X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=blobdiff_plain;f=main.go;h=08c75535c1491feb8ac230f754cb37b63086e4c2;hp=cc5944ed9529319bba7c41d9173d11dd97a868e8;hb=HEAD;hpb=ff8005cd81eda18fc9b0c6950c4a25000a7dff7e

diff --git a/main.go b/main.go
index cc5944e..cdab06e 100644
--- a/main.go
+++ b/main.go
@@ -1,20 +1,18 @@
-/*
-GoCheese -- Python private package repository and caching proxy
-Copyright (C) 2019-2023 Sergey Matveev <stargrave@stargrave.org>
-              2019-2023 Elena Balakhonova <balakhonova_e@riseup.net>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// GoCheese -- Python private package repository and caching proxy
+// Copyright (C) 2019-2024 Sergey Matveev <stargrave@stargrave.org>
+//               2019-2024 Elena Balakhonova <balakhonova_e@riseup.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 // Python private package repository and caching proxy
 package main
@@ -44,7 +42,7 @@ import (
 )
 
 const (
-	Version   = "3.7.0"
+	Version   = "4.2.0"
 	UserAgent = "GoCheese/" + Version
 )
 
@@ -59,7 +57,6 @@ var (
 
 	NoRefreshURLPath = flag.String("norefresh", DefaultNoRefreshURLPath, "")
 	RefreshURLPath   = flag.String("refresh", DefaultRefreshURLPath, "")
-	GPGUpdateURLPath = flag.String("gpgupdate", DefaultGPGUpdateURLPath, "")
 	JSONURLPath      = flag.String("json", DefaultJSONURLPath, "")
 
 	PyPIURL      = flag.String("pypi", DefaultPyPIURL, "")
@@ -69,6 +66,7 @@ var (
 	PasswdPath     = flag.String("passwd", "", "")
 	PasswdListPath = flag.String("passwd-list", "", "")
 	PasswdCheck    = flag.Bool("passwd-check", false, "")
+	AuthRequired   = flag.Bool("auth-required", false, "")
 
 	LogTimestamped = flag.Bool("log-timestamped", false, "")
 	FSCK           = flag.Bool("fsck", false, "")
@@ -82,7 +80,7 @@ func servePkg(w http.ResponseWriter, r *http.Request, pkgName, filename string)
 	log.Println(r.RemoteAddr, "get", filename)
 	path := filepath.Join(Root, pkgName, filename)
 	if _, err := os.Stat(path); os.IsNotExist(err) {
-		if !refreshDir(w, r, pkgName, filename, false) {
+		if !refreshDir(w, r, pkgName, filename) {
 			return
 		}
 	}
@@ -95,16 +93,11 @@ func handler(w http.ResponseWriter, r *http.Request) {
 	case "GET":
 		var path string
 		var autorefresh bool
-		var gpgUpdate bool
 		if strings.HasPrefix(r.URL.Path, *NoRefreshURLPath) {
 			path = strings.TrimPrefix(r.URL.Path, *NoRefreshURLPath)
 		} else if strings.HasPrefix(r.URL.Path, *RefreshURLPath) {
 			path = strings.TrimPrefix(r.URL.Path, *RefreshURLPath)
 			autorefresh = true
-		} else if strings.HasPrefix(r.URL.Path, *GPGUpdateURLPath) {
-			path = strings.TrimPrefix(r.URL.Path, *GPGUpdateURLPath)
-			autorefresh = true
-			gpgUpdate = true
 		} else {
 			http.Error(w, "unknown action", http.StatusBadRequest)
 			return
@@ -118,7 +111,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
 			if parts[0] == "" {
 				listRoot(w, r)
 			} else {
-				serveListDir(w, r, parts[0], autorefresh, gpgUpdate)
+				serveListDir(w, r, parts[0], autorefresh)
 			}
 		} else {
 			servePkg(w, r, parts[0], parts[1])
@@ -157,7 +150,7 @@ func main() {
 	}
 	Root = flag.Args()[0]
 	if _, err := os.Stat(Root); err != nil {
-		log.Fatalln(err)
+		log.Fatal(err)
 	}
 
