sjs/agate
1
0
Fork 0
mirror of https://github.com/samsonjs/agate.git synced 2026-03-25 09:05:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: sjs:master
Branches Tags
sjs:master
sjs:issue/hidden-dot-encoding-tests
sjs:issue/idle-tls-flood-probe
sjs:issue/request-idle-timeout-probe
sjs:issue/log-injection-tests
sjs:issue/symlink-escape-tests
sjs:aws
sjs:v3.3.20
sjs:v3.3.19
sjs:v3.3.18
sjs:v3.3.17
sjs:v3.3.16
sjs:v3.3.15
sjs:v3.3.14
sjs:v3.3.13
sjs:v3.3.12
sjs:v3.3.11
sjs:v3.3.10
sjs:v3.3.9
sjs:v3.3.8
sjs:v3.3.7
sjs:v3.3.6
sjs:v3.3.5
sjs:v3.3.4
sjs:v3.3.3
sjs:v3.3.2
sjs:v3.3.1
sjs:v3.3.0
sjs:v3.2.4+build
sjs:v3.2.4
sjs:v3.2.3
sjs:v3.2.2
sjs:v3.2.1
sjs:v3.2.0
sjs:v3.1.3
sjs:v3.1.2
sjs:v3.1.1
sjs:v3.1.0
sjs:v3.0.3
sjs:v3.0.2
sjs:v3.0.1
sjs:v3.0.0
sjs:v2.5.3
sjs:v2.5.2
sjs:v2.5.1
sjs:v2.5.0
sjs:v2.4.1
sjs:v2.4.0+podman.build
sjs:v2.4.0
sjs:v2.3.0
sjs:v2.2.0
sjs:v2.1.3
sjs:v2.1.2
sjs:v2.1.1
sjs:v2.1.0
sjs:v2.0.0
sjs:v1.3.2
sjs:v1.3.1
sjs:v1.3.0
sjs:v1.2.2
sjs:v1.2.1
sjs:v1.2.0
sjs:v1.1.0
sjs:v1.0.1
sjs:v1.0.0
..
compare: sjs:v3.3.11
Branches Tags
sjs:issue/hidden-dot-encoding-tests
sjs:issue/idle-tls-flood-probe
sjs:issue/request-idle-timeout-probe
sjs:issue/log-injection-tests
sjs:issue/symlink-escape-tests
sjs:master
sjs:aws
sjs:v3.3.20
sjs:v3.3.19
sjs:v3.3.18
sjs:v3.3.17
sjs:v3.3.16
sjs:v3.3.15
sjs:v3.3.14
sjs:v3.3.13
sjs:v3.3.12
sjs:v3.3.11
sjs:v3.3.10
sjs:v3.3.9
sjs:v3.3.8
sjs:v3.3.7
sjs:v3.3.6
sjs:v3.3.5
sjs:v3.3.4
sjs:v3.3.3
sjs:v3.3.2
sjs:v3.3.1
sjs:v3.3.0
sjs:v3.2.4+build
sjs:v3.2.4
sjs:v3.2.3
sjs:v3.2.2
sjs:v3.2.1
sjs:v3.2.0
sjs:v3.1.3
sjs:v3.1.2
sjs:v3.1.1
sjs:v3.1.0
sjs:v3.0.3
sjs:v3.0.2
sjs:v3.0.1
sjs:v3.0.0
sjs:v2.5.3
sjs:v2.5.2
sjs:v2.5.1
sjs:v2.5.0
sjs:v2.4.1
sjs:v2.4.0+podman.build
sjs:v2.4.0
sjs:v2.3.0
sjs:v2.2.0
sjs:v2.1.3
sjs:v2.1.2
sjs:v2.1.1
sjs:v2.1.0
sjs:v2.0.0
sjs:v1.3.2
sjs:v1.3.1
sjs:v1.3.0
sjs:v1.2.2
sjs:v1.2.1
sjs:v1.2.0
sjs:v1.1.0
sjs:v1.0.1
sjs:v1.0.0

No commits in common. "master" and "v3.3.11" have entirely different histories.
master ... v3.3.11

13 changed files with 457 additions and 744 deletions
Show stats Expand all files Collapse all files

2
.github/workflows/cargo-audit.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
cargo-audit: cargo-audit:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: actions-rs/audit-check@v1 - uses: actions-rs/audit-check@v1
# Don't run on dependabot PRs or forks # Don't run on dependabot PRs or forks
# https://github.com/actions-rs/clippy-check/issues/2#issuecomment-807852653 # https://github.com/actions-rs/clippy-check/issues/2#issuecomment-807852653

