Compare commits
2 Commits
352f8bb4ce
...
f264bd5604
Author | SHA1 | Date | |
---|---|---|---|
f264bd5604 | |||
9b971daf28 |
@ -24,26 +24,14 @@ import (
|
|||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Extract the username from the domain name @domain that we're processing
|
|
||||||
// at the moment.
|
|
||||||
func extractUsername(pagesDomain, domain string) string {
|
|
||||||
suffixlessDomain := strings.TrimSuffix(domain, "."+pagesDomain)
|
|
||||||
usernameParts := strings.Split(suffixlessDomain, ".")
|
|
||||||
if len(usernameParts) == 1 {
|
|
||||||
return usernameParts[0]
|
|
||||||
}
|
|
||||||
|
|
||||||
return strings.Join(usernameParts, ".")
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleSubdomain(pagesDomain, domain, cname, path, giteaUrl, defaultCsp string, giteaClient *repo.GiteaClient, w http.ResponseWriter) {
|
func handleSubdomain(pagesDomain, domain, cname, path, giteaUrl, defaultCsp string, giteaClient *repo.GiteaClient, w http.ResponseWriter) {
|
||||||
username := ""
|
username := ""
|
||||||
if cname != "" {
|
if cname != "" {
|
||||||
// If we are accessed via a CNAME, then CNAME contains our <user>.<pages domain> value.
|
// If we are accessed via a CNAME, then CNAME contains our <user>.<pages domain> value.
|
||||||
username = extractUsername(pagesDomain, cname)
|
username = dns.ExtractUsername(pagesDomain, cname)
|
||||||
} else {
|
} else {
|
||||||
// If we are directly accessed, then domain contains our <user>.<pages domain> value.
|
// If we are directly accessed, then domain contains our <user>.<pages domain> value.
|
||||||
username = extractUsername(pagesDomain, domain)
|
username = dns.ExtractUsername(pagesDomain, domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Strip the leading /
|
// Strip the leading /
|
||||||
|
@ -2,6 +2,7 @@ package dns
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
|
"errors"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -15,6 +16,10 @@ const (
|
|||||||
// The key that the TXT record will have to start with, e.g.
|
// The key that the TXT record will have to start with, e.g.
|
||||||
// "repo=some-random-repo".
|
// "repo=some-random-repo".
|
||||||
TxtRepoKey = "repo="
|
TxtRepoKey = "repo="
|
||||||
|
|
||||||
|
TxtCNAMERecord = "_rio-cname."
|
||||||
|
|
||||||
|
TxtCNAMEKey = "cname="
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -61,14 +66,53 @@ func LookupCNAME(domain string) (string, error) {
|
|||||||
return cname.(string), nil
|
return cname.(string), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cname, err := lookupCNAME(domain)
|
||||||
|
if err == nil {
|
||||||
|
cnameCache.Set(domain, cname, cache.DefaultExpiration)
|
||||||
|
return cname.(string), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
altCname, err := lookupCNAMETxt(domain)
|
||||||
|
if err == nil {
|
||||||
|
cnameCache.Set(domain, altCname, cache.DefaultExpiration)
|
||||||
|
return altCname, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Lookup the CNAME by trying to find a CNAME RR. Contrary to net.LookupCNAME,
|
||||||
|
// this method fails if we find no CNAME RR.
|
||||||
|
func lookupCNAME(domain string) (string, error) {
|
||||||
query, err := net.LookupCNAME(domain)
|
query, err := net.LookupCNAME(domain)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
if query[len(query)-1] == '.' {
|
if query[len(query)-1] == '.' {
|
||||||
query = query[:len(query)-1]
|
query = query[:len(query)-1]
|
||||||
}
|
}
|
||||||
cnameCache.Set(domain, query, cache.DefaultExpiration)
|
|
||||||
|
// Fail if we have no CNAME RR.
|
||||||
|
if query == domain {
|
||||||
|
return "", errors.New("CNAME is equal to domain")
|
||||||
|
}
|
||||||
|
|
||||||
return query, nil
|
return query, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Performs an alternative CNAME lookup by looking for a special TXT record.
|
||||||
|
func lookupCNAMETxt(domain string) (string, error) {
|
||||||
|
txts, err := net.LookupTXT(TxtCNAMERecord+domain)
|
||||||
|
if err == nil {
|
||||||
|
for _, txt := range txts {
|
||||||
|
if !strings.HasPrefix(txt, TxtCNAMEKey) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
return strings.TrimPrefix(txt, TxtCNAMEKey), nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return "", err
|
||||||
|
}
|
32
internal/dns/dns_test.go
Normal file
32
internal/dns/dns_test.go
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
package dns
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func cleanCache() {
|
||||||
|
cnameCache.Flush()
|
||||||
|
txtRepoCache.Flush()
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAltCNAME(t *testing.T) {
|
||||||
|
defer cleanCache()
|
||||||
|
|
||||||
|
res, err := lookupCNAMETxt("moxxy.org")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
if res != "moxxy.pages.polynom.me" {
|
||||||
|
t.Fatalf("Unexpected alt CNAME: %s", res)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLookupCNAMEWithAlt(t *testing.T) {
|
||||||
|
defer cleanCache()
|
||||||
|
|
||||||
|
res, err := LookupCNAME("moxxy.org")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
if res != "moxxy.pages.polynom.me" {
|
||||||
|
t.Fatalf("Unexpected alt CNAME: %s", res)
|
||||||
|
}
|
||||||
|
}
|
15
internal/dns/username.go
Normal file
15
internal/dns/username.go
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
package dns
|
||||||
|
|
||||||
|
import "strings"
|
||||||
|
|
||||||
|
// Extract the username from the domain name @domain that we're processing
|
||||||
|
// at the moment.
