above 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 73c14594eb00a337f64a37313c2105a4e2075c372b1e22e2c5a6d681d5b0a8a3
-  data.tar.gz: '093ba806cb64f9e6283d66c4273cd1355f5d5620f7f71460acc6bdc3f76961ae'
+  metadata.gz: f7e51e2b89987edc6d43589b7f0cd54c1ac4f5a7fd7e220c563ec468c85f8ea0
+  data.tar.gz: bb2b4bb89b3a3c23d4e2ba91990c65eae13ce516c69600ce166d7c122a4f1bba
 SHA512:
-  metadata.gz: 8c4a24b30c8f5fc8d99114486f678021e590924aa0e3565fe7d4d59089fafbb715724e609ef41cae089a8acd3a77f5f637ede07c8053415dd1a26c1498741be3
-  data.tar.gz: 1e10259b6b5e3c39c6bf9395903b059d91c08f77f84173308f7aeaf65b3284fc066e387abba530c0d2319c5810091fa070d96310215968fddf4d35185643751e
+  metadata.gz: 98f9509eccf23022d3d3d05e070c627e175008e4b2adb6951cc822d204e44b0eb459adbfe4753197fd79d1bdb7d0dece715b4ea1e4a808543862540cebf03eff
+  data.tar.gz: 242ae0538a1c634ddfd2ab6ece8ff9b8061813da931f896be0195424b6f88668204433630c51dd4e5d210993821ef4491122293861841a81e99a6e0da9198913

data/CHANGELOG.md

@@ -1,5 +1,9 @@
-## [Unreleased]
+# Above Changelog
 
-## [0.1.0] - 13 August 2024
+## 0.2.0 - 24 August 2024
 
 - Initial release
+
+## 0.1.0 - 13 August 2024
+
+- Placeholder gem & repo

data/README.md

@@ -1,20 +1,31 @@
 # Above
 
-Initial commit only
+An async Gemini Protocol server with support for multi-tenancy. Above supports middleware, with default middleware for blocking, naive in-memory caching, logging, redirects, & a static file server included. Also included are utilities for certificate creation & DNS-based authentication (DANE).
 
-## Installation
+## Status
 
-...
+3 - Alpha in Python terms.
 
-## Usage
+(Those Python statuses are 1 - Planning, 2 - Pre-alpha, 3 - Alpha, 4 - Beta, 5 - Production/Stable, 6 - Mature, 7 - Inactive.)
 
-...
+Currently not handled:
+- user input or client certificates
+- proxy requests to other domains or protocols
+- anything not quite in the standard. Maybe...
 
-## Status
+## Why
 
-... in Python terms.
+I've read that the heyday of the Gemini Protocol's passed. I don't know, even if it has passed it's still an interesting take on fixing some of what ails the web. If only to delve into the depths of TCP & TLS, & to appreciate again the wonders of HTTP.
 
-(Those Python statuses are 1 - Planning, 2 - Pre-alpha, 3 - Alpha, 4 - Beta, 5 - Production/Stable, 6 - Mature, 7 - Inactive.)
+None of the other Gemini servers I looked at offered quite the same mix of features as Above in quite the same way. So here we are.
+
+## Installation
+
+`gem install above`
+
+## Usage
+
+...
 
