dispatch/server/serve_files.go

382 lines
8.8 KiB
Go
Raw Normal View History

2015-05-15 23:18:52 +00:00
package server
import (
"bytes"
"compress/gzip"
"crypto/sha256"
"encoding/base64"
2017-04-14 02:33:44 +00:00
"io"
2015-05-15 23:18:52 +00:00
"io/ioutil"
2016-01-25 00:01:37 +00:00
"log"
2015-05-15 23:18:52 +00:00
"net/http"
2016-02-03 01:22:45 +00:00
"path/filepath"
2015-05-15 23:18:52 +00:00
"strconv"
"strings"
2018-12-17 13:41:24 +00:00
"text/template"
2015-05-15 23:18:52 +00:00
"time"
2017-04-14 02:33:44 +00:00
"github.com/dsnet/compress/brotli"
2015-12-11 03:35:48 +00:00
"github.com/khlieng/dispatch/assets"
"github.com/khlieng/dispatch/pkg/cookie"
2018-12-17 13:41:24 +00:00
"github.com/tdewolff/minify/v2"
"github.com/tdewolff/minify/v2/html"
2015-05-15 23:18:52 +00:00
)
const longCacheControl = "public, max-age=31536000, immutable"
2017-04-14 02:33:44 +00:00
const disabledCacheControl = "no-cache, no-store, must-revalidate"
2016-02-03 01:22:45 +00:00
type File struct {
2018-12-17 13:41:24 +00:00
Data []byte
Length string
GzipData []byte
GzipLength string
2017-04-15 02:48:24 +00:00
Hash string
2016-02-03 01:22:45 +00:00
ContentType string
CacheControl string
2017-04-14 02:33:44 +00:00
Compressed bool
2016-02-03 01:22:45 +00:00
}
type h2PushAsset struct {
path string
hash string
}
func newH2PushAsset(name string) h2PushAsset {
return h2PushAsset{
path: name,
hash: strings.Split(name, ".")[1],
2016-02-03 01:22:45 +00:00
}
}
var (
2018-11-27 11:07:48 +00:00
files = map[string]*File{}
2018-12-17 13:41:24 +00:00
indexPage []byte
indexPageLen string
inlineScriptSha256 string
serviceWorker []byte
h2PushAssets []h2PushAsset
h2PushCookieValue string
2016-02-03 01:22:45 +00:00
contentTypes = map[string]string{
".js": "text/javascript",
".css": "text/css",
2016-02-03 01:22:45 +00:00
".woff2": "font/woff2",
".woff": "application/font-woff",
".ttf": "application/x-font-ttf",
".png": "image/png",
".ico": "image/x-icon",
".json": "application/json",
}
robots = []byte("User-agent: *\nDisallow: /")
hstsHeader string
2016-02-03 18:42:07 +00:00
cspEnabled bool
)
2015-05-15 23:18:52 +00:00
func (d *Dispatch) initFileServer() {
2018-12-11 09:51:20 +00:00
cfg := d.Config()
if cfg.Dev {
2018-12-17 13:41:24 +00:00
renderIndexPage(indexTemplateData{
2019-01-25 02:57:58 +00:00
Scripts: []string{"/boot.js", "/main.js"},
2018-12-17 13:41:24 +00:00
})
} else {
bootloader := decompressedAsset(findAssetName("boot*.js"))
runtime := decompressedAsset(findAssetName("runtime*.js"))
2018-11-06 10:13:32 +00:00
2018-12-17 13:41:24 +00:00
inlineScript := string(bootloader) + string(runtime)
2017-04-14 02:33:44 +00:00
hash := sha256.New()
2018-11-06 10:13:32 +00:00
hash.Write(bootloader)
hash.Write(runtime)
inlineScriptSha256 = base64.StdEncoding.EncodeToString(hash.Sum(nil))
2018-11-06 10:13:32 +00:00
2019-01-25 01:32:22 +00:00
