(chicken process)
(chicken process-context)
(chicken process-context posix)
+ (chicken gc)
matchable srfi-13 srfi-1
uri-common tcp6 openssl)
(define-record config
- root-dir host port certfile keyfile uid gid)
+ root-dir host port certfile keyfile uid gid blacklist blacklist-resp)
(define file-types
'(("gmi" "text/gemini" "charset=utf-8")
("txt" "text/plain" "charset=utf-8")
- ("xml" "text/xml" "charset=utf-8")))
+ ("csv" "text/csv" "charset=utf-8")
+ ("html" "text/html" "charset=utf-8")
+ ("xml" "text/xml" "charset=utf-8")
+ ("pdf" "application/pdf")
+ ("zip" "application/zip")
+ ("jpg" "image/jpeg")
+ ("jpeg" "image/jpeg")
+ ("png" "image/png")
+ ("mp3" "audio/mpeg")))
+
+(define eval-env-file "eval-env.scm")
+(define eval-env (interaction-environment))
(define (process-request config request-line)
(let ((uri (uri-normalize-path-segments (absolute-uri request-line))))
((and (document-path-directory? config uri)
(uri-lacks-trailing-slash? uri))
(redirect-permanent (uri-with-trailing-slash uri)))
+ ((document-script? config uri)
+ (serve-script config uri))
(else
(serve-document config uri)))))
(define (redirect-permanent new-uri)
(print "30 " (uri->string new-uri) "\r"))
+(define (serve-query prompt)
+ (print "10 " prompt "\r"))
+
(define (uri-lacks-trailing-slash? uri)
(not (string-null? (last (uri-path uri)))))
(define (document-available? config uri)
(file-exists? (document-path config uri)))
+(define (document-script? config uri)
+ (let ((path (document-path config uri)))
+ (and (file-exists? path)
+ (file-executable? path)
+ (equal? (pathname-extension path) "scm"))))
+
(define (document-path-directory? config uri)
(directory-exists? (document-path-raw config uri)))
(if (directory-exists? path)
(make-pathname path "index.gmi")
path)))
+
+(define (ext->mime ext)
+ (let* ((mime-detected (assoc ext file-types)))
+ (cdr (if mime-detected
+ mime-detected
+ (assoc "txt" file-types)))))
+
+(define (serve-document-header mime)
+ (print "20 " (string-intersperse mime ";") "\r"))
(define (serve-document config uri)
(let* ((path (document-path config uri))
(ext (pathname-extension path))
- (mime-detected (assoc ext file-types))
- (mime (if mime-detected mime-detected (assoc "txt" file-types)))
- (mime-type (cadr mime)))
- (print "20 " (string-intersperse (cdr mime) ";") "\r")
+ (mime (ext->mime ext)))
+ (serve-document-header mime)
(cond
((file-executable? path)
(serve-text-dynamic path)) ; Binary-files can also be generated here, but the source is dynamic text
- ((string-prefix? "text/" mime-type)
+ ((string-prefix? "text/" (car mime))
(serve-text-plain path))
(else (serve-binary path)))))
(with-current-working-directory
working-directory
(lambda ()
- (eval expression))))
+ (eval expression eval-env))))
(('shell command)
(with-current-working-directory
working-directory
(close-output-port out-port))))))
(else (error "Unknown element type."))))
+(define (serve-script config uri)
+ ;; Scripts are responsible for the entire response, including header
+ (let* ((path (document-path config uri))
+ (proc (eval (with-input-from-file path read) eval-env)))
+ (with-current-working-directory
+ (pathname-directory (document-path config uri))
+ (lambda ()
+ (apply proc (list uri))))))
+
(define (with-current-working-directory directory thunk)
(let ((old-wd (current-directory))
(result 'none))
"Port: '" (config-port config) "'\n"
"Root directory: '" (config-root-dir config) "'\n"
"Cert file: '" (config-certfile config) "'\n"
- "Key file: '" (config-keyfile config) "'\n"
- "\n"
- "Gemini server listening ...")
