Compare commits
4 Commits
8630855374
...
b9cc7f30e8
Author | SHA1 | Date | |
---|---|---|---|
b9cc7f30e8 | |||
5b9aaf5e24 | |||
e3032c8233 | |||
cf85380ddb |
@ -16,6 +16,7 @@ import (
|
||||
"git.polynom.me/rio/internal/certificates"
|
||||
"git.polynom.me/rio/internal/context"
|
||||
"git.polynom.me/rio/internal/dns"
|
||||
riogitea "git.polynom.me/rio/internal/gitea"
|
||||
"git.polynom.me/rio/internal/metrics"
|
||||
"git.polynom.me/rio/internal/pages"
|
||||
"git.polynom.me/rio/internal/repo"
|
||||
@ -55,7 +56,7 @@ func handleSubdomain(ctx *context.GlobalContext, domain, cname, path string, req
|
||||
domain,
|
||||
cname,
|
||||
path,
|
||||
ctx.Gitea,
|
||||
ctx,
|
||||
)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to get repo: %s", err)
|
||||
@ -187,7 +188,7 @@ func runServer(ctx *cli.Context) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
giteaClient := repo.NewGiteaClient(giteaUrl, giteaApiClient)
|
||||
giteaClient := riogitea.NewGiteaClient(giteaUrl, giteaApiClient)
|
||||
|
||||
// Listen on the port
|
||||
addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
|
||||
@ -208,6 +209,20 @@ func runServer(ctx *cli.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// Prepare the context
|
||||
cacheCtx := context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
UsernameCache: context.MakeUsernameCache(),
|
||||
}
|
||||
globalCtx := &context.GlobalContext{
|
||||
DefaultCSP: defaultCsp,
|
||||
PagesDomain: domain,
|
||||
Gitea: &giteaClient,
|
||||
MetricConfig: &lokiConfig,
|
||||
Cache: &cacheCtx,
|
||||
}
|
||||
|
||||
if !acmeDisable {
|
||||
if acmeEmail == "" || acmeFile == "" || certsFile == "" || acmeDnsProvider == "" {
|
||||
return errors.New("The options acme-dns-provider, acme-file, acme-email, and certs-file are required")
|
||||
@ -261,18 +276,11 @@ func runServer(ctx *cli.Context) error {
|
||||
certsFile,
|
||||
&cache,
|
||||
acmeClient,
|
||||
&giteaClient,
|
||||
globalCtx,
|
||||
)
|
||||
listener = tls.NewListener(listener, tlsConfig)
|
||||
}
|
||||
|
||||
globalCtx := &context.GlobalContext{
|
||||
DefaultCSP: defaultCsp,
|
||||
PagesDomain: domain,
|
||||
Gitea: &giteaClient,
|
||||
MetricConfig: &lokiConfig,
|
||||
}
|
||||
|
||||
var waitGroup sync.WaitGroup
|
||||
servers := 2
|
||||
if acmeDisable {
|
||||
|
@ -3,15 +3,28 @@ package context
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.polynom.me/rio/internal/gitea"
|
||||
"git.polynom.me/rio/internal/metrics"
|
||||
"git.polynom.me/rio/internal/repo"
|
||||
"github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
type CacheContext struct {
|
||||
// Cache for general repository information
|
||||
RepositoryInformationCache cache.Cache
|
||||
|
||||
// Cache for path resolutions
|
||||
RepositoryPathCache cache.Cache
|
||||
|
||||
// Cache for username lookups
|
||||
UsernameCache cache.Cache
|
||||
}
|
||||
|
||||
type GlobalContext struct {
|
||||
DefaultCSP string
|
||||
PagesDomain string
|
||||
Gitea *repo.GiteaClient
|
||||
Gitea *gitea.GiteaClient
|
||||
MetricConfig *metrics.LokiMetricConfig
|
||||
Cache *CacheContext
|
||||
}
|
||||
|
||||
type Context struct {
|
||||
|
40
internal/context/info.go
Normal file
40
internal/context/info.go
Normal file
@ -0,0 +1,40 @@
|
||||
package context
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
type RepositoryInformation struct {
|
||||
// Headers to include in every response
|
||||
Headers map[string]string
|
||||
|
||||
CNAME string
|
||||
}
|
||||
|
||||
func repoInfoKey(owner, name string) string {
|
||||
return owner + ":" + name
|
||||
}
|
||||
|
||||
func (c *CacheContext) GetRepositoryInformation(owner, repoName string) *RepositoryInformation {
|
||||
data, found := c.RepositoryInformationCache.Get(repoInfoKey(owner, repoName))
|
||||
if !found {
|
||||
return nil
|
||||
}
|
||||
|
||||
typedData := data.(RepositoryInformation)
|
||||
return &typedData
|
||||
}
|
||||
|
||||
func (c *CacheContext) SetRepositoryInformation(owner, repoName string, info RepositoryInformation) {
|
||||
c.RepositoryInformationCache.Set(
|
||||
repoInfoKey(owner, repoName),
|
||||
info,
|
||||
cache.DefaultExpiration,
|
||||
)
|
||||
}
|
