pages-server/var/www/pages/index.php

<?php

function send_response($code, $message = "") {
    http_response_code($code);
    echo $message;
    exit();
}

$request_uri = explode("?", $_SERVER["REQUEST_URI"])[0];
$request_url = filter_var($request_uri, FILTER_SANITIZE_URL);
$request_url = str_replace("%20", " ", $request_url);

if ($request_url === "/" and $_SERVER["HTTP_HOST"] === "codeberg.eu") {
    send_response(200, file_get_contents("./default-page.html"));
}

# Restrict allowed characters in request URI:
if (preg_match("/^\/[a-zA-Z0-9_ +\-\/\.]*\$/", $request_url) != 1) {
    send_response(404, "invalid request URL");
}

$git_prefix = "/data/git/gitea-repositories";
$parts = explode("/", $request_url);
$parts = array_diff($parts, array("")); # Remove empty parts in URL

$parts_dot = explode(".",$_SERVER["HTTP_HOST"]);
if (count($parts_dot) != 3) {
    send_response(404, "invalid subdomain");
}
$owner = $parts_dot[0];

$git_root = realpath("$git_prefix/$owner/pages.git");
$file_url = implode("/", $parts);

# Ensure that only files within $git_root are accessed:
if (substr($git_root, 0, strlen($git_prefix)) !== $git_prefix) {
    send_response(404, "this user/organization does not have codeberg pages");
}

# If this is a folder, we explicitly redirect to folder URL, otherwise browsers will construct invalid relative links:
$command = "sh -c \"cd '$git_root' && /usr/bin/git ls-tree 'HEAD:$file_url' > /dev/null\"";
exec($command, $output, $retval);
if ($retval === 0) {
    if (substr($request_url, -1) !== "/") {
        $h = "Location: " . $request_url . "/";
        if ($_SERVER['QUERY_STRING'] !== "")
            $h .= "?" . $_SERVER['QUERY_STRING'];
        header($h);
        exit();
    }
    if ($file_url !== "")
        $file_url .= "/";
    $file_url .= "index.html";
}

$ext = pathinfo($file_url, PATHINFO_EXTENSION);
$ext = strtolower($ext);

$mime_types = array(
    "css" => "text/css",
    "csv" => "text/csv",
    "gif" => "image/gif",
    "html" => "text/html",
    "ico" => "image/x-icon",
    "ics" => "text/calendar",
    "jpg" => "image/jpeg",
    "jpeg" => "image/jpeg",
    "js" => "application/javascript",
    "json" => "application/json",
    "pdf" => "application/pdf",
    "png" => "image/png",
    "svg" => "image/svg+xml",
    "ttf" => "font/ttf",
    "txt" => "text/plain",
    "woff" => "font/woff",
    "woff2" => "font/woff2",
    "xml" => "text/xml"
);

if (array_key_exists($ext, $mime_types)) {
    header("Content-Type: " . $mime_types[$ext]);
} else {
    header("Content-Type: application/octet-stream");
}

#header("Cache-Control: public, max-age=10, immutable");

$command = "sh -c \"cd '$git_root' && /usr/bin/git log --format='%H' -1\"";
exec($command, $output, $retval);
if ($retval == 0 && count($output)) {
    $revision=$output[0];
    header('ETag: "' . $revision . '"');
    if (isset($_SERVER["HTTP_IF_NONE_MATCH"])) {
	$req_revision = str_replace('"', '', str_replace('W/"', '', $_SERVER["HTTP_IF_NONE_MATCH"]));
        if ($req_revision === $revision) {
            send_response(304);
        }
    }
}

## We are executing command twice (first for send_response-checking, then for actual raw output to stream),
## which seems wasteful, but it seems exec+echo cannot do raw binary output? Is this true?
$command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:$file_url'\"";
exec($command . " > /dev/null", $output, $retval);
if ($retval != 0) {
    # Try adding '.html' suffix, if this does not work either, report error
    $command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:$file_url.html'\"";
    exec($command . " > /dev/null", $output, $retval);
    header("Content-Type: text/html");
    if ($retval != 0) {
        # Render user-provided 404.html if exists, generic 404 message if not:
        http_response_code(404);
        $command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:404.html'\"";
        exec($command . " > /dev/null", $output, $retval);
        if ($retval != 0)
            send_response(404 , "no such file in repo: '" . htmlspecialchars($file_url) . "'");
    }
}

