tildepages/cmd/main.go

package cmd

import (
	"bytes"
	"context"
	"crypto/tls"
	"errors"
	"fmt"
	"net"
	"strings"
	"time"

	"github.com/rs/zerolog"
	"github.com/rs/zerolog/log"
	"github.com/urfave/cli/v2"

	"codeberg.org/codeberg/pages/server"
	"codeberg.org/codeberg/pages/server/cache"
	"codeberg.org/codeberg/pages/server/certificates"
	"codeberg.org/codeberg/pages/server/database"
)

// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
// TODO: make it a flag
var AllowedCorsDomains = [][]byte{
	[]byte("tilde.team"),
}

// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.
// TODO: Make it a flag too
var BlacklistedPaths = [][]byte{
	[]byte("/.well-known/acme-challenge/"),
}

// Serve sets up and starts the web server.
func Serve(ctx *cli.Context) error {
	verbose := ctx.Bool("verbose")
	if !verbose {
		zerolog.SetGlobalLevel(zerolog.InfoLevel)
	}

	giteaRoot := strings.TrimSuffix(ctx.String("gitea-root"), "/")
	giteaAPIToken := ctx.String("gitea-api-token")
	rawDomain := ctx.String("raw-domain")
	mainDomainSuffix := []byte(ctx.String("pages-domain"))
	rawInfoPage := ctx.String("raw-info-page")
	listeningAddress := fmt.Sprintf("%s:%s", ctx.String("host"), ctx.String("port"))
	enableHTTPServer := ctx.Bool("enable-http-server")

	acmeAPI := ctx.String("acme-api-endpoint")
	acmeMail := ctx.String("acme-email")
	acmeUseRateLimits := ctx.Bool("acme-use-rate-limits")
	acmeAcceptTerms := ctx.Bool("acme-accept-terms")
	acmeEabKID := ctx.String("acme-eab-kid")
	acmeEabHmac := ctx.String("acme-eab-hmac")
	dnsProvider := ctx.String("dns-provider")
	if (!acmeAcceptTerms || dnsProvider == "") && acmeAPI != "https://acme.mock.directory" {
		return errors.New("you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory")
	}

	allowedCorsDomains := AllowedCorsDomains
	if len(rawDomain) != 0 {
		allowedCorsDomains = append(allowedCorsDomains, []byte(rawDomain))
	}

	// Make sure MainDomain has a trailing dot, and GiteaRoot has no trailing slash
	if !bytes.HasPrefix(mainDomainSuffix, []byte{'.'}) {
		mainDomainSuffix = append([]byte{'.'}, mainDomainSuffix...)
	}

	keyCache := cache.NewKeyValueCache()
	challengeCache := cache.NewKeyValueCache()
	// canonicalDomainCache stores canonical domains
	canonicalDomainCache := cache.NewKeyValueCache()
	// dnsLookupCache stores DNS lookups for custom domains
	dnsLookupCache := cache.NewKeyValueCache()
	// branchTimestampCache stores branch timestamps for faster cache checking
	branchTimestampCache := cache.NewKeyValueCache()
	// fileResponseCache stores responses from the Gitea server
	// TODO: make this an MRU cache with a size limit
	fileResponseCache := cache.NewKeyValueCache()

	// Create handler based on settings
	handler := server.Handler(mainDomainSuffix, []byte(rawDomain),
		giteaRoot, rawInfoPage, giteaAPIToken,
		BlacklistedPaths, allowedCorsDomains,
		dnsLookupCache, canonicalDomainCache, branchTimestampCache, fileResponseCache)

	fastServer := server.SetupServer(handler)
	httpServer := server.SetupHTTPACMEChallengeServer(challengeCache)

	// Setup listener and TLS
	log.Info().Msgf("Listening on https://%s", listeningAddress)
	listener, err := net.Listen("tcp", listeningAddress)
	if err != nil {
		return fmt.Errorf("couldn't create listener: %s", err)
	}

	// TODO: make "key-database.pogreb" set via flag
	certDB, err := database.New("key-database.pogreb")
	if err != nil {
		return fmt.Errorf("could not create database: %v", err)
	}
	defer certDB.Close() //nolint:errcheck    // database has no close ... sync behave like it

	listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,
		giteaRoot, giteaAPIToken, dnsProvider,
		acmeUseRateLimits,
		keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
		certDB))

	acmeConfig, err := certificates.SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeAcceptTerms)
	if err != nil {
		return err
	}

	if err := certificates.SetupCertificates(mainDomainSuffix, dnsProvider, acmeConfig, acmeUseRateLimits, enableHTTPServer, challengeCache, certDB); err != nil {
		return err
	}

	interval := 12 * time.Hour
	certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background())
	defer cancelCertMaintain()
	go certificates.MaintainCertDB(certMaintainCtx, interval, mainDomainSuffix, dnsProvider, acmeUseRateLimits, certDB)

	if enableHTTPServer {
		go func() {
			err := httpServer.ListenAndServe("[::]:80")
			if err != nil {
				log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
			}
		}()
	}