17
.github/workflows/release.yml vendored
View file

@ -15,10 +15,10 @@ jobs:
uses: ncipollo/release-action@v1 uses: ncipollo/release-action@v1
build_ubuntu: build_ubuntu:
runs-on: ubuntu-22.04 runs-on: ubuntu-20.04
needs: create_release needs: create_release
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- name: build - name: build
run: bash .github/workflows/release.sh run: bash .github/workflows/release.sh
- name: upload release assets linux - name: upload release assets linux
@ -32,7 +32,7 @@ jobs:
runs-on: windows-latest runs-on: windows-latest
needs: create_release needs: create_release
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- name: Build - name: Build
run: cargo build --verbose --release run: cargo build --verbose --release
- name: strip names - name: strip names
@ -50,7 +50,7 @@ jobs:
runs-on: macos-latest runs-on: macos-latest
needs: create_release needs: create_release
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- name: install toolchain - name: install toolchain
run: rustup target add aarch64-apple-darwin run: rustup target add aarch64-apple-darwin
- name: Build x86_64 - name: Build x86_64
@ -79,7 +79,7 @@ jobs:
packages: write packages: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Log into GHCR - name: Log into GHCR
@ -103,17 +103,10 @@ jobs:
type=semver,pattern={{major}}.{{minor}}.{{patch}} type=semver,pattern={{major}}.{{minor}}.{{patch}}
type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}} type=semver,pattern={{major}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image - name: Build and push Docker image
id: push id: push
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
push: true push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}

6
.github/workflows/test.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
clippy: clippy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- name: Run clippy action to produce annotations - name: Run clippy action to produce annotations
# Don't run on dependabot PRs # Don't run on dependabot PRs
# https://github.com/actions-rs/clippy-check/issues/2#issuecomment-807852653 # https://github.com/actions-rs/clippy-check/issues/2#issuecomment-807852653
@ -30,7 +30,7 @@ jobs:
formatting: formatting:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- name: Formatting - name: Formatting
uses: actions-rs/cargo@v1 uses: actions-rs/cargo@v1
with: with:
@ -39,7 +39,7 @@ jobs:
tests: tests:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: actions-rs/cargo@v1 - uses: actions-rs/cargo@v1
with: with:
command: test command: test

