tjp
/
gus
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Activity
This repository has been archived on 2023-05-01. You can view files and clone it, but cannot push or open issues or pull requests.
gus/contrib/cgi/cgi.go

185 lines
4.1 KiB
Go
Raw Blame History

package cgi
import (
"bytes"
"context"
"crypto/sha256"
"encoding/hex"
"errors"
"io"
"io/fs"
"net"
"os"
"os/exec"
"strings"
"tildegit.org/tjp/gus"
)
// ResolveCGI finds a CGI program corresponding to a request path.
//
// It returns the path to the executable file and the PATH_INFO that should be passed,
// or an error.
//
// It will find executables which are just part way through the path, so for example
// a request for /foo/bar/baz can run an executable found at /foo or /foo/bar. In such
// a case the PATH_INFO would include the remaining portion of the URI path.
func ResolveCGI(requestPath, fsRoot string) (string, string, error) {
segments := strings.Split(strings.TrimLeft(requestPath, "/"), "/")
for i := range append(segments, "") {
filepath := strings.Join(append([]string{fsRoot}, segments[:i]...), "/")
filepath = strings.TrimRight(filepath, "/")
isDir, isExecutable, err := executableFile(filepath)
if err != nil {
return "", "", err
}
if isExecutable {
pathinfo := "/"
if len(segments) > i+1 {
pathinfo = strings.Join(segments[i:], "/")
}
return filepath, pathinfo, nil
}
if !isDir {
break
}
}
return "", "", nil
}
func executableFile(filepath string) (bool, bool, error) {
file, err := os.Open(filepath)
if isNotExistError(err) {
return false, false, nil
}
if err != nil {
return false, false, err
}
defer file.Close()
info, err := file.Stat()
if err != nil {
return false, false, err
}
if info.IsDir() {
return true, false, nil
}
// readable + executable by anyone
return false, info.Mode()&0005 == 0005, nil
}
func isNotExistError(err error) bool {
if err != nil {
var pathErr *fs.PathError
if errors.As(err, &pathErr) {
e := pathErr.Err
if errors.Is(e, fs.ErrInvalid) || errors.Is(e, fs.ErrNotExist) {
return true
}
}
}
return false
}
// RunCGI runs a specific program as a CGI script.
func RunCGI(
ctx context.Context,
request *gus.Request,
executable string,
pathInfo string,
) (io.Reader, int, error) {
pathSegments := strings.Split(executable, "/")
dirPath := "."
if len(pathSegments) > 1 {
dirPath = strings.Join(pathSegments[:len(pathSegments)-1], "/")
}
basename := pathSegments[len(pathSegments)-1]
infoLen := len(pathInfo)
if pathInfo == "/" {
infoLen -= 1
}
scriptName := request.Path[:len(request.Path)-infoLen]
scriptName = strings.TrimSuffix(scriptName, "/")
cmd := exec.CommandContext(ctx, "./"+basename)
cmd.Env = prepareCGIEnv(ctx, request, scriptName, pathInfo)
cmd.Dir = dirPath
responseBuffer := &bytes.Buffer{}
cmd.Stdout = responseBuffer
err := cmd.Run()
if err != nil {
var exErr *exec.ExitError
if errors.As(err, &exErr) {
return responseBuffer, exErr.ExitCode(), nil
}
}
return responseBuffer, cmd.ProcessState.ExitCode(), err
}
func prepareCGIEnv(
ctx context.Context,
request *gus.Request,
scriptName string,
pathInfo string,
) []string {
var authType string
if request.TLSState != nil && len(request.TLSState.PeerCertificates) > 0 {
authType = "Certificate"
}
environ := []string{
"AUTH_TYPE=" + authType,
"CONTENT_LENGTH=",
"CONTENT_TYPE=",
"GATEWAY_INTERFACE=CGI/1.1",
"PATH_INFO=" + pathInfo,
"PATH_TRANSLATED=",
"QUERY_STRING=" + request.RawQuery,
}
host, _, _ := net.SplitHostPort(request.RemoteAddr.String())
environ = append(environ, "REMOTE_ADDR="+host)
environ = append(
environ,
"REMOTE_HOST=",
"REMOTE_IDENT=",
"SCRIPT_NAME="+scriptName,
"SERVER_NAME="+request.Server.Hostname(),
"SERVER_PORT="+request.Server.Port(),
"SERVER_PROTOCOL="+request.Server.Protocol(),
"SERVER_SOFTWARE=GUS",
)
if request.TLSState != nil && len(request.TLSState.PeerCertificates) > 0 {
cert := request.TLSState.PeerCertificates[0]
environ = append(
environ,
"TLS_CLIENT_HASH="+fingerprint(cert.Raw),
"TLS_CLIENT_CERT="+hex.EncodeToString(cert.Raw),
"TLS_CLIENT_ISSUER="+cert.Issuer.String(),
"TLS_CLIENT_ISSUER_CN="+cert.Issuer.CommonName,
"TLS_CLIENT_SUBJECT="+cert.Subject.String(),
"TLS_CLIENT_SUBJECT_CN="+cert.Subject.CommonName,
)
}
return environ
}
func fingerprint(raw []byte) string {
hash := sha256.Sum256(raw)
return hex.EncodeToString(hash[:])
}
Reference in New Issue View Git Blame Copy Permalink