diff --git a/main.go b/main.go index 231f60d..6a75cef 100644 --- a/main.go +++ b/main.go @@ -3,6 +3,7 @@ package main import ( "crypto/tls" "os" + "errors" "fmt" "net" "net/http" @@ -19,7 +20,7 @@ const ( PagesBranch = "pages" ) -func handleSubdomain(domain string, cname string, path string, giteaClient *gitea.Client, w http.ResponseWriter) { +func handleSubdomain(domain string, cname string, path, giteaUrl string, giteaClient *gitea.Client, w http.ResponseWriter) { hostParts := strings.Split(domain, ".") username := hostParts[0] @@ -42,10 +43,10 @@ func handleSubdomain(domain string, cname string, path string, giteaClient *gite return } - serveFile(username, repo.Name, path, giteaClient, w) + serveFile(username, repo.Name, path, giteaUrl, w) } -func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc { +func Handler(pagesDomain, giteaUrl string, giteaClient *gitea.Client) http.HandlerFunc { return func(w http.ResponseWriter, req *http.Request) { w.Header().Set("Server", "rio") @@ -55,7 +56,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc { } log.Debug("Domain can be directly handled") - handleSubdomain(req.Host, "", req.URL.Path, giteaClient, w) + handleSubdomain(req.Host, "", req.URL.Path, giteaUrl, giteaClient, w) return } @@ -74,7 +75,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc { } log.Debugf("Domain can be handled after a CNAME query") - handleSubdomain(cname, cname, req.URL.Path, giteaClient, w) + handleSubdomain(cname, cname, req.URL.Path, giteaUrl, giteaClient, w) return } @@ -86,7 +87,6 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc { func runServer(ctx *cli.Context) error { log.SetLevel(log.DebugLevel) giteaUrl := ctx.String("gitea-url") - addr := ctx.String("listen-host") + ":" + ctx.String("listen-port") domain := ctx.String("pages-domain") certsFile := ctx.String("certs-file") acmeEmail := ctx.String("acme-email") @@ -94,46 +94,9 @@ func runServer(ctx *cli.Context) error { acmeFile := ctx.String("acme-file") acmeHost := ctx.String("acme-host") acmePort := ctx.String("acme-port") + acmeDisable := ctx.Bool("acme-disable") - err := LoadCertificateStoreFromFile(certsFile) - if err != nil { - log.Debugf("Generating cert") - err := InitialiseFallbackCert(domain) - if err != nil { - log.Fatalf("Failed to generate fallback certificate: %v", err) - return err - } - - FlushCertificateStoreToFile(certsFile) - log.Debug("Certificate wrote to disk") - } else { - log.Debug("Certificate store read from disk") - } - - // Create an ACME client, if we failed to load one - acmeClient, err := ClientFromFile(acmeFile, acmeServer) - if err != nil { - log.Warn("Failed to load ACME client data from disk. Generating new account") - acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer) - if err != nil { - log.Fatalf("Failed to generate new ACME client: %v", err) - return err - } - log.Info("ACME account registered") - } else { - log.Info("ACME client data read from disk") - } - - // Set up the HTTP01 listener - err = acmeClient.Challenge.SetHTTP01Provider( - http01.NewProviderServer(acmeHost, acmePort), - ) - if err != nil { - log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err) - return err - } - - // Setup the HTTPS stuff + // Setup the Gitea stuff httpClient := http.Client{Timeout: 10 * time.Second} client, err := gitea.NewClient( giteaUrl, @@ -142,20 +105,66 @@ func runServer(ctx *cli.Context) error { gitea.SetUserAgent("rio"), ) + // Listen on the port + addr := ctx.String("listen-host") + ":" + ctx.String("listen-port") listener, err := net.Listen("tcp", addr) if err != nil { fmt.Errorf("Failed to create listener: %v", err) return err } - tlsConfig := makeTlsConfig( - domain, - certsFile, - acmeClient, - ) - listener = tls.NewListener(listener, tlsConfig) + if !acmeDisable { + if acmeEmail == "" || acmeFile == "" || certsFile == "" { + return errors.New("The options acme-file, acme-email, and certs-file are required") + } - if err := http.Serve(listener, Handler(domain, client)); err != nil { + err := LoadCertificateStoreFromFile(certsFile) + if err != nil { + log.Debugf("Generating cert") + err := InitialiseFallbackCert(domain) + if err != nil { + log.Fatalf("Failed to generate fallback certificate: %v", err) + return err + } + + FlushCertificateStoreToFile(certsFile) + log.Debug("Certificate wrote to disk") + } else { + log.Debug("Certificate store read from disk") + } + + // Create an ACME client, if we failed to load one + acmeClient, err := ClientFromFile(acmeFile, acmeServer) + if err != nil { + log.Warn("Failed to load ACME client data from disk. Generating new account") + acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer) + if err != nil { + log.Fatalf("Failed to generate new ACME client: %v", err) + return err + } + log.Info("ACME account registered") + } else { + log.Info("ACME client data read from disk") + } + + // Set up the HTTP01 listener + err = acmeClient.Challenge.SetHTTP01Provider( + http01.NewProviderServer(acmeHost, acmePort), + ) + if err != nil { + log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err) + return err + } + + tlsConfig := makeTlsConfig( + domain, + certsFile, + acmeClient, + ) + listener = tls.NewListener(listener, tlsConfig) + } + + if err := http.Serve(listener, Handler(domain, giteaUrl, client)); err != nil { fmt.Printf("Listening failed") return err } @@ -207,19 +216,19 @@ func main() { Name: "certs-file", Usage: "File to store certificates in", EnvVars: []string{"CERTS_FILE"}, - Required: true, + Value: "", }, &cli.StringFlag{ Name: "acme-file", Usage: "File to store ACME configuration in", EnvVars: []string{"ACME_FILE"}, - Required: true, + Value: "", }, &cli.StringFlag{ Name: "acme-email", Usage: "Email to use for an ACME account", EnvVars: []string{"ACME_EMAIL"}, - Required: true, + Value: "", }, &cli.StringFlag{ Name: "acme-server", @@ -227,6 +236,11 @@ func main() { EnvVars: []string{"ACME_SERVER"}, Value: "https://acme-staging-v02.api.letsencrypt.org/directory", }, + &cli.BoolFlag{ + Name: "acme-disable", + Usage: "Whether to disable automatic ACME certificates", + EnvVars: []string{"ACME_DISABLE"}, + }, }, } diff --git a/pages.go b/pages.go index d8ae67b..326a099 100644 --- a/pages.go +++ b/pages.go @@ -1,12 +1,13 @@ package main import ( + "fmt" + "io" "mime" "net/http" "strings" "time" - "code.gitea.io/sdk/gitea" "github.com/patrickmn/go-cache" log "github.com/sirupsen/logrus" ) @@ -18,13 +19,14 @@ var ( type PageContentCache struct { Content []byte mimeType string + RequestedAt time.Time } func makePageContentCacheEntry(username, path string) string { return username + ":" + path } -func serveFile(username, reponame, path string, giteaClient *gitea.Client, w http.ResponseWriter) { +func serveFile(username, reponame, path, giteaUrl string, w http.ResponseWriter) { // Provide a default if path == "" { path = "/index.html" @@ -44,30 +46,73 @@ func serveFile(username, reponame, path string, giteaClient *gitea.Client, w htt log.Debugf("Returning %s from cache", path) content = entry.(PageContentCache).Content mimeType = entry.(PageContentCache).mimeType - } else { - content, _, err = giteaClient.GetFile(username, reponame, PagesBranch, path, false) - if err != nil { - log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err) - w.WriteHeader(404) - return - } - - pathParts := strings.Split(path, ".") - ext := pathParts[len(pathParts) - 1] - mimeType = mime.TypeByExtension("." + ext) - - pageCache.Set( - key, - PageContentCache{ - content, - mimeType, - }, - cache.DefaultExpiration, - ) - - log.Debugf("Page %s requested from Gitea and cached in memory", path) } + // We have to do the raw request manually because the Gitea SDK does not allow + // passing the If-Modfied-Since header. + apiUrl := fmt.Sprintf( + "%s/api/v1/repos/%s/%s/raw/%s?ref=%s", + giteaUrl, + username, + reponame, + path, + PagesBranch, + ) + client := &http.Client{} + req, err := http.NewRequest("GET", apiUrl, nil) + if found { + since := entry.(PageContentCache).RequestedAt.Format(time.RFC1123) + log.Debugf("Found %s in cache. Adding '%s' as If-Modified-Since", key, since) + req.Header.Add("If-Modified-Since", since) + } + resp, err := client.Do(req) + if err != nil { + if !found { + log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err) + w.WriteHeader(404) + } else { + log.Debugf("Request failed but page %s is cached in memory", path) + w.WriteHeader(200) + w.Header().Set("Content-Type", mimeType) + w.Write(content) + } + + return + } + defer resp.Body.Close() + + log.Debugf("Gitea API request returned %d", resp.StatusCode) + if found && resp.StatusCode == 302 { + log.Debugf("Page %s is unchanged and cached in memory", path) + w.WriteHeader(200) + w.Header().Set("Content-Type", mimeType) + w.Write(content) + return + } + + content, err = io.ReadAll(resp.Body) + if err != nil { + log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err) + w.WriteHeader(404) + return + } + + pathParts := strings.Split(path, ".") + ext := pathParts[len(pathParts) - 1] + mimeType = mime.TypeByExtension("." + ext) + + now := time.Now() + pageCache.Set( + key, + PageContentCache{ + content, + mimeType, + now, + }, + cache.DefaultExpiration, + ) + + log.Debugf("Page %s requested from Gitea and cached in memory at %v", path, now) w.WriteHeader(200) w.Header().Set("Content-Type", mimeType) w.Write(content)