||||
|
||||
func MakeRepoInfoCache() cache.Cache {
|
||||
return *cache.New(24*time.Hour, 12*time.Hour)
|
||||
}
|
39
internal/context/path.go
Normal file
39
internal/context/path.go
Normal file
@ -0,0 +1,39 @@
|
||||
package context
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.polynom.me/rio/internal/gitea"
|
||||
"github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
type RepositoryPathInformation struct {
|
||||
Repository gitea.Repository
|
||||
Path string
|
||||
}
|
||||
|
||||
func pathInfoKey(domain, path string) string {
|
||||
return domain + "/" + path
|
||||
}
|
||||
|
||||
func (c *CacheContext) GetRepositoryPath(domain, path string) *RepositoryPathInformation {
|
||||
data, found := c.RepositoryPathCache.Get(pathInfoKey(domain, path))
|
||||
if !found {
|
||||
return nil
|
||||
}
|
||||
|
||||
typedData := data.(RepositoryPathInformation)
|
||||
return &typedData
|
||||
}
|
||||
|
||||
func (c *CacheContext) SetRepositoryPath(domain, path string, info RepositoryPathInformation) {
|
||||
c.RepositoryPathCache.Set(
|
||||
pathInfoKey(domain, path),
|
||||
info,
|
||||
cache.DefaultExpiration,
|
||||
)
|
||||
}
|
||||
|
||||
func MakeRepoPathCache() cache.Cache {
|
||||
return *cache.New(24*time.Hour, 12*time.Hour)
|
||||
}
|
24
internal/context/user.go
Normal file
24
internal/context/user.go
Normal file
@ -0,0 +1,24 @@
|
||||
package context
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
func (c *CacheContext) GetUser(username string) bool {
|
||||
_, found := c.UsernameCache.Get(username)
|
||||
return found
|
||||
}
|
||||
|
||||
func (c *CacheContext) SetUser(username string) {
|
||||
c.UsernameCache.Set(
|
||||
username,
|
||||
true,
|
||||
cache.DefaultExpiration,
|
||||
)
|
||||
}
|
||||
|
||||
func MakeUsernameCache() cache.Cache {
|
||||
return *cache.New(24*time.Hour, 12*time.Hour)
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
package repo
|
||||
package gitea
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
@ -38,17 +38,17 @@ type Repository struct {
|
||||
}
|
||||
|
||||
type GiteaClient struct {
|
||||
getRepository GetRepositoryMethod
|
||||
hasBranch HasBranchMethod
|
||||
hasUser HasUserMethod
|
||||
GetRepository GetRepositoryMethod
|
||||
HasBranch HasBranchMethod
|
||||
HasUser HasUserMethod
|
||||
GetFile GetFileMethod
|
||||
lookupCNAME LookupCNAMEMethod
|
||||
lookupRepoTXT LookupRepoTXTMethod
|
||||
LookupCNAME LookupCNAMEMethod
|
||||
LookupRepoTXT LookupRepoTXTMethod
|
||||
}
|
||||
|
||||
func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
|
||||
return GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
GetRepository: func(username, repositoryName string) (Repository, error) {
|
||||
repo, _, err := giteaClient.GetRepo(username, repositoryName)
|
||||
if err != nil {
|
||||
return Repository{}, err
|
||||
@ -58,7 +58,7 @@ func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
|
||||
Name: repo.Name,
|
||||
}, nil
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
res, _, err := giteaClient.ListRepoBranches(username, repositoryName, gitea.ListRepoBranchesOptions{})
|
||||
if err != nil {
|
||||
return false
|
||||
@ -71,7 +71,7 @@ func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
|
||||
}
|
||||
return false
|
||||
},
|
||||
hasUser: func(username string) bool {
|
||||
HasUser: func(username string) bool {
|
||||
_, _, err := giteaClient.GetUserInfo(username)
|
||||
return err == nil
|
||||
},
|
||||
@ -109,10 +109,10 @@ func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
|
||||
return content, true, err
|
||||
}
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return dns.LookupCNAME(domain)
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
return dns.LookupRepoTXT(domain)
|
||||
},
|
||||
}
|
@ -9,7 +9,6 @@ import (
|
||||
|
||||
"git.polynom.me/rio/internal/constants"
|
||||
"git.polynom.me/rio/internal/context"
|
||||
"git.polynom.me/rio/internal/repo"
|
||||
|
||||
"github.com/patrickmn/go-cache"
|
||||
log "github.com/sirupsen/logrus"
|
||||
@ -29,7 +28,7 @@ func makePageContentCacheEntry(username, path string) string {
|
||||
return username + ":" + path
|
||||
}
|
||||
|
||||
