add support for protocol specific CGI environments
Signed-off-by: kim (grufwub) <grufwub@gmail.com> Former-commit-id: 3a465a080010d59e4679f7cbbc128c71d4f7b993development
parent
30bf8d5b80
commit
4066ff11f9
@ -0,0 +1,65 @@
|
||||
package gemini
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"gophi/core"
|
||||
)
|
||||
|
||||
// Mapped to tls.Version__ where:
|
||||
// value - 0x300 = index
|
||||
var tlsVersionStrings = []string{
|
||||
"",
|
||||
"TLSv1.0",
|
||||
"TLSv1.1",
|
||||
"TLSv1.2",
|
||||
"TLSv1.3",
|
||||
}
|
||||
|
||||
func certSha256Hash(cert *x509.Certificate) string {
|
||||
checksum := sha256.Sum256(cert.Raw)
|
||||
return hex.EncodeToString(checksum[:])
|
||||
}
|
||||
|
||||
func appendCgiEnv(client *core.Client, request *core.Request, env []string) []string {
|
||||
// Build and append the full gemini url
|
||||
env = append(env, "GEMINI_URL=gemini://"+core.Hostname+":"+core.Port+request.Path().Selector())
|
||||
|
||||
// Cast client underlying net.Conn as tls.Conn
|
||||
tlsConn := client.Conn().Conn().(*tls.Conn)
|
||||
state := tlsConn.ConnectionState()
|
||||
|
||||
// Append TLS env vars
|
||||
env = append(env, "TLS_CIPHER="+tls.CipherSuiteName(state.CipherSuite))
|
||||
env = append(env, "TLS_VERSION="+tlsVersionStrings[state.Version-0x300])
|
||||
|
||||
// Append TLS client cert vars (if present!)
|
||||
clientCerts := state.PeerCertificates
|
||||
if len(clientCerts) > 0 {
|
||||
// Only use first if multiple client
|
||||
// certs available
|
||||
cert := clientCerts[0]
|
||||
|
||||
// Verify client cert
|
||||
var isAuthorized string
|
||||
_, err := cert.Verify(x509.VerifyOptions{})
|
||||
if err != nil {
|
||||
isAuthorized = "0"
|
||||
} else {
|
||||
isAuthorized = "1"
|
||||
}
|
||||
|
||||
// Set user cert environment vars
|
||||
env = append(env, "AUTH_TYPE=CERTIFICATE")
|
||||
env = append(env, "REMOTE_USER="+cert.Subject.CommonName)
|
||||
env = append(env, "TLS_CLIENT_HASH="+certSha256Hash(cert))
|
||||
env = append(env, "TLS_CLIENT_NOT_BEFORE="+cert.NotBefore.String())
|
||||
env = append(env, "TLS_CLIENT_NOT_AFTER="+cert.NotAfter.String())
|
||||
env = append(env, "TLS_CLIENT_SERIAL_NUMBER="+cert.SerialNumber.String())
|
||||
env = append(env, "TLS_CLIENT_AUTHORISED="+isAuthorized)
|
||||
}
|
||||
|
||||
return env
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
package gopher
|
||||
|
||||
import (
|
||||
"gophi/core"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
func appendCgiEnv(client *core.Client, request *core.Request, env []string) []string {
|
||||
env = append(env, "COLUMNS="+strconv.Itoa(pageWidth))
|
||||
return env
|
||||
}
|
Loading…
Reference in New Issue