indexStylesheet := "/" + findAssetName("main*.css")
2018-12-17 13:41:24 +00:00
indexScripts := []string{
2020-05-16 01:58:17 +00:00
"/" + findAssetName("vendors~main*.js"),
2019-01-25 01:32:22 +00:00
"/" + findAssetName("main*.js"),
}
h2PushAssets = []h2PushAsset{
newH2PushAsset(indexStylesheet),
newH2PushAsset(indexScripts[0]),
newH2PushAsset(indexScripts[1]),
2020-05-16 01:58:17 +00:00
newH2PushAsset("/" + findAssetName("vendors~connect*.js")),
newH2PushAsset("/" + findAssetName("connect*.js")),
}
for _, asset := range h2PushAssets {
h2PushCookieValue += asset.hash
}
2017-04-14 02:33:44 +00:00
2018-11-06 10:13:32 +00:00
ignoreAssets := []string{
findAssetName("runtime*.js"),
findAssetName("boot*.js"),
"sw.js",
2018-11-06 10:13:32 +00:00
}
outer:
for _, asset := range assets.AssetNames() {
assetName := strings.TrimSuffix(asset, ".br")
2018-11-06 10:13:32 +00:00
for _, ignored := range ignoreAssets {
if ignored == assetName {
continue outer
2018-11-06 10:13:32 +00:00
}
}
file := &File{
ContentType: contentTypes[filepath.Ext(assetName)],
CacheControl: longCacheControl,
Compressed: strings.HasSuffix(asset, ".br"),
2017-04-14 02:33:44 +00:00
}
2018-12-17 13:41:24 +00:00
data, err := assets.Asset(asset)
fatalErr(err)
file.Data = data
file.Length = strconv.Itoa(len(data))
2017-04-14 02:33:44 +00:00
2018-12-17 13:41:24 +00:00
if file.Compressed {
file.GzipData = gzipAsset(data)
file.GzipLength = strconv.Itoa(len(file.GzipData))
2017-04-14 02:33:44 +00:00
}
2018-11-27 11:07:48 +00:00
files["/"+assetName] = file
2016-02-03 01:22:45 +00:00
}
2018-12-17 13:41:24 +00:00
renderIndexPage(indexTemplateData{
2019-01-25 01:32:22 +00:00
Stylesheet: indexStylesheet,
2018-12-17 13:41:24 +00:00
InlineScript: inlineScript,
Scripts: indexScripts,
})
2018-11-06 10:13:32 +00:00
serviceWorker = decompressedAsset("sw.js")
hash.Reset()
2018-12-17 13:41:24 +00:00
hash.Write(indexPage)
2018-11-06 10:13:32 +00:00
indexHash := base64.StdEncoding.EncodeToString(hash.Sum(nil))
2020-04-30 05:54:30 +00:00
serviceWorker = bytes.Replace(serviceWorker, []byte("__INDEX_REVISON__"), []byte(indexHash), 1)
2018-11-06 10:13:32 +00:00
2018-12-11 09:51:20 +00:00
if cfg.HTTPS.HSTS.Enabled && cfg.HTTPS.Enabled {
hstsHeader = "max-age=" + cfg.HTTPS.HSTS.MaxAge
2018-12-11 09:51:20 +00:00
if cfg.HTTPS.HSTS.IncludeSubdomains {
hstsHeader += "; includeSubDomains"
}
2018-12-11 09:51:20 +00:00
if cfg.HTTPS.HSTS.Preload {
hstsHeader += "; preload"
}
}
2016-02-03 18:42:07 +00:00
cspEnabled = true
}
2015-05-15 23:18:52 +00:00
}
2018-12-17 13:41:24 +00:00
func renderIndexPage(data indexTemplateData) {
tmpl, err := template.New("").Parse(indexTemplate)
fatalErr(err)
m := minify.New()
m.AddFunc("text/html", html.Minify)
buf := &bytes.Buffer{}
gzw, err := gzip.NewWriterLevel(buf, gzip.BestCompression)
fatalErr(err)
mw := m.Writer("text/html", gzw)
fatalErr(tmpl.Execute(mw, data))