func addHeaders(csp, contentType string, contentLength int, w http.ResponseWriter) {
|
||||
func addHeaders(repoInfo *context.RepositoryInformation, contentType string, contentLength int, w http.ResponseWriter) {
|
||||
// Always set a content type
|
||||
if strings.Trim(contentType, " ") == "" {
|
||||
w.Header().Set("Content-Type", "application/octet-stream")
|
||||
@ -41,8 +40,10 @@ func addHeaders(csp, contentType string, contentLength int, w http.ResponseWrite
|
||||
w.Header().Set("Strict-Transport-Security", "max-age=31536000")
|
||||
w.Header().Set("Content-Length", strconv.Itoa(contentLength))
|
||||
|
||||
if csp != "" {
|
||||
w.Header().Set("Content-Security-Policy", csp)
|
||||
if repoInfo != nil {
|
||||
for key, value := range repoInfo.Headers {
|
||||
w.Header().Set(key, value)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -74,16 +75,19 @@ func ServeFile(context *context.Context) {
|
||||
path,
|
||||
since,
|
||||
)
|
||||
csp := repo.GetCSPForRepository(context.Username, context.Reponame, "", context.Global.Gitea)
|
||||
repoInfo := context.Global.Cache.GetRepositoryInformation(
|
||||
context.Username,
|
||||
context.Reponame,
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
if !found {
|
||||
log.Errorf("Failed to get file %s/%s/%s (%s)", context.Username, context.Reponame, path, err)
|
||||
addHeaders(csp, "text/html", 0, context.Writer)
|
||||
addHeaders(repoInfo, "text/html", 0, context.Writer)
|
||||
context.Writer.WriteHeader(404)
|
||||
} else {
|
||||
log.Debugf("Request failed but page %s is cached in memory", path)
|
||||
addHeaders(csp, mimeType, len(content), context.Writer)
|
||||
addHeaders(repoInfo, mimeType, len(content), context.Writer)
|
||||
context.Writer.WriteHeader(200)
|
||||
context.Writer.Write(content)
|
||||
}
|
||||
@ -93,7 +97,7 @@ func ServeFile(context *context.Context) {
|
||||
|
||||
if found && !changed {
|
||||
log.Debugf("Page %s is unchanged and cached in memory", path)
|
||||
addHeaders(csp, mimeType, len(content), context.Writer)
|
||||
addHeaders(repoInfo, mimeType, len(content), context.Writer)
|
||||
context.Writer.WriteHeader(200)
|
||||
context.Writer.Write(content)
|
||||
return
|
||||
@ -115,7 +119,7 @@ func ServeFile(context *context.Context) {
|
||||
)
|
||||
|
||||
log.Debugf("Page %s requested from Gitea and cached in memory at %v", path, now)
|
||||
addHeaders(csp, mimeType, len(content), context.Writer)
|
||||
addHeaders(repoInfo, mimeType, len(content), context.Writer)
|
||||
context.Writer.WriteHeader(200)
|
||||
context.Writer.Write(content)
|
||||
|
||||
|
@ -3,119 +3,85 @@ package repo
|
||||
//go:generate mockgen -destination mock_repo_test.go -package repo code.gitea.io/sdk/gitea Client
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"slices"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.polynom.me/rio/internal/constants"
|
||||
"git.polynom.me/rio/internal/context"
|
||||
"git.polynom.me/rio/internal/gitea"
|
||||
|
||||
"github.com/patrickmn/go-cache"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var (
|
||||
pathCache = cache.New(1*time.Hour, 1*time.Hour)
|
||||
|
||||
// Caching the existence of an user
|
||||
userCache = cache.New(24*time.Hour, 12*time.Hour)
|
||||
|
||||
// Caches the existence of a Content-Security-Policy
|
||||
// Mapping: Repository key -> CSPCacheEntry
|
||||
cspCache = cache.New(24*time.Hour, 12*time.Hour)
|
||||
ForbiddenHeaders = []string{
|
||||
"content-length",
|
||||
"content-type",
|
||||
"date",
|
||||
"location",
|
||||
"strict-transport-security",
|
||||
"set-cookie",
|
||||
}
|
||||
)
|
||||
|
||||
type PageCacheEntry struct {
|
||||
Repository Repository
|
||||
Path string
|
||||
}
|
||||
|
||||
type CSPCacheEntry struct {
|
||||
CSP string
|
||||
LastRequested time.Time
|
||||
}
|
||||
|
||||
func makePageCacheKey(domain, path string) string {
|
||||
return domain + "/" + path
|
||||
}
|
||||
|
||||
func makeCSPCacheKey(username, repositoryName string) string {
|
||||
return username + ":" + repositoryName
|
||||
}
|
||||
|
||||
func lookupRepositoryAndCache(username, reponame, branchName, host, domain, path, cname string, giteaClient *GiteaClient) (*Repository, error) {