	// Start the web fastServer
	err = fastServer.Serve(listener)
	if err != nil {
		log.Panic().Err(err).Msg("Couldn't start fastServer")
	}

	return nil
}
start using urfave/cli 2021-12-03 01:12:51 +00:00			`package cmd`

			`import (`
			`"bytes"`
make MaintainCertDB able to cancel 2021-12-05 17:26:54 +00:00			`"context"`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`"crypto/tls"`
remove os.Getenv() usage 2021-12-03 02:34:50 +00:00			`"errors"`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`"fmt"`
			`"net"`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`"strings"`
make MaintainCertDB able to cancel 2021-12-05 17:26:54 +00:00			`"time"`
start using urfave/cli 2021-12-03 01:12:51 +00:00
Add --verbose flag and hide debug messages by default 2021-12-10 13:32:14 +00:00			`"github.com/rs/zerolog"`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`"github.com/rs/zerolog/log"`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`"github.com/urfave/cli/v2"`

			`"codeberg.org/codeberg/pages/server"`
open key-database deterministic 2021-12-03 03:15:48 +00:00			`"codeberg.org/codeberg/pages/server/cache"`
split cert func to related packages 2021-12-05 14:21:05 +00:00			`"codeberg.org/codeberg/pages/server/certificates"`
open key-database deterministic 2021-12-03 03:15:48 +00:00			`"codeberg.org/codeberg/pages/server/database"`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`)`

			`// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`// TODO: make it a flag`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`var AllowedCorsDomains = [][]byte{`
tilde stuff 2022-05-20 16:31:02 +00:00			`[]byte("tilde.team"),`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`}`

			`// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.`
add todo 2021-12-04 20:59:04 +00:00			`// TODO: Make it a flag too`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`var BlacklistedPaths = [][]byte{`
			`[]byte("/.well-known/acme-challenge/"),`
			`}`

			`// Serve sets up and starts the web server.`
			`func Serve(ctx *cli.Context) error {`
Add --verbose flag and hide debug messages by default 2021-12-10 13:32:14 +00:00			`verbose := ctx.Bool("verbose")`
			`if !verbose {`
			`zerolog.SetGlobalLevel(zerolog.InfoLevel)`
			`}`

remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`giteaRoot := strings.TrimSuffix(ctx.String("gitea-root"), "/")`
			`giteaAPIToken := ctx.String("gitea-api-token")`
			`rawDomain := ctx.String("raw-domain")`
main-domain-suffix -> pages-domain 2021-12-04 20:17:52 +00:00			`mainDomainSuffix := []byte(ctx.String("pages-domain"))`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`rawInfoPage := ctx.String("raw-info-page")`
			`listeningAddress := fmt.Sprintf("%s:%s", ctx.String("host"), ctx.String("port"))`
remove os.Getenv() usage 2021-12-03 02:34:50 +00:00			`enableHTTPServer := ctx.Bool("enable-http-server")`

acme-api -> acme-api-endpoint 2021-12-04 20:21:27 +00:00			`acmeAPI := ctx.String("acme-api-endpoint")`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`acmeMail := ctx.String("acme-email")`
remove os.Getenv() usage 2021-12-03 02:34:50 +00:00			`acmeUseRateLimits := ctx.Bool("acme-use-rate-limits")`
			`acmeAcceptTerms := ctx.Bool("acme-accept-terms")`
			`acmeEabKID := ctx.String("acme-eab-kid")`
			`acmeEabHmac := ctx.String("acme-eab-hmac")`
			`dnsProvider := ctx.String("dns-provider")`
fix argument check and some nits 2021-12-05 22:56:06 +00:00			`if (!acmeAcceptTerms \|\| dnsProvider == "") && acmeAPI != "https://acme.mock.directory" {`
remove os.Getenv() usage 2021-12-03 02:34:50 +00:00			`return errors.New("you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory")`
			`}`

remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`allowedCorsDomains := AllowedCorsDomains`
			`if len(rawDomain) != 0 {`
			`allowedCorsDomains = append(allowedCorsDomains, []byte(rawDomain))`
			`}`

start using urfave/cli 2021-12-03 01:12:51 +00:00			`// Make sure MainDomain has a trailing dot, and GiteaRoot has no trailing slash`
			`if !bytes.HasPrefix(mainDomainSuffix, []byte{'.'}) {`
			`mainDomainSuffix = append([]byte{'.'}, mainDomainSuffix...)`
			`}`

