logo

gemini-space

What lives at gemini://hacktivis.me/ git clone https://hacktivis.me/git/gemini-space.git

server.sh (2531B)

    

  1. #!/bin/sh

  2. # shellcheck disable=SC1017

  3. # Copyright 2020-2021 Haelwenn (lanodan) Monnier <contact+gemini@hacktivis.me>

  4. # Distributed under the terms of the GNU Affero General Public License version 3

  5. 

  6. # AGPL-3 because it's a service on the internet, screw permissive licences for these

  7. 

  8. # Notes:

  9. # - URLs are barely parsed and mostly taken as-is, which could be dangerous

  10. # - Recognised hostnames are directories in $GEMDIR, they must also have a $host:1965 symlink

  11. # - stunnel chroot ability is untested for now

  12. # - Lastest known version of the specification: v0.14.3, November 29th 2020

  13. 

  14. export GEMDIR="/srv/gemini"

  15. 

  16. bubblewrap() {

  17. 	bwrap \

  18. 		--unshare-user --uid 65534 --gid 65534 \

  19. 		--unshare-ipc --unshare-pid --unshare-uts --unshare-cgroup-try \

  20. 		--ro-bind /bin /bin \

  21. 		--ro-bind /lib /lib \

  22. 		--ro-bind /lib64 /lib64 \

  23. 		--ro-bind /usr /usr \

  24. 		--ro-bind /git /git \

  25. 		--ro-bind /etc /etc \

  26. 		--ro-bind "${GEMDIR}" "${GEMDIR}" \

  27. 		--chdir "${GEMDIR}" \

  28. 		--proc /proc \

  29. 		--dev /dev \

  30. 		--die-with-parent \

  31. 		"$@"

  32. }

  33. 

  34. IFS=#'

  35. ' read -r line

  36. # ' hack for vis editor to reset hightlighting…

  37. 

  38. query="${line#gemini://}"

  39. query="${query%%../*}"

  40. query="${query//%20/ }"

  41. path="$GEMDIR/${query//\?*}"

  42. status="--"

  43. 

  44. if echo "$path" | grep -Eq '.gmi$'

  45. then

  46. 	mime="text/gemini; charset=utf-8"

  47. else

  48. 	mime=$(file --mime -b "$path" 2>/dev/null)

  49. fi

  50. 

  51. if [ -r "$path" -a -f "$path" ]

  52. then

  53. 	if echo "$query" | grep -Eq '/cgi-bin/'

  54. 	then

  55. 		if [ -x "$path" -a -f "$path" ]

  56. 		then

  57. 			if echo "$query" | grep -Eq '\?'

  58. 			then

  59. 				bubblewrap "./${query//\?*}" "${query//*\?}"

  60. 			else

  61. 				bubblewrap "./${query//\?*}" ""

  62. 			fi

  63. 			status="x$?"

  64. 		else

  65. 			status="50"

  66. 			printf '50 File not executable or non-existent\r\n'

  67. 		fi

  68. 	else

  69. 		status="20"

  70. 		printf '20 %s\r\n' "$mime"

  71. 		cat "$path" 2>/dev/null

  72. 	fi

  73. elif [ -r "$path" -a -d "$path" ]

  74. then

  75. 	if echo "$path" | grep -Eq '/$'

  76. 	then

  77. 		if [ -r "$path/index.gmi" -a -f "$path/index.gmi" ]

  78. 		then

  79. 			status="20"

  80. 			printf '20 text/gemini; charset=utf-8\r\n'

  81. 			cat "$path/index.gmi" 2>/dev/null

  82. 		else

  83. 			status="20"

  84. 			printf '20 text/gemini; charset=utf-8\r\n'

  85. 			printf '# Index of %s\n' "$query"

  86. 			cd "$path" && find . -mindepth 1 -maxdepth 1 | sed -e 's; ;%20;g' -e "s;^\./;=> ;" 2>/dev/null

  87. 		fi

  88. 	else

  89. 		status="30"

  90. 		printf '30 gemini://%s/\r\n' "$query"

  91. 	fi

  92. else

  93. 	status="50"

  94. 	printf '50 File not readable or non-existent\r\n'

  95. fi

  96. 

  97. # I know… blame France data rentention policy

  98. logger -p local0.notice "${REMOTE_HOST:-?host?}	${REMOTE_PORT:-?port?}	${line} ${status}" 2>/dev/null 1>/dev/null