|
||||
func lookupRepositoryAndCache(username, reponame, branchName, host, domain, path, cname string, ctx *context.GlobalContext) (*gitea.Repository, error) {
|
||||
log.Debugf("CNAME: %s", cname)
|
||||
log.Debugf("Looking up repository %s/%s", username, reponame)
|
||||
repo, err := giteaClient.getRepository(username, reponame)
|
||||
repo, err := ctx.Gitea.GetRepository(username, reponame)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !giteaClient.hasBranch(username, reponame, branchName) {
|
||||
if !ctx.Gitea.HasBranch(username, reponame, branchName) {
|
||||
return nil, errors.New("Specified branch does not exist")
|
||||
}
|
||||
|
||||
// Check if the CNAME file matches
|
||||
|
||||
if cname != "" {
|
||||
log.Debug("Checking CNAME")
|
||||
file, _, err := giteaClient.GetFile(
|
||||
username,
|
||||
reponame,
|
||||
constants.PagesBranch,
|
||||
"CNAME",
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
log.Errorf(
|
||||
"Could not verify CNAME of %s/%s@%s: %v\n",
|
||||
username,
|
||||
reponame,
|
||||
constants.PagesBranch,
|
||||
err,
|
||||
)
|
||||
return nil, err
|
||||
repoInfo := GetRepositoryInformation(username, reponame, ctx)
|
||||
if repoInfo == nil {
|
||||
log.Warn("Repository does not contain a rio.json file")
|
||||
return nil, errors.New("No CNAME available in repository")
|
||||
}
|
||||
|
||||
cnameContent := strings.Trim(
|
||||
string(file[:]),
|
||||
"\n",
|
||||
)
|
||||
|
||||
log.Debugf("CNAME Content: %s", cnameContent)
|
||||
if cnameContent != host {
|
||||
log.Warnf("CNAME mismatch: Repo '%s', Host '%s'", cnameContent, host)
|
||||
log.Debugf("CNAME Content: \"%s\"", repoInfo.CNAME)
|
||||
if repoInfo.CNAME != host {
|
||||
log.Warnf("CNAME mismatch: Repo '%s', Host '%s'", repoInfo.CNAME, host)
|
||||
return nil, errors.New("CNAME mismatch")
|
||||
}
|
||||
}
|
||||
|
||||
// Cache data
|
||||
pathCache.Set(
|
||||
makePageCacheKey(domain, path),
|
||||
PageCacheEntry{
|
||||
repo,
|
||||
ctx.Cache.SetRepositoryPath(
|
||||
domain,
|
||||
path,
|
||||
context.RepositoryPathInformation{
|
||||
Repository: repo,
|
||||
Path: path,
|
||||
},
|
||||
cache.DefaultExpiration,
|
||||
)
|
||||
return &repo, nil
|
||||
}
|
||||
|
||||
// host is the domain name we're accessed from. cname is the domain that host is pointing
|
||||
// if, if we're accessed via a CNAME. If not, then cname is "".
|
||||
func RepoFromPath(username, host, cname, path string, giteaClient *GiteaClient) (*Repository, string, error) {
|
||||
func RepoFromPath(username, host, cname, path string, ctx *context.GlobalContext) (*gitea.Repository, string, error) {
|
||||
domain := host
|
||||
|
||||
// Guess the repository
|
||||
key := makePageCacheKey(domain, path)
|
||||
entry, found := pathCache.Get(key)
|
||||
if found {
|
||||
pageEntry := entry.(PageCacheEntry)
|
||||
return &pageEntry.Repository, pageEntry.Path, nil
|
||||
entry := ctx.Cache.GetRepositoryPath(domain, path)
|
||||
if entry != nil {
|
||||
return &entry.Repository, entry.Path, nil
|
||||
}
|
||||
|
||||
// Allow specifying the repository name in the TXT record
|
||||
reponame := ""
|
||||
if cname != "" {
|
||||
repoLookup, err := giteaClient.lookupRepoTXT(host)
|
||||
repoLookup, err := ctx.Gitea.LookupRepoTXT(host)
|
||||
if err == nil && repoLookup != "" {
|
||||
log.Infof(
|
||||
"TXT lookup for %s resulted in choosing repository %s",
|
||||
@ -139,7 +105,7 @@ func RepoFromPath(username, host, cname, path string, giteaClient *GiteaClient)
|
||||
domain,
|
||||
modifiedPath,
|
||||
cname,
|
||||
giteaClient,
|
||||
ctx,
|
||||
)
|
||||
if err == nil {
|
||||
return repo, modifiedPath, nil
|
||||
@ -158,7 +124,7 @@ func RepoFromPath(username, host, cname, path string, giteaClient *GiteaClient)
|
||||
domain,
|
||||
path,
|
||||
cname,
|
||||
giteaClient,
|
||||
ctx,
|
||||
)
|
||||
return repo, path, err
|
||||
}
|
||||
@ -166,52 +132,92 @@ func RepoFromPath(username, host, cname, path string, giteaClient *GiteaClient)
|
||||
// Checks if the username exists as an organisation or an user on the Gitea
|
||||
// instance, so that an attacker can't just request certificates for random
|
||||
// usernames.
