mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-26 05:55:27 +00:00
a6e9510c07
Hello 👋 since it affected my deployment of the pages server I started to look into the problem of the blank pages and think I found a solution for it: 1. There is no check if the file response is empty, neither in cache retrieval nor in writing of a cache. Also the provided method for checking for empty responses had a bug. 2. I identified the redirect response to be the issue here. There is a cache write with the full cache key (e. g. rawContent/user/repo|branch|route/index.html) happening in the handling of the redirect response. But the written body here is empty. In the triggered request from the redirect response the server then finds a cache item to the key and serves the empty body. A quick fix is the check for empty file responses mentioned in 1. 3. The decision to redirect the user comes quite far down in the upstream function. Before that happens a lot of stuff that may not be important since after the redirect response comes a new request anyway. Also, I suspect that this causes the caching problem because there is a request to the forge server and its error handling with some recursions happening before. I propose to move two of the redirects before "Preparing" 4. The recursion in the upstream function makes it difficult to understand what is actually happening. I added some more logging to have an easier time with that. 5. I changed the default behaviour to append a trailing slash to the path to true. In my tested scenarios it happened anyway. This way there is no recursion happening before the redirect. I am not developing in go frequently and rarely contribute to open source -> so feedback of all kind is appreciated closes #164 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/292 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: crapStone <codeberg@crapstone.dev> Co-authored-by: Hoernschen <julian.hoernschemeyer@mailbox.org> Co-committed-by: Hoernschen <julian.hoernschemeyer@mailbox.org>
115 lines
3.6 KiB
Go
115 lines
3.6 KiB
Go
package handler
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
|
|
"codeberg.org/codeberg/pages/config"
|
|
"codeberg.org/codeberg/pages/html"
|
|
"codeberg.org/codeberg/pages/server/cache"
|
|
"codeberg.org/codeberg/pages/server/context"
|
|
"codeberg.org/codeberg/pages/server/gitea"
|
|
)
|
|
|
|
const (
|
|
headerAccessControlAllowOrigin = "Access-Control-Allow-Origin"
|
|
headerAccessControlAllowMethods = "Access-Control-Allow-Methods"
|
|
defaultPagesRepo = "pages"
|
|
)
|
|
|
|
// Handler handles a single HTTP request to the web server.
|
|
func Handler(
|
|
cfg config.ServerConfig,
|
|
giteaClient *gitea.Client,
|
|
dnsLookupCache, canonicalDomainCache, redirectsCache cache.ICache,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
log.Debug().Msg("\n----------------------------------------------------------")
|
|
log := log.With().Strs("Handler", []string{req.Host, req.RequestURI}).Logger()
|
|
ctx := context.New(w, req)
|
|
|
|
ctx.RespWriter.Header().Set("Server", "pages-server")
|
|
|
|
// Force new default from specification (since November 2020) - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin
|
|
ctx.RespWriter.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
|
|
|
// Enable browser caching for up to 10 minutes
|
|
ctx.RespWriter.Header().Set("Cache-Control", "public, max-age=600")
|
|
|
|
trimmedHost := ctx.TrimHostPort()
|
|
|
|
// Add HSTS for RawDomain and MainDomain
|
|
if hsts := getHSTSHeader(trimmedHost, cfg.MainDomain, cfg.RawDomain); hsts != "" {
|
|
ctx.RespWriter.Header().Set("Strict-Transport-Security", hsts)
|
|
}
|
|
|
|
// Handle all http methods
|
|
ctx.RespWriter.Header().Set("Allow", http.MethodGet+", "+http.MethodHead+", "+http.MethodOptions)
|
|
switch ctx.Req.Method {
|
|
case http.MethodOptions:
|
|
// return Allow header
|
|
ctx.RespWriter.WriteHeader(http.StatusNoContent)
|
|
return
|
|
case http.MethodGet,
|
|
http.MethodHead:
|
|
// end switch case and handle allowed requests
|
|
break
|
|
default:
|
|
// Block all methods not required for static pages
|
|
ctx.String("Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
// Block blacklisted paths (like ACME challenges)
|
|
for _, blacklistedPath := range cfg.BlacklistedPaths {
|
|
if strings.HasPrefix(ctx.Path(), blacklistedPath) {
|
|
html.ReturnErrorPage(ctx, "requested path is blacklisted", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Allow CORS for specified domains
|
|
allowCors := false
|
|
for _, allowedCorsDomain := range cfg.AllowedCorsDomains {
|
|
if strings.EqualFold(trimmedHost, allowedCorsDomain) {
|
|
allowCors = true
|
|
break
|
|
}
|
|
}
|
|
if allowCors {
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowOrigin, "*")
|
|
ctx.RespWriter.Header().Set(headerAccessControlAllowMethods, http.MethodGet+", "+http.MethodHead)
|
|
}
|
|
|
|
// Prepare request information to Gitea
|
|
pathElements := strings.Split(strings.Trim(ctx.Path(), "/"), "/")
|
|
|
|
if cfg.RawDomain != "" && strings.EqualFold(trimmedHost, cfg.RawDomain) {
|
|
log.Debug().Msg("raw domain request detected")
|
|
handleRaw(log, ctx, giteaClient,
|
|
cfg.MainDomain,
|
|
trimmedHost,
|
|
pathElements,
|
|
canonicalDomainCache, redirectsCache)
|
|
} else if strings.HasSuffix(trimmedHost, cfg.MainDomain) {
|
|
log.Debug().Msg("subdomain request detected")
|
|
handleSubDomain(log, ctx, giteaClient,
|
|
cfg.MainDomain,
|
|
cfg.PagesBranches,
|
|
trimmedHost,
|
|
pathElements,
|
|
canonicalDomainCache, redirectsCache)
|
|
} else {
|
|
log.Debug().Msg("custom domain request detected")
|
|
handleCustomDomain(log, ctx, giteaClient,
|
|
cfg.MainDomain,
|
|
trimmedHost,
|
|
pathElements,
|
|
cfg.PagesBranches[0],
|
|
dnsLookupCache, canonicalDomainCache, redirectsCache)
|
|
}
|
|
}
|
|
}
|