nercone-dev/website
1
0
Fork 0
Code Issues Pull Requests Actions Activity

--

Browse Source
This commit is contained in:
nercone
2026-03-31 01:15:38 +09:00
parent 048b28cfbb
commit fffa19679e
2 changed files with 58 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pyproject.toml
View File

@@ -10,6 +10,7 @@ dependencies = [
"psutil",
"httpx",
"websockets",
"markitdown",
"fastapi",
"jinja2",
"uvicorn[standard]"

105
src/nercone_website/server.py
View File

@@ -1,7 +1,7 @@
import json
import random
from pathlib import Path
from zoneinfo import ZoneInfo
from markitdown import MarkItDown
from datetime import datetime, timezone
from fastapi import FastAPI, Request, Response
from fastapi.templating import Jinja2Templates
@@ -14,15 +14,12 @@ from .middleware import Middleware, server_version, onion_hostname
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None)
app.add_middleware(Middleware)
templates = Jinja2Templates(directory=Path.cwd().joinpath("public"))
markitdown = MarkItDown()
accesscounter = AccessCounter()
templates.env.globals["get_access_count"] = accesscounter.get
templates.env.globals["server_version"] = server_version
templates.env.globals["onion_site_url"] = f"http://{onion_hostname}/"
def get_current_year() -> str:
return str(datetime.now(ZoneInfo("Asia/Tokyo")).year)
templates.env.globals["get_current_year"] = get_current_year
def get_daily_quote() -> str:
seed = str(datetime.now(timezone.utc).date())
with Path.cwd().joinpath("public", "quotes.txt").open("r") as f:
@@ -30,6 +27,27 @@ def get_daily_quote() -> str:
return random.Random(seed).choice(quotes)
templates.env.globals["get_daily_quote"] = get_daily_quote
def resolve_static_file(full_path: str) -> Path | None:
base_dir = Path.cwd().joinpath("public")
target_path = (base_dir / full_path.lstrip('/')).resolve()
if not str(target_path).startswith(str(base_dir.resolve())):
raise PermissionError()
return target_path if target_path.is_file() else None
def resolve_shorturl(shorturls: dict, full_path: str) -> str | None:
current_id = full_path.strip().rstrip("/")
visited = set()
for _ in range(10):
if current_id in visited or current_id not in shorturls:
return None
visited.add(current_id)
entry = shorturls[current_id]
if entry["type"] in ["redirect", "alias"]:
if entry["type"] == "redirect":
return entry["content"]
current_id = entry["content"]
return None
@app.api_route("/ping", methods=["GET"])
async def ping(request: Request):
return PlainTextResponse("pong!", status_code=200)
@@ -75,52 +93,41 @@ async def fake_error_page(request: Request, code: str):
@app.api_route("/{full_path:path}", methods=["GET", "POST", "HEAD"])
async def default_response(request: Request, full_path: str) -> Response:
if not full_path.endswith(".html"):
base_dir = Path.cwd().joinpath("public")
safe_full_path = full_path.lstrip('/')
target_path = (base_dir / safe_full_path).resolve()
if not str(target_path).startswith(str(base_dir.resolve())):
return error_page(templates=templates, request=request, status_code=403, message="ディレクトリトラバーサルね、知ってる。公開してないところ覗きたいのえっt")
if target_path.exists() and target_path.is_file():
return FileResponse(target_path)
templates_to_try = []
if full_path == "" or full_path == "/":
templates_to_try.append("index.html")
elif full_path.endswith(".html"):
templates_to_try.append(full_path.lstrip('/'))
else:
clean_path = full_path.strip('/')
templates_to_try.append(f"{clean_path}.html")
templates_to_try.append(f"{clean_path}/index.html")
for template_name in templates_to_try:
try:
response = templates.TemplateResponse(status_code=200, request=request, name=template_name)
accesscounter.increase()
return response
if static := resolve_static_file(full_path):
return FileResponse(static)
except PermissionError:
return error_page(templates, request, 403, "ディレクトリトラバーサルね、知ってる。公開してないところ覗きたいのえっt")
if full_path in ["", "/"]:
template_candidates = ["index.html"]
elif full_path.endswith(".html"):
template_candidates = [full_path.lstrip('/')]
else:
template_candidates = [f"{full_path.strip('/')}.html", f"{full_path.strip('/')}/index.html"]
for name in template_candidates:
try:
if "curl" in request.headers.get("user-agent", "").lower():
content = templates.env.get_template(name).render(request=request)
accesscounter.increase()
return PlainTextResponse(markitdown.convert(content).text_content, status_code=200)
else:
response = templates.TemplateResponse(status_code=200, request=request, name=name)
accesscounter.increase()
return response
except TemplateNotFound:
continue
shorturls_json = Path.cwd().joinpath("public", "shorturls.json")
if not shorturls_json.exists():
return error_page(templates=templates, request=request, status_code=500, message="設定ファイルぐらい用意しておけよ!")
try:
with shorturls_json.open("r", encoding="utf-8") as f:
shorturls = json.load(f)
path = Path.cwd().joinpath("public", "shorturls.json")
if not path.exists():
return error_page(templates, request, 500, "設定ファイルぐらい用意しておけよ!")
shorturls = json.load(path.open("r", encoding="utf-8"))
except Exception:
return error_page(templates=templates, request=request, status_code=500, message="なにこの設定ファイル読めないじゃない!")
current_id = full_path.strip().rstrip("/")
visited = set()
for _ in range(10):
if current_id in visited:
return error_page(templates=templates, request=request, status_code=500, message="循環依存ってなんかちょっとえっt")
visited.add(current_id)
if current_id not in shorturls:
break
entry = shorturls[current_id]
entry_type = entry.get("type")
content = entry.get("content")
if entry_type == "redirect":
return RedirectResponse(url=content)
elif entry_type == "alias":
current_id = content
else:
break
return error_page(templates=templates, request=request, status_code=404, message="そんなページ知らないっ!")
return error_page(templates, request, 500, "なにこの設定ファイル読めないじゃない!")
if result := resolve_shorturl(shorturls, full_path):
return RedirectResponse(url=result)
return error_page(templates, request, 404, "そんなページ知らないっ!")