htpack/handler.go

package htpack

import (
	"fmt"
	"net/http"
	"os"
	"path"
	"path/filepath"
	"strconv"
	"strings"
	"time"

	"golang.org/x/sys/unix"
	"src.lwithers.me.uk/go/htpack/packed"
)

const (
	encodingGzip   = "gzip"
	encodingBrotli = "br"
)

// New returns a new handler. Standard security headers are set.
func New(packfile string) (*Handler, error) {
	f, err := os.Open(packfile)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	fi, err := f.Stat()
	if err != nil {
		return nil, err
	}
	mapped, err := unix.Mmap(int(f.Fd()), 0, int(fi.Size()),
		unix.PROT_READ, unix.MAP_SHARED)
	if err != nil {
		return nil, err
	}

	_, dir, err := packed.Load(f)
	if err != nil {
		unix.Munmap(mapped)
		return nil, err
	}

	h := &Handler{
		mapped:    mapped,
		dir:       dir.Files,
		headers:   make(map[string]string),
		startTime: time.Now(),
	}

	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
	h.SetHeader("X-Frame-Options", "SAMEORIGIN")

	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
	h.SetHeader("X-Content-Type-Options", "nosniff")

	return h, nil
}

// Handler implements http.Handler and allows options to be set.
type Handler struct {
	mapped    []byte
	dir       map[string]*packed.File
	headers   map[string]string
	startTime time.Time
	notFound  *packed.File
}

// SetHeader allows a custom header to be set on HTTP responses. These are
// always emitted by ServeHTTP, whether the response status is success or
// otherwise. Note that you can override the standard security headers
// (X-Frame-Options and X-Content-Type-Options) using this function. You can
// remove previously-set headers altogether by passing an empty string for
// value.
func (h *Handler) SetHeader(key, value string) {
	if value == "" {
		delete(h.headers, key)
	} else {
		h.headers[key] = value
	}
}

// SetIndex allows setting an index.html (or equivalent) that can be used to
// serve requests landing at a directory. For instance, if a file named
// "/foo/index.html" exists, and this function is called with "index.html",
// then a route will be registered to serve the contents of this file at
// "/foo". Noting that the ServeHTTP handler discards a trailing "/" on non
// root URLs, this means that it will serve equivalent content for requests
// to "/foo/index.html", "/foo/" and "/foo".
//
// Existing routes are not overwritten, and this function could be called
// multiple times with different filenames (noting later calls would not
// overwrite files matching earlier calls).
func (h *Handler) SetIndex(filename string) {
	for k, v := range h.dir {
		if filepath.Base(k) == filename {
			routeToAdd := filepath.Dir(k)
			if _, exists := h.dir[routeToAdd]; !exists {
				h.dir[routeToAdd] = v
			}
		}
	}
}

// SetNotFound allows overriding the returned resource when a request is made
// for a resource that does not exist. The default behaviour would be to return
// a standard HTTP 404 Not Found response; calling this function with an empty
// string will restore that behaviour.
//
// This function will return an error if the named resource is not present in
// the packfile.
func (h *Handler) SetNotFound(notFound string) error {
	if notFound == "" {
		h.notFound = nil
		return nil
	}

	notFound = path.Clean(notFound)
	dir := h.dir[path.Clean(notFound)]
	if dir == nil {
		return fmt.Errorf("no such resource %q", notFound)
	}
	h.notFound = dir
	return nil
}

// ServeHTTP handles requests for files. It supports GET and HEAD methods, with
// anything else returning a 405. Exact path matches are required, else a 404 is
// returned.
func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
	// set custom headers before any processing; ensures these are set even
	// on error responses
	for hkey, hval := range h.headers {
		w.Header().Set(hkey, hval)
	}

	switch req.Method {
	case "HEAD", "GET":
		// OK
	default:
		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
		return
	}

	info := h.dir[path.Clean(req.URL.Path)]
	if info == nil {
		if h.notFound == nil {
			http.NotFound(w, req)
			return
		}
		info = h.notFound
	}