 	if *FSCK {
@@ -184,7 +177,7 @@ func main() {
 					os.FileMode(0666),
 				)
 				if err != nil {
-					log.Fatalln(err)
+					log.Fatal(err)
 				}
 				passwdReader(fd)
 				fd.Close()
@@ -200,7 +193,7 @@ func main() {
 					os.FileMode(0666),
 				)
 				if err != nil {
-					log.Fatalln(err)
+					log.Fatal(err)
 				}
 				passwdLister(fd)
 				fd.Close()
@@ -209,7 +202,7 @@ func main() {
 	}
 
 	if (*TLSCert != "" && *TLSKey == "") || (*TLSCert == "" && *TLSKey != "") {
-		log.Fatalln("Both -tls-cert and -tls-key are required")
+		log.Fatal("Both -tls-cert and -tls-key are required")
 	}
 
 	UmaskCur = syscall.Umask(0)
@@ -218,7 +211,7 @@ func main() {
 	var err error
 	PyPIURLParsed, err = url.Parse(*PyPIURL)
 	if err != nil {
-		log.Fatalln(err)
+		log.Fatal(err)
 	}
 	tlsConfig := tls.Config{
 		ClientSessionCache: tls.NewLRUClientSessionCache(16),
@@ -231,12 +224,12 @@ func main() {
 	if *PyPICertHash != "" {
 		ourDgst, err := hex.DecodeString(*PyPICertHash)
 		if err != nil {
-			log.Fatalln(err)
+			log.Fatal(err)
 		}
 		tlsConfig.VerifyConnection = func(s tls.ConnectionState) error {
 			spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
 			theirDgst := sha256.Sum256(spki)
-			if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
+			if !bytes.Equal(ourDgst, theirDgst[:]) {
 				return errors.New("certificate's SPKI digest mismatch")
 			}
 			return nil
@@ -247,14 +240,11 @@ func main() {
 		ReadTimeout:  time.Minute,
 		WriteTimeout: time.Minute,
 	}
-	http.HandleFunc("/", serveHRRoot)
-	http.HandleFunc("/hr/", serveHRPkg)
-	http.HandleFunc(*JSONURLPath, serveJSON)
-	http.HandleFunc(*NoRefreshURLPath, handler)
-	http.HandleFunc(*RefreshURLPath, handler)
-	if *GPGUpdateURLPath != "" {
-		http.HandleFunc(*GPGUpdateURLPath, handler)
-	}
+	http.HandleFunc("/", checkAuth(serveHRRoot))
+	http.HandleFunc("/hr/", checkAuth(serveHRPkg))
+	http.HandleFunc(*JSONURLPath, checkAuth(serveJSON))
+	http.HandleFunc(*NoRefreshURLPath, checkAuth(handler))
+	http.HandleFunc(*RefreshURLPath, checkAuth(handler))
 
 	if *DoUCSPI {
 		server.SetKeepAlivesEnabled(false)
@@ -262,7 +252,7 @@ func main() {
 		server.ConnState = connStater
 		err := server.Serve(ln)
 		if _, ok := err.(UCSPIAlreadyAccepted); !ok {
-			log.Fatalln(err)
+			log.Fatal(err)
 		}
 		UCSPIJob.Wait()
 		return
@@ -274,8 +264,8 @@ func main() {
 	}
 	ln = netutil.LimitListener(ln, *MaxClients)
 
-	needsShutdown := make(chan os.Signal, 0)
-	exitErr := make(chan error, 0)
+	needsShutdown := make(chan os.Signal, 1)
+	exitErr := make(chan error)
 	signal.Notify(needsShutdown, syscall.SIGTERM, syscall.SIGINT)
 	go func(s *http.Server) {
 		<-needsShutdown