93
CHANGELOG.md
View file

@ -5,66 +5,18 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
Updates to dependencies are not considered notable changes for the purpose of this changelog.
This may lead to no listed changes for a version.
## [Unreleased] ## [Unreleased]
## [3.3.19] - 2025-09-18
### Fixed
* Update dependencies.
* Document commands for converting PEM to DER.
## [3.3.18] - 2025-08-05
## [3.3.17] - 2025-06-27
## [3.3.16] - 2025-05-06
### Changed
* Build release artifacts with Ubuntu 22.04, because Ubuntu 20.04 is no longer supported
* pre-built binaries may no longer run on Linux distributions older than Ubuntu 22.04 (glibc 2.35)
* users with older glibc versions will need to build from source
## [3.3.15] - 2025-05-06
## [3.3.14] - 2025-03-24
## [3.3.13] - 2025-02-24
Thank you to @luineth for contributing to this release.
### Added
* aarch64 support for Docker image (#376)
## [3.3.12] - 2025-02-18
## [3.3.11] - 2024-11-29
Thank you to @geraldwuhoo and @jphastings for contributing to this release.
### Added
* Automatically publish docker images to GHCR (#366)
### Fixed
* Refactor Dockerfile for multi-stage build (#144)
## [3.3.10] - 2024-11-04
## [3.3.9] - 2024-09-10
## [3.3.8] - 2024-07-24
## [3.3.7] - 2024-04-01
## [3.3.6] - 2024-03-22
## [3.3.5] - 2024-03-15
### Fixed
* updated and simplified dependencies
* fix syntax of license field in Cargo manifest
## [3.3.4] - 2024-01-16
### Fixed
* cleaned up documentation
## [3.3.3] - 2023-12-27 ## [3.3.3] - 2023-12-27
### Fixed ### Fixed
* fixed release automation * fixed release automation
## [3.3.2] - 2023-12-27 ## [3.3.2] - 2023-12-27
### Fixed
* updated dependencies
## [3.3.1] - 2023-08-05 ## [3.3.1] - 2023-08-05
Thank you to Jan Stępień and @michaelnordmeyer for contributing to this release. Thank you to Jan Stępień and @michaelnordmeyer for contributing to this release.
@ -79,6 +31,7 @@ Thank you to @equalsraf, @michaelnordmeyer and @wanderer1988 for contributing to
* listening on unix sockets (#244) * listening on unix sockets (#244)
### Fixed ### Fixed
* updated dependencies
* misstyped email address in section on how to report security vulnerabilities (#239) * misstyped email address in section on how to report security vulnerabilities (#239)
* wrong language code in README (#189) * wrong language code in README (#189)
@ -88,12 +41,14 @@ Thank you to @06kellyjac, @albertlarsan68 and @kahays for contributing to this r
### Fixed ### Fixed
* removed port collisions in tests, for the last time (#143) * removed port collisions in tests, for the last time (#143)
* fixed Dockerfile startup command (#169) * fixed Dockerfile startup command (#169)
* upated dependencies
## [3.2.3] - 2022-02-04 ## [3.2.3] - 2022-02-04
Thank you to T. Spivey for contributing to this release. Thank you to T. Spivey for contributing to this release.
### Fixed ### Fixed
* improper IRIs are handled instead of crashing (bug reported via email) * improper IRIs are handled instead of crashing (bug reported via email)
* updated dependencies
## [3.2.2] - 2022-01-25 ## [3.2.2] - 2022-01-25
Thank you to @Suzie97 for contributing to this release. Thank you to @Suzie97 for contributing to this release.
@ -101,12 +56,16 @@ Thank you to @Suzie97 for contributing to this release.
### Added ### Added
* CI build for `aarch64-apple-darwin` target (#137) * CI build for `aarch64-apple-darwin` target (#137)
### Fixed
* updated dependencies
## [3.2.1] - 2021-12-02 ## [3.2.1] - 2021-12-02
Thank you to @MatthiasPortzel for contributing to this release. Thank you to @MatthiasPortzel for contributing to this release.
### Fixed ### Fixed
* host name comparisons are now case insensitive (#115) * host name comparisons are now case insensitive (#115)
* made automatic certificate configuration more prominent in the README * made automatic certificate configuration more prominent in the README
* updated dependencies
## [3.2.0] - 2021-11-15 ## [3.2.0] - 2021-11-15
Thank you to @balazsbtond and @joseph-marques for contributing to this release. Thank you to @balazsbtond and @joseph-marques for contributing to this release.
@ -115,6 +74,7 @@ Thank you to @balazsbtond and @joseph-marques for contributing to this release.
* you can add header text to a directory listing. See the updated readme for details. (#98) * you can add header text to a directory listing. See the updated readme for details. (#98)
### Fixed ### Fixed
* updated dependencies
* error pages also send close_notify (#100) * error pages also send close_notify (#100)
## [3.1.3] - 2021-10-25 ## [3.1.3] - 2021-10-25
@ -143,6 +103,7 @@ Thank you to @jgarte and @alvaro-cuesta for contributing to this release.
### Fixed ### Fixed
* actually bind to multiple IP addresses. Despite the documentation saying so, * actually bind to multiple IP addresses. Despite the documentation saying so,
Agate would only bind to the first address that did not result in an error. (#63) Agate would only bind to the first address that did not result in an error. (#63)
* updated dependencies
## [3.1.0] - 2021-06-08 ## [3.1.0] - 2021-06-08
Thank you to Matthew Ingwersen and Oliver Simmons (@GoodClover) for contributing to this release. Thank you to Matthew Ingwersen and Oliver Simmons (@GoodClover) for contributing to this release.
@ -172,6 +133,7 @@ Thank you to @06kellyjac, @cpnfeeny, @lifelike, @skittlesvampir and @steko for c