## If we could directly exec+echo raw output from above, we wouldn't need to execute command twice:
passthru($command);
pages [needs review] 2019-10-18 00:54:11 +02:00			`<?php`

use last revision as etag to improve caching 2020-09-02 13:53:43 +02:00			`function send_response($code, $message = "") {`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`http_response_code($code);`
			`echo $message;`
			`exit();`
pages [needs review] 2019-10-18 00:54:11 +02:00			`}`

allow whitespace in URL 2020-08-31 00:23:31 +02:00			`$request_uri = explode("?", $_SERVER["REQUEST_URI"])[0];`
			`$request_url = filter_var($request_uri, FILTER_SANITIZE_URL);`
			`$request_url = str_replace("%20", " ", $request_url);`
pages [needs review] 2019-10-18 00:54:11 +02:00
test pages with subdomains 2020-06-17 23:06:02 +02:00			`if ($request_url === "/" and $_SERVER["HTTP_HOST"] === "codeberg.eu") {`
Initial commit. 2020-06-18 21:12:42 +02:00			`send_response(200, file_get_contents("./default-page.html"));`
pages [needs review] 2019-10-18 00:54:11 +02:00			`}`

var/www/pages/index.php : comments 2020-05-04 22:24:56 +02:00			`# Restrict allowed characters in request URI:`
test pages with subdomains 2020-06-17 23:06:02 +02:00			`if (preg_match("/^\/[a-zA-Z0-9_ +\-\/\.]*\$/", $request_url) != 1) {`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`send_response(404, "invalid request URL");`
pages [needs review] 2019-10-18 00:54:11 +02:00			`}`

fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`$git_prefix = "/data/git/gitea-repositories";`
pages [needs review] 2019-10-18 00:54:11 +02:00			`$parts = explode("/", $request_url);`
var/www/pages/index.php : work around browser issues with relative links and directory URIs not ending on '/' 2020-05-04 23:43:52 +02:00			`$parts = array_diff($parts, array("")); # Remove empty parts in URL`
test pages with subdomains 2020-06-17 23:06:02 +02:00
			`$parts_dot = explode(".",$_SERVER["HTTP_HOST"]);`
allow whitespace in URL 2020-08-31 00:23:31 +02:00			`if (count($parts_dot) != 3) {`
test pages with subdomains 2020-06-17 23:06:02 +02:00			`send_response(404, "invalid subdomain");`
			`}`
			`$owner = $parts_dot[0];`

fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`$git_root = realpath("$git_prefix/$owner/pages.git");`
var/www/pages/index.php : work around browser issues with relative links and directory URIs not ending on '/' 2020-05-04 23:43:52 +02:00			`$file_url = implode("/", $parts);`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00
var/www/pages/index.php : clarify comment 2020-05-04 23:59:54 +02:00			`# Ensure that only files within $git_root are accessed:`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`if (substr($git_root, 0, strlen($git_prefix)) !== $git_prefix) {`
			`send_response(404, "this user/organization does not have codeberg pages");`
			`}`

var/www/pages/index.php : work around browser issues with relative links and directory URIs not ending on '/' 2020-05-04 23:43:52 +02:00			`# If this is a folder, we explicitly redirect to folder URL, otherwise browsers will construct invalid relative links:`
allow using codeberg pages without having a master branch use HEAD instad 2020-06-18 13:17:48 +02:00			`$command = "sh -c \"cd '$git_root' && /usr/bin/git ls-tree 'HEAD:$file_url' > /dev/null\"";`
var/www/pages/index.php : properly handle directories, pipe unused output to /dev/null 2020-05-04 21:14:53 +02:00			`exec($command, $output, $retval);`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`if ($retval === 0) {`
var/www/pages/index.php : work around browser issues with relative links and directory URIs not ending on '/' 2020-05-04 23:43:52 +02:00			`if (substr($request_url, -1) !== "/") {`
var/www/pages/index.php : whitespaces 2020-05-04 23:51:46 +02:00			`$h = "Location: " . $request_url . "/";`
			`if ($_SERVER['QUERY_STRING'] !== "")`
			`$h .= "?" . $_SERVER['QUERY_STRING'];`
var/www/pages/index.php : work around browser issues with relative links and directory URIs not ending on '/' 2020-05-04 23:43:52 +02:00			`header($h);`
			`exit();`
			`}`
var/www/pages/index.php : consistent string delimiters 2020-05-04 22:13:36 +02:00			`if ($file_url !== "")`
var/www/pages/index.php : whitespaces 2020-05-04 23:51:46 +02:00			`$file_url .= "/";`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`$file_url .= "index.html";`
avoid 302 redirect, rewrite URL for path with guessed index.html instead 2020-05-04 20:15:28 +02:00			`}`

