Add static HTTP file server for /.well-known/ endpoint #25892
Conversation
GiteaBot
added
the
lgtm/need 2
alex19srv
changed the title
denyskon
added
the
type/feature
|
Could we have a test for it? |
I want to add tests, when I will add /.well-known/security.txt. Currently I can only test, if https://gitea/.well-known/ will return 404 status code (do not make directory list). Or which tests do You want to see? I thought and did not found which tests to implement an this stage. |
routers/web/web.go
Outdated
| @@ -349,6 +349,12 @@ func registerRoutes(m *web.Route) { | |||
| m.Get("/change-password", func(ctx *context.Context) { | |||
| ctx.Redirect(setting.AppSubURL + "/user/settings/account") | |||
| }) | |||
| wellKnownDir := wellKnownWebDir() | |||
| m.Get("/*", func(ctx *context.Context) { | |||
There was a problem hiding this comment.
I don't think this is right. Why not use m.Get("/.well-know/*",
There was a problem hiding this comment.
This code inside group m.Group("/.well-known", func() { and my code works (I checked). All endpoints related to "/.well-known" is inside that group.
There was a problem hiding this comment.
Moved m.Get("/.well-known/*", func(ctx *context.Context) { out of Group.
|
Some thoughts:
|
|
This feature is useful IMO, eg: https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445 I will try to propose a new PR for it. The first step: Move public asset files to the proper directory #25907 |
Move `public/*` to `public/assets/*` Some old PRs (like #15219) introduced inconsistent directory system. For example: why the local directory "public" is accessed by `http://site/assets`? How to serve the ".well-known" files properly in the public directory? For convention rules, the "public" directory is widely used for the website's root directory. It shouldn't be an exception for Gitea. So, this PR makes the things consistent: * `http://site/assets/foo` means `{CustomPath}/public/assets/foo`. * `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt` can be used in the future. This PR is also a prerequisite for a clear solution for: * #21942 * #25892 * discourse.gitea.io: [.well-known path serving custom files behind proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1) This PR is breaking for users who have custom "public" files (CSS/JS). After getting approvals, I will update the documents. ---- ##⚠️ BREAKING⚠️ If you have files in your "custom/public/" folder, please move them to "custom/public/assets/". --------- Co-authored-by: 6543 <[email protected]> Co-authored-by: Giteabot <[email protected]>
|
-> Add "security.txt" support, add CORS header for ".well-known" #25974 |
…der for ".well-known" (#25974) Replace #25892 Close #21942 Close #25464 Major changes: 1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path * All files in "public/.well-known" can be served, just like "public/assets" 3. Add a test for ".well-known/security.txt" 4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler 5. Add CORS header for ".well-known" endpoints 6. Add logs to tell users they should move some of their legacy custom public files ``` 2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img 2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt ``` This PR is not breaking. --------- Co-authored-by: silverwind <[email protected]> Co-authored-by: Giteabot <[email protected]>
|
This is meta, but you should seriously start providing some sort of method for people that are intending to contribute seriously and want to discuss design ideas and plans in a way that isn't a real-time platform. There are indeed too many issues but some sort of an explicitly defined "lifeline" to a contributor has to somehow continue existing. |
I'm not sure what this means? Anyone is welcome to discuss ideas in an issue, Discord, Matrix, Discourse, etc. |
|
Some people just don't want to discuss. There is a discord channel And some tasks are too difficult for new contributors. I have done my best to help them (many discussions were done by discord develop channel or private message) |
Issues are big and messy and there is an implicit expectation from the perspective of a new contributor that doesn't want to bother: Developers can't be possibly monitoring a thousand issues (which are arguably a very good place for drive-by contributors), even if notifications exist.
I'm not accusing you of not trying to help and not trying to help onboard new users (I apologize if I gave off that impression), I'm saying that it would be best to bridge the gap between wanting to work on an issue and reaching out to people. If you are reachable in an issue tracker, it might be best to not let that be an unwritten rule. |
First commit to implement /.well-known/security.txt endpoint (as discussed in #21942)