|
||||
func CanRequestCertificate(username string, giteaClient *GiteaClient) bool {
|
||||
if _, found := userCache.Get(username); found {
|
||||
func CanRequestCertificate(username string, ctx *context.GlobalContext) bool {
|
||||
found := ctx.Cache.GetUser(username)
|
||||
if found {
|
||||
return true
|
||||
}
|
||||
|
||||
hasUser := giteaClient.hasUser(username)
|
||||
hasUser := ctx.Gitea.HasUser(username)
|
||||
if hasUser {
|
||||
userCache.Set(username, true, cache.DefaultExpiration)
|
||||
ctx.Cache.SetUser(username)
|
||||
}
|
||||
return hasUser
|
||||
}
|
||||
|
||||
// Checks the repository username/repository@PagesBranch for a file named CSP. If it exists,
|
||||
// read it and return the value. If it does not exist, return defaultCsp.
|
||||
func GetCSPForRepository(username, repositoryName, defaultCsp string, giteaClient *GiteaClient) string {
|
||||
key := makeCSPCacheKey(username, repositoryName)
|
||||
cachedCsp, found := cspCache.Get(key)
|
||||
var since time.Time
|
||||
if found {
|
||||
since = cachedCsp.(CSPCacheEntry).LastRequested
|
||||
func filterHeaders(headers map[string]interface{}) map[string]string {
|
||||
newHeaders := make(map[string]string)
|
||||
|
||||
for key, value := range headers {
|
||||
if slices.Contains[[]string, string](ForbiddenHeaders, strings.ToLower(key)) {
|
||||
continue
|
||||
}
|
||||
|
||||
fetchedCsp, changed, err := giteaClient.GetFile(
|
||||
username,
|
||||
repositoryName,
|
||||
constants.PagesBranch,
|
||||
"CSP",
|
||||
&since,
|
||||
)
|
||||
csp := ""
|
||||
if err != nil {
|
||||
if found {
|
||||
return cachedCsp.(CSPCacheEntry).CSP
|
||||
}
|
||||
|
||||
csp = defaultCsp
|
||||
} else {
|
||||
csp = string(fetchedCsp)
|
||||
|
||||
if !found || changed {
|
||||
cspCache.Set(key, CSPCacheEntry{
|
||||
CSP: csp,
|
||||
LastRequested: time.Now(),
|
||||
}, cache.DefaultExpiration)
|
||||
switch value.(type) {
|
||||
case string:
|
||||
newHeaders[key] = value.(string)
|
||||
}
|
||||
}
|
||||
|
||||
return csp
|
||||
return newHeaders
|
||||
}
|
||||
|
||||
func GetRepositoryInformation(owner, repoName string, ctx *context.GlobalContext) *context.RepositoryInformation {
|
||||
res := ctx.Cache.GetRepositoryInformation(owner, repoName)
|
||||
if res != nil {
|
||||
return res
|
||||
}
|
||||
|
||||
fetchedConfig, _, err := ctx.Gitea.GetFile(
|
||||
owner,
|
||||
repoName,
|
||||
constants.PagesBranch,
|
||||
"rio.json",
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to request rio.json for %s/%s:%v", owner, repoName, err)
|
||||
return nil
|
||||
}
|
||||
|
||||
var payload map[string]interface{}
|
||||
err = json.Unmarshal(fetchedConfig, &payload)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to unmarshal rio.json for %s/%s:%v", owner, repoName, err)
|
||||
return nil
|
||||
}
|
||||
|
||||
headers, found := payload["headers"]
|
||||
if !found {
|
||||
log.Warnf("Did not find headers key in rio.json for %s/%s", owner, repoName)
|
||||
headers = make(map[string]interface{})
|
||||
} else {
|
||||
switch headers.(type) {
|
||||
case map[string]interface{}:
|
||||
// NOOP
|
||||
default:
|
||||
log.Warn("headers attribute has invalid data type")
|
||||
headers = make(map[string]string)
|
||||
}
|
||||
}
|
||||
|
||||
cname, found := payload["CNAME"]
|
||||
if found {
|
||||
switch cname.(type) {
|
||||
case string:
|
||||
// NOOP
|
||||
default:
|
||||
log.Warnf("CNAME attribute is not a string for %s/%s", owner, repoName)
|
||||
cname = ""
|
||||
}
|
||||
} else {
|
||||
cname = ""
|
||||
}
|
||||
|
||||
info := context.RepositoryInformation{
|
||||
Headers: filterHeaders(headers.(map[string]interface{})),
|
||||
CNAME: cname.(string),
|
||||
}
|
||||
ctx.Cache.SetRepositoryInformation(owner, repoName, info)
|
||||
return &info
|
||||
}
|
||||
|
@ -2,28 +2,44 @@ package repo
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/sdk/gitea"
|
||||
"git.polynom.me/rio/internal/context"
|
||||
"git.polynom.me/rio/internal/gitea"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func clearCache() {
|
||||
pathCache.Flush()
|
||||
userCache.Flush()
|
||||
cspCache.Flush()
|
||||
func TestHeaderFilter(t *testing.T) {
|
||||
map1 := filterHeaders(
|
||||
map[string]interface{}{
|
||||
"Content-Type": "hallo",
|
||||
"content-Type": "welt",
|
||||
"content-type": "uwu",
|
||||
"CONTENT-TYPE": "lol",
|
||||
"Content-Security-Policy": "none",
|
||||
},
|
||||
)
|
||||
|
||||
if len(map1) != 1 {
|
||||
t.Fatalf("filterHeaders allowed %d != 1 headers", len(map1))
|
||||
}
|
||||
|
||||
for key := range map1 {
|
||||
if strings.ToLower(key) == "content-type" {
|
||||
t.Fatalf("filterHeaders allowed Content-Type")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestPickingCorrectRepositoryDefault(t *testing.T) {
|
||||
// Test that we default to the <username>.<pages domain> repository, if we have only
|
||||
// one path component.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username != "example-user" {
|
||||
t.Fatalf("Called with unknown user %s", username)
|
||||
}
|
||||
@ -31,9 +47,9 @@ func TestPickingCorrectRepositoryDefault(t *testing.T) {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
}
|
||||
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -44,17 +60,24 @@ func TestPickingCorrectRepositoryDefault(t *testing.T) {
|
||||
t.Fatal("getFile called")
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("lookupCNAME called")
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("LookupCNAME called")
|
||||
return "", nil
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("lookupRepoTXT called")
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("LookupRepoTXT called")
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "index.html", &client)