fatalErr(mw.Close())
fatalErr(gzw.Close())
indexPage = buf.Bytes()
indexPageLen = strconv.Itoa(len(indexPage))
}
func findAssetName(glob string) string {
for _, assetName := range assets.AssetNames() {
assetName = strings.TrimSuffix(assetName, ".br")
2018-11-08 08:39:32 +00:00
if m, _ := filepath.Match(glob, assetName); m {
return assetName
2018-11-08 08:39:32 +00:00
}
}
return ""
2018-11-08 08:39:32 +00:00
}
func decompressAsset(data []byte) []byte {
br, err := brotli.NewReader(bytes.NewReader(data), nil)
2018-12-17 13:41:24 +00:00
fatalErr(err)
buf := &bytes.Buffer{}
io.Copy(buf, br)
return buf.Bytes()
}
2018-11-06 10:13:32 +00:00
func decompressedAsset(name string) []byte {
asset, err := assets.Asset(name + ".br")
2018-12-17 13:41:24 +00:00
fatalErr(err)
2018-11-06 10:13:32 +00:00
return decompressAsset(asset)
}
func gzipAsset(data []byte) []byte {
br, err := brotli.NewReader(bytes.NewReader(data), nil)
2018-12-17 13:41:24 +00:00
fatalErr(err)
buf := &bytes.Buffer{}
gzw, err := gzip.NewWriterLevel(buf, gzip.BestCompression)
2018-12-17 13:41:24 +00:00
fatalErr(err)
io.Copy(gzw, br)
gzw.Close()
return buf.Bytes()
}
func (d *Dispatch) serveFiles(w http.ResponseWriter, r *http.Request) {
2015-05-15 23:18:52 +00:00
if r.URL.Path == "/" {
d.serveIndex(w, r)
2018-12-17 13:41:24 +00:00
} else if file, ok := files[r.URL.Path]; ok {
2018-11-27 11:07:48 +00:00
d.serveFile(w, r, file)
2018-12-17 13:41:24 +00:00
} else if r.URL.Path == "/sw.js" {
2018-11-06 10:13:32 +00:00
w.Header().Set("Cache-Control", disabledCacheControl)
w.Header().Set("Content-Type", "text/javascript")
w.Header().Set("Content-Length", strconv.Itoa(len(serviceWorker)))
w.Write(serviceWorker)
2018-12-17 13:41:24 +00:00
} else if r.URL.Path == "/robots.txt" {
w.Header().Set("Content-Type", "text/plain")
w.Header().Set("Content-Length", strconv.Itoa(len(robots)))
w.Write(robots)
2018-12-17 13:41:24 +00:00
} else {
d.serveIndex(w, r)
}
2016-01-25 00:01:37 +00:00
}
func (d *Dispatch) serveIndex(w http.ResponseWriter, r *http.Request) {
2017-04-15 02:48:24 +00:00
if pusher, ok := w.(http.Pusher); ok {
options := &http.PushOptions{
Header: http.Header{
"Accept-Encoding": r.Header["Accept-Encoding"],
},
}
cookie, err := r.Cookie(cookie.Name(r, "push"))
2017-04-15 02:48:24 +00:00
if err != nil {
for _, asset := range h2PushAssets {
pusher.Push(asset.path, options)
}
2017-04-15 02:48:24 +00:00
setPushCookie(w, r)
} else {
pushed := false
2018-11-27 10:34:02 +00:00
i := 0
for _, asset := range h2PushAssets {
if len(cookie.Value) >= i+len(asset.hash) &&
asset.hash != cookie.Value[i:i+len(asset.hash)] {
pusher.Push(asset.path, options)
pushed = true
}
2019-02-01 05:39:38 +00:00
i += len(asset.hash)
2017-04-15 02:48:24 +00:00
}
if pushed {
setPushCookie(w, r)
}
}
}
if cspEnabled {
var wsSrc string
if r.TLS != nil {
wsSrc = "wss://" + r.Host
} else {
