From 160de9fbdac41580b9cba88061bfaf1b3324d5a8 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 23 Jan 2022 21:17:20 +0800 Subject: Fix mime-type detection for HTTP server (#18371) --- modules/public/dynamic.go | 24 ----------- modules/public/mime_types.go | 41 ++++++++++++++++++ modules/public/public.go | 11 +++++ modules/public/serve_dynamic.go | 24 +++++++++++ modules/public/serve_static.go | 82 ++++++++++++++++++++++++++++++++++++ modules/public/static.go | 93 ----------------------------------------- 6 files changed, 158 insertions(+), 117 deletions(-) delete mode 100644 modules/public/dynamic.go create mode 100644 modules/public/mime_types.go create mode 100644 modules/public/serve_dynamic.go create mode 100644 modules/public/serve_static.go delete mode 100644 modules/public/static.go (limited to 'modules') diff --git a/modules/public/dynamic.go b/modules/public/dynamic.go deleted file mode 100644 index 955c01e510..0000000000 --- a/modules/public/dynamic.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2016 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -//go:build !bindata -// +build !bindata - -package public - -import ( - "io" - "net/http" - "os" - "time" -) - -func fileSystem(dir string) http.FileSystem { - return http.Dir(dir) -} - -// serveContent serve http content -func serveContent(w http.ResponseWriter, req *http.Request, fi os.FileInfo, modtime time.Time, content io.ReadSeeker) { - http.ServeContent(w, req, fi.Name(), modtime, content) -} diff --git a/modules/public/mime_types.go b/modules/public/mime_types.go new file mode 100644 index 0000000000..f8c92e824f --- /dev/null +++ b/modules/public/mime_types.go @@ -0,0 +1,41 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package public + +import "strings" + +// wellKnownMimeTypesLower comes from Golang's builtin mime package: `builtinTypesLower`, see the comment of detectWellKnownMimeType +var wellKnownMimeTypesLower = map[string]string{ + ".avif": "image/avif", + ".css": "text/css; charset=utf-8", + ".gif": "image/gif", + ".htm": "text/html; charset=utf-8", + ".html": "text/html; charset=utf-8", + ".jpeg": "image/jpeg", + ".jpg": "image/jpeg", + ".js": "text/javascript; charset=utf-8", + ".json": "application/json", + ".mjs": "text/javascript; charset=utf-8", + ".pdf": "application/pdf", + ".png": "image/png", + ".svg": "image/svg+xml", + ".wasm": "application/wasm", + ".webp": "image/webp", + ".xml": "text/xml; charset=utf-8", + + // well, there are some types missing from the builtin list + ".txt": "text/plain; charset=utf-8", +} + +// detectWellKnownMimeType will return the mime-type for a well-known file ext name +// The purpose of this function is to bypass the unstable behavior of Golang's mime.TypeByExtension +// mime.TypeByExtension would use OS's mime-type config to overwrite the well-known types (see its document). +// If the user's OS has incorrect mime-type config, it would make Gitea can not respond a correct Content-Type to browsers. +// For example, if Gitea returns `text/plain` for a `.js` file, the browser couldn't run the JS due to security reasons. +// detectWellKnownMimeType makes the Content-Type for well-known files stable. +func detectWellKnownMimeType(ext string) string { + ext = strings.ToLower(ext) + return wellKnownMimeTypesLower[ext] +} diff --git a/modules/public/public.go b/modules/public/public.go index a58709d86f..6dd9b54e64 100644 --- a/modules/public/public.go +++ b/modules/public/public.go @@ -95,6 +95,15 @@ func parseAcceptEncoding(val string) map[string]bool { return types } +// setWellKnownContentType will set the Content-Type if the file is a well-known type. +// See the comments of detectWellKnownMimeType +func setWellKnownContentType(w http.ResponseWriter, file string) { + mimeType := detectWellKnownMimeType(filepath.Ext(file)) + if mimeType != "" { + w.Header().Set("Content-Type", mimeType) + } +} + func (opts *Options) handle(w http.ResponseWriter, req *http.Request, fs http.FileSystem, file string) bool { // use clean to keep the file is a valid path with no . or .. f, err := fs.Open(path.Clean(file)) @@ -125,6 +134,8 @@ func (opts *Options) handle(w http.ResponseWriter, req *http.Request, fs http.Fi return true } + setWellKnownContentType(w, file) + serveContent(w, req, fi, fi.ModTime(), f) return true } diff --git a/modules/public/serve_dynamic.go b/modules/public/serve_dynamic.go new file mode 100644 index 0000000000..955c01e510 --- /dev/null +++ b/modules/public/serve_dynamic.go @@ -0,0 +1,24 @@ +// Copyright 2016 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +//go:build !bindata +// +build !bindata + +package public + +import ( + "io" + "net/http" + "os" + "time" +) + +func fileSystem(dir string) http.FileSystem { + return http.Dir(dir) +} + +// serveContent