From dd136858f1ea40ad3c94191d647487fa4f31926c Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 18 Oct 2024 20:33:49 +0200 Subject: Adding upstream version 9.0.0. Signed-off-by: Daniel Baumann --- modules/public/mime_types.go | 40 +++++++++++++ modules/public/public.go | 118 +++++++++++++++++++++++++++++++++++++++ modules/public/public_bindata.go | 8 +++ modules/public/public_test.go | 34 +++++++++++ modules/public/serve_dynamic.go | 15 +++++ modules/public/serve_static.go | 24 ++++++++ 6 files changed, 239 insertions(+) create mode 100644 modules/public/mime_types.go create mode 100644 modules/public/public.go create mode 100644 modules/public/public_bindata.go create mode 100644 modules/public/public_test.go create mode 100644 modules/public/serve_dynamic.go create mode 100644 modules/public/serve_static.go (limited to 'modules/public') diff --git a/modules/public/mime_types.go b/modules/public/mime_types.go new file mode 100644 index 0000000..32bdf3b --- /dev/null +++ b/modules/public/mime_types.go @@ -0,0 +1,40 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package public + +import "strings" + +// wellKnownMimeTypesLower comes from Golang's builtin mime package: `builtinTypesLower`, see the comment of detectWellKnownMimeType +var wellKnownMimeTypesLower = map[string]string{ + ".avif": "image/avif", + ".css": "text/css; charset=utf-8", + ".gif": "image/gif", + ".htm": "text/html; charset=utf-8", + ".html": "text/html; charset=utf-8", + ".jpeg": "image/jpeg", + ".jpg": "image/jpeg", + ".js": "text/javascript; charset=utf-8", + ".json": "application/json", + ".mjs": "text/javascript; charset=utf-8", + ".pdf": "application/pdf", + ".png": "image/png", + ".svg": "image/svg+xml", + ".wasm": "application/wasm", + ".webp": "image/webp", + ".xml": "text/xml; charset=utf-8", + + // well, there are some types missing from the builtin list + ".txt": "text/plain; charset=utf-8", +} + +// detectWellKnownMimeType will return the mime-type for a well-known file ext name +// The purpose of this function is to bypass the unstable behavior of Golang's mime.TypeByExtension +// mime.TypeByExtension would use OS's mime-type config to overwrite the well-known types (see its document). +// If the user's OS has incorrect mime-type config, it would make Gitea can not respond a correct Content-Type to browsers. +// For example, if Gitea returns `text/plain` for a `.js` file, the browser couldn't run the JS due to security reasons. +// detectWellKnownMimeType makes the Content-Type for well-known files stable. +func detectWellKnownMimeType(ext string) string { + ext = strings.ToLower(ext) + return wellKnownMimeTypesLower[ext] +} diff --git a/modules/public/public.go b/modules/public/public.go new file mode 100644 index 0000000..abc6b46 --- /dev/null +++ b/modules/public/public.go @@ -0,0 +1,118 @@ +// Copyright 2016 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package public + +import ( + "bytes" + "io" + "net/http" + "os" + "path" + "strings" + "time" + + "code.gitea.io/gitea/modules/assetfs" + "code.gitea.io/gitea/modules/container" + "code.gitea.io/gitea/modules/httpcache" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" +) + +func CustomAssets() *assetfs.Layer { + return assetfs.Local("custom", setting.CustomPath, "public") +} + +func AssetFS() *assetfs.LayeredFS { + return assetfs.Layered(CustomAssets(), BuiltinAssets()) +} + +// FileHandlerFunc implements the static handler for serving files in "public" assets +func FileHandlerFunc() http.HandlerFunc { + assetFS := AssetFS() + return func(resp http.ResponseWriter, req *http.Request) { + if req.Method != "GET" && req.Method != "HEAD" { + resp.WriteHeader(http.StatusMethodNotAllowed) + return + } + handleRequest(resp, req, assetFS, req.URL.Path) + } +} + +// parseAcceptEncoding parse Accept-Encoding: deflate, gzip;q=1.0, *;q=0.5 as compress methods +func parseAcceptEncoding(val string) container.Set[string] { + parts := strings.Split(val, ";") + types := make(container.Set[string]) + for _, v := range strings.Split(parts[0], ",") { + types.Add(strings.TrimSpace(v)) + } + return types +} + +// setWellKnownContentType will set the Content-Type if the file is a well-known type. +// See the comments of detectWellKnownMimeType +func setWellKnownContentType(w http.ResponseWriter, file string) { + mimeType := detectWellKnownMimeType(path.Ext(file)) + if mimeType != "" { + w.Header().Set("Content-Type", mimeType) + } +} + +func handleRequest(w