The previous handling could be exploited as a DoS attack vector. (#59) The previous handling could be exploited as a DoS attack vector. (#59)
* Two tests were running on the same port, causing them to fail nondeterministically. (#51) * Two tests were running on the same port, causing them to fail nondeterministically. (#51)
* Rephrased the changelog for 3.0.0 on continuing to use older certificates. (#55) * Rephrased the changelog for 3.0.0 on continuing to use older certificates. (#55)
* Updated dependencies.
## [3.0.2] - 2021-04-08 ## [3.0.2] - 2021-04-08
Thank you to @kvibber, @lifelike and @pasdechance for contributing to this release. Thank you to @kvibber, @lifelike and @pasdechance for contributing to this release.
@ -234,6 +196,7 @@ Thank you to @littleli and @06kellyjac for contributing to this release.
* The GitHub workflow has been fixed so Windows binaries are compressed correctly (#36). * The GitHub workflow has been fixed so Windows binaries are compressed correctly (#36).
* Split out install steps to allow for more options in the future. * Split out install steps to allow for more options in the future.
* Add install notes for nix/NixOS to the README (#38). * Add install notes for nix/NixOS to the README (#38).
* Updated dependencies.
## [2.5.2] - 2021-02-12 ## [2.5.2] - 2021-02-12
@ -330,6 +293,9 @@ Thank you to @Johann150 and @KilianKemps for contributing to this release.
### Added ### Added
* Optional directory listings (#8, #9). * Optional directory listings (#8, #9).
### Fixed
* Updated dependencies.
## [2.0.0] - 2020-12-23 ## [2.0.0] - 2020-12-23
Thank you to @bortzmeyer, @KillianKemps, and @Ylhp for contributing to this release. Thank you to @bortzmeyer, @KillianKemps, and @Ylhp for contributing to this release.
@ -360,6 +326,7 @@ Thank you @Johann150, @jonhiggs and @tronje for contributing to this release!
* verify hostname and port in request URL (#4). * verify hostname and port in request URL (#4).
* improved logging (#2, #3). * improved logging (#2, #3).
* Don't redirect to "/" when the path is empty (#5). * Don't redirect to "/" when the path is empty (#5).
* Update dependencies.
## [1.2.2] - 2020-09-21 ## [1.2.2] - 2020-09-21
Thank you to @m040601 for contributing to this release. Thank you to @m040601 for contributing to this release.
@ -369,11 +336,13 @@ Thank you to @m040601 for contributing to this release.
* Built both x86_64 and ARM binaries. These binaries are built for Linux operating systems with glibc 2.28 or later, such as Debian 10 ("buster") or newer, Ubuntu 18.10 or newer, and Raspberry Pi OS 2019-06-20 or newer (#1). * Built both x86_64 and ARM binaries. These binaries are built for Linux operating systems with glibc 2.28 or later, such as Debian 10 ("buster") or newer, Ubuntu 18.10 or newer, and Raspberry Pi OS 2019-06-20 or newer (#1).
### Fixed ### Fixed
* Update dependencies.
* Minor internal code cleanup. * Minor internal code cleanup.
## [1.2.1] - 2020-06-20 ## [1.2.1] - 2020-06-20
### Fixed ### Fixed
* Reduce memory usage when serving large files. * Reduce memory usage when serving large files.
* Update dependencies.
## [1.2.0] - 2020-06-10 ## [1.2.0] - 2020-06-10
### Changed ### Changed
@ -382,6 +351,7 @@ Thank you to @m040601 for contributing to this release.
### Fixed ### Fixed
* Handling for requests that exceed 1KB. * Handling for requests that exceed 1KB.
* Reduce memory allocations and speed up request parsing. * Reduce memory allocations and speed up request parsing.
* Update dependencies.
## [1.1.0] - 2020-05-22 ## [1.1.0] - 2020-05-22
### Added ### Added
@ -394,24 +364,7 @@ Thank you to @m040601 for contributing to this release.
## [1.0.0] - 2020-05-21 ## [1.0.0] - 2020-05-21
[Unreleased]: https://github.com/mbrubeck/agate/compare/v3.3.18...HEAD [Unreleased]: https://github.com/mbrubeck/agate/compare/v3.3.1...HEAD
[3.3.18]: https://github.com/mbrubeck/agate/compare/v3.3.17...v3.3.18
[3.3.17]: https://github.com/mbrubeck/agate/compare/v3.3.16...v3.3.17
[3.3.16]: https://github.com/mbrubeck/agate/compare/v3.3.15...v3.3.16
[3.3.15]: https://github.com/mbrubeck/agate/compare/v3.3.14...v3.3.15
[3.3.14]: https://github.com/mbrubeck/agate/compare/v3.3.13...v3.3.14
[3.3.13]: https://github.com/mbrubeck/agate/compare/v3.3.12...v3.3.13
[3.3.12]: https://github.com/mbrubeck/agate/compare/v3.3.11...v3.3.12
[3.3.11]: https://github.com/mbrubeck/agate/compare/v3.3.10...v3.3.11
[3.3.10]: https://github.com/mbrubeck/agate/compare/v3.3.9...v3.3.10
[3.3.9]: https://github.com/mbrubeck/agate/compare/v3.3.8...v3.3.9
[3.3.8]: https://github.com/mbrubeck/agate/compare/v3.3.7...v3.3.8
[3.3.7]: https://github.com/mbrubeck/agate/compare/v3.3.6...v3.3.7
[3.3.6]: https://github.com/mbrubeck/agate/compare/v3.3.5...v3.3.6
[3.3.5]: https://github.com/mbrubeck/agate/compare/v3.3.4...v3.3.5
[3.3.4]: https://github.com/mbrubeck/agate/compare/v3.3.3...v3.3.4
[3.3.3]: https://github.com/mbrubeck/agate/compare/v3.3.2...v3.3.3
[3.3.2]: https://github.com/mbrubeck/agate/compare/v3.3.1...v3.3.2
[3.3.1]: https://github.com/mbrubeck/agate/compare/v3.3.0...v3.3.1 [3.3.1]: https://github.com/mbrubeck/agate/compare/v3.3.0...v3.3.1
[3.3.0]: https://github.com/mbrubeck/agate/compare/v3.2.4...v3.3.0 [3.3.0]: https://github.com/mbrubeck/agate/compare/v3.2.4...v3.3.0
[3.2.4]: https://github.com/mbrubeck/agate/compare/v3.2.3...v3.2.4 [3.2.4]: https://github.com/mbrubeck/agate/compare/v3.2.3...v3.2.4

