mirror of
https://git.sr.ht/~adnano/go-gemini
synced 2024-09-22 05:10:44 +02:00
Remove top-level Get and Do functions
This commit is contained in:
parent
76dfe257f1
commit
46cbcfcaa4
@ -217,17 +217,20 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
|
|||||||
if c.TrustCertificate != nil {
|
if c.TrustCertificate != nil {
|
||||||
switch c.TrustCertificate(hostname, cert) {
|
switch c.TrustCertificate(hostname, cert) {
|
||||||
case TrustOnce:
|
case TrustOnce:
|
||||||
c.KnownHosts.AddTemporary(hostname, cert)
|
fingerprint := NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
|
c.KnownHosts.Add(hostname, fingerprint)
|
||||||
return nil
|
return nil
|
||||||
case TrustAlways:
|
case TrustAlways:
|
||||||
c.KnownHosts.Add(hostname, cert)
|
fingerprint := NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
|
c.KnownHosts.Add(hostname, fingerprint)
|
||||||
|
c.KnownHosts.Write(hostname, fingerprint)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return errors.New("gemini: certificate not trusted")
|
return errors.New("gemini: certificate not trusted")
|
||||||
}
|
}
|
||||||
|
|
||||||
fingerprint := NewFingerprint(cert)
|
fingerprint := NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
if knownHost.Hex == fingerprint.Hex {
|
if knownHost.Hex == fingerprint.Hex {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
14
doc.go
14
doc.go
@ -1,9 +1,10 @@
|
|||||||
/*
|
/*
|
||||||
Package gemini implements the Gemini protocol.
|
Package gemini implements the Gemini protocol.
|
||||||
|
|
||||||
Get makes a Gemini request:
|
Client is a Gemini client.
|
||||||
|
|
||||||
resp, err := gemini.Get("gemini://example.com")
|
client := &gemini.Client{}
|
||||||
|
resp, err := client.Get("gemini://example.com")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// handle error
|
// handle error
|
||||||
}
|
}
|
||||||
@ -13,15 +14,6 @@ Get makes a Gemini request:
|
|||||||
}
|
}
|
||||||
// ...
|
// ...
|
||||||
|
|
||||||
For control over client behavior, create a Client:
|
|
||||||
|
|
||||||
client := &gemini.Client{}
|
|
||||||
resp, err := client.Get("gemini://example.com")
|
|
||||||
if err != nil {
|
|
||||||
// handle error
|
|
||||||
}
|
|
||||||
// ...
|
|
||||||
|
|
||||||
Server is a Gemini server.
|
Server is a Gemini server.
|
||||||
|
|
||||||
server := &gemini.Server{
|
server := &gemini.Server{
|
||||||
|
@ -64,7 +64,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getSession(cert *x509.Certificate) (*session, bool) {
|
func getSession(cert *x509.Certificate) (*session, bool) {
|
||||||
fingerprint := gemini.NewFingerprint(cert)
|
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
session, ok := sessions[fingerprint.Hex]
|
session, ok := sessions[fingerprint.Hex]
|
||||||
return session, ok
|
return session, ok
|
||||||
}
|
}
|
||||||
@ -79,7 +79,8 @@ func login(w *gemini.ResponseWriter, r *gemini.Request) {
|
|||||||
w.WriteHeader(gemini.StatusInput, "Username")
|
w.WriteHeader(gemini.StatusInput, "Username")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
fingerprint := gemini.NewFingerprint(r.Certificate.Leaf)
|
cert := r.Certificate.Leaf
|
||||||
|
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
sessions[fingerprint.Hex] = &session{
|
sessions[fingerprint.Hex] = &session{
|
||||||
username: username,
|
username: username,
|
||||||
}
|
}
|
||||||
@ -116,7 +117,8 @@ func logout(w *gemini.ResponseWriter, r *gemini.Request) {
|
|||||||
w.WriteStatus(gemini.StatusCertificateRequired)
|
w.WriteStatus(gemini.StatusCertificateRequired)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
fingerprint := gemini.NewFingerprint(r.Certificate.Leaf)
|
cert := r.Certificate.Leaf
|
||||||
|
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
delete(sessions, fingerprint.Hex)
|
delete(sessions, fingerprint.Hex)
|
||||||
fmt.Fprintln(w, "Successfully logged out.")
|
fmt.Fprintln(w, "Successfully logged out.")