wsSrc = "ws://" + r.Host
}
2018-11-14 07:34:35 +00:00
csp := []string{
"default-src 'none'",
"script-src 'self' 'sha256-" + inlineScriptSha256 + "'",
2018-11-14 07:34:35 +00:00
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"img-src 'self'",
"manifest-src 'self'",
"connect-src 'self' " + wsSrc,
"worker-src 'self'",
}
w.Header().Set("Content-Security-Policy", strings.Join(csp, "; "))
2018-11-06 10:13:32 +00:00
}
w.Header().Set("Content-Type", "text/html")
w.Header().Set("Cache-Control", disabledCacheControl)
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "deny")
w.Header().Set("X-XSS-Protection", "0")
2018-11-09 05:30:31 +00:00
w.Header().Set("Referrer-Policy", "same-origin")
if hstsHeader != "" {
w.Header().Set("Strict-Transport-Security", hstsHeader)
}
2018-12-20 10:51:31 +00:00
for k, v := range d.Config().Headers {
w.Header().Set(k, v)
}
2016-01-25 00:01:37 +00:00
if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
w.Header().Set("Content-Encoding", "gzip")
2018-12-17 13:41:24 +00:00
w.Header().Set("Content-Length", indexPageLen)
w.Write(indexPage)
2016-01-25 00:01:37 +00:00
} else {
2018-12-17 13:41:24 +00:00
serveDecompressed(w, indexPage)
2016-01-25 00:01:37 +00:00
}
2015-05-15 23:18:52 +00:00
}
2017-04-15 02:48:24 +00:00
func setPushCookie(w http.ResponseWriter, r *http.Request) {
cookie.Set(w, r, &http.Cookie{
Name: "push",
Value: h2PushCookieValue,
Expires: time.Now().AddDate(1, 0, 0),
2017-04-15 02:48:24 +00:00
})
}
func (d *Dispatch) serveFile(w http.ResponseWriter, r *http.Request, file *File) {
2018-12-17 13:41:24 +00:00
w.Header().Set("Cache-Control", file.CacheControl)
2016-02-03 01:22:45 +00:00
w.Header().Set("Content-Type", file.ContentType)
2015-05-15 23:18:52 +00:00
if file.Compressed && strings.Contains(r.Header.Get("Accept-Encoding"), "br") {
w.Header().Set("Content-Encoding", "br")
2018-12-17 13:41:24 +00:00
w.Header().Set("Content-Length", file.Length)
w.Write(file.Data)
} else if file.Compressed && strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
w.Header().Set("Content-Encoding", "gzip")
2018-12-17 13:41:24 +00:00
w.Header().Set("Content-Length", file.GzipLength)
w.Write(file.GzipData)
2017-04-14 02:33:44 +00:00
} else if !file.Compressed {
2018-12-17 13:41:24 +00:00
w.Header().Set("Content-Length", file.Length)
w.Write(file.Data)
2015-05-15 23:18:52 +00:00
} else {
2018-12-17 13:41:24 +00:00
serveDecompressed(w, file.GzipData)
}
}
func serveDecompressed(w http.ResponseWriter, asset []byte) {
gzr, err := gzip.NewReader(bytes.NewReader(asset))
buf, err := ioutil.ReadAll(gzr)
if err != nil {
http.Error(w, "", http.StatusInternalServerError)
return
}
2015-05-15 23:18:52 +00:00
2018-12-17 13:41:24 +00:00
w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
w.Write(buf)
}
func fatalErr(err error) {
if err != nil {
log.Fatal(err)
2015-05-15 23:18:52 +00:00
}
}