diff options
author | Nick Thomas <nick@gitlab.com> | 2018-03-07 17:42:09 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-03-07 17:42:09 +0300 |
commit | 89501363417d9c0a9744a9342e292d7a2b5a589d (patch) | |
tree | 1e66a8c61e9cd97933977142ec6ec8005fc29645 /app.go | |
parent | 1ae4901c7ea49c4eec8cc26d68ad85c5c8719454 (diff) | |
parent | 00b6c5f315ac00e9da8a6de99c50b064e9f87872 (diff) |
Merge branch 'https_only' into 'master'
HTTPS-only pages
See merge request gitlab-org/gitlab-pages!50
Diffstat (limited to 'app.go')
-rw-r--r-- | app.go | 72 |
1 files changed, 47 insertions, 25 deletions
@@ -67,49 +67,71 @@ func (a *theApp) healthCheck(w http.ResponseWriter, r *http.Request, https bool) } } -func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https bool) { - w := newLoggingResponseWriter(ww) - defer w.Log(r) +func (a *theApp) redirectToHTTPS(w http.ResponseWriter, r *http.Request, statusCode int) { + u := *r.URL + u.Scheme = "https" + u.Host = r.Host + u.User = nil - metrics.SessionsActive.Inc() - defer metrics.SessionsActive.Dec() + http.Redirect(w, r, u.String(), statusCode) +} +func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain) { + host, _, err := net.SplitHostPort(r.Host) + if err != nil { + host = r.Host + } + + return host, a.domain(host) +} + +func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, https bool, host string, domain *domain) bool { // short circuit content serving to check for a status page if r.RequestURI == a.appConfig.StatusPath { - a.healthCheck(&w, r, https) - return + a.healthCheck(w, r, https) + return true } // Add auto redirect if !https && a.RedirectHTTP { - u := *r.URL - u.Scheme = "https" - u.Host = r.Host - u.User = nil - - http.Redirect(&w, r, u.String(), 307) - return - } - - host, _, err := net.SplitHostPort(r.Host) - if err != nil { - host = r.Host + a.redirectToHTTPS(w, r, http.StatusTemporaryRedirect) + return true } // In the event a host is prefixed with the artifact prefix an artifact // value is created, and an attempt to proxy the request is made - if a.Artifact.TryMakeRequest(host, &w, r) { - return + if a.Artifact.TryMakeRequest(host, w, r) { + return true } if !a.isReady() { - httperrors.Serve503(&w) - return + httperrors.Serve503(w) + return true } - domain := a.domain(host) if domain == nil { - httperrors.Serve404(&w) + httperrors.Serve404(w) + return true + } + + if !https && domain.isHTTPSOnly(r) { + a.redirectToHTTPS(w, r, http.StatusMovedPermanently) + return true + } + + return false +} + +func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https bool) { + w := newLoggingResponseWriter(ww) + defer w.Log(r) + + metrics.SessionsActive.Inc() + defer metrics.SessionsActive.Dec() + + host, domain := a.getHostAndDomain(r) + + if a.tryAuxiliaryHandlers(&w, r, https, host, domain) { return } |