middleware to turn away non-gemini requests. fixes #3.

1 files changed, 25 insertions, 9 deletions

diff --git a/gemini/serve.go b/gemini/serve.go
index 55998d6..60e0242 100644
--- a/gemini/serve.go
+++ b/gemini/serve.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"strconv"
@@ -86,15 +87,13 @@ func (s *server) handleConn(conn net.Conn) {
 			}
 		}
 
-		/*
-			defer func() {
-				if r := recover(); r != nil {
-					err := fmt.Errorf("%s", r)
-					_ = s.LogError("msg", "panic in handler", "err", err)
-					_, _ = io.Copy(conn, NewResponseReader(Failure(err)))
-				}
-			}()
-		*/
+		defer func() {
+			if r := recover(); r != nil {
+				err := fmt.Errorf("%s", r)
+				_ = s.LogError("msg", "panic in handler", "err", err)
+				_, _ = io.Copy(conn, NewResponseReader(Failure(err)))
+			}
+		}()
 		response = s.handler(ctx, request)
 		if response == nil {
 			response = NotFound("Resource does not exist.")
@@ -120,3 +119,20 @@ func sizeParam(path string) (int, error) {
 
 	return 0, errors.New("no size param found")
 }
+
+// GeminiOnly filters requests down to just those on the gemini:// protocol.
+//
+// Optionally, it will also allow through titan:// requests.
+//
+// Filtered requests will be turned away with a 53 response "proxy request refused".
+func GeminiOnly(allowTitan bool) gus.Middleware {
+	return func(inner gus.Handler) gus.Handler {
+		return func(ctx context.Context, request *gus.Request) *gus.Response {
+			if request.Scheme == "gemini" || (allowTitan && request.Scheme == "titan") {
+				return inner(ctx, request)
+			}
+
+			return RefuseProxy("Non-gemini protocol requests are not supported.")
+		}
+	}
+}