|
||||||
fmt.Fprintln(w, "=> / Index")
|
fmt.Fprintln(w, "=> / Index")
|
||||||
|
@ -10,9 +10,11 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"git.sr.ht/~adnano/go-gemini"
|
"git.sr.ht/~adnano/go-gemini"
|
||||||
|
"git.sr.ht/~adnano/go-xdg"
|
||||||
)
|
)
|
||||||
|
|
||||||
const trustPrompt = `The certificate offered by %s is of unknown trust. Its fingerprint is:
|
const trustPrompt = `The certificate offered by %s is of unknown trust. Its fingerprint is:
|
||||||
@ -31,9 +33,9 @@ var (
|
|||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
client.Timeout = 30 * time.Second
|
client.Timeout = 30 * time.Second
|
||||||
client.KnownHosts.LoadDefault()
|
client.KnownHosts.Load(filepath.Join(xdg.DataHome(), "gemini", "known_hosts"))
|
||||||
client.TrustCertificate = func(hostname string, cert *x509.Certificate) gemini.Trust {
|
client.TrustCertificate = func(hostname string, cert *x509.Certificate) gemini.Trust {
|
||||||
fingerprint := gemini.NewFingerprint(cert)
|
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
|
||||||
fmt.Printf(trustPrompt, hostname, fingerprint.Hex)
|
fmt.Printf(trustPrompt, hostname, fingerprint.Hex)
|
||||||
scanner.Scan()
|
scanner.Scan()
|
||||||
switch scanner.Text() {
|
switch scanner.Text() {
|
||||||
|
24
gemini.go
24
gemini.go
@ -2,7 +2,6 @@ package gemini
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"sync"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var crlf = []byte("\r\n")
|
var crlf = []byte("\r\n")
|
||||||
@ -13,26 +12,3 @@ var (
|
|||||||
ErrInvalidResponse = errors.New("gemini: invalid response")
|
ErrInvalidResponse = errors.New("gemini: invalid response")
|
||||||
ErrBodyNotAllowed = errors.New("gemini: response body not allowed")
|
ErrBodyNotAllowed = errors.New("gemini: response body not allowed")
|
||||||
)
|
)
|
||||||
|
|
||||||
// defaultClient is the default client. It is used by Get and Do.
|
|
||||||
var defaultClient Client
|
|
||||||
|
|
||||||
// Get performs a Gemini request for the given url.
|
|
||||||
func Get(url string) (*Response, error) {
|
|
||||||
setupDefaultClientOnce()
|
|
||||||
return defaultClient.Get(url)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Do performs a Gemini request and returns a Gemini response.
|
|
||||||
func Do(req *Request) (*Response, error) {
|
|
||||||
setupDefaultClientOnce()
|
|
||||||
return defaultClient.Do(req)
|
|
||||||
}
|
|
||||||
|
|
||||||
var defaultClientOnce sync.Once
|
|
||||||
|
|
||||||
func setupDefaultClientOnce() {
|
|
||||||
defaultClientOnce.Do(func() {
|
|
||||||
defaultClient.KnownHosts.LoadDefault()
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
83
tofu.go
83
tofu.go
@ -3,12 +3,12 @@ package gemini
|
|||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"crypto/x509"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Trust represents the trustworthiness of a certificate.
|
// Trust represents the trustworthiness of a certificate.
|
||||||
@ -27,6 +27,43 @@ type KnownHosts struct {
|
|||||||
file *os.File
|
file *os.File
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add adds a fingerprint to the list of known hosts.
|
||||||
|
func (k *KnownHosts) Add(hostname string, fingerprint Fingerprint) {
|
||||||
|
if k.hosts == nil {
|
||||||
|
k.hosts = map[string]Fingerprint{}
|
||||||
|
}
|
||||||
|
k.hosts[hostname] = fingerprint
|
||||||
|
}
|
||||||
|
|
||||||
|
// Lookup returns the fingerprint of the certificate corresponding to
|
||||||
|
// the given hostname.
|
||||||
|
func (k *KnownHosts) Lookup(hostname string) (Fingerprint, bool) {
|
||||||
|
c, ok := k.hosts[hostname]
|
||||||
|
return c, ok
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write appends a fingerprint to the known hosts file.
|
||||||
|
func (k *KnownHosts) Write(hostname string, fingerprint Fingerprint) {
|
||||||
|
if k.file != nil {
|
||||||
|
k.writeKnownHost(k.file, hostname, fingerprint)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// WriteAll writes all of the known hosts to the provided io.Writer.
|
||||||
|
func (k *KnownHosts) WriteAll(w io.Writer) error {
|
||||||
|
for h, c := range k.hosts {
|
||||||
|
if _, err := k.writeKnownHost(w, h, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// writeKnownHost writes the fingerprint to the provided io.Writer.
|
||||||
|
func (k *KnownHosts) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) {
|
||||||
|
return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, f.Hex, f.Expires)
|
||||||
|
}
|
||||||
|
|
||||||
// Load loads the known hosts from the provided path.
|
// Load loads the known hosts from the provided path.
|
||||||
// New known hosts will be appended to the file.
|
// New known hosts will be appended to the file.
|
||||||
func (k *KnownHosts) Load(path string) error {
|
func (k *KnownHosts) Load(path string) error {
|
||||||
@ -45,31 +82,6 @@ func (k *KnownHosts) Load(path string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add adds a certificate to the list of known hosts.
|
|
||||||
// If KnownHosts was loaded from a file, Add will append to the file.
|
|
||||||
func (k *KnownHosts) Add(hostname string, cert *x509.Certificate) {
|
|
||||||
k.add(hostname, cert, true)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (k *KnownHosts) add(hostname string, cert *x509.Certificate, write bool) {
|
|
||||||
if k.hosts == nil {
|
|
||||||
k.hosts = map[string]Fingerprint{}
|
|
||||||
}
|
|
||||||
fingerprint := NewFingerprint(cert)
|
|
||||||
k.hosts[hostname] = fingerprint
|
|
||||||
// Append to the file
|
|
||||||
if write && k.file != nil {
|
|
||||||
appendKnownHost(k.file, hostname, fingerprint)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Lookup returns the fingerprint of the certificate corresponding to
|
|
||||||
// the given hostname.
|
|
||||||
func (k *KnownHosts) Lookup(hostname string) (Fingerprint, bool) {
|
|
||||||
c, ok := k.hosts[hostname]
|
|
||||||
return c, ok
|
|
||||||
}
|
|
||||||
|
|
||||||
// Parse parses the provided reader and adds the parsed known hosts to the list.
|
// Parse parses the provided reader and adds the parsed known hosts to the list.
|
||||||
// Invalid lines are ignored.
|
// Invalid lines are ignored.
|
||||||
func (k *KnownHosts) Parse(r io.Reader) {
|
func (k *KnownHosts) Parse(r io.Reader) {
|
||||||
@ -104,17 +116,6 @@ func (k *KnownHosts) Parse(r io.Reader) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write writes the known hosts to the provided io.Writer.
|
|
||||||
func (k *KnownHosts) Write(w io.Writer) {
|
|
||||||
for h, c := range k.hosts {
|
|
||||||
appendKnownHost(w, h, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func appendKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) {
|
|
||||||
return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, f.Hex, f.Expires)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fingerprint represents a fingerprint using a certain algorithm.
|
// Fingerprint represents a fingerprint using a certain algorithm.
|
||||||
type Fingerprint struct {
|
type Fingerprint struct {
|
||||||
Algorithm string // fingerprint algorithm e.g. SHA-512
|
Algorithm string // fingerprint algorithm e.g. SHA-512
|
||||||
@ -122,9 +123,9 @@ type Fingerprint struct {
|
|||||||
Expires int64 // unix time of the fingerprint expiration date
|
Expires int64 // unix time of the fingerprint expiration date
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewFingerprint returns the SHA-512 fingerprint of the provided certificate.
|
// NewFingerprint returns the SHA-512 fingerprint of the provided raw data.
|
||||||
func NewFingerprint(cert *x509.Certificate) Fingerprint {
|
func NewFingerprint(raw []byte, expires time.Time) Fingerprint {
|
||||||
sum512 := sha512.Sum512(cert.Raw)
|
sum512 := sha512.Sum512(raw)
|
||||||
var b strings.Builder
|
var b strings.Builder
|
||||||
for i, f := range sum512 {
|
for i, f := range sum512 {
|
||||||
if i > 0 {
|
if i > 0 {
|
||||||
@ -135,6 +136,6 @@ func NewFingerprint(cert *x509.Certificate) Fingerprint {
|
|||||||
return Fingerprint{
|
return Fingerprint{
|
||||||
Algorithm: "SHA-512",
|
Algorithm: "SHA-512",
|
||||||
Hex: b.String(),
|
Hex: b.String(),
|
||||||
Expires: cert.NotAfter.Unix(),
|
Expires: expires.Unix(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user