31 23:38:39 +00:00
pathCache = cache.New(1*time.Hour, 1*time.Hour)
// Caching the existence of an user
userCache = cache.New(24*time.Hour, 12*time.Hour)
2024-01-06 16:42:08 +00:00
// Caches the existence of a Content-Security-Policy
// Mapping: Repository key -> CSPCacheEntry
cspCache = cache.New(24*time.Hour, 12*time.Hour)
2023-12-31 12:26:56 +00:00
)
type PageCacheEntry struct {
Repository Repository
2023-12-31 23:38:39 +00:00
Path string
2023-12-31 12:26:56 +00:00
}
2024-01-06 16:42:08 +00:00
type CSPCacheEntry struct {
CSP string
LastRequested time.Time
}
2023-12-31 12:26:56 +00:00
func makePageCacheKey(domain, path string) string {
return domain + "/" + path
}
2024-01-06 16:42:08 +00:00
func makeCSPCacheKey(username, repositoryName string) string {
return username + ":" + repositoryName
}
2023-12-31 23:38:39 +00:00
// / Try to find the repository with name @reponame of the user @username. If @cname
// / is not "", then it also verifies that the repository contains a "CNAME" with
// / the value of @cname as its content. @host, @domain, and @path are passed for
// / caching on success.
func lookupRepositoryAndCache(username, reponame, branchName, host, domain, path, cname string, giteaClient *GiteaClient) (*Repository, error) {
log.Debugf("CNAME: %s", cname)
2023-12-31 12:26:56 +00:00
log.Debugf("Looking up repository %s/%s", username, reponame)
repo, err := giteaClient.getRepository(username, reponame)
2023-12-31 12:26:56 +00:00
if err != nil {
return nil, err
}
if !giteaClient.hasBranch(username, reponame, branchName) {
return nil, errors.New("Specified branch does not exist")
}
2023-12-31 12:26:56 +00:00
// Check if the CNAME file matches
if cname != "" {
log.Debug("Checking CNAME")
2023-12-31 12:26:56 +00:00
file, _, err := giteaClient.GetFile(
username,
reponame,
constants.PagesBranch,
2023-12-31 12:26:56 +00:00
"CNAME",
nil,
2023-12-31 12:26:56 +00:00
)
if err != nil {
log.Errorf(
"Could not verify CNAME of %s/%s@%s: %v\n",
username,
reponame,
constants.PagesBranch,
err,
)
2023-12-31 12:26:56 +00:00
return nil, err
}
cnameContent := strings.Trim(
string(file[:]),
"\n",
)
log.Debugf("CNAME Content: %s", cnameContent)
2023-12-31 12:26:56 +00:00
if cnameContent != cname {
return nil, errors.New("CNAME mismatch")
}
}
// Cache data
pathCache.Set(
makePageCacheKey(domain, path),
PageCacheEntry{
repo,
path,
},
cache.DefaultExpiration,
)
return &repo, nil
2023-12-31 12:26:56 +00:00
}
func RepoFromPath(username, host, cname, path string, giteaClient *GiteaClient) (*Repository, string, error) {
2023-12-31 12:26:56 +00:00
domain := host
// Guess the repository
key := makePageCacheKey(domain, path)
entry, found := pathCache.Get(key)
if found {
pageEntry := entry.(PageCacheEntry)
return &pageEntry.Repository, pageEntry.Path, nil
}
// Allow specifying the repository name in the TXT record
reponame := ""
if cname != "" {
repoLookup, err := giteaClient.lookupRepoTXT(cname)
if err == nil && repoLookup != "" {
log.Infof(
"TXT lookup for %s resulted in choosing repository %s",
cname,
repoLookup,
)
reponame = repoLookup
}
2023-12-31 12:26:56 +00:00
}
pathParts := strings.Split(path, "/")
if reponame == "" && len(pathParts) > 1 {
2023-12-31 12:26:56 +00:00
log.Debugf("Trying repository %s", pathParts[0])
modifiedPath := strings.Join(pathParts[1:], "/")
repo, err := lookupRepositoryAndCache(
username,
pathParts[0],
constants.PagesBranch,
2023-12-31 12:26:56 +00:00
host,
domain,
modifiedPath,
cname,
giteaClient,
)
if err == nil {
return repo, modifiedPath, nil
}
}
if reponame == "" {
reponame = domain
2023-12-31 21:41:51 +00:00
}
log.Debugf("Trying repository %s/%s", username, reponame)
2023-12-31 12:26:56 +00:00
repo, err := lookupRepositoryAndCache(
username,
reponame,
constants.PagesBranch,
2023-12-31 12:26:56 +00:00
host,
domain,
path,
cname,
giteaClient,
)
return repo, path, err
}
// Checks if the username exists as an organisation or an user on the Gitea
// instance, so that an attacker can't just request certificates for random
// usernames.
func CanRequestCertificate(username string, giteaClient *GiteaClient) bool {
if _, found := userCache.Get(username); found {
return true
}
hasUser := giteaClient.hasUser(username)
if hasUser {
userCache.Set(username, true, cache.DefaultExpiration)
}
return hasUser
}
2024-01-06 16:42:08 +00:00
// Checks the repository username/repository@PagesBranch for a file named CSP. If it exists,
// read it and return the value. If it does not exist, return defaultCsp.
func GetCSPForRepository(username, repositoryName, defaultCsp string, giteaClient *GiteaClient) string {
key := makeCSPCacheKey(username, repositoryName)
cachedCsp, found := cspCache.Get(key)
var since time.Time
if found {
since = cachedCsp.(CSPCacheEntry).LastRequested
}
fetchedCsp, changed, err := giteaClient.GetFile(
username,
repositoryName,
constants.PagesBranch,
"CSP",
&since,
)
csp := ""
if err != nil {
if found {
return cachedCsp.(CSPCacheEntry).CSP
}
csp = defaultCsp
} else {
csp = string(fetchedCsp)
if !found || changed {
cspCache.Set(key, CSPCacheEntry{
CSP: csp,
LastRequested: time.Now(),
}, cache.DefaultExpiration)
}
}
return csp
}