go-gemini/client.go

package gemini

import (
	"bufio"
	"context"
	"crypto/tls"
	"crypto/x509"
	"errors"
	"fmt"
	"net"
	"time"
)

// Client is a Gemini client.
type Client struct {
	// TrustCertificate is called to determine whether the client
	// should trust the certificate provided by the server.
	// If TrustCertificate is nil, the client will accept any certificate.
	// If the returned error is not nil, the certificate will not be trusted
	// and the request will be aborted.
	//
	// See the tofu submodule for an implementation of trust on first use.
	TrustCertificate func(hostname string, cert *x509.Certificate) error

	// Timeout specifies a time limit for requests made by this
	// Client. The timeout includes connection time and reading
	// the response body. The timer remains running after
	// Get and Do return and will interrupt reading of the Response.Body.
	//
	// A Timeout of zero means no timeout.
	Timeout time.Duration
}

// Get performs a Gemini request for the given URL.
func (c *Client) Get(url string) (*Response, error) {
	req, err := NewRequest(url)
	if err != nil {
		return nil, err
	}
	return c.Do(req)
}

// Do performs a Gemini request and returns a Gemini response.
func (c *Client) Do(req *Request) (*Response, error) {
	// Punycode request URL
	if punycode, err := punycodeHost(req.URL.Host); err != nil {
		return nil, err
	} else {
		// Make a copy of the request
		_req := *req
		req = &_req
		_url := *req.URL
		req.URL = &_url

		// Set the host
		req.URL.Host = punycode
	}

	// Extract hostname and punycode it
	hostname, port, err := net.SplitHostPort(req.Host)
	if err != nil {
		return nil, err
	}
	punycode, err := punycodeHostname(hostname)
	if err != nil {
		return nil, err
	}

	// Connect to the host
	config := &tls.Config{
		InsecureSkipVerify: true,
		MinVersion:         tls.VersionTLS12,
		GetClientCertificate: func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) {
			if req.Certificate != nil {
				return req.Certificate, nil
			}
			return &tls.Certificate{}, nil
		},
		VerifyConnection: func(cs tls.ConnectionState) error {
			return c.verifyConnection(hostname, punycode, cs)
		},
		ServerName: punycode,
	}

	ctx := req.Context
	if ctx == nil {
		ctx = context.Background()
	}

	start := time.Now()
	dialer := net.Dialer{
		Timeout: c.Timeout,
	}

	address := net.JoinHostPort(punycode, port)
	netConn, err := dialer.DialContext(ctx, "tcp", address)
	if err != nil {
		return nil, err
	}

	conn := tls.Client(netConn, config)

	// Set connection deadline
	if c.Timeout != 0 {
		err := conn.SetDeadline(start.Add(c.Timeout))
		if err != nil {
			return nil, fmt.Errorf("failed to set connection deadline: %w", err)
		}
	}

	resp, err := c.do(conn, req)
	if err != nil {
		// If we fail to perform the request/response we have
		// to take responsibility for closing the connection.
		_ = conn.Close()

		return nil, err
	}

	// Store connection state
	state := conn.ConnectionState()
	resp.TLS = &state

	return resp, nil
}

func (c *Client) do(conn *tls.Conn, req *Request) (*Response, error) {
	// Write the request
	w := bufio.NewWriter(conn)

	err := req.Write(w)
	if err != nil {
		return nil, fmt.Errorf("failed to write request: %w", err)
	}

	if err := w.Flush(); err != nil {
		return nil, err
	}

	// Read the response
	resp, err := ReadResponse(conn)
	if err != nil {
		return nil, err
	}

	return resp, nil
}

func (c *Client) verifyConnection(hostname, punycode string, cs tls.ConnectionState) error {
	cert := cs.PeerCertificates[0]
	// Try punycode and then hostname
	if err := verifyHostname(cert, punycode); err != nil {
		if err := verifyHostname(cert, hostname); err != nil {
			return err
		}
	}
	// Check expiration date
	if !time.Now().Before(cert.NotAfter) {
		return errors.New("gemini: certificate expired")
	}

	// See if the client trusts the certificate
	if c.TrustCertificate != nil {
		return c.TrustCertificate(hostname, cert)
	}
	return nil
}
Rename repository to go-gemini 2020-10-24 21:15:32 +02:00			`package gemini`
Add package declaration comment 2020-09-22 04:09:50 +02:00
			`import (`
Refactor 2020-09-24 06:30:21 +02:00			`"bufio"`
Allow Request.Context to be nil 2020-12-17 23:16:55 +01:00			`"context"`
Add package declaration comment 2020-09-22 04:09:50 +02:00			`"crypto/tls"`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`"crypto/x509"`
client: Verify expiration time 2020-12-19 19:43:47 +01:00			`"errors"`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00			`"fmt"`
Add (*Client).Get function 2020-10-28 00:21:33 +01:00			`"net"`
Implement Client connection timeout 2020-11-01 01:55:56 +01:00			`"time"`
Add package declaration comment 2020-09-22 04:09:50 +02:00			`)`