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "index.html", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("An error occured: %v", err)
|
||||
}
|
||||
@ -69,24 +92,22 @@ func TestPickingCorrectRepositoryDefault(t *testing.T) {
|
||||
func TestPickingCorrectRepositoryDefaultSubdirectory(t *testing.T) {
|
||||
// Test that we return the default repository when the first path component does
|
||||
// not correspong to an existing repository.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username != "example-user" {
|
||||
t.Fatalf("Called with unknown user %s", username)
|
||||
}
|
||||
if repositoryName == "assets" {
|
||||
return Repository{}, errors.New("Repository does not exist")
|
||||
return gitea.Repository{}, errors.New("gitea.Repository does not exist")
|
||||
} else if repositoryName == "example-user.pages.example.org" {
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
} else {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
}
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -97,17 +118,24 @@ func TestPickingCorrectRepositoryDefaultSubdirectory(t *testing.T) {
|
||||
t.Fatal("getFile called")
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("lookupCNAME called")
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("LookupCNAME called")
|
||||
return "", nil
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("lookupRepoTXT called")
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("LookupRepoTXT called")
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "assets/index.css", &client)
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "assets/index.css", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("An error occured: %v", err)
|
||||
}
|
||||
@ -122,28 +150,26 @@ func TestPickingCorrectRepositoryDefaultSubdirectory(t *testing.T) {
|
||||
func TestPickingCorrectRepositorySubdirectoryNoPagesBranch(t *testing.T) {
|
||||
// Test that we're picking the correct repository when the first path component
|
||||
// returns a repository without a pages branch.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username != "example-user" {
|
||||
t.Fatalf("Called with unknown user %s", username)
|
||||
}
|
||||
if repositoryName == "blog" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "blog",
|
||||
}, nil
|
||||
} else if repositoryName == "example-user.pages.example.org" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "example-user.pages.example.org",
|
||||
}, nil
|
||||
} else {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
}
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -154,17 +180,24 @@ func TestPickingCorrectRepositorySubdirectoryNoPagesBranch(t *testing.T) {
|
||||
t.Fatal("getFile called")
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("lookupCNAME called")
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
t.Fatal("LookupCNAME called")
|
||||
return "", nil
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("lookupRepoTXT called")
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
t.Fatal("LookupRepoTXT called")
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "blog/post1.html", &client)
|
||||
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "blog/post1.html", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("An error occured: %v", err)
|
||||
}
|
||||
@ -181,21 +214,19 @@ func TestPickingCorrectRepositorySubdirectoryNoPagesBranch(t *testing.T) {
|
||||
|
||||
func TestPickingNoRepositoryInvalidCNAME(t *testing.T) {
|
||||
// Test that we're not picking a repository if the CNAME validation fails.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "example-user.pages.example.org",
|
||||
}, nil
|
||||
} else {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
}
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -203,44 +234,49 @@ func TestPickingNoRepositoryInvalidCNAME(t *testing.T) {
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branch == "pages" && path == "CNAME" {
|
||||
return []byte("some-other-domain.local"), true, nil
|
||||
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"some-other-domain.local\"}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
_, _, err := RepoFromPath("example-user", "example-user.pages.example.org", "example-user.local", "index.html", &client)
|
||||
_, _, err := RepoFromPath("example-user", "example-user.pages.example.org", "example-user.local", "index.html", ctx)
|
||||
if err == nil {
|
||||
t.Fatal("Repository returned even though CNAME validation should fail")
|
||||
t.Fatal("gitea.Repository returned even though CNAME validation should fail")
|
||||
}
|
||||
}
|
||||
|
||||
func TestPickingRepositoryValidCNAME(t *testing.T) {
|
||||
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "example-user.local" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "example-user.local",
|
||||
}, nil
|
||||
} else {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
}
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "example-user.local" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -248,22 +284,29 @@ func TestPickingRepositoryValidCNAME(t *testing.T) {
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "example-user.local" && branch == "pages" && path == "CNAME" {
|
||||
return []byte("example-user.local"), true, nil
|
||||
if username == "example-user" && repositoryName == "example-user.local" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"example-user.local\"}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", &client)
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("Error returned: %v", err)
|
||||
}
|
||||
@ -275,21 +318,19 @@ func TestPickingRepositoryValidCNAME(t *testing.T) {
|
||||
func TestPickingRepositoryValidCNAMEWithTXTLookup(t *testing.T) {
|
||||
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds
|
||||
// and the TXT lookup returns something different.