 ## Development
 

data/lib/above/certs.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module Above
+  # Create and load certificates
+  class Certs
+    def dane(domain_arr:, dir:)
+      file = File.read("#{File.join(dir, domain_arr.first)}.crt")
+      cert = OpenSSL::X509::Certificate.new(file)
+      checksum = OpenSSL::Digest::SHA512.new(cert.to_der)
+      puts "For DANE create:\n\n"
+      domain_arr.each do |domain|
+        puts "DNS record: _1965._tcp.#{domain}\n"
+      end
+      puts <<~HELP
+
+        Each with the text: TLSA 3 1 2 #{checksum}
+
+        312 meaning the certificate's self signed, check the public cert, against this SHA-512 hash
+        See: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
+      HELP
+    end
+
+    # Create key & cert for domain in directory, with a one year duration
+    def create(domain_arr:, dir:, duration: 60 * 60 * 24 * 365)
+      # RSA is new & length, not generate & algo
+      key = OpenSSL::PKey::EC.generate("secp384r1")
+      name = OpenSSL::X509::Name.parse("/CN=#{domain_arr.first}")
+
+      time = Time.now
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 0
+      cert.not_before = time
+      cert.not_after = time + duration
+      # RSA is key.public_key not key - why are they different!?
+      cert.public_key = key
+      cert.subject = name
+
+      extension_factory = OpenSSL::X509::ExtensionFactory.new(nil, cert)
+      cert.add_extension \
+        extension_factory.create_extension("basicConstraints", "CA:FALSE", true)
+      cert.add_extension \
+        extension_factory.create_extension(
+          "keyUsage", "nonRepudiation, digitalSignature, keyEncipherment"
+        )
+      dns_str = ""
+      domain_arr.each do |domain|
+        dns_str += "DNS:#{domain},"
+      end
+      dns_str.chomp!(",")
+      cert.add_extension \
+        extension_factory.create_extension(
+          "subjectAltName", dns_str
+        )
+      cert.add_extension \
+        extension_factory.create_extension(
+          "extendedKeyUsage", "serverAuth, clientAuth"
+        )
+      cert.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+
+      cert.issuer = name
+      cert.sign key, OpenSSL::Digest.new("SHA512")
+
+      File.write(File.join(dir, "#{domain_arr.first}.crt"), cert.to_pem)
+      File.write(File.join(dir, "#{domain_arr.first}.key"), key.to_pem)
+    end
+  end
+end

data/lib/above/cli.rb

@@ -1,22 +1,62 @@
 # frozen_string_literal: true
 
 require "optparse"
+require_relative "certs"
+require_relative "config"
+require_relative "server"
 
 module Above
   # CLI handled by optparse
   class CLI
     def start(*_args)
+      @options = {}
       OptionParser.new do |opts|
         opts.banner = <<~BANNER
           Above
-          Expanded help here
+          A Gemini Protocol server
 
           Commands:
         BANNER
+        certs(opts)
+        dir(opts)
+        server(opts)
         help(opts)
-        options_other(opts)
+
         version(opts)
       end.parse!
+
+      create_cert
+      start_server
+    rescue OptionParser::InvalidOption
+      puts "Invalid option"
+      # Don't have opts here to show help
+    end
+
+    def certs(opts)
+      opts.on("-c", "--cert DOMAINS", "Make a certificate for DOMAINS (comma seperated list)") do |opt|
+        @options[:domain] = opt
+      end
+    end
+
+    def create_cert
+      if @options.key?(:domain)
+        if !@options.key?(:dir)
+          puts "Directory argument missing"
+          exit
+        end
+
+        domain_arr = @options[:domain].split(",")
+        dir = @options[:dir]
+        cert = Above::Certs.new
+        cert.create(domain_arr:, dir:)
+        cert.dane(domain_arr:, dir:)
+      end
+    end
+
+    def dir(opts)
+      opts.on("-d", "--dir DIRECTORY", "Make a certificate in, or look for config in DIRECTORY") do |opt|
+        @options[:dir] = opt
+      end
     end
 
     def help(opts)
@@ -26,10 +66,20 @@ module Above
       end
     end
 
-    def options_other(opts)
-      opts.on("-o", "--other", "Do... other") do |_o|
-        puts "OK"
-        exit
+    def server(opts)
+      opts.on("-s", "--start", "Start the server, if a config directory isn't found one will be created") do |opt|
+        @options[:server] = opt
+      end
+    end
+
+    def start_server
+      return unless @options[:server]
+      dir = @options[:dir]
+      config = Above::Config.new.read_config(dir:)
+      config.each_pair do |server_name, server_hash|
+        puts "Starting #{server_name}"
+        server = Above::Server.new(config: server_hash)
+        server.start
       end
     end
 