http.ResponseWriter, req *http.Request, fs http.FileSystem, file string) { + // actually, fs (http.FileSystem) is designed to be a safe interface, relative paths won't bypass its parent directory, it's also fine to do a clean here + f, err := fs.Open(util.PathJoinRelX(file)) + if err != nil { + if os.IsNotExist(err) { + w.WriteHeader(http.StatusNotFound) + return + } + w.WriteHeader(http.StatusInternalServerError) + log.Error("[Static] Open %q failed: %v", file, err) + return + } + defer f.Close() + + fi, err := f.Stat() + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + log.Error("[Static] %q exists, but fails to open: %v", file, err) + return + } + + // need to serve index file? (no at the moment) + if fi.IsDir() { + w.WriteHeader(http.StatusNotFound) + return + } + + serveContent(w, req, fi, fi.ModTime(), f) +} + +type GzipBytesProvider interface { + GzipBytes() []byte +} + +// serveContent serve http content +func serveContent(w http.ResponseWriter, req *http.Request, fi os.FileInfo, modtime time.Time, content io.ReadSeeker) { + setWellKnownContentType(w, fi.Name()) + + encodings := parseAcceptEncoding(req.Header.Get("Accept-Encoding")) + if encodings.Contains("gzip") { + // try to provide gzip content directly from bindata (provided by vfsgen۰CompressedFileInfo) + if compressed, ok := fi.(GzipBytesProvider); ok { + rdGzip := bytes.NewReader(compressed.GzipBytes()) + // all gzipped static files (from bindata) are managed by Gitea, so we can make sure every file has the correct ext name + // then we can get the correct Content-Type, we do not need to do http.DetectContentType on the decompressed data + if w.Header().Get("Content-Type") == "" { + w.Header().Set("Content-Type", "application/octet-stream") + } + w.Header().Set("Content-Encoding", "gzip") + httpcache.ServeContentWithCacheControl(w, req, fi.Name(), modtime, rdGzip) + return + } + } + + httpcache.ServeContentWithCacheControl(w, req, fi.Name(), modtime, content) + return +} diff --git a/modules/public/public_bindata.go b/modules/public/public_bindata.go new file mode 100644 index 0000000..4878f88 --- /dev/null +++ b/modules/public/public_bindata.go @@ -0,0 +1,8 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +//go:build bindata + +package public + +//go:generate go run ../../build/generate-bindata.go ../../public public bindata.go true diff --git a/modules/public/public_test.go b/modules/public/public_test.go new file mode 100644 index 0000000..5e4bf5d --- /dev/null +++ b/modules/public/public_test.go @@ -0,0 +1,34 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package public + +import ( + "testing" + + "code.gitea.io/gitea/modules/container" + + "github.com/stretchr/testify/assert" +) + +func TestParseAcceptEncoding(t *testing.T) { + kases := []struct { + Header string + Expected container.Set[string] + }{ + { + Header: "deflate, gzip;q=1.0, *;q=0.5", + Expected: container.SetOf("deflate", "gzip"), + }, + { + Header: " gzip, deflate, br", + Expected: container.SetOf("deflate", "gzip", "br"), + }, + } + + for _, kase := range kases { + t.Run(kase.Header, func(t *testing.T) { + assert.EqualValues(t, kase.Expected, parseAcceptEncoding(kase.Header)) + }) + } +} diff --git a/modules/public/serve_dynamic.go b/modules/public/serve_dynamic.go new file mode 100644 index 0000000..a668b17 --- /dev/null +++ b/modules/public/serve_dynamic.go @@ -0,0 +1,15 @@ +// Copyright 2016 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +//go:build !bindata + +package public + +import ( + "code.gitea.io/gitea/modules/assetfs" + "code.gitea.io/gitea/modules/setting" +) + +func BuiltinAssets() *assetfs.Layer { + return assetfs.Local("builtin(static)", setting.StaticRootPath, "public") +} diff --git a/modules/public/serve_static.go b/modules/public/serve_static.go new file mode 100644 index 0000000..e790850 --- /dev/null +++ b/modules/public/serve_static.go @@ -0,0 +1,24 @@ +// Copyright 2016 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +//go:build bindata + +package public + +import ( + "time" + + "code.gitea.io/gitea/modules/assetfs" + "code.gitea.io/gitea/modules/timeutil" +) + +var _ GzipBytesProvider = (*vfsgen۰CompressedFileInfo)(nil) + +// GlobalModTime provide a global mod time for embedded asset files +func GlobalModTime(filename string) time.Time { + return timeutil.GetExecutableModTime() +} + +func BuiltinAssets() *assetfs.Layer { + return assetfs.Bindata("builtin(bindata)", Assets) +} -- cgit v1.2.3