X-Git-Url: https://thelambdalab.xyz/gitweb/index.cgi?p=rags.git;a=blobdiff_plain;f=rags.scm;h=febfd823f986ac4a36478c9c3904c16ad7a921db;hp=177c7b5701d622c99f0c279b4da48af7be7aee1a;hb=HEAD;hpb=fdce37f4be71360bea1ebd0ed864ebffed84265d diff --git a/rags.scm b/rags.scm index 177c7b5..febfd82 100644 --- a/rags.scm +++ b/rags.scm @@ -17,11 +17,12 @@ (chicken process) (chicken process-context) (chicken process-context posix) + (chicken gc) matchable srfi-13 srfi-1 uri-common tcp6 openssl) (define-record config - root-dir host port certfile keyfile uid gid) + root-dir host port certfile keyfile uid gid blacklist blacklist-resp) (define file-types '(("gmi" "text/gemini" "charset=utf-8") @@ -36,6 +37,9 @@ ("png" "image/png") ("mp3" "audio/mpeg"))) +(define eval-env-file "eval-env.scm") +(define eval-env (interaction-environment)) + (define (process-request config request-line) (let ((uri (uri-normalize-path-segments (absolute-uri request-line)))) (cond @@ -63,6 +67,9 @@ (define (redirect-permanent new-uri) (print "30 " (uri->string new-uri) "\r")) +(define (serve-query prompt) + (print "10 " prompt "\r")) + (define (uri-lacks-trailing-slash? uri) (not (string-null? (last (uri-path uri))))) @@ -90,18 +97,25 @@ (if (directory-exists? path) (make-pathname path "index.gmi") path))) + +(define (ext->mime ext) + (let* ((mime-detected (assoc ext file-types))) + (cdr (if mime-detected + mime-detected + (assoc "txt" file-types))))) + +(define (serve-document-header mime) + (print "20 " (string-intersperse mime ";") "\r")) (define (serve-document config uri) (let* ((path (document-path config uri)) (ext (pathname-extension path)) - (mime-detected (assoc ext file-types)) - (mime (if mime-detected mime-detected (assoc "txt" file-types))) - (mime-type (cadr mime))) - (print "20 " (string-intersperse (cdr mime) ";") "\r") + (mime (ext->mime ext))) + (serve-document-header mime) (cond ((file-executable? path) (serve-text-dynamic path)) ; Binary-files can also be generated here, but the source is dynamic text - ((string-prefix? "text/" mime-type) + ((string-prefix? "text/" (car mime)) (serve-text-plain path)) (else (serve-binary path))))) @@ -134,7 +148,7 @@ (with-current-working-directory working-directory (lambda () - (eval expression)))) + (eval expression eval-env)))) (('shell command) (with-current-working-directory working-directory @@ -149,9 +163,12 @@ (define (serve-script config uri) ;; Scripts are responsible for the entire response, including header - (let ((path (document-path config uri))) - (apply (eval (with-input-from-file path read)) - (list uri)))) + (let* ((path (document-path config uri)) + (proc (eval (with-input-from-file path read) eval-env))) + (with-current-working-directory + (pathname-directory (document-path config uri)) + (lambda () + (apply proc (list uri)))))) (define (with-current-working-directory directory thunk) (let ((old-wd (current-directory)) @@ -177,13 +194,38 @@ "Port: '" (config-port config) "'\n" "Root directory: '" (config-root-dir config) "'\n" "Cert file: '" (config-certfile config) "'\n" - "Key file: '" (config-keyfile config) "'\n" - "\n" - "Gemini server listening ...") + "Key file: '" (config-keyfile config) "'") + + (if (config-blacklist config) + (print "Blacklist file: '" (config-blacklist config) "'")) + (if (config-blacklist-resp config) + (print "Blacklist responce file: '" (config-blacklist-resp config) "'")) + (print) + + (print* "Dropping privilages ... ") (drop-privs config) + (print "done") + + (print* "Setting up environment ... ") + (setup-env config) + (print "done") + + (print "\nGemini server listening ...") (server-loop listener config)) +(define (setup-env config) + (with-current-working-directory + (config-root-dir config) + (lambda () + (if (and (file-exists? eval-env-file) (file-readable? eval-env-file)) + (with-input-from-file eval-env-file + (lambda () + (let loop ((next-expr (read))) + (unless (eof-object? next-expr) + (eval next-expr eval-env) + (loop (read)))))))))) + (define (drop-privs config) (let ((uid (config-uid config)) (gid (config-gid config))) @@ -196,15 +238,33 @@ (define (server-loop listener config) (let-values (((in-port out-port) (ssl-accept listener))) (let-values (((local-ip remote-ip) (tcp-addresses (ssl-port->tcp-port in-port)))) + (print (conc "Memory statistics: " (memory-statistics))) (print "Accepted connection from " remote-ip " on " (seconds->string)) (condition-case - (let ((request-line (read-line in-port))) - (print* "Serving request '" request-line "' ... ") - (with-output-to-port out-port - (lambda () - (process-request config request-line))) - (print "done.")) + (if (and (config-blacklist config) + (member remote-ip + (with-input-from-file + (config-blacklist config) + read))) + (begin + (print "Connection from blacklisted IP. Closing.") + (with-output-to-port out-port + (lambda () + (serve-document-header (ext->mime "txt")) + (print "Refusing to serve to IP " remote-ip ".\n") + (when (config-blacklist-resp config) + (print) + (for-each print + (with-input-from-file + (config-blacklist-resp config) + read-lines)))))) + (let ((request-line (read-line in-port))) + (print* "Serving request '" request-line "' ... ") + (with-output-to-port out-port + (lambda () + (process-request config request-line))) + (print "done."))) (o (exn) (print-error-message o)))) (close-input-port in-port) @@ -217,14 +277,19 @@ (print "Usage:\n" progname " [-h/--help]\n" progname " [-p/--port PORT] [-u/--user UID] [-g/--group GID]\n" - indent-str " server-root-dir hostname certfile keyfile"))) + indent-str " [-b/--blacklist FILE] [-r/--blacklist-resp RESPFILE]\n" + indent-str " server-root-dir hostname certfile keyfile\n" + "\n" + "The -b option can be used to specify a FILE containing a list of IP addresses\n" + "to block from the server. If a connection from a blocked address is served,\n" + "the response file RESPFILE is served instead, if this is provided."))) (define (main) (let* ((progname (pathname-file (car (argv)))) - (config (make-config #f #f 1965 #f #f #f #f))) - (if (null? (cdr (argv))) + (config (make-config #f #f 1965 #f #f #f #f #f #f))) + (if (null? (command-line-arguments)) (print-usage progname) - (let loop ((args (cdr (argv)))) + (let loop ((args (command-line-arguments))) (let ((this-arg (car args)) (rest-args (cdr args))) (if (string-prefix? "-" this-arg) @@ -244,6 +309,14 @@ (equal? this-arg "--group")) (config-gid-set! config (string->number (car rest-args))) (loop (cdr rest-args))) + ((or (equal? this-arg "-b") + (equal? this-arg "--blacklist")) + (config-blacklist-set! config (car rest-args)) + (loop (cdr rest-args))) + ((or (equal? this-arg "-r") + (equal? this-arg "--blacklist-resp")) + (config-blacklist-resp-set! config (car rest-args)) + (loop (cdr rest-args))) (else (print-usage progname))) (match args