data/lib/above/config.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require "fileutils"
+require "yaml"
+
+require_relative "utils"
+
+module Above
+  # Persist & use configuration
+  class Config
+    attr_reader :domains
+
+    def self.config_dir
+      File.join(Utils.home_dir, ".config/above")
+    end
+
+    def self.domains_dir
+      File.join(Config.config_dir, "domains")
+    end
+
+    def self.exemplar
+      {
+        "server" => {
+          "domain" => "localhost",
+          "max_fibers" => 20,
+          "port" => 1965,
+          "tls_cert" => "/home/above/localhost.crt",
+          "tls_key" => "/home/above/localhost.key"
+        },
+        "middleware" => {
+          "Above::MiddleWare::Block" => {
+            "blocklist" => [
+              "192.168.2.0/24"
+            ]
+          },
+          "Above::MiddleWare::Cache" => {
+            "max_size" => 12
+          },
+          "Above::MiddleWare::Log" => {
+            "log_file" => "localhost.log"
+          },
+          "Above::MiddleWare::Redirect" => {
+            "redirect_permanent" => {
+              "/from" => "/to"
+            },
+            "redirect_temporary" => {
+              "/from" => "/to"
+            }
+          },
+          "Above::MiddleWare::Static" => {
+            "docroot" => "/home/above/www",
+            "index" => "index.gmi",
+            "lang" => "en"
+          }
+        }
+      }
+    end
+
+    def initialize
+      init_dir
+    end
+
+    def init_dir
+      if !File.exist?(Config.domains_dir)
+        FileUtils.mkdir_p(Config.domains_dir)
+        File.write(File.join(Config.config_dir, "example.yml"), Config.exemplar.to_yaml)
+        puts "Configuration directory created"
+      end
+      if Dir.empty?(Config.domains_dir)
+        puts "No configuration files found"
+        exit
+      end
+    end
+
+    def read_config(dir: nil)
+      dir ||= Config.domains_dir
+      files = Dir[File.join(dir, "**/*.yml")]
+      domains = {}
+      files.each do |file|
+        hash = YAML.safe_load_file(file, permitted_classes: [Hash])
+        Utils.check_keys(expected_keys: Config.exemplar.keys, file:, hash:)
+        Utils.check_keys(expected_keys: Config.exemplar["server"].keys, file:, hash: hash["server"])
+        # Middleware config to be checked in each piece of middleware
+        domains[hash["server"]["domain"]] = hash
+      end
+      if domains.size == 0
+        puts "No configuration files found"
+        exit
+      end
+      domains
+    end
+  end
+end

data/lib/above/middleware/block.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "ipaddr"
+
+module Above
+  module MiddleWare
+    # Middleware to block requests based on IP addresses, also supports IPv6 & /CIDR notation
+    class Block
+      def initialize(app:)
+        @app = app # who you gonna call
+      end
+
+      def call(env:)
+        # TODO - maybe return - 41? 44? - chosen via config
+        requester = env[:socket].io.remote_address.ip_address
+        blocklist = env[:config]["Above::MiddleWare::Block"]["blocklist"]
+
+        blocklist&.each do |bad_address_range|
+          bad_addr = IPAddr.new(bad_address_range)
+          if bad_addr.include?(requester)
+            # return here, otherwise go on to reply in the usual way
+            return [0, "", []]
+          end
+        end
+
+        @app&.call(env:)
+      rescue IPAddr::InvalidAddressError
+        puts "Error - Invalid address in blocklist"
+        [42, Status::CODE[42], []]
+      end
+    end
+  end
+end
+
+# b = Above::MiddleWare::Block.new(app: nil)
+# b.call(env: nil)

data/lib/above/middleware/cache.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require "time"
+
+module Above
+  module MiddleWare
+    # Middleware for a naive cache that stores the last max_size worth of results in memory
+    class Cache
+      def initialize(app:)
+        @app = app # who you gonna call
+        @cache = {}
+        @max_size = nil
+      end
+
+      def call(env:)
+        # env is {socket:, request:, config:, valid:}
+
+        # can't cache an invalid url
+        return @app&.call(env:) unless env[:valid]
+
+        if @max_size.nil?
+          config = env[:config]["Above::MiddleWare::Cache"]
+          @max_size = config["max_size"]
+        end
+
+        request = env[:request].to_s.chomp("/")
+        if @cache.key?(request)
+          # use the cached result if we have it
+          @cache[request][:result]
+        else
+          # otherwise go on to find & cache the result
+          result = @app.call(env:) unless @app.nil?
+
+          # only keep the most recent @max_size worth of results
+          if @cache.size >= @max_size
+            oldest = @cache.min_by { |key, val| val[:time] }[0]
+            @cache.delete(oldest)
+          end
+          @cache[request] = {
+            result: result,
+            time: Time.now
+          }
+
+          result
+        end
+      end
+    end
+  end
+end

