logo

gemini-space

What lives at gemini://hacktivis.me/ git clone https://hacktivis.me/git/gemini-space.git

server.sh (2531B)

    

  1. #!/bin/sh
  2. # shellcheck disable=SC1017
  3. # Copyright 2020-2021 Haelwenn (lanodan) Monnier <contact+gemini@hacktivis.me>
  4. # Distributed under the terms of the GNU Affero General Public License version 3
  6. # AGPL-3 because it's a service on the internet, screw permissive licences for these
  8. # Notes:
  9. # - URLs are barely parsed and mostly taken as-is, which could be dangerous
  10. # - Recognised hostnames are directories in $GEMDIR, they must also have a $host:1965 symlink
  11. # - stunnel chroot ability is untested for now
  12. # - Lastest known version of the specification: v0.14.3, November 29th 2020
  14. export GEMDIR="/srv/gemini"
  16. bubblewrap() {
  17. 	bwrap \
  18. 		--unshare-user --uid 65534 --gid 65534 \
  19. 		--unshare-ipc --unshare-pid --unshare-uts --unshare-cgroup-try \
  20. 		--ro-bind /bin /bin \
  21. 		--ro-bind /lib /lib \
  22. 		--ro-bind /lib64 /lib64 \
  23. 		--ro-bind /usr /usr \
  24. 		--ro-bind /git /git \
  25. 		--ro-bind /etc /etc \
  26. 		--ro-bind "${GEMDIR}" "${GEMDIR}" \
  27. 		--chdir "${GEMDIR}" \
  28. 		--proc /proc \
  29. 		--dev /dev \
  30. 		--die-with-parent \
  31. 		"$@"
  32. }
  34. IFS=#'
  35. ' read -r line
  36. # ' hack for vis editor to reset hightlighting…
  38. query="${line#gemini://}"
  39. query="${query%%../*}"
  40. query="${query//%20/ }"
  41. path="$GEMDIR/${query//\?*}"
  42. status="--"
  44. if echo "$path" | grep -Eq '.gmi$'
  45. then
  46. 	mime="text/gemini; charset=utf-8"
  47. else
  48. 	mime=$(file --mime -b "$path" 2>/dev/null)
  49. fi
  51. if [ -r "$path" -a -f "$path" ]
  52. then
  53. 	if echo "$query" | grep -Eq '/cgi-bin/'
  54. 	then
  55. 		if [ -x "$path" -a -f "$path" ]
  56. 		then
  57. 			if echo "$query" | grep -Eq '\?'
  58. 			then
  59. 				bubblewrap "./${query//\?*}" "${query//*\?}"
  60. 			else
  61. 				bubblewrap "./${query//\?*}" ""
  62. 			fi
  63. 			status="x$?"
  64. 		else
  65. 			status="50"
  66. 			printf '50 File not executable or non-existent\r\n'
  67. 		fi
  68. 	else
  69. 		status="20"
  70. 		printf '20 %s\r\n' "$mime"
  71. 		cat "$path" 2>/dev/null
  72. 	fi
  73. elif [ -r "$path" -a -d "$path" ]
  74. then
  75. 	if echo "$path" | grep -Eq '/$'
  76. 	then
  77. 		if [ -r "$path/index.gmi" -a -f "$path/index.gmi" ]
  78. 		then
  79. 			status="20"
  80. 			printf '20 text/gemini; charset=utf-8\r\n'
  81. 			cat "$path/index.gmi" 2>/dev/null
  82. 		else
  83. 			status="20"
  84. 			printf '20 text/gemini; charset=utf-8\r\n'
  85. 			printf '# Index of %s\n' "$query"
  86. 			cd "$path" && find . -mindepth 1 -maxdepth 1 | sed -e 's; ;%20;g' -e "s;^\./;=> ;" 2>/dev/null
  87. 		fi
  88. 	else
  89. 		status="30"
  90. 		printf '30 gemini://%s/\r\n' "$query"
  91. 	fi
  92. else
  93. 	status="50"
  94. 	printf '50 File not readable or non-existent\r\n'
  95. fi
  97. # I know… blame France data rentention policy
  98. logger -p local0.notice "${REMOTE_HOST:-?host?}	${REMOTE_PORT:-?port?}	${line} ${status}" 2>/dev/null 1>/dev/null