	// set standard headers
	w.Header().Set("Vary", "Accept-Encoding")
	w.Header().Set("Etag", info.Etag)
	w.Header().Set("Content-Type", info.ContentType)
	w.Header().Set("Accept-Ranges", "bytes")

	// process etag / modtime
	if clientHasCachedVersion(info.Etag, h.startTime, req) {
		w.WriteHeader(http.StatusNotModified)
		return
	}

	// select compression
	data := info.Uncompressed
	gzip, brotli := acceptedEncodings(req)
	if brotli && info.Brotli != nil {
		data = info.Brotli
		w.Header().Set("Content-Encoding", encodingBrotli)
	} else if gzip && info.Gzip != nil {
		data = info.Gzip
		w.Header().Set("Content-Encoding", encodingGzip)
	}

	// range support (single-part ranges only)
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests#Single_part_ranges
	offset, length, isPartial := getFileRange(data, req)
	if isPartial {
		w.Header().Set("Content-Range", fmt.Sprintf("bytes %d-%d/%d",
			offset, offset+length-1, data.Length))
	}

	// now we know exactly what we're writing, finalise HTTP header
	w.Header().Set("Content-Length", strconv.FormatUint(length, 10))
	if isPartial {
		w.WriteHeader(http.StatusPartialContent)
	} else {
		w.WriteHeader(http.StatusOK)
	}

	// send body (though not for HEAD)
	if req.Method == "HEAD" {
		return
	}

	offset += data.Offset
	w.Write(h.mapped[offset : offset+length])
}

func acceptedEncodings(req *http.Request) (gzip, brotli bool) {
	encodings := req.Header.Get("Accept-Encoding")
	for _, enc := range strings.Split(encodings, ",") {
		switch strings.TrimSpace(enc) {
		case encodingGzip:
			gzip = true
		case encodingBrotli:
			brotli = true
		}
	}
	return
}

// clientHasCachedVersion returns true if the client has a cached version of
// the resource. We'll check the etags presented by the client, but if etags
// are not present then we'll check the if-modified-since date.
func clientHasCachedVersion(etag string, startTime time.Time, req *http.Request,
) bool {
	checkEtags := req.Header.Get("If-None-Match")
	for _, check := range strings.Split(checkEtags, ",") {
		if etag == strings.TrimSpace(check) {
			// client knows the etag, so it has this version of the
			// resource cached already
			return true
		}
	}

	// if the client presented etags at all, we use that as our definitive
	// answer
	if _, sawEtags := req.Header["If-None-Match"]; sawEtags {
		return false
	}

	// check the timestamp the client last grabbed the resource
	cachedTime, err := http.ParseTime(req.Header.Get("If-Modified-Since"))
	if err != nil {
		return false
	}
	return cachedTime.After(startTime)
}

// getFileRange returns the byte offset and length of the file to serve, along
// with whether or not it's partial content.
func getFileRange(data *packed.FileData, req *http.Request) (offset, length uint64, isPartial bool) {
	length = data.Length

	// only accept "Range: bytes=…"
	r := req.Header.Get("Range")
	if !strings.HasPrefix(r, "bytes=") {
		return
	}
	r = strings.TrimPrefix(r, "bytes=")

	// only accept a single range, "from-to", mapping to interval [from,to]
	pos := strings.IndexByte(r, '-')
	if pos == -1 {
		return
	}
	sfrom, sto := r[:pos], r[pos+1:]
	from, err := strconv.ParseUint(sfrom, 10, 64)
	if err != nil {
		return
	}
	to, err := strconv.ParseUint(sto, 10, 64)
	if err != nil {
		return
	}

	// validate the interval lies within the file
	switch {
	case from > to,
		from >= data.Length,
		to >= data.Length:
		return
	}

	// all good
	offset = from
	length = to - from + 1
	isPartial = true
	return
}