data/lib/above/middleware/log.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require_relative "../status"
+
+module Above
+  module MiddleWare
+    # Middleware to log replies
+    # Apache common log format https://httpd.apache.org/docs/2.4/logs.html#common
+    # via Puma https://github.com/puma/puma/blob/master/lib/puma/commonlogger.rb
+    #
+    # ip - - [time] "request" status size
+    # eg
+    # ::1 - - [24/Aug/2024:11:20:46 +1000] "gemini://localhost/" 20 143
+    class Log
+      FORMAT = %(%s - - [%s] "%s" %d %d\n)
+      LOG_TIME_FORMAT = "%d/%b/%Y:%H:%M:%S %z"
+
+      def initialize(app:)
+        @app = app # who you gonna call
+        @logger = nil
+      end
+
+      def call(env:)
+        if @logger.nil?
+          config = env[:config]["Above::MiddleWare::Log"]
+          # 3 one meg ("mebibyte") files rotated - TODO: chosen via config
+          @logger = Logger.new(File.expand_path(config["log_file"]), 3, 1048576)
+        end
+
+        status, header, body_arr = @app.call(env:) unless @app.nil?
+
+        # TODO: streaming, multipart
+
+        body = if body_arr.nil? || !body_arr.is_a?(Array) || body_arr.first.nil?
+          ""
+        else
+          body_arr.first
+        end
+        log(ip: env[:socket].io.remote_address.ip_address,
+          request: env[:request],
+          status:,
+          size: body.size) # body size, not response size
+
+        [status, header, [body]]
+      rescue
+        # catch-all for "CGI" errors in the middleware
+        [42, Status::CODE[42], []]
+      end
+
+      def log(ip:, request:, status:, size:)
+        began_at = Time.now
+
+        msg = FORMAT % [ip,
+          began_at.strftime(LOG_TIME_FORMAT),
+          request.to_s,
+          status,
+          size]
+
+        write(msg)
+      end
+
+      def write(msg)
+        # Standard library logger doesn't support write but it supports << which actually
+        # calls to write on the log device without formatting
+        if @logger.respond_to?(:write)
+          @logger.write(msg)
+        else
+          @logger << msg
+        end
+      end
+    end
+  end
+end

data/lib/above/middleware/redirect.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Above
+  module MiddleWare
+    # Middleware for redirects
+    class Redirect
+      def initialize(app:)
+        @app = app # who you gonna call
+      end
+
+      def call(env:)
+        # env is {socket:, request:, config:, valid:}
+        # redirects from local paths to local or remote ones
+        # config format is eg:
+        # "Above::MiddleWare::Redirect":
+        #   redirect_permanent:
+        #     "/bad.txt": "/good.txt"
+        #     "/sad": "gemini://other.site/" etc
+
+        # Can't redirect from an invalid url
+        return @app&.call(env:) unless env[:valid]
+
+        request = env[:request].path
+        config = env[:config]["Above::MiddleWare::Redirect"]
+        permanent_redirects = config["redirect_permanent"]
+        temporary_redirects = config["redirect_temporary"]
+
+        if permanent_redirects.key?(request)
+          return [30, permanent_redirects[request], []]
+        elsif temporary_redirects.key?(request)
+          return [30, temporary_redirects[request], []]
+        end
+
+        # Otherise pass it on
+        status, header, body_arr = @app.call(env:)
+        [status, header, body_arr]
+      end
+    end
+  end
+end