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "some-different-repository",
|
||||
}, nil
|
||||
} else {
|
||||
t.Fatalf("Called with unknown repository %s", repositoryName)
|
||||
return Repository{}, nil
|
||||
return gitea.Repository{}, nil
|
||||
}
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -297,25 +338,32 @@ func TestPickingRepositoryValidCNAMEWithTXTLookup(t *testing.T) {
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "CNAME" {
|
||||
return []byte("example-user.local"), true, nil
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"example-user.local\"}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
if domain == "example-user.local" {
|
||||
return "some-different-repository", nil
|
||||
}
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", &client)
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("Error returned: %v", err)
|
||||
}
|
||||
@ -327,20 +375,18 @@ func TestPickingRepositoryValidCNAMEWithTXTLookup(t *testing.T) {
|
||||
func TestPickingRepositoryValidCNAMEWithTXTLookupAndSubdirectory(t *testing.T) {
|
||||
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds
|
||||
// and the TXT lookup returns something different. Additionally, we now have a subdirectory
|
||||
defer clearCache()
|
||||
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := GiteaClient{
|
||||
getRepository: func(username, repositoryName string) (Repository, error) {
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" {
|
||||
return Repository{
|
||||
return gitea.Repository{
|
||||
Name: "some-different-repository",
|
||||
}, nil
|
||||
}
|
||||
|
||||
return Repository{}, errors.New("Unknown repository")
|
||||
return gitea.Repository{}, errors.New("Unknown repository")
|
||||
},
|
||||
hasBranch: func(username, repositoryName, branchName string) bool {
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
@ -348,25 +394,32 @@ func TestPickingRepositoryValidCNAMEWithTXTLookupAndSubdirectory(t *testing.T) {
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "CNAME" {
|
||||
return []byte("example-user.local"), true, nil
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"example-user.local\"}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
lookupCNAME: func(domain string) (string, error) {
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
lookupRepoTXT: func(domain string) (string, error) {
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
if domain == "example-user.local" {
|
||||
return "some-different-repository", nil
|
||||
}
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "blog/index.html", &client)
|
||||
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "blog/index.html", ctx)
|
||||
if err != nil {
|
||||
t.Fatalf("Error returned: %v", err)
|
||||
}
|
||||
@ -375,31 +428,123 @@ func TestPickingRepositoryValidCNAMEWithTXTLookupAndSubdirectory(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetCSPForRepositoryNegativeIntegration(t *testing.T) {
|
||||
defer clearCache()
|
||||
|
||||
httpClient := http.Client{Timeout: 10 * time.Second}
|
||||
giteaClient, err := gitea.NewClient(
|
||||
"https://git.polynom.me",
|
||||
gitea.SetHTTPClient(&httpClient),
|
||||
gitea.SetToken(""),
|
||||
gitea.SetUserAgent("rio-testing"),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create Gitea client: %v", err)
|
||||
func TestHeaderParsingEmpty(t *testing.T) {
|
||||
// Test that we are correctly handling a repository with no headers.