846
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

14
Cargo.toml
View file

@ -1,6 +1,6 @@
[package] [package]
name = "agate" name = "agate"
version = "3.3.20" version = "3.3.11"
authors = ["Matt Brubeck <mbrubeck@limpet.net>", "Johann150 <johann+agate@qwertqwefsday.eu>"] authors = ["Matt Brubeck <mbrubeck@limpet.net>", "Johann150 <johann+agate@qwertqwefsday.eu>"]
description = "Very simple server for the Gemini hypertext protocol" description = "Very simple server for the Gemini hypertext protocol"
keywords = ["server", "gemini", "hypertext", "internet", "protocol"] keywords = ["server", "gemini", "hypertext", "internet", "protocol"]
@ -8,22 +8,22 @@ categories = ["network-programming"]
repository = "https://github.com/mbrubeck/agate" repository = "https://github.com/mbrubeck/agate"
readme = "README.md" readme = "README.md"
license = "MIT OR Apache-2.0" license = "MIT OR Apache-2.0"
edition = "2024" edition = "2021"
exclude = ["/tools", "/.github", "/Cross.toml", "/content", "/CODE_OF_CONDUCT.md", "/CONTRIBUTING.md", "/CHANGELOG.md", "/tests"] exclude = ["/tools", "/.github", "/Cross.toml", "/content", "/CODE_OF_CONDUCT.md", "/CONTRIBUTING.md", "/CHANGELOG.md", "/tests"]
[dependencies] [dependencies]
configparser = "3.0" configparser = "3.0"
env_logger = { version = "0.11", default-features = false, features = ["auto-color", "humantime"] } env_logger = { version = "0.11", default-features = false, features = ["auto-color", "humantime"] }
futures-util = "0.3" futures-util = "0.3"
getopts = { version = "0.2.24", default-features = false } getopts = "0.2.21"
glob = "0.3" glob = "0.3"
log = "0.4" log = "0.4"
mime_guess = "2.0" mime_guess = "2.0"
percent-encoding = "2.3" percent-encoding = "2.3"
rcgen = { version = "0.14.7", default-features = false, features = ["ring"] } rcgen = { version = "0.13.1", default-features = false, features = ["ring"] }
tokio-rustls = { version = "0.26.4", default-features = false, features = ["logging", "ring", "tls12"] } tokio-rustls = { version = "0.26.0", default-features = false, features = ["logging", "ring", "tls12"] }
tokio = { version = "1.49", features = ["fs", "io-util", "net", "rt-multi-thread", "sync"] } tokio = { version = "1.41", features = ["fs", "io-util", "net", "rt-multi-thread", "sync"] }
url = "2.5.8" url = "2.5.4"
[dev-dependencies] [dev-dependencies]
trotter = "1.0" trotter = "1.0"