|
||||||
|
func ExtractUsername(pagesDomain, domain string) string {
|
||||||
|
suffixlessDomain := strings.TrimSuffix(domain, "."+pagesDomain)
|
||||||
|
usernameParts := strings.Split(suffixlessDomain, ".")
|
||||||
|
if len(usernameParts) == 1 {
|
||||||
|
return usernameParts[0]
|
||||||
|
}
|
||||||
|
|
||||||
|
return strings.Join(usernameParts, ".")
|
||||||
|
}
|
@ -1,9 +1,9 @@
|
|||||||
package main
|
package dns
|
||||||
|
|
||||||
import "testing"
|
import "testing"
|
||||||
|
|
||||||
func TestExtractUsernameSimple(t *testing.T) {
|
func TestExtractUsernameSimple(t *testing.T) {
|
||||||
username := extractUsername(
|
username := ExtractUsername(
|
||||||
"pages.local",
|
"pages.local",
|
||||||
"papatutuwawa.pages.local",
|
"papatutuwawa.pages.local",
|
||||||
)
|
)
|
||||||
@ -13,7 +13,7 @@ func TestExtractUsernameSimple(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestExtractUsernameDot(t *testing.T) {
|
func TestExtractUsernameDot(t *testing.T) {
|
||||||
username := extractUsername(
|
username := ExtractUsername(
|
||||||
"pages.local",
|
"pages.local",
|
||||||
"polynom.me.pages.local",
|
"polynom.me.pages.local",
|
||||||
)
|
)
|
@ -44,7 +44,6 @@ func unlockDomain(domain string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func buildDomainList(domain, pagesDomain string) []string {
|
func buildDomainList(domain, pagesDomain string) []string {
|
||||||
// TODO: For wildcards, we MUST use DNS01
|
|
||||||
if domain == pagesDomain || strings.HasSuffix(domain, pagesDomain) {
|
if domain == pagesDomain || strings.HasSuffix(domain, pagesDomain) {
|
||||||
return []string{
|
return []string{
|
||||||
pagesDomain,
|
pagesDomain,
|
||||||
@ -56,7 +55,6 @@ func buildDomainList(domain, pagesDomain string) []string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getDomainKey(domain, pagesDomain string) string {
|
func getDomainKey(domain, pagesDomain string) string {
|
||||||
// TODO: For wildcards, we MUST use DNS01
|
|
||||||
if domain == pagesDomain || strings.HasSuffix(domain, pagesDomain) {
|
if domain == pagesDomain || strings.HasSuffix(domain, pagesDomain) {
|
||||||
return "*." + pagesDomain
|
return "*." + pagesDomain
|
||||||
}
|
}
|
||||||
@ -64,10 +62,6 @@ func getDomainKey(domain, pagesDomain string) string {
|
|||||||
return domain
|
return domain
|
||||||
}
|
}
|
||||||
|
|
||||||
func usernameFromDomain(domain string) string {
|
|
||||||
return strings.Split(domain, ".")[0]
|
|
||||||
}
|
|
||||||
|
|
||||||
func getUsername(sni, pagesDomain string) (string, error) {
|
func getUsername(sni, pagesDomain string) (string, error) {
|
||||||
if !strings.HasSuffix(sni, pagesDomain) {
|
if !strings.HasSuffix(sni, pagesDomain) {
|
||||||
log.Debugf("'%s' is not a subdomain of '%s'", sni, pagesDomain)
|
log.Debugf("'%s' is not a subdomain of '%s'", sni, pagesDomain)
|
||||||
@ -81,10 +75,10 @@ func getUsername(sni, pagesDomain string) (string, error) {
|
|||||||
return "", errors.New("CNAME does not resolve to subdomain of pages domain")
|
return "", errors.New("CNAME does not resolve to subdomain of pages domain")
|
||||||
}
|
}
|
||||||
|
|
||||||
return usernameFromDomain(query), nil
|
return dns.ExtractUsername(pagesDomain, query), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return usernameFromDomain(sni), nil
|
return dns.ExtractUsername(pagesDomain, sni), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.CertificatesCache, acmeClient *lego.Client, giteaClient *repo.GiteaClient) *tls.Config {
|
func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.CertificatesCache, acmeClient *lego.Client, giteaClient *repo.GiteaClient) *tls.Config {
|
||||||
|
Loading…
Reference in New Issue
Block a user