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" {
|
||||
return gitea.Repository{
|
||||
Name: "some-different-repository",
|
||||
}, nil
|
||||
}
|
||||
client := NewGiteaClient("https://git.polynom.me", giteaClient)
|
||||
|
||||
// The repository has no CSP file, so it should return the invalid value
|
||||
defaultValue := "<INVALID>"
|
||||
csp := GetCSPForRepository(
|
||||
"papatutuwawa",
|
||||
"rio",
|
||||
defaultValue,
|
||||
&client,
|
||||
)
|
||||
return gitea.Repository{}, errors.New("Unknown repository")
|
||||
},
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
|
||||
if csp != defaultValue {
|
||||
t.Fatalf("Unexpected CSP returned: %s", csp)
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"example-user.local\"}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
if domain == "example-user.local" {
|
||||
return "some-different-repository", nil
|
||||
}
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
info := GetRepositoryInformation("example-user", "some-different-repository", ctx)
|
||||
if info == nil {
|
||||
t.Fatalf("No repository information returned")
|
||||
}
|
||||
|
||||
if len(info.Headers) > 0 {
|
||||
t.Fatalf("Headers returned: %v", info.Headers)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHeaderParsing(t *testing.T) {
|
||||
// Test that we are correctly handling a repository with no headers.
|
||||
log.SetLevel(log.DebugLevel)
|
||||
client := gitea.GiteaClient{
|
||||
GetRepository: func(username, repositoryName string) (gitea.Repository, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" {
|
||||
return gitea.Repository{
|
||||
Name: "some-different-repository",
|
||||
}, nil
|
||||
}
|
||||
|
||||
return gitea.Repository{}, errors.New("Unknown repository")
|
||||
},
|
||||
HasBranch: func(username, repositoryName, branchName string) bool {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
},
|
||||
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
|
||||
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "rio.json" {
|
||||
return []byte("{\"CNAME\": \"example-user.local\", \"headers\": {\"X-Cool-Header\": \"Very nice!\"}}"), true, nil
|
||||
}
|
||||
|
||||
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
|
||||
return []byte{}, true, nil
|
||||
},
|
||||
LookupCNAME: func(domain string) (string, error) {
|
||||
return "", errors.New("No CNAME")
|
||||
},
|
||||
LookupRepoTXT: func(domain string) (string, error) {
|
||||
if domain == "example-user.local" {
|
||||
return "some-different-repository", nil
|
||||
}
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
ctx := &context.GlobalContext{
|
||||
Gitea: &client,
|
||||
Cache: &context.CacheContext{
|
||||
RepositoryInformationCache: context.MakeRepoInfoCache(),
|
||||
RepositoryPathCache: context.MakeRepoPathCache(),
|
||||
},
|
||||
}
|
||||
|
||||
info := GetRepositoryInformation("example-user", "some-different-repository", ctx)
|
||||
if info == nil {
|
||||
t.Fatalf("No repository information returned")
|
||||
}
|
||||
|
||||
if len(info.Headers) != 1 {
|
||||
t.Fatalf("len(info.Headers) != 1: %v", info.Headers)
|
||||
}
|
||||
|
||||
header, found := info.Headers["X-Cool-Header"]
|
||||
if !found {
|
||||
t.Fatal("Header X-Cool-Header not found")
|
||||
}
|
||||
|
||||
if header != "Very nice!" {
|
||||
t.Fatalf("Invalid header value for X-Cool-Header: \"%s\"", header)
|
||||
}
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ import (
|
||||
"sync"
|
||||
|
||||
"git.polynom.me/rio/internal/certificates"
|
||||
"git.polynom.me/rio/internal/context"
|
||||
"git.polynom.me/rio/internal/dns"
|
||||
"git.polynom.me/rio/internal/repo"
|
||||
|
||||
@ -81,7 +82,7 @@ func getUsername(sni, pagesDomain string) (string, error) {
|
||||
return dns.ExtractUsername(pagesDomain, sni), nil
|
||||
}
|
||||
|
||||
func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.CertificatesCache, acmeClient *lego.Client, giteaClient *repo.GiteaClient) *tls.Config {
|
||||
func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.CertificatesCache, acmeClient *lego.Client, ctx *context.GlobalContext) *tls.Config {
|
||||
return &tls.Config{
|
||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
// Validate that we should even care about this domain
|
||||
@ -99,7 +100,7 @@ func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.Certificat
|
||||
if cert.IsValid() {
|
||||
return cert.TlsCertificate, nil
|
||||
} else {
|
||||
if !isPagesDomain && !repo.CanRequestCertificate(username, giteaClient) {
|
||||
if !isPagesDomain && !repo.CanRequestCertificate(username, ctx) {
|
||||
log.Warnf(
|
||||
"Cannot renew certificate for %s because CanRequestCertificate(%s) returned false",
|
||||
info.ServerName,
|
||||
@ -128,7 +129,7 @@ func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.Certificat
|
||||
return newCert.TlsCertificate, nil
|
||||
}
|
||||
} else {
|
||||
if !isPagesDomain && !repo.CanRequestCertificate(username, giteaClient) {
|
||||
if !isPagesDomain && !repo.CanRequestCertificate(username, ctx) {
|
||||
log.Warnf(
|
||||
"Cannot request certificate for %s because CanRequestCertificate(%s) returned false",
|
||||
info.ServerName,
|
||||
|
Loading…
Reference in New Issue
Block a user