data/lib/above/middleware/static.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module Above
+  module MiddleWare
+    # Middleware to serve static files
+    class Static
+      def initialize(app:)
+        @app = app # who you gonna call
+      end
+
+      def call(env:)
+        # env is {socket:, request:, config:, server:, valid:}
+
+        status, header, body_arr = @app.call(env:) unless @app.nil? # usually nothing to call from here
+
+        # If redirect or cache fired we wouldn't get to here in the default arrangemnet. Usually wouldn't have any
+        # other middleware to call after this one. If indeed we don't, or if that didn't create a response, try to get the file requested
+        if status.nil?
+          response(env:)
+        else
+          [status, header, body_arr]
+        end
+      end
+
+      def format_response(maybe_incomplete_triplet:, env:)
+        lang = env[:config]["Above::MiddleWare::Static"]["lang"]
+        status, header, content_arr = maybe_incomplete_triplet
+        if status < 20 || status > 59
+          # TODO: input requests (from some other middleware?) not currently handled
+          [42, Status::CODE[42], []]
+        elsif status > 39
+          # Ensure errors have some header text
+          header = Status::CODE[status] if header.nil?
+          [status, header, content_arr]
+        elsif header.start_with?("text/")
+          # TODO: multipart, streaming etc
+          # header here is the mime_type, from #read_file
+          content = content_arr.first.encode(Encoding.find("UTF-8"), invalid: :replace, undef: :replace, replace: "")
+          [status, "#{header}; charset=utf-8; lang=#{lang}; size=#{content.length}", [content]]
+        else
+          [status, "#{header}; size=#{content_arr.first.length}", content_arr]
+        end
+      end
+
+      def read_file(request:, env:, again: false)
+        config = env[:config]["Above::MiddleWare::Static"]
+        path = File.join(File.expand_path(config["docroot"]), request.path)
+        mime_type = Mime.type(path:) # TODO - maybe replace marcel, this reads files twice...
+        content = File.read(path)
+        # Maybe TODO: multi part, streaming etc
+        # nb header is incomplete at this point
+        [20, mime_type, [content]]
+      rescue Errno::EISDIR
+        if !again
+          try_index(request:, env:, index: config["index"])
+        else
+          [51, Status::CODE[51], []]
+        end
+      rescue Errno::ENOENT
+        [51, Status::CODE[51], []]
+      end
+
+      def response(env:)
+        host = env[:server]["domain"]
+        request = env[:request]
+        response = if !env[:valid]
+          # Bad request caught earlier
+          [59, Status::CODE[59], []]
+        elsif request.to_s.length > 1024
+          # Request longer than maximum length
+          [59, Status::CODE[59], []]
+        elsif request.scheme != "gemini" || request.host != host
+          # Currently - refuse proxy requests for different protocols or servers, maybe TODO
+          [53, Status::CODE[53], []]
+        else
+          maybe_incomplete_triplet = read_file(request:, env:)
+          format_response(maybe_incomplete_triplet:, env:)
+        end
+      rescue NoMethodError
+        # eg trying to encode nil content
+        response = [40, Status::CODE[40], []]
+      rescue
+        # Bad uri, no scheme etc that got this far
+        response = [59, Status::CODE[59], []]
+      ensure
+        response
+      end
+
+      def try_index(request:, env:, index:)
+        new_request = request.dup
+        new_request.path = File.join(request.path, index)
+        read_file(request: new_request, env:, again: true)
+      end
+    end
+  end
+end

data/lib/above/mime.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "marcel"
+require "pathname"
+
+module Above
+  # Mime types
+  module Mime
+    # Mime type based on extension for Gemtext files &
+    # Marcel for everything else
+    # throws Errno::ENOENT on missing non gemtext files
+    # Marcel::MimeType.extend "text/gemini", extensions: %w[.gmi .gemini] doesn't seem to work?
+    def type(path:)
+      if %w[.gmi .gemini].include? File.extname(path)
+        "text/gemini"
+      else
+        name = File.basename(path)
+        Marcel::MimeType.for(Pathname.new(path), name: name)
+      end
+    end
+
+    module_function :type
+  end
+end

