From 1d59053436c8fac244081fa38f327d807a3fb3f4 Mon Sep 17 00:00:00 2001
From: Michael Lazar <mlazar@doctorondemand.com>
Date: Sun, 12 Jan 2020 17:51:52 -0500
Subject: [PATCH] Return 53 proxy request refused if the scheme/hostname doesnt
 match

---
 jetforce.py | 49 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/jetforce.py b/jetforce.py
index 0e4371e..eeed660 100755
--- a/jetforce.py
+++ b/jetforce.py
@@ -161,18 +161,18 @@ class JetforceApplication:
 
         for route_pattern, callback in self.routes[::-1]:
             if route_pattern.match(request):
-                response = callback(request)
-                send_status(response.status, response.meta)
-                if response.body:
-                    if isinstance(response.body, bytes):
-                        yield response.body
-                    elif isinstance(response.body, str):
-                        yield response.body.encode()
-                    else:
-                        yield from response.body
                 break
         else:
-            send_status(Status.PERMANENT_FAILURE, "Not Found")
+            callback = self.default_callback
+
+        response = callback(request)
+        send_status(response.status, response.meta)
+        if isinstance(response.body, bytes):
+            yield response.body
+        elif isinstance(response.body, str):
+            yield response.body.encode()
+        elif response.body:
+            yield from response.body
 
     def route(
         self,
@@ -200,6 +200,12 @@ class JetforceApplication:
 
         return wrap
 
+    def default_callback(self, request: Request) -> Response:
+        """
+        Set the error response based on the URL type.
+        """
+        return Response(Status.PERMANENT_FAILURE, "Not Found")
+
 
 class StaticDirectoryApplication(JetforceApplication):
     """
@@ -339,6 +345,29 @@ class StaticDirectoryApplication(JetforceApplication):
         else:
             return mime or "text/plain"
 
+    def default_callback(self, request: Request) -> Response:
+        """
+        Since the StaticDirectoryApplication only serves gemini URLs, return
+        a proxy request refused for suspicious URLs.
+        """
+        if request.scheme != "gemini":
+            return Response(
+                Status.PROXY_REQUEST_REFUSED,
+                "This server does not allow proxy requests",
+            )
+        elif request.hostname != request.environ["HOSTNAME"]:
+            return Response(
+                Status.PROXY_REQUEST_REFUSED,
+                "This server does not allow proxy requests",
+            )
+        elif request.port and request.port != request.environ["SERVER_PORT"]:
+            return Response(
+                Status.PROXY_REQUEST_REFUSED,
+                "This server does not allow proxy requests",
+            )
+        else:
+            return Response(Status.NOT_FOUND, "Not Found")
+
 
 class GeminiRequestHandler:
     """