X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=gocheese.go;h=7a36129746ab96d1254564d69385323639531d1d;hb=902150e27fa1530823817eb3227f9100b27d9410;hp=bdb6ead659d35082a32eb7f52fb8b07ff8395ec2;hpb=bcfc26f87e27a5d749eeed3194681e8018df4c5b;p=gocheese.git diff --git a/gocheese.go b/gocheese.go index bdb6ead..7a36129 100644 --- a/gocheese.go +++ b/gocheese.go @@ -1,6 +1,7 @@ /* GoCheese -- Python private package repository and caching proxy Copyright (C) 2019 Sergey Matveev + 2019 Elena Balakhonova This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +21,7 @@ package main import ( "bytes" + "context" "crypto/sha256" "encoding/hex" "flag" @@ -27,6 +29,7 @@ import ( "io" "io/ioutil" "log" + "net" "net/http" "net/url" "os" @@ -36,6 +39,9 @@ import ( "runtime" "strings" "syscall" + "time" + + "golang.org/x/net/netutil" ) const ( @@ -60,31 +66,28 @@ along with this program. If not, see .` ) var ( + pkgPyPI = regexp.MustCompile(`^.*]*>(.+)
.*$`) + Version string = "UNKNOWN" + root = flag.String("root", "./packages", "Path to packages directory") bind = flag.String("bind", "[::]:8080", "Address to bind to") + tlsCert = flag.String("tls-cert", "", "Path to TLS X.509 certificate") + tlsKey = flag.String("tls-key", "", "Path to TLS X.509 private key") norefreshURLPath = flag.String("norefresh", "/norefresh/", "Non-refreshing URL path") refreshURLPath = flag.String("refresh", "/simple/", "Auto-refreshing URL path") pypiURL = flag.String("pypi", "https://pypi.org/simple/", "Upstream PyPI URL") passwdPath = flag.String("passwd", "passwd", "Path to file with authenticators") passwdCheck = flag.Bool("passwd-check", false, "Test the -passwd file for syntax errors and exit") fsck = flag.Bool("fsck", false, "Check integrity of all packages") + maxClients = flag.Int("maxclients", 128, "Maximal amount of simultaneous clients") version = flag.Bool("version", false, "Print version information") warranty = flag.Bool("warranty", false, "Print warranty information") - - pkgPyPI = regexp.MustCompile(`^.*]*>(.+)
.*$`) - Version string = "UNKNOWN" - - passwords map[string]Auther = make(map[string]Auther) ) -type Auther interface { - Auth(password string) bool -} - func mkdirForPkg(w http.ResponseWriter, r *http.Request, dir string) bool { path := filepath.Join(*root, dir) if _, err := os.Stat(path); os.IsNotExist(err) { - if err = os.Mkdir(path, 0700); err != nil { + if err = os.Mkdir(path, os.FileMode(0777)); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return false } @@ -145,7 +148,7 @@ func refreshDir(w http.ResponseWriter, r *http.Request, dir, filenameGet string) } defer resp.Body.Close() hasher := sha256.New() - dst, err := ioutil.TempFile(filepath.Join(*root, dir), "") + dst, err := TempFile(filepath.Join(*root, dir)) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return false @@ -180,14 +183,13 @@ func refreshDir(w http.ResponseWriter, r *http.Request, dir, filenameGet string) _, err = os.Stat(path) if err == nil { continue - } else { - if !os.IsNotExist(err) { - http.Error(w, err.Error(), http.StatusInternalServerError) - return false - } + } + if !os.IsNotExist(err) { + http.Error(w, err.Error(), http.StatusInternalServerError) + return false } log.Println(r.RemoteAddr, "pypi touch", filename) - if err = ioutil.WriteFile(path, digest, os.FileMode(0600)); err != nil { + if err = ioutil.WriteFile(path, digest, os.FileMode(0666)); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return false } @@ -313,7 +315,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { http.Error(w, err.Error(), http.StatusInternalServerError) return } - dst, err = ioutil.TempFile(dirPath, "") + dst, err = TempFile(dirPath) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -337,11 +339,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { http.Error(w, err.Error(), http.StatusInternalServerError) return } - if err = ioutil.WriteFile( - path+SHA256Ext, - hasher.Sum(nil), - os.FileMode(0600), - ); err != nil { + if err = ioutil.WriteFile(path+SHA256Ext, hasher.Sum(nil), os.FileMode(0666)); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -442,17 +440,52 @@ func main() { refreshPasswd() return } + if (*tlsCert != "" && *tlsKey == "") || (*tlsCert == "" && *tlsKey != "") { + log.Fatalln("Both -tls-cert and -tls-key are required") + } refreshPasswd() log.Println("root:", *root, "bind:", *bind) + + ln, err := net.Listen("tcp", *bind) + if err != nil { + log.Fatal(err) + } + ln = netutil.LimitListener(ln, *maxClients) + server := &http.Server{ + ReadTimeout: time.Minute, + WriteTimeout: time.Minute, + } + http.HandleFunc(*norefreshURLPath, handler) + http.HandleFunc(*refreshURLPath, handler) + needsRefreshPasswd := make(chan os.Signal, 0) + needsShutdown := make(chan os.Signal, 0) + killed := make(chan error, 0) signal.Notify(needsRefreshPasswd, syscall.SIGHUP) + signal.Notify(needsShutdown, syscall.SIGTERM, syscall.SIGINT) go func() { for range needsRefreshPasswd { log.Println("Refreshing passwords") refreshPasswd() } }() - http.HandleFunc(*norefreshURLPath, handler) - http.HandleFunc(*refreshURLPath, handler) - log.Fatal(http.ListenAndServe(*bind, nil)) + go func(s *http.Server) { + <-needsShutdown + log.Println("Shutting down") + ctx, cancel := context.WithTimeout(context.TODO(), time.Minute) + killed <- s.Shutdown(ctx) + cancel() + }(server) + + if *tlsCert == "" { + err = server.Serve(ln) + } else { + err = server.ServeTLS(ln, *tlsCert, *tlsKey) + } + if err != http.ErrServerClosed { + log.Fatal(err) + } + if err := <-killed; err != nil { + log.Fatal(err) + } }