data/lib/above/server.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+require "async"
+require "async/barrier"
+require "async/semaphore"
+require "logger"
+require "openssl"
+require "uri"
+
+require_relative "config"
+require_relative "middleware/block"
+require_relative "middleware/cache"
+require_relative "middleware/log"
+require_relative "middleware/redirect"
+require_relative "middleware/static"
+require_relative "mime"
+require_relative "status"
+
+module Above
+  # Answer TCP requests
+  class Server
+    def initialize(config:, middleware: [MiddleWare::Log,
+      MiddleWare::Block,
+      MiddleWare::Cache,
+      MiddleWare::Redirect,
+      MiddleWare::Static])
+      @config = config
+      @server_config = config["server"]
+      middleware_init(middleware:)
+    end
+
+    def listener(tls:, limit:)
+      limit.async do
+        socket = tls.accept
+        # env is {socket:, request:, config:, valid:}
+        env = request(socket:)
+        response = middleware(env:)
+        reply(env:, response:)
+      rescue => error
+        puts error.message
+        # may be unable to reply if error is with socket
+        # TODO: logging at a level above the logging middleware
+      ensure
+        socket&.close
+      end
+    end
+
+    # Instantiate each middleware class with an app vairable pointing to the
+    # next piece of middleware to call
+    def middleware_init(middleware:)
+      @middleware = []
+      previous = nil
+      middleware.reverse_each do |mid|
+        instance = mid.new(app: previous)
+        previous = instance
+        @middleware.push(instance)
+      end
+      @middleware.reverse!
+    end
+
+    def middleware(env:)
+      # Each piece of middleware will call the next, the result here is
+      # [status, header, [body]], just like in rack
+      @middleware.first.call(env:)
+    rescue
+      # TODO - log this
+      [42, Status::CODE[42], []]
+    end
+
+    def on_quit(barrier:)
+      %w[INT TERM].each do |signal|
+        Signal.trap(signal) do
+          barrier.stop
+          puts "\nShutting down"
+          exit
+        end
+      end
+    end
+
+    def reply(env:, response:)
+      # TODO: uncertain if there's meant to be a space before the \r\n
+      # mentioned in https://geminiprotocol.net/news/2024_07_30.gmi
+      # Maybe TODO: streaming, multipart replies etc
+      status, header, body_arr = response
+      if status === 0
+        # blocked
+        env[:socket]&.close
+        return
+      elsif status.nil?
+        status = 40
+        header = Status::CODE[40]
+      end
+      body = if body_arr.nil? || !body_arr.is_a?(Array) || body_arr.first.nil?
+        ""
+      else
+        body_arr.first
+      end
+      env[:socket].puts "#{status} #{header}\r\n#{body}"
+    rescue
+      env[:socket].puts "40 #{Status::CODE[40]}\r\n"
+    end
+
+    # creates env hash, {socket:, request:, config:, server:, valid:}
+    def request(socket:)
+      config = @config["middleware"]
+      str = socket.gets.chomp
+      request = URI(str)
+      {socket:, request:, config:, server: @server_config, valid: true}
+    rescue URI::InvalidURIError
+      {socket:, request: str[0...1023], config:, server: @server_config, valid: false}
+    end
+
+    def serve(tls:)
+      barrier = Async::Barrier.new
+      Sync do
+        on_quit(barrier:)
+        limit = Async::Semaphore.new(@server_config["max_fibers"], parent: barrier)
+        loop do
+          listener(tls:, limit:)
+        end
+      ensure
+        barrier.stop
+      end
+    end
+
+    def start
+      serve(tls: tls_server)
+    end
+
+    def tls_server
+      tcp_server = TCPServer.new(@server_config["domain"], @server_config["port"])
+      ssl_ctx = OpenSSL::SSL::SSLContext.new.tap do |ctx|
+        ctx.key = OpenSSL::PKey::EC.new(
+          File.read(
+            File.expand_path(
+              @server_config["tls_key"]
+            )
+          )
+        )
+        ctx.cert = OpenSSL::X509::Certificate.new(
+          File.read(
+            File.expand_path(
+              @server_config["tls_cert"]
+            )
+          )
+        )
+      end
+      OpenSSL::SSL::SSLServer.new(tcp_server, ssl_ctx)
+    rescue => error
+      puts "Certificate/Key loading errors - #{error.message}"
+      exit
+    end
+  end
+end

data/lib/above/status.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Above
+  # Gemini status codes, includes non standard codes 0-9, otherwise
+  # from https://geminiprotocol.net/docs/protocol-specification.gmi
+  module Status
+    CODE = {
+      # 0-9 Non standard codes
+      0 => "Address blocked",
+
+      # 10-19 Input expected
+      10 => "User input requested",
+      11 => "Sensitive user input requested",
+
+      # 20-29 Success
+      20 => "Success",
+
+      # 30-39 Redirection
+      30 => "Temporary redirection",
+      31 => "Permanent redirection",
+
+      # 40+ descriptions are included in the header
+      # 40-49 Temporary failure
+      40 => "Temporary failure",
+      41 => "Server unavailable",
+      42 => "CGI error",
+      43 => "Proxy error from/with the proxied server",
+      44 => "Slow down",
+
+      # 50-59 Permanent failure
+      50 => "General permanent failure",
+      51 => "Not found",
+      52 => "Gone permanently",
+      53 => "Proxy request refused by this server",
+      59 => "Bad request",
+
+      # 60-69 Client certificates
+      60 => "Content requires a client certificate",
+      61 => "Certificate not authorized",
+      62 => "Certificate not valid (unrelated to request)"
+    }
+  end
+end

