gotosocial/internal/router/router.go

281 lines
8 KiB
Go
Raw Normal View History

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package router
import (
Api/v1/accounts (#8) * start work on accounts module * plodding away on the accounts endpoint * groundwork for other account routes * add password validator * validation utils * require account approval flags * comments * comments * go fmt * comments * add distributor stub * rename api to federator * tidy a bit * validate new account requests * rename r router * comments * add domain blocks * add some more shortcuts * add some more shortcuts * check email + username availability * email block checking for signups * chunking away at it * tick off a few more things * some fiddling with tests * add mock package * relocate repo * move mocks around * set app id on new signups * initialize oauth server properly * rename oauth server * proper mocking tests * go fmt ./... * add required fields * change name of func * move validation to account.go * more tests! * add some file utility tools * add mediaconfig * new shortcut * add some more fields * add followrequest model * add notify * update mastotypes * mock out storage interface * start building media interface * start on update credentials * mess about with media a bit more * test image manipulation * media more or less working * account update nearly working * rearranging my package ;) ;) ;) * phew big stuff!!!! * fix type checking * *fiddles* * Add CreateTables func * account registration flow working * tidy * script to step through auth flow * add a lil helper for generating user uris * fiddling with federation a bit * update progress * Tidying and linting
2021-04-01 21:46:45 +03:00
"context"
"crypto/tls"
"fmt"
"net"
Api/v1/accounts (#8) * start work on accounts module * plodding away on the accounts endpoint * groundwork for other