9
Dockerfile
View file

@ -6,14 +6,7 @@ RUN apk --no-cache add libc-dev
COPY src src COPY src src
COPY Cargo.toml . COPY Cargo.toml .
COPY Cargo.lock . COPY Cargo.lock .
ARG TARGETARCH RUN cargo install --target x86_64-unknown-linux-musl --path .
RUN if [ "$TARGETARCH" = "amd64" ]; then \
cargo install --target x86_64-unknown-linux-musl --path . ; \
elif [ "$TARGETARCH" = "arm64" ]; then \
cargo install --target aarch64-unknown-linux-musl --path . ; \
else \
echo "The architecture $TARGETARCH isn't unsupported." && exit 1; \
fi
FROM docker.io/library/alpine:latest FROM docker.io/library/alpine:latest
COPY --from=builder /usr/local/cargo/bin/agate /usr/bin/agate COPY --from=builder /usr/local/cargo/bin/agate /usr/bin/agate

7
README.md
View file

@ -195,13 +195,6 @@ Using a directory named just `.` causes undefined behaviour as this would have t
The files for a certificate/key pair have to be named `cert.der` and `key.der` respectively. The certificate has to be a X.509 certificate in a DER format file and has to include a subject alt name of the domain name. The private key has to be in DER format and must be either an RSA, ECDSA or Ed25519 key. The files for a certificate/key pair have to be named `cert.der` and `key.der` respectively. The certificate has to be a X.509 certificate in a DER format file and has to include a subject alt name of the domain name. The private key has to be in DER format and must be either an RSA, ECDSA or Ed25519 key.
If you have an existing certificate/key pair in PEM format, you can use these commands to convert them to the DER format:
```shell
openssl x509 -inform pem -in cert.pem -outform der -out cert.der
openssl rsa -inform pem -in privkey.pem -outform der -out key.der
```
## Logging ## Logging
All requests via TCP sockets will be logged using this format: All requests via TCP sockets will be logged using this format:

15
src/certificates.rs
View file

@ -50,13 +50,8 @@ impl Display for CertLoadError {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self { match self {
Self::NoReadCertDir => write!(f, "Could not read from certificate directory."), Self::NoReadCertDir => write!(f, "Could not read from certificate directory."),
Self::Empty => write!( Self::Empty => write!(f, "No keys or certificates were found in the given directory.\nSpecify the --hostname option to generate these automatically."),
f, Self::BadKey(domain, err) => write!(f, "The key file for {domain} is malformed: {err:?}"),
"No keys or certificates were found in the given directory.\nSpecify the --hostname option to generate these automatically."
),
Self::BadKey(domain, err) => {
write!(f, "The key file for {domain} is malformed: {err:?}")
}
Self::MissingKey(domain) => write!(f, "The key file for {domain} is missing."), Self::MissingKey(domain) => write!(f, "The key file for {domain} is missing."),
Self::MissingCert(domain) => { Self::MissingCert(domain) => {
write!(f, "The certificate file for {domain} is missing.") write!(f, "The certificate file for {domain} is missing.")
@ -139,13 +134,13 @@ impl CertStore {
Err(CertLoadError::EmptyDomain(_)) => { /* there are no fallback keys */ } Err(CertLoadError::EmptyDomain(_)) => { /* there are no fallback keys */ }
Err(CertLoadError::Empty) | Err(CertLoadError::NoReadCertDir) => unreachable!(), Err(CertLoadError::Empty) | Err(CertLoadError::NoReadCertDir) => unreachable!(),
Err(CertLoadError::BadKey(_, e)) => { Err(CertLoadError::BadKey(_, e)) => {
return Err(CertLoadError::BadKey("fallback".to_string(), e)); return Err(CertLoadError::BadKey("fallback".to_string(), e))
} }
Err(CertLoadError::MissingKey(_)) => { Err(CertLoadError::MissingKey(_)) => {
return Err(CertLoadError::MissingKey("fallback".to_string())); return Err(CertLoadError::MissingKey("fallback".to_string()))
} }
Err(CertLoadError::MissingCert(_)) => { Err(CertLoadError::MissingCert(_)) => {
return Err(CertLoadError::MissingCert("fallback".to_string())); return Err(CertLoadError::MissingCert("fallback".to_string()))
} }
// For the fallback keys there is no domain name to verify them // For the fallback keys there is no domain name to verify them
// against, so we can skip that step and only have to do it for the // against, so we can skip that step and only have to do it for the

159
src/main.rs
View file

@ -7,7 +7,7 @@ use codes::*;
use metadata::{FileOptions, PresetMeta}; use metadata::{FileOptions, PresetMeta};
use { use {
percent_encoding::{AsciiSet, CONTROLS, percent_decode_str, percent_encode}, percent_encoding::{percent_decode_str, percent_encode, AsciiSet, CONTROLS},
rcgen::{CertificateParams, DnType, KeyPair}, rcgen::{CertificateParams, DnType, KeyPair},
std::{ std::{
borrow::Cow, borrow::Cow,
@ -27,9 +27,9 @@ use {
sync::Mutex, sync::Mutex,
}, },
tokio_rustls::{ tokio_rustls::{
TlsAcceptor,
rustls::{server::ServerConfig, version::TLS13}, rustls::{server::ServerConfig, version::TLS13},
server::TlsStream, server::TlsStream,
TlsAcceptor,
}, },
url::{Host, Url}, url::{Host, Url},
}; };
@ -73,7 +73,7 @@ fn main() {
panic!("Failed to listen on {addr}: {e}") panic!("Failed to listen on {addr}: {e}")
} else { } else {
// already listening on the other unspecified address // already listening on the other unspecified address
log::warn!("Could not start listener on {addr}, but already listening on another unspecified address. Probably your system automatically listens in dual stack?"); log::warn!("Could not start listener on {}, but already listening on another unspecified address. Probably your system automatically listens in dual stack?", addr);
continue; continue;
} }
} }
@ -82,7 +82,7 @@ fn main() {
listening_unspecified |= addr.ip().is_unspecified(); listening_unspecified |= addr.ip().is_unspecified();
handles.push(tokio::spawn(async move { handles.push(tokio::spawn(async move {
log::info!("Started listener on {addr}"); log::info!("Started listener on {}", addr);
loop { loop {
let (stream, _) = listener.accept().await.unwrap_or_else(|e| { let (stream, _) = listener.accept().await.unwrap_or_else(|e| {
@ -92,11 +92,11 @@ fn main() {
tokio::spawn(async { tokio::spawn(async {
match RequestHandle::new(stream, arc).await { match RequestHandle::new(stream, arc).await {
Ok(handle) => match handle.handle().await { Ok(handle) => match handle.handle().await {
Ok(info) => log::info!("{info}"), Ok(info) => log::info!("{}", info),
Err(err) => log::warn!("{err}"), Err(err) => log::warn!("{}", err),
}, },
Err(log_line) => { Err(log_line) => {
log::warn!("{log_line}"); log::warn!("{}", log_line);
} }
} }
}); });
@ -134,11 +134,11 @@ fn main() {
tokio::spawn(async { tokio::spawn(async {
match RequestHandle::new_unix(stream, arc).await { match RequestHandle::new_unix(stream, arc).await {
Ok(handle) => match handle.handle().await { Ok(handle) => match handle.handle().await {
Ok(info) => log::info!("{info}"), Ok(info) => log::info!("{}", info),
Err(err) => log::warn!("{err}"), Err(err) => log::warn!("{}", err),
}, },
Err(log_line) => { Err(log_line) => {
log::warn!("{log_line}"); log::warn!("{}", log_line);
} }
} }
}); });
@ -273,7 +273,10 @@ fn args() -> Result<Args> {
// the directory does not exist // the directory does not exist
Err(_) => { Err(_) => {
// since certificate management should be automated, we are going to create the directory too // since certificate management should be automated, we are going to create the directory too
log::info!("The certificate directory {certs_path:?} does not exist, creating it."); log::info!(
"The certificate directory {:?} does not exist, creating it.",
certs_path
);
std::fs::create_dir(&certs_path).expect("could not create certificate directory"); std::fs::create_dir(&certs_path).expect("could not create certificate directory");
// we just created the directory, skip loading from it // we just created the directory, skip loading from it
(None, PathBuf::from(certs_path)) (None, PathBuf::from(certs_path))
@ -290,53 +293,55 @@ fn args() -> Result<Args> {
let hostname = Host::parse(&s)?; let hostname = Host::parse(&s)?;
// check if we have a certificate for that domain // check if we have a certificate for that domain
if let Host::Domain(ref domain) = hostname if let Host::Domain(ref domain) = hostname {
&& !matches!(certs, Some(ref certs) if certs.has_domain(domain)) if !matches!(certs, Some(ref certs) if certs.has_domain(domain)) {
{ log::info!("No certificate or key found for {:?}, generating them.", s);
log::info!("No certificate or key found for {s:?}, generating them.");
let mut cert_params = CertificateParams::new(vec![domain.clone()])?; let mut cert_params = CertificateParams::new(vec![domain.clone()])?;
cert_params cert_params
.distinguished_name .distinguished_name
.push(DnType::CommonName, domain); .push(DnType::CommonName, domain);
// <CertificateParams as Default>::default() already implements a // <CertificateParams as Default>::default() already implements a
// date in the far future from the time of writing: 4096-01-01 // date in the far future from the time of writing: 4096-01-01
let key_pair = if matches.opt_present("e") { let key_pair = if matches.opt_present("e") {
KeyPair::generate_for(&rcgen::PKCS_ED25519) KeyPair::generate_for(&rcgen::PKCS_ED25519)
} else { } else {
KeyPair::generate() KeyPair::generate()
}?; }?;
// generate the certificate with the configuration // generate the certificate with the configuration
let cert = cert_params.self_signed(&key_pair)?; let cert = cert_params.self_signed(&key_pair)?;
// make sure the certificate directory exists // make sure the certificate directory exists
let cert_dir = certs_path.join(domain); fs::create_dir(certs_path.join(domain))?;
fs::create_dir(&cert_dir)?; // write certificate data to disk
let mut cert_file = File::create(certs_path.join(format!(
// write certificate data to disk "{}/{}",
let mut cert_file = File::create(cert_dir.join(certificates::CERT_FILE_NAME))?; domain,
cert_file.write_all(cert.der())?; certificates::CERT_FILE_NAME
)))?;
// write key data to disk cert_file.write_all(cert.der())?;
let key_file_path = cert_dir.join(certificates::KEY_FILE_NAME); // write key data to disk
let mut key_file = File::create(&key_file_path)?; let key_file_path =
#[cfg(unix)] certs_path.join(format!("{}/{}", domain, certificates::KEY_FILE_NAME));
{ let mut key_file = File::create(&key_file_path)?;
// set permissions so only owner can read #[cfg(unix)]
match key_file.set_permissions(std::fs::Permissions::from_mode(0o400)) { {
Ok(_) => (), // set permissions so only owner can read
Err(_) => log::warn!( match key_file.set_permissions(std::fs::Permissions::from_mode(0o400)) {
"could not set permissions for new key file {}", Ok(_) => (),
key_file_path.display() Err(_) => log::warn!(
), "could not set permissions for new key file {}",
key_file_path.display()
),
}
} }
} key_file.write_all(key_pair.serialized_der())?;
key_file.write_all(key_pair.serialized_der())?;
reload_certs = true; reload_certs = true;
}
} }
hostnames.push(hostname); hostnames.push(hostname);
@ -491,7 +496,7 @@ impl RequestHandle<UnixStream> {
metadata, metadata,
}), }),
// use nonexistent status code 00 if connection was not established // use nonexistent status code 00 if connection was not established
Err(e) => Err(format!("{log_line} \"\" 00 \"TLS error\" error:{e}")), Err(e) => Err(format!("{} \"\" 00 \"TLS error\" error:{}", log_line, e)),
} }
} }
} }
@ -592,13 +597,13 @@ where
} }
// correct port // correct port
if let Some(expected_port) = self.local_port_check if let Some(expected_port) = self.local_port_check {
&& let Some(port) = url.port() if let Some(port) = url.port() {
{ // Validate that the port in the URL is the same as for the stream this request
// Validate that the port in the URL is the same as for the stream this request // came in on.
// came in on. if port != expected_port {
if port != expected_port { return Err((PROXY_REQUEST_REFUSED, "Proxy request refused"));
return Err((PROXY_REQUEST_REFUSED, "Proxy request refused")); }
} }
} }
Ok(url) Ok(url)
@ -657,24 +662,24 @@ where
} }
} }
if let Ok(metadata) = tokio::fs::metadata(&path).await if let Ok(metadata) = tokio::fs::metadata(&path).await {
&& metadata.is_dir() if metadata.is_dir() {
{ if url.path().ends_with('/') || url.path().is_empty() {
if url.path().ends_with('/') || url.path().is_empty() { // if the path ends with a slash or the path is empty, the links will work the same
// if the path ends with a slash or the path is empty, the links will work the same // without a redirect
// without a redirect // use `push` instead of `join` because the changed path is used later
// use `push` instead of `join` because the changed path is used later path.push("index.gmi");
path.push("index.gmi"); if !path.exists() {
if !path.exists() { path.pop();
path.pop(); // try listing directory
// try listing directory return self.list_directory(&path).await;
return self.list_directory(&path).await; }
} else {
// if client is not redirected, links may not work as expected without trailing slash
let mut url = url;
url.set_path(&format!("{}/", url.path()));
return self.send_header(REDIRECT_PERMANENT, url.as_str()).await;
} }
} else {
// if client is not redirected, links may not work as expected without trailing slash
let mut url = url;
url.set_path(&format!("{}/", url.path()));
return self.send_header(REDIRECT_PERMANENT, url.as_str()).await;
} }
} }
@ -738,7 +743,7 @@ where
return Ok(()); return Ok(());
}; };
log::info!("Listing directory {path:?}"); log::info!("Listing directory {:?}", path);
self.send_header(SUCCESS, "text/gemini").await?; self.send_header(SUCCESS, "text/gemini").await?;
self.stream.write_all(preamble.as_bytes()).await?; self.stream.write_all(preamble.as_bytes()).await?;

20
src/metadata.rs
View file

@ -1,5 +1,5 @@
use configparser::ini::Ini; use configparser::ini::Ini;
use glob::{MatchOptions, glob_with}; use glob::{glob_with, MatchOptions};
use std::collections::BTreeMap; use std::collections::BTreeMap;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::time::SystemTime; use std::time::SystemTime;
@ -107,7 +107,7 @@ impl FileOptions {
/// (Re)reads a specified sidecar file. /// (Re)reads a specified sidecar file.
/// This function will allways try to read the file, even if it is current. /// This function will allways try to read the file, even if it is current.
fn read_database(&mut self, db: &Path) { fn read_database(&mut self, db: &Path) {
log::debug!("reading database {db:?}"); log::debug!("reading database {:?}", db);
let mut ini = Ini::new_cs(); let mut ini = Ini::new_cs();
ini.set_default_section("mime"); ini.set_default_section("mime");
@ -124,7 +124,7 @@ impl FileOptions {
let files = match map { let files = match map {
Ok(section) => section, Ok(section) => section,
Err(err) => { Err(err) => {
log::error!("invalid config file {db:?}: {err}"); log::error!("invalid config file {:?}: {}", db, err);
return; return;
} }
}; };
@ -146,9 +146,7 @@ impl FileOptions {
|| !header.chars().nth(1).unwrap().is_ascii_digit() || !header.chars().nth(1).unwrap().is_ascii_digit()
|| !header.chars().nth(2).unwrap().is_whitespace() || !header.chars().nth(2).unwrap().is_whitespace()
{ {
log::error!( log::error!("Line for {:?} starts like a full header line, but it is incorrect; ignoring it.", path);
"Line for {path:?} starts like a full header line, but it is incorrect; ignoring it."
);
return; return;
} }
let separator = header.chars().nth(2).unwrap(); let separator = header.chars().nth(2).unwrap();
@ -156,9 +154,7 @@ impl FileOptions {
// the Gemini specification says that the third // the Gemini specification says that the third
// character has to be a space, so correct any // character has to be a space, so correct any
// other whitespace to it (e.g. tabs) // other whitespace to it (e.g. tabs)
log::warn!( log::warn!("Full Header line for {:?} has an invalid character, treating {:?} as a space.", path, separator);
"Full Header line for {path:?} has an invalid character, treating {separator:?} as a space."
);
} }
let status = header let status = header
.chars() .chars()
@ -190,12 +186,12 @@ impl FileOptions {
match glob_with(path, glob_options) { match glob_with(path, glob_options) {
Ok(paths) => paths.collect::<Vec<_>>(), Ok(paths) => paths.collect::<Vec<_>>(),
Err(err) => { Err(err) => {
log::error!("incorrect glob pattern in {path:?}: {err}"); log::error!("incorrect glob pattern in {:?}: {}", path, err);
continue; continue;
} }
} }
} else { } else {
log::error!("path is not UTF-8: {path:?}"); log::error!("path is not UTF-8: {:?}", path);
continue; continue;
}; };
@ -210,7 +206,7 @@ impl FileOptions {
self.file_meta.insert(path, preset.clone()); self.file_meta.insert(path, preset.clone());
} }
Err(err) => { Err(err) => {
log::warn!("could not process glob path: {err}"); log::warn!("could not process glob path: {}", err);
continue; continue;
} }
}; };

0
tests/data/content/.well-known/hidden-file
View file

13
tests/tests.rs
View file

@ -13,7 +13,7 @@
//! You should have received a copy of the GNU General Public License //! You should have received a copy of the GNU General Public License
//! along with this program. If not, see <https://www.gnu.org/licenses/>. //! along with this program. If not, see <https://www.gnu.org/licenses/>.
use rustls::{ClientConnection, RootCertStore, pki_types::CertificateDer}; use rustls::{pki_types::CertificateDer, ClientConnection, RootCertStore};
use std::convert::TryInto; use std::convert::TryInto;
use std::io::{BufRead, BufReader, Read, Write}; use std::io::{BufRead, BufReader, Read, Write};
use std::net::{SocketAddr, TcpStream, ToSocketAddrs}; use std::net::{SocketAddr, TcpStream, ToSocketAddrs};
@ -401,15 +401,6 @@ fn secret_exists() {
assert_eq!(page.status, Status::Gone.value()); assert_eq!(page.status, Status::Gone.value());
} }
#[test]
/// - status for paths with hidden segments is "gone" if the respective segment is not the last
fn secret_subdir() {
let page =
get(&["-C"], "gemini://localhost/.well-known/hidden-file").expect("could not get page");
assert_eq!(page.status, Status::Gone.value());
}
#[test] #[test]
/// - secret file served if `--serve-secret` is enabled /// - secret file served if `--serve-secret` is enabled
fn serve_secret() { fn serve_secret() {
@ -539,7 +530,7 @@ mod vhosts {
mod multicert { mod multicert {
use super::*; use super::*;
use rustls::{ClientConnection, RootCertStore, pki_types::CertificateDer}; use rustls::{pki_types::CertificateDer, ClientConnection, RootCertStore};
use std::io::Write; use std::io::Write;
use std::net::TcpStream; use std::net::TcpStream;