data/lib/above/utils.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Above
+  # Utility functions
+  module Utils
+    def check_keys(expected_keys:, file:, hash:)
+      if !expected_keys.all? { |key| hash.key? key }
+        puts "Missing keys - #{file}"
+        (expected_keys - hash.keys).each { |key| puts key }
+        exit
+      end
+    end
+
+    def home_dir
+      path = if RUBY_PLATFORM.match?(/cygwin | mswin | mingw | bccwin | wince | emx /)
+        "%userprofile%"
+      else
+        "~"
+      end
+      File.expand_path(path)
+    end
+
+    module_function :check_keys, :home_dir
+  end
+end

data/lib/above/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Above
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/above.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require_relative "above/config"
+require_relative "above/certs"
+require_relative "above/server"
 require_relative "above/version"
 
 # Above's top level module

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: above
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Mike Kreuzer
@@ -35,11 +35,54 @@ cert_chain:
   YgqTixCwts6cQYIdYNFtJbzKvRNqyviKKxPaum7UWAv6Uy80gxgJ8p+fG81FsxbZ
   0ULnXrHlhf/CHs550TxRlXalgxBCImGdHzWjhdJeC1dZP3olgNtjO23ywtw=
   -----END CERTIFICATE-----
-date: 2024-08-13 00:00:00.000000000 Z
-dependencies: []
-description: 'A Gemini Protocol Server - initial commit only
+date: 2024-08-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: async
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.15'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.15'
+- !ruby/object:Gem::Dependency
+  name: marcel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description: |
+  An async Gemini Protocol server with support for multi-tenancy.
 
-  '
+  Above supports middleware, with default middleware for blocking, naive in-memory caching, logging, redirects, & a static file server included. Also included are utilities for certificate creation & DNS-based authentication (DANE).
 email:
 - mike@mikekreuzer.com
 executables:
@@ -54,7 +97,18 @@ files:
 - bin/console
 - bin/setup
 - lib/above.rb
+- lib/above/certs.rb
 - lib/above/cli.rb
+- lib/above/config.rb
+- lib/above/middleware/block.rb
+- lib/above/middleware/cache.rb
+- lib/above/middleware/log.rb
+- lib/above/middleware/redirect.rb
+- lib/above/middleware/static.rb
+- lib/above/mime.rb
+- lib/above/server.rb
+- lib/above/status.rb
+- lib/above/utils.rb
 - lib/above/version.rb
 homepage: https://codeberg.org/kreuzer/kreuzer/above
 licenses:
@@ -82,5 +136,5 @@ requirements: []
 rubygems_version: 3.5.17
 signing_key:
 specification_version: 4
-summary: A Gemini Protocol Server - initial commit only
+summary: A Gemini Protocol server
 test_files: []

metadata.gz.sig

@@ -1,4 +1,2 @@
-!i��2=��q<����0��q�+d�?�gF��mf��w��
-��3VB����x�<�,��ݼ�ΩT�bPˊ1�=�x!��Je�I[Ơ�4u,>���G'�毞=��'S>t��!�B�Z�D��0oU8�W/���
Z ��X�T�C���>��}Gӧb_a3�=�������z���w\
-��hL�T��r?)���g��츗�}N�W�ԙl:��D2��%t�6̯LRo�^�!��w)�U
-b���4xV����G϶g��yIeSw\���q�>���� �
+e�we�'歂].8���5�t�1-�9�E�au�7Ʌ䆮f�lf�h��#��V��G���O�����<a���ۄI'߯I�q�vh�Hs;�+��u����p;�H�\1v`�S���@��$�tvn+jw��I��S�����ciEh�W���'�8;x�AD��/��fY=�������.�8 �m�j����)s��.��+�P-ҍ'g`7L��9.�e��P��}�+���9�d�O�5�6ޯ��������UG�'!)�F\q��h��Q���4
+@^