| Age | Commit message (Collapse) | Author |
|---|
|
This makes the server more compliant with what is to be expected and
prevents routes from matching when a wrong scheme is given (such as
https://).
It is not perfect yet, as abusing the route matching function for such
an important property is probably not the best. We also want to
implement other request-sanity-checks (such as port numbers being
given), which would also be better done at a different place.
However, we also don't want to prevent Cana from being used to implement
Gemini proxy servers, so a flag in GeminiServer would probably be nice
("extended URI checks").
Yet - on the completely other hand - allowing that much freedom also
means weird interactions (such as a default vhost, certificate issues,
...), so it is unclear how far we want to go.
|
|
This is already mandated by the TLS spec, but has been made explicit as
well for Gemini servers[1]:
> As per RFCs 5246 and 8446, Gemini servers MUST send a TLS
> `close_notify` prior to closing the connection after sending a
> complete response. This is essential to disambiguate completed
> responses from responses closed prematurely due to network error or
> attack.
We want to be well-behaved, therefore we now send close_notify properly
after writing a response.
You can verify this easily using [2].
[1] https://gemini.circumlunar.space/docs/specification.html
[2] https://portal.mozz.us/
|
|
1. This function used 'fail', which is rather bad - now it returns
'Either'
2. The function was still hardwired to the specific filenames of the
first prototypes.
|
|
This alleviates the need to define the server in Haskell and
re-compile the binary every time something in the configuration changes.
|
|
We can technically do vhosts with our current infrastructure of route
matching, but they should get some better support. Otherwise, we cannot
use things like SNI (server name indication) to send different
credentials depending on the virtual host.
The way it works now is basically that the server keeps a list of
installed vhosts, each with a domain that it matches and a loaded
certificate. Route matching in a vhost is still done the same old way,
but only routes for the matching vhost are considered in the first
place.
The API for runGeminiServer does not change, so the proper, vhost-using
API, will need a different function and API.
|
|
Otherwise, the server will never get a reply and instead we'll just
silently let the client timeout :-(
This change introduces the function "uncatch", which makes an error the
inner Cana computation explicit by returning the Either directly.
With the way this is written currently, we could probably get away with
using "catch" as well, along the lines of
r geminiRequest `catch` (const $ writeResponse context ...)
|
|
This is a working version that can serve pages, yay! A lot of features
still missing though, as well as proper package metadata.
|