+ "Key file: '" (config-keyfile config) "'")
+ (if (config-blacklist config)
+ (print "Blacklist file: '" (config-blacklist config) "'"))
+ (if (config-blacklist-resp config)
+ (print "Blacklist responce file: '" (config-blacklist-resp config) "'"))
+
+ (print)
+
+ (print* "Dropping privilages ... ")
(drop-privs config)
+ (print "done")
+
+ (print* "Setting up environment ... ")
+ (setup-env config)
+ (print "done")
+
+ (print "\nGemini server listening ...")
(server-loop listener config))
+(define (setup-env config)
+ (with-current-working-directory
+ (config-root-dir config)
+ (lambda ()
+ (if (and (file-exists? eval-env-file) (file-readable? eval-env-file))
+ (with-input-from-file eval-env-file
+ (lambda ()
+ (let loop ((next-expr (read)))
+ (unless (eof-object? next-expr)
+ (eval next-expr eval-env)
+ (loop (read))))))))))
+
(define (drop-privs config)
(let ((uid (config-uid config))
(gid (config-gid config)))
(define (server-loop listener config)
(let-values (((in-port out-port) (ssl-accept listener)))
(let-values (((local-ip remote-ip) (tcp-addresses (ssl-port->tcp-port in-port))))
+ (print (conc "Memory statistics: " (memory-statistics)))
(print "Accepted connection from " remote-ip
" on " (seconds->string))
(condition-case
- (let ((request-line (read-line in-port)))
- (print* "Serving request '" request-line "' ... ")
- (with-output-to-port out-port
- (lambda ()
- (process-request config request-line)))
- (print "done."))
+ (if (and (config-blacklist config)
+ (member remote-ip
+ (with-input-from-file
+ (config-blacklist config)
+ read)))
+ (begin
+ (print "Connection from blacklisted IP. Closing.")
+ (with-output-to-port out-port
+ (lambda ()
+ (serve-document-header (ext->mime "txt"))
+ (print "Refusing to serve to IP " remote-ip ".\n")
+ (when (config-blacklist-resp config)
+ (print)
+ (for-each print
+ (with-input-from-file
+ (config-blacklist-resp config)
+ read-lines))))))
+ (let ((request-line (read-line in-port)))
+ (print* "Serving request '" request-line "' ... ")
+ (with-output-to-port out-port
+ (lambda ()
+ (process-request config request-line)))
+ (print "done.")))
(o (exn)
(print-error-message o))))
(close-input-port in-port)
(print "Usage:\n"
progname " [-h/--help]\n"
progname " [-p/--port PORT] [-u/--user UID] [-g/--group GID]\n"
- indent-str " server-root-dir hostname certfile keyfile")))
+ indent-str " [-b/--blacklist FILE] [-r/--blacklist-resp RESPFILE]\n"
+ indent-str " server-root-dir hostname certfile keyfile\n"
+ "\n"
+ "The -b option can be used to specify a FILE containing a list of IP addresses\n"
+ "to block from the server. If a connection from a blocked address is served,\n"
+ "the response file RESPFILE is served instead, if this is provided.")))
(define (main)
(let* ((progname (pathname-file (car (argv))))
- (config (make-config #f #f 1965 #f #f #f #f)))
- (if (null? (cdr (argv)))
+ (config (make-config #f #f 1965 #f #f #f #f #f #f)))
+ (if (null? (command-line-arguments))
(print-usage progname)
- (let loop ((args (cdr (argv))))
+ (let loop ((args (command-line-arguments)))
(let ((this-arg (car args))
(rest-args (cdr args)))
(if (string-prefix? "-" this-arg)
(equal? this-arg "--group"))
(config-gid-set! config (string->number (car rest-args)))
(loop (cdr rest-args)))
+ ((or (equal? this-arg "-b")
+ (equal? this-arg "--blacklist"))
+ (config-blacklist-set! config (car rest-args))
+ (loop (cdr rest-args)))
+ ((or (equal? this-arg "-r")
+ (equal? this-arg "--blacklist-resp"))
+ (config-blacklist-resp-set! config (car rest-args))
+ (loop (cdr rest-args)))
(else
(print-usage progname)))
(match args