var/www/pages/index.php : set HTTP status and MIME type for non-HTML files 2020-05-02 17:56:52 +02:00			`$ext = pathinfo($file_url, PATHINFO_EXTENSION);`
			`$ext = strtolower($ext);`
pages [needs review] 2019-10-18 00:54:11 +02:00
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`$mime_types = array(`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`"css" => "text/css",`
			`"csv" => "text/csv",`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`"gif" => "image/gif",`
			`"html" => "text/html",`
Add font mimetypes Also remove the closing php tag, emply lines after the tag get sent out, so we added a 0x0a byte to every file we were serving which led to various problems with some file types 2019-12-21 10:07:13 +01:00			`"ico" => "image/x-icon",`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`"ics" => "text/calendar",`
			`"jpg" => "image/jpeg",`
			`"jpeg" => "image/jpeg",`
			`"js" => "application/javascript",`
			`"json" => "application/json",`
			`"pdf" => "application/pdf",`
			`"png" => "image/png",`
			`"svg" => "image/svg+xml",`
			`"ttf" => "font/ttf",`
			`"txt" => "text/plain",`
Add font mimetypes Also remove the closing php tag, emply lines after the tag get sent out, so we added a 0x0a byte to every file we were serving which led to various problems with some file types 2019-12-21 10:07:13 +01:00			`"woff" => "font/woff",`
			`"woff2" => "font/woff2",`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`"xml" => "text/xml"`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`);`

			`if (array_key_exists($ext, $mime_types)) {`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`header("Content-Type: " . $mime_types[$ext]);`
fix path if incomplete, more mime-types, security work 2019-10-23 23:50:06 +02:00			`} else {`
var/www/pages/index.php : more mime types, tidy-up 2020-05-04 22:00:19 +02:00			`header("Content-Type: application/octet-stream");`
pages [needs review] 2019-10-18 00:54:11 +02:00			`}`

use last revision as etag to improve caching 2020-09-02 13:53:43 +02:00			`#header("Cache-Control: public, max-age=10, immutable");`

			`$command = "sh -c \"cd '$git_root' && /usr/bin/git log --format='%H' -1\"";`
			`exec($command, $output, $retval);`
			`if ($retval == 0 && count($output)) {`
			`$revision=$output[0];`
			`header('ETag: "' . $revision . '"');`
			`if (isset($_SERVER["HTTP_IF_NONE_MATCH"])) {`
			`$req_revision = str_replace('"', '', str_replace('W/"', '', $_SERVER["HTTP_IF_NONE_MATCH"]));`
			`if ($req_revision === $revision) {`
			`send_response(304);`
			`}`
			`}`
			`}`
set cache control to 180 seconds for codeberg pages 2020-09-02 11:55:36 +02:00
var/www/pages/index.php : set HTTP status and MIME type for non-HTML files 2020-05-02 17:56:52 +02:00			`## We are executing command twice (first for send_response-checking, then for actual raw output to stream),`
			`## which seems wasteful, but it seems exec+echo cannot do raw binary output? Is this true?`
allow using codeberg pages without having a master branch use HEAD instad 2020-06-18 13:17:48 +02:00			`$command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:$file_url'\"";`
var/www/pages/index.php : properly handle directories, pipe unused output to /dev/null 2020-05-04 21:14:53 +02:00			`exec($command . " > /dev/null", $output, $retval);`
var/www/pages/index.php : set HTTP status and MIME type for non-HTML files 2020-05-02 17:56:52 +02:00			`if ($retval != 0) {`
- var/www/pages/index.php : try adding .html suffix for incomplete URIs 2020-05-11 09:06:23 +02:00			`# Try adding '.html' suffix, if this does not work either, report error`
allow using codeberg pages without having a master branch use HEAD instad 2020-06-18 13:17:48 +02:00			`$command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:$file_url.html'\"";`
var/www/pages/index.php : properly handle directories, pipe unused output to /dev/null 2020-05-04 21:14:53 +02:00			`exec($command . " > /dev/null", $output, $retval);`
- var/www/pages/index.php : try adding .html suffix for incomplete URIs 2020-05-11 09:06:23 +02:00			`header("Content-Type: text/html");`
			`if ($retval != 0) {`
			`# Render user-provided 404.html if exists, generic 404 message if not:`
			`http_response_code(404);`
allow using codeberg pages without having a master branch use HEAD instad 2020-06-18 13:17:48 +02:00			`$command = "sh -c \"cd '$git_root' && /usr/bin/git show 'HEAD:404.html'\"";`
- var/www/pages/index.php : try adding .html suffix for incomplete URIs 2020-05-11 09:06:23 +02:00			`exec($command . " > /dev/null", $output, $retval);`
			`if ($retval != 0)`
			`send_response(404 , "no such file in repo: '" . htmlspecialchars($file_url) . "'");`
			`}`
var/www/pages/index.php : set HTTP status and MIME type for non-HTML files 2020-05-02 17:56:52 +02:00			`}`

			`## If we could directly exec+echo raw output from above, we wouldn't need to execute command twice:`
pages [needs review] 2019-10-18 00:54:11 +02:00			`passthru($command);`