Refactor client certificates 2020-10-28 18:40:25 +01:00			`// Client is a Gemini client.`
Refactor TOFU 2020-09-26 05:06:54 +02:00			`type Client struct {`
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`// TrustCertificate is called to determine whether the client`
			`// should trust the certificate provided by the server.`
			`// If TrustCertificate is nil, the client will accept any certificate.`
			`// If the returned error is not nil, the certificate will not be trusted`
			`// and the request will be aborted.`
client: Add note about TOFU 2021-01-15 04:34:12 +01:00			`//`
tofu: Implement PersistentHosts 2021-01-25 18:02:09 +01:00			`// See the tofu submodule for an implementation of trust on first use.`
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`TrustCertificate func(hostname string, cert *x509.Certificate) error`
Implement Client connection timeout 2020-11-01 01:55:56 +01:00
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`// Timeout specifies a time limit for requests made by this`
			`// Client. The timeout includes connection time and reading`
			`// the response body. The timer remains running after`
			`// Get and Do return and will interrupt reading of the Response.Body.`
Update documentation 2020-11-01 04:05:31 +01:00			`//`
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`// A Timeout of zero means no timeout.`
			`Timeout time.Duration`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`}`

Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`// Get performs a Gemini request for the given URL.`
Add (*Client).Get function 2020-10-28 00:21:33 +01:00			`func (c Client) Get(url string) (Response, error) {`
			`req, err := NewRequest(url)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return c.Do(req)`
			`}`

			`// Do performs a Gemini request and returns a Gemini response.`
			`func (c Client) Do(req Request) (*Response, error) {`
client: Punycode request URL 2021-02-09 22:55:14 +01:00			`// Punycode request URL`
			`if punycode, err := punycodeHost(req.URL.Host); err != nil {`
			`return nil, err`
			`} else {`
			`// Make a copy of the request`
			`_req := *req`
			`req = &_req`
			`_url := *req.URL`
			`req.URL = &_url`

			`// Set the host`
			`req.URL.Host = punycode`
			`}`

			`// Extract hostname and punycode it`
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`hostname, port, err := net.SplitHostPort(req.Host)`
			`if err != nil {`
			`return nil, err`
			`}`
			`punycode, err := punycodeHostname(hostname)`
			`if err != nil {`
			`return nil, err`
Fix server name in TLS connections 2020-11-27 23:45:15 +01:00			`}`

Implement configurable Client 2020-09-26 01:53:50 +02:00			`// Connect to the host`
			`config := &tls.Config{`
			`InsecureSkipVerify: true,`
Specify minimum version of TLS 1.2 2020-09-26 06:31:16 +02:00			`MinVersion: tls.VersionTLS12,`
Refactor client certificates 2020-10-28 18:40:25 +01:00			`GetClientCertificate: func(_ tls.CertificateRequestInfo) (tls.Certificate, error) {`
client: Add GetCertificate callback 2020-12-17 22:46:16 +01:00			`if req.Certificate != nil {`
			`return req.Certificate, nil`
			`}`
			`return &tls.Certificate{}, nil`
Add preliminary CertificateStore API 2020-09-26 21:14:34 +02:00			`},`
Move certificate verification code to VerifyConnection 2020-10-13 22:44:46 +02:00			`VerifyConnection: func(cs tls.ConnectionState) error {`
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`return c.verifyConnection(hostname, punycode, cs)`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`},`
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`ServerName: punycode,`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`}`
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00
Allow Request.Context to be nil 2020-12-17 23:16:55 +01:00			`ctx := req.Context`
			`if ctx == nil {`
			`ctx = context.Background()`
			`}`
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00
			`start := time.Now()`
			`dialer := net.Dialer{`
			`Timeout: c.Timeout,`
			`}`

client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`address := net.JoinHostPort(punycode, port)`
			`netConn, err := dialer.DialContext(ctx, "tcp", address)`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`if err != nil {`
			`return nil, err`
			`}`
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00
Add context to requests 2020-11-26 06:42:25 +01:00			`conn := tls.Client(netConn, config)`
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00
Implement Client connection timeout 2020-11-01 01:55:56 +01:00			`// Set connection deadline`
Remove unnecessary variable 2020-12-18 06:35:08 +01:00			`if c.Timeout != 0 {`
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00			`err := conn.SetDeadline(start.Add(c.Timeout))`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00			`if err != nil {`
tofu: Implement PersistentHosts 2021-01-25 18:02:09 +01:00			`return nil, fmt.Errorf("failed to set connection deadline: %w", err)`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00			`}`
Implement Client connection timeout 2020-11-01 01:55:56 +01:00			`}`
Implement configurable Client 2020-09-26 01:53:50 +02:00
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00			`resp, err := c.do(conn, req)`
			`if err != nil {`
			`// If we fail to perform the request/response we have`
			`// to take responsibility for closing the connection.`
			`_ = conn.Close()`

