Dev log: yet another gemini server

One of the goals of the Gemini protocol is that it’s simple enough for anyone to implement a spec-compliant server or client reasonably easily, provided you are able to rely on some existing TLS library. This has now nerd-sniped me twice over—I’ve already published a Gemini client on the Mac app store (though it is in need of some updates). Now I’m working on a server library/binary in Rust, which I intend to share under the GPL once I’m satisfied with it.

There are already perfectly good Gemini servers out there. Ostensibly this one is going to help me test the new version of my existing client. If I’m honest about it, the allure of a programming problem that I can finish without too many weird complexities arising is too strong so I’m writing a server too.

So now I have this nice short specification that I’m implementing. Given that it’s so small and understandable, I should try to do things properly right? I may want to avoid “weird complexities”, but a server like this one still means I need to handle things like MIME types and URLs. Doing this properly is kind of involved. Even in early development, this has pushed my knowledge of the Rust ecosystem in new directions.

  • tokio-rustls has now been incorporated into the tokio project
  • If you want to guess a MIME type from a file extension, there’s a crate called mime_guess for that.
  • The crate rcgen has a nice function for generating a “snake oil” certificate and key in pure Rust.
  • When parsing a URL from a string, the url crate automatically handles path components like .. and will prevent traversal beyond the root. This vastly simplifies my security task, as I am not 100% convinced that I would catch all the cases if I had to sanitise URLs all on my own.

Presently my work-in-progress server is serving static files from disk. It is doing so with ruthless efficiency thanks to all Rust and tokio’s async TCP nonsense which is hopped up on threads and caffeine. One of its power moves will be auto-generating a TOFU TLS certificate and key if you’re running it for the first time. It needs a bit more configurability—document roots, virtual hosts and logging. After that I’ll probably be comfortable releasing it. CGI can come later.