inject all cache 2021-12-05 14:02:44 +00:00			`keyCache := cache.NewKeyValueCache()`
			`challengeCache := cache.NewKeyValueCache()`
			`// canonicalDomainCache stores canonical domains`
Add pipeline (#65) close #54 Co-authored-by: 6543 <6543@obermui.de> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/65 Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org> 2022-03-27 19:54:06 +00:00			`canonicalDomainCache := cache.NewKeyValueCache()`
inject all cache 2021-12-05 14:02:44 +00:00			`// dnsLookupCache stores DNS lookups for custom domains`
Add pipeline (#65) close #54 Co-authored-by: 6543 <6543@obermui.de> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/65 Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org> 2022-03-27 19:54:06 +00:00			`dnsLookupCache := cache.NewKeyValueCache()`
rm 2rm 2021-12-05 14:53:46 +00:00			`// branchTimestampCache stores branch timestamps for faster cache checking`
Add pipeline (#65) close #54 Co-authored-by: 6543 <6543@obermui.de> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/65 Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org> 2022-03-27 19:54:06 +00:00			`branchTimestampCache := cache.NewKeyValueCache()`
rm 2rm 2021-12-05 14:53:46 +00:00			`// fileResponseCache stores responses from the Gitea server`
			`// TODO: make this an MRU cache with a size limit`
Add pipeline (#65) close #54 Co-authored-by: 6543 <6543@obermui.de> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/65 Reviewed-by: Andreas Shimokawa <ashimokawa@noreply.codeberg.org> 2022-03-27 19:54:06 +00:00			`fileResponseCache := cache.NewKeyValueCache()`
inject all cache 2021-12-05 14:02:44 +00:00
start using urfave/cli 2021-12-03 01:12:51 +00:00			`// Create handler based on settings`
inject all cache 2021-12-05 14:02:44 +00:00			`handler := server.Handler(mainDomainSuffix, []byte(rawDomain),`
			`giteaRoot, rawInfoPage, giteaAPIToken,`
			`BlacklistedPaths, allowedCorsDomains,`
rm 2rm 2021-12-05 14:53:46 +00:00			`dnsLookupCache, canonicalDomainCache, branchTimestampCache, fileResponseCache)`
start using urfave/cli 2021-12-03 01:12:51 +00:00
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00			`fastServer := server.SetupServer(handler)`
some renames 2021-12-05 16:57:54 +00:00			`httpServer := server.SetupHTTPACMEChallengeServer(challengeCache)`
start using urfave/cli 2021-12-03 01:12:51 +00:00
			`// Setup listener and TLS`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`log.Info().Msgf("Listening on https://%s", listeningAddress)`
			`listener, err := net.Listen("tcp", listeningAddress)`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`if err != nil {`
remove EnvOr use flags 2021-12-03 02:05:38 +00:00			`return fmt.Errorf("couldn't create listener: %s", err)`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`}`

open key-database deterministic 2021-12-03 03:15:48 +00:00			`// TODO: make "key-database.pogreb" set via flag`
meaningfull var names 2021-12-05 18:02:26 +00:00			`certDB, err := database.New("key-database.pogreb")`
open key-database deterministic 2021-12-03 03:15:48 +00:00			`if err != nil {`
			`return fmt.Errorf("could not create database: %v", err)`
			`}`
meaningfull var names 2021-12-05 18:02:26 +00:00			`defer certDB.Close() //nolint:errcheck // database has no close ... sync behave like it`
open key-database deterministic 2021-12-03 03:15:48 +00:00
split cert func to related packages 2021-12-05 14:21:05 +00:00			`listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,`
inject all cache 2021-12-05 14:02:44 +00:00			`giteaRoot, giteaAPIToken, dnsProvider,`
			`acmeUseRateLimits,`
			`keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,`
meaningfull var names 2021-12-05 18:02:26 +00:00			`certDB))`
open key-database deterministic 2021-12-03 03:15:48 +00:00
mv acme config setup into own func 2021-12-05 15:33:56 +00:00			`acmeConfig, err := certificates.SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeAcceptTerms)`
			`if err != nil {`
			`return err`
			`}`

fix argument check and some nits 2021-12-05 22:56:06 +00:00			`if err := certificates.SetupCertificates(mainDomainSuffix, dnsProvider, acmeConfig, acmeUseRateLimits, enableHTTPServer, challengeCache, certDB); err != nil {`
			`return err`
			`}`
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00
make MaintainCertDB able to cancel 2021-12-05 17:26:54 +00:00			`interval := 12 * time.Hour`
			`certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background())`
			`defer cancelCertMaintain()`
meaningfull var names 2021-12-05 18:02:26 +00:00			`go certificates.MaintainCertDB(certMaintainCtx, interval, mainDomainSuffix, dnsProvider, acmeUseRateLimits, certDB)`
make certdb maintain go routine a own func 2021-12-05 16:44:10 +00:00
remove os.Getenv() usage 2021-12-03 02:34:50 +00:00			`if enableHTTPServer {`
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00			`go func() {`
			`err := httpServer.ListenAndServe("[::]:80")`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`if err != nil {`
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00			`log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`}`
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00			`}()`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`}`

			`// Start the web fastServer`
			`err = fastServer.Serve(listener)`
			`if err != nil {`
move "http acme server setup" into own func 2021-12-05 14:45:22 +00:00			`log.Panic().Err(err).Msg("Couldn't start fastServer")`
start using urfave/cli 2021-12-03 01:12:51 +00:00			`}`

			`return nil`
			`}`