serve http content +func serveContent(w http.ResponseWriter, req *http.Request, fi os.FileInfo, modtime time.Time, content io.ReadSeeker) { + http.ServeContent(w, req, fi.Name(), modtime, content) +} diff --git a/modules/public/serve_static.go b/modules/public/serve_static.go new file mode 100644 index 0000000000..28975ec6c3 --- /dev/null +++ b/modules/public/serve_static.go @@ -0,0 +1,82 @@ +// Copyright 2016 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +//go:build bindata +// +build bindata + +package public + +import ( + "bytes" + "io" + "net/http" + "os" + "path/filepath" + "time" + + "code.gitea.io/gitea/modules/timeutil" +) + +// GlobalModTime provide a global mod time for embedded asset files +func GlobalModTime(filename string) time.Time { + return timeutil.GetExecutableModTime() +} + +func fileSystem(dir string) http.FileSystem { + return Assets +} + +func Asset(name string) ([]byte, error) { + f, err := Assets.Open("/" + name) + if err != nil { + return nil, err + } + defer f.Close() + return io.ReadAll(f) +} + +func AssetNames() []string { + realFS := Assets.(vfsgen۰FS) + var results = make([]string, 0, len(realFS)) + for k := range realFS { + results = append(results, k[1:]) + } + return results +} + +func AssetIsDir(name string) (bool, error) { + if f, err := Assets.Open("/" + name); err != nil { + return false, err + } else { + defer f.Close() + if fi, err := f.Stat(); err != nil { + return false, err + } else { + return fi.IsDir(), nil + } + } +} + +// serveContent serve http content +func serveContent(w http.ResponseWriter, req *http.Request, fi os.FileInfo, modtime time.Time, content io.ReadSeeker) { + encodings := parseAcceptEncoding(req.Header.Get("Accept-Encoding")) + if encodings["gzip"] { + if cf, ok := fi.(*vfsgen۰CompressedFileInfo); ok { + rdGzip := bytes.NewReader(cf.GzipBytes()) + // all static files are managed by Gitea, so we can make sure every file has the correct ext name + // then we can get the correct Content-Type, we do not need to do http.DetectContentType on the decompressed data + mimeType := detectWellKnownMimeType(filepath.Ext(fi.Name())) + if mimeType == "" { + mimeType = "application/octet-stream" + } + w.Header().Set("Content-Type", mimeType) + w.Header().Set("Content-Encoding", "gzip") + http.ServeContent(w, req, fi.Name(), modtime, rdGzip) + return + } + } + + http.ServeContent(w, req, fi.Name(), modtime, content) + return +} diff --git a/modules/public/static.go b/modules/public/static.go deleted file mode 100644 index a81efacfa4..0000000000 --- a/modules/public/static.go +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2016 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -//go:build bindata -// +build bindata - -package public - -import ( - "bytes" - "compress/gzip" - "io" - "mime" - "net/http" - "os" - "path/filepath" - "time" - - "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/timeutil" -) - -// GlobalModTime provide a global mod time for embedded asset files -func GlobalModTime(filename string) time.Time { - return timeutil.GetExecutableModTime() -} - -func fileSystem(dir string) http.FileSystem { - return Assets -} - -func Asset(name string) ([]byte, error) { - f, err := Assets.Open("/" + name) - if err != nil { - return nil, err - } - defer f.Close() - return io.ReadAll(f) -} - -func AssetNames() []string { - realFS := Assets.(vfsgen۰FS) - var results = make([]string, 0, len(realFS)) - for k := range realFS { - results = append(results, k[1:]) - } - return results -} - -func AssetIsDir(name string) (bool, error) { - if f, err := Assets.Open("/" + name); err != nil { - return false, err - } else { - defer f.Close() - if fi, err := f.Stat(); err != nil { - return false, err - } else { - return fi.IsDir(), nil - } - } -} - -// serveContent serve http content -func serveContent(w http.ResponseWriter, req *http.Request, fi os.FileInfo, modtime time.Time, content io.ReadSeeker) { - encodings := parseAcceptEncoding(req.Header.Get("Accept-Encoding")) - if encodings["gzip"] { - if cf, ok := fi.(*vfsgen۰CompressedFileInfo); ok { - rd := bytes.NewReader(cf.GzipBytes()) - w.Header().Set("Content-Encoding", "gzip") - ctype := mime.TypeByExtension(filepath.Ext(fi.Name())) - if ctype == "" { - // read a chunk to decide between utf-8 text and binary - var buf [512]byte - grd, _ := gzip.NewReader(rd) - n, _ := io.ReadFull(grd, buf[:]) - ctype = http.DetectContentType(buf[:n]) - _, err := rd.Seek(0, io.SeekStart) // rewind to output whole file - if err != nil { - log.Error("rd.Seek error: %v", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - w.Header().Set("Content-Type", ctype) - http.ServeContent(w, req, fi.Name(), modtime, rd) - return - } - } - - http.ServeContent(w, req, fi.Name(), modtime, content) - return -} -- cgit v1.2.3