			`return nil, err`
			`}`

			`// Store connection state`
Make TLS field nil for unencrypted connections 2021-02-08 18:32:47 +01:00			`state := conn.ConnectionState()`
			`resp.TLS = &state`
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00
			`return resp, nil`
			`}`

			`func (c Client) do(conn tls.Conn, req Request) (Response, error) {`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`// Write the request`
			`w := bufio.NewWriter(conn)`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00
client: set the client timout on the dialer, close connection on err Client.Timout isn't respected for the dial. Requests will hang on dial until OS-level timouts kick in unless there is a Request.Context with a deadline. We also fail to close the connection on errors. This change sets the client timeout as the dialer timeout so that it will be respected. It also ensures that we close the connection if we fail to make the request. 2021-01-13 22:30:08 +01:00			`err := req.Write(w)`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00			`if err != nil {`
tofu: Implement PersistentHosts 2021-01-25 18:02:09 +01:00			`return nil, fmt.Errorf("failed to write request: %w", err)`
Add missing error handling Error handling is currently missing is a couple of places. Most of them are i/o related. This change adds checks, an therefore sometimes also has to change function signatures by adding an error return value. In the case of the response writer the status and meta handling is changed and this also breaks the API. In some places where we don't have any reasonable I've added assignment to a blank identifier to make it clear that we're ignoring an error. text: read the Err() that can be set by the scanner. client: check if conn.SetDeadline() returns an error. client: check if req.Write() returns an error. fs: panic if mime type registration fails. server: stop performing i/o in Header/Status functions By deferring the actual header write to the first Write() or Flush() call we don't have to do any error handling in Header() or Status(). As Server.respond() now defers a ResponseWriter.Flush() instead of directly flushing the underlying bufio.Writer this has the added benefit of ensuring that we always write a header to the client, even if the responder is a complete NOOP. tofu: return an error if we fail to write to the known hosts writer. 2021-01-07 23:08:50 +01:00			`}`

Implement configurable Client 2020-09-26 01:53:50 +02:00			`if err := w.Flush(); err != nil {`
			`return nil, err`
			`}`

			`// Read the response`
Add ReadRequest and ReadResponse functions 2020-12-18 07:41:14 +01:00			`resp, err := ReadResponse(conn)`
			`if err != nil {`
Implement configurable Client 2020-09-26 01:53:50 +02:00			`return nil, err`
			`}`
Only generate certificates after CertificateRequired 2020-09-28 05:58:45 +02:00
Implement configurable Client 2020-09-26 01:53:50 +02:00			`return resp, nil`
Refactor 2020-09-24 06:30:21 +02:00			`}`
Add (*Client).Get function 2020-10-28 00:21:33 +01:00
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`func (c *Client) verifyConnection(hostname, punycode string, cs tls.ConnectionState) error {`
Refactor client certificates 2020-10-28 18:40:25 +01:00			`cert := cs.PeerCertificates[0]`
client: Support IDNs Convert IDNs to punycode before performing DNS lookups. 2021-02-09 21:59:45 +01:00			`// Try punycode and then hostname`
			`if err := verifyHostname(cert, punycode); err != nil {`
			`if err := verifyHostname(cert, hostname); err != nil {`
			`return err`
			`}`
Refactor client certificates 2020-10-28 18:40:25 +01:00			`}`
client: Verify expiration time 2020-12-19 19:43:47 +01:00			`// Check expiration date`
			`if !time.Now().Before(cert.NotAfter) {`
			`return errors.New("gemini: certificate expired")`
			`}`
Refactor KnownHosts 2020-11-05 21:27:12 +01:00
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`// See if the client trusts the certificate`
			`if c.TrustCertificate != nil {`
			`return c.TrustCertificate(hostname, cert)`
Add (*Client).Get function 2020-10-28 00:21:33 +01:00			`}`
Decouple Client from KnownHostsFile 2020-12-18 01:50:26 +01:00			`return nil`
Add (*Client).Get function 2020-10-28 00:21:33 +01:00			`}`