(chicken process)
(chicken process-context)
(chicken process-context posix)
+ (chicken gc)
matchable srfi-13 srfi-1
uri-common tcp6 openssl)
(define-record config
- root-dir host port certfile keyfile uid gid)
+ root-dir host port certfile keyfile uid gid blacklist blacklist-resp)
(define file-types
'(("gmi" "text/gemini" "charset=utf-8")
("png" "image/png")
("mp3" "audio/mpeg")))
+(define eval-env-file "eval-env.scm")
+(define eval-env (interaction-environment))
+
(define (process-request config request-line)
(let ((uri (uri-normalize-path-segments (absolute-uri request-line))))
(cond
(with-current-working-directory
working-directory
(lambda ()
- (eval expression))))
+ (eval expression eval-env))))
(('shell command)
(with-current-working-directory
working-directory
(define (serve-script config uri)
;; Scripts are responsible for the entire response, including header
(let* ((path (document-path config uri))
- (proc (eval (with-input-from-file path read))))
+ (proc (eval (with-input-from-file path read) eval-env)))
(with-current-working-directory
(pathname-directory (document-path config uri))
(lambda ()
"Port: '" (config-port config) "'\n"
"Root directory: '" (config-root-dir config) "'\n"
"Cert file: '" (config-certfile config) "'\n"
- "Key file: '" (config-keyfile config) "'\n"
- "\n"
- "Gemini server listening ...")
+ "Key file: '" (config-keyfile config) "'")
+
+ (if (config-blacklist config)
+ (print "Blacklist file: '" (config-blacklist config) "'"))
+ (if (config-blacklist-resp config)
+ (print "Blacklist responce file: '" (config-blacklist-resp config) "'"))
+ (print)
+
+ (print* "Dropping privilages ... ")
(drop-privs config)
+ (print "done")
+
+ (print* "Setting up environment ... ")
+ (setup-env config)
+ (print "done")
+
+ (print "\nGemini server listening ...")
(server-loop listener config))
+(define (setup-env config)
+ (with-current-working-directory
+ (config-root-dir config)
+ (lambda ()
+ (if (and (file-exists? eval-env-file) (file-readable? eval-env-file))
+ (with-input-from-file eval-env-file
+ (lambda ()
+ (let loop ((next-expr (read)))
+ (unless (eof-object? next-expr)
+ (eval next-expr eval-env)
+ (loop (read))))))))))
+
(define (drop-privs config)
(let ((uid (config-uid config))
(gid (config-gid config)))
(define (server-loop listener config)
(let-values (((in-port out-port) (ssl-accept listener)))
(let-values (((local-ip remote-ip) (tcp-addresses (ssl-port->tcp-port in-port))))
+ (print (conc "Memory statistics: " (memory-statistics)))
(print "Accepted connection from " remote-ip
" on " (seconds->string))
(condition-case
- (let ((request-line (read-line in-port)))
- (print* "Serving request '" request-line "' ... ")
- (with-output-to-port out-port
- (lambda ()
- (process-request config request-line)))
- (print "done."))
+ (if (and (config-blacklist config)
+ (member remote-ip
+ (with-input-from-file
+ (config-blacklist config)
+ read)))
+ (begin
+ (print "Connection from blacklisted IP. Closing.")
+ (with-output-to-port out-port
+ (lambda ()
+ (serve-document-header (ext->mime "txt"))
+ (print "Refusing to serve to IP " remote-ip ".\n")
+ (when (config-blacklist-resp config)
+ (print)
+ (for-each print
+ (with-input-from-file
+ (config-blacklist-resp config)
+ read-lines))))))
+ (let ((request-line (read-line in-port)))
+ (print* "Serving request '" request-line "' ... ")
+ (with-output-to-port out-port
+ (lambda ()
+ (process-request config request-line)))
+ (print "done.")))
(o (exn)
(print-error-message o))))
(close-input-port in-port)
(print "Usage:\n"
progname " [-h/--help]\n"
progname " [-p/--port PORT] [-u/--user UID] [-g/--group GID]\n"
- indent-str " server-root-dir hostname certfile keyfile")))
+ indent-str " [-b/--blacklist FILE] [-r/--blacklist-resp RESPFILE]\n"
+ indent-str " server-root-dir hostname certfile keyfile\n"
+ "\n"
+ "The -b option can be used to specify a FILE containing a list of IP addresses\n"
+ "to block from the server. If a connection from a blocked address is served,\n"
+ "the response file RESPFILE is served instead, if this is provided.")))
(define (main)
(let* ((progname (pathname-file (car (argv))))
- (config (make-config #f #f 1965 #f #f #f #f)))
- (if (null? (cdr (argv)))
+ (config (make-config #f #f 1965 #f #f #f #f #f #f)))
+ (if (null? (command-line-arguments))
(print-usage progname)
- (let loop ((args (cdr (argv))))
+ (let loop ((args (command-line-arguments)))
(let ((this-arg (car args))
(rest-args (cdr args)))
(if (string-prefix? "-" this-arg)
(equal? this-arg "--group"))
(config-gid-set! config (string->number (car rest-args)))
(loop (cdr rest-args)))
+ ((or (equal? this-arg "-b")
+ (equal? this-arg "--blacklist"))
+ (config-blacklist-set! config (car rest-args))
+ (loop (cdr rest-args)))
+ ((or (equal? this-arg "-r")
+ (equal? this-arg "--blacklist-resp"))
+ (config-blacklist-resp-set! config (car rest-args))
+ (loop (cdr rest-args)))
(else
(print-usage progname)))
(match args
The Lambda Lab / projects / rags.git / blobdiff