diff options
author | Rob Watson <rob@mixlr.com> | 2018-01-03 23:02:46 +0300 |
---|---|---|
committer | Rob Watson <rob@mixlr.com> | 2018-03-06 21:06:11 +0300 |
commit | 00b6c5f315ac00e9da8a6de99c50b064e9f87872 (patch) | |
tree | 000051186e3a2e820a25b9e4b3157ba83d9af13f /app.go | |
parent | a638665f6c6eacd6aad74c855f0f6441c09ca029 (diff) |
Implement HTTPS-only pages
- Check `config.json` for `httpsonly` attribute
- Store value against custom domain or group/project pair
- Respond with 301 redirect to HTTP requests to these domains/projects
Re: https://gitlab.com/gitlab-org/gitlab-ce/issues/28857
Diffstat (limited to 'app.go')
-rw-r--r-- | app.go | 72 |
1 files changed, 47 insertions, 25 deletions
@@ -66,49 +66,71 @@ func (a *theApp) healthCheck(w http.ResponseWriter, r *http.Request, https bool) } } -func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https bool) { - w := newLoggingResponseWriter(ww) - defer w.Log(r) +func (a *theApp) redirectToHTTPS(w http.ResponseWriter, r *http.Request, statusCode int) { + u := *r.URL + u.Scheme = "https" + u.Host = r.Host + u.User = nil - metrics.SessionsActive.Inc() - defer metrics.SessionsActive.Dec() + http.Redirect(w, r, u.String(), statusCode) +} +func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain) { + host, _, err := net.SplitHostPort(r.Host) + if err != nil { + host = r.Host + } + + return host, a.domain(host) +} + +func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, https bool, host string, domain *domain) bool { // short circuit content serving to check for a status page if r.RequestURI == a.appConfig.StatusPath { - a.healthCheck(&w, r, https) - return + a.healthCheck(w, r, https) + return true } // Add auto redirect if !https && a.RedirectHTTP { - u := *r.URL - u.Scheme = "https" - u.Host = r.Host - u.User = nil - - http.Redirect(&w, r, u.String(), 307) - return - } - - host, _, err := net.SplitHostPort(r.Host) - if err != nil { - host = r.Host + a.redirectToHTTPS(w, r, http.StatusTemporaryRedirect) + return true } // In the event a host is prefixed with the artifact prefix an artifact // value is created, and an attempt to proxy the request is made - if a.Artifact.TryMakeRequest(host, &w, r) { - return + if a.Artifact.TryMakeRequest(host, w, r) { + return true } if !a.isReady() { - httperrors.Serve503(&w) - return + httperrors.Serve503(w) + return true } - domain := a.domain(host) if domain == nil { - httperrors.Serve404(&w) + httperrors.Serve404(w) + return true + } + + if !https && domain.isHTTPSOnly(r) { + a.redirectToHTTPS(w, r, http.StatusMovedPermanently) + return true + } + + return false +} + +func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https bool) { + w := newLoggingResponseWriter(ww) + defer w.Log(r) + + metrics.SessionsActive.Inc() + defer metrics.SessionsActive.Dec() + + host, domain := a.getHostAndDomain(r) + + if a.tryAuxiliaryHandlers(&w, r, https, host, domain) { return } |