public-mirrors/molly-brown
1
0
Fork 0
mirror of https://tildegit.org/solderpunk/molly-brown.git synced 2025-04-13 09:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
200 commits 2 branches 0 tags 218 KiB
Commit graph

200 commits

This branch
This branch
All branches
Author SHA1 Message Date
Solderpunk
e0910ee29c Actually include CGI time limit setting in config struct, should have been in last commit. 2025-02-11 20:59:51 +01:00
Solderpunk
b0e5021e70 Make CGI timeout duration configureable. 2025-02-09 19:03:47 +01:00
Solderpunk
565f54bff8 Factor out header parsing code for CGI and SCGI into one function, so the checks from last commit can be applied to both. 2025-02-09 18:58:24 +01:00
Solderpunk
0f833ba57b Be a lot more careful in parsing CGI response header. Closes #42. 2025-02-09 16:24:21 +01:00
Solderpunk
308b8fe128 Make timeouts configurable. 2025-02-08 19:05:48 +01:00
Solderpunk
89eeb5a55e Actually, be *even moar* clever about client certs...(see e70ec, 3a039) 2025-02-08 18:53:41 +01:00
Solderpunk
34a623aabf Change man page section from 1 to 8. 2025-02-02 20:33:08 +01:00
Solderpunk
c47b006979 Begin work on man page. 2025-02-02 19:14:45 +01:00
Alex Kotov
2068c3b02a Allow to disable directory listing 
Signed-off-by: Solderpunk <solderpunk@posteo.net>
 2023-08-20 14:30:51 +02:00
Solderpunk
64a4ff72f0 Remove debugging Println. 2023-04-09 15:24:34 +02:00
Solderpunk
1b7d661abd Type trashing to fix last commit. 2023-04-09 14:24:39 +02:00
Solderpunk
051df29604 Add a write deadline with maximum allowed download time derived from filesize. See #35. 2023-04-09 14:12:38 +02:00
Solderpunk
6f0865447d Adds leaky token bucket rate limiting with bans for non-compliant clients. 2023-04-09 13:57:59 +02:00
Solderpunk
2c3225c1c0 Fix crash when CGI processes end without writing anything at all to stdout. Closes #38. 2023-03-22 21:03:30 +01:00
Solderpunk
4b54eb6134 Set 30 second deadline for reading requests. See #35. 2023-03-19 11:51:44 +01:00
Solderpunk
8e618a6304 Double hard limit ban durations each time. 2023-03-19 10:31:06 +01:00
Solderpunk
4b9a7e8ad5 Correctly implement bans for clients exceeding hard limit. 2023-03-19 10:30:08 +01:00
Solderpunk
efde852c54 Refactor rate limiting to have soft and hard limits, block clients exceeding hard limits for one hour. 2023-03-18 16:40:23 +01:00
Solderpunk
3c5835f033 Continue to increment drips once bucket is overflowing. 2023-03-18 15:45:35 +01:00
Solderpunk
a6170a355d Make rate limiting configurable. 2023-03-17 19:52:39 +01:00
Solderpunk
5016f40edb Initial implementation of leaky bucket rate limiting. 2023-03-16 20:27:45 +01:00
Solderpunk
c4866d2965 Check for a CGI path prefix before insisting that an exact path exists on disk. Closes #36. 2023-03-16 19:23:32 +01:00
Solderpunk
72a94cab00 Restore Go 1.15 compatibility. 2023-03-04 14:27:01 +01:00
Solderpunk
e30f39b196 Fix typo in error message. 2023-03-02 19:43:24 +01:00
Solderpunk
3a03995f26 Actually, be *more* clever about client certs...(see e70ec) 2023-03-02 17:24:34 +01:00
Solderpunk
bd07cb3507 Check for errors when parsing TLS certificates even after successful PEM decoding. 2023-03-01 19:50:45 +01:00
Solderpunk
81b4f1dcc0 Fix small variable name error. 2023-02-27 08:35:11 +01:00
Solderpunk
d3d415b612 Add missing return. 2023-02-26 19:42:49 +01:00
Solderpunk
eefb1bc3a6 Further simplifications of config parsing code. 2023-02-26 19:42:30 +01:00
Solderpunk
f9585ff2b7 Rearrange the logic of handling requests without changing behaviour. 
The new order handles certificate zones and redirects defined in the
system-wide config file as well as SCGI paths as early as possible
without doing any unecessary filesystem operations and especially
without the potentially expensive search for .molly files.
 2023-02-25 12:06:34 +01:00
Solderpunk
eb85a6e94c Another big refactor, splitting the Config struct in two. 
The split reflects that between variables which can and cannot be
overridden by .molly files, and this greatly simplifies the
processing of said files, getting rid of the need for lots of
ugly temporary variable thrashing.
 2023-02-25 11:29:13 +01:00
Solderpunk
e70ec82594 Don't try to be clever about when to request client certs: we never know what could be in a .molly file. 2023-02-24 19:12:52 +01:00
Solderpunk
bff3d6d486 Restore logging functionality after some subtle variable declaration scoping bugs wiped it out! 2023-02-23 20:49:28 +01:00
Solderpunk
a9dab7b48c Argh, fix stupid typo. 2023-02-23 20:04:48 +01:00
Solderpunk
c50accfaec Only drop supplementary groups if root is amongst them. 2023-02-23 20:03:21 +01:00
Solderpunk
0274ef8f35 Print warning about expired certificates. 2023-02-23 19:59:11 +01:00
Solderpunk
800c181668 Ensure supplied TLS certificate is valid for configured hostname. 2023-02-23 19:47:14 +01:00
Solderpunk
d67f896b84 Add AllowTLS12 option to switch minimum TLS version between 1.2 and 1.3. 2023-02-23 19:31:16 +01:00
Solderpunk
67386cd118 Update README to reflect movement of unix security stuff out of config file into command line switches. 2023-02-23 18:57:56 +01:00
Solderpunk
212c9f79fb A rather extensive refactor. 
Basically the function formerly known as do_main() in main.go has
been renamed launch() and moved into launch.go.  Now there are
main.go and main_unix.go files implementing minmial main()
functions which load a config and pass it to launch.  This allows
separating unix-specific security stuff (both the actual system
calls which won't compile on other platforms and the definition
of command line switches) out from the platform agnostic
implementation of the main server logic.  It also simplifies the
interaction of relative paths in config files with chrooting.

Docs still need updating...
 2023-02-23 18:49:15 +01:00
Solderpunk
8d1a04cb27 Fix minor bugs on OpenBSD-only code, after discovering easy of cross-compilation in Go. 2023-02-22 21:16:11 +01:00
Solderpunk
40203a8856 Use net/http.DetectContentType as a last resort for MIME, rather than hardcoding application/octet-stream. 2023-02-21 19:22:19 +01:00
Solderpunk
75c283fc74 Restore documented setuid behaviour. 2023-02-19 18:28:52 +01:00
Solderpunk
f63fcdb6d1 Do not request client certificates if we're never going to need them. 2023-02-19 15:17:45 +01:00
Solderpunk
7a89b307a1 Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00
Solderpunk
072669a167 Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00
Solderpunk
7fad754ff2 Drop privileges much more thoroughly, thanks nervuri! (see issue #16) 2023-02-19 13:17:24 +01:00
Solderpunk
182e58ffe3 Make unprivileged user configurable, thanks nervuri! (see issue #16) 2023-02-15 21:16:49 +01:00
Solderpunk
c0c67f7ba6 Whoops, don't ignore error from filepath.Abs. 2023-02-15 21:15:14 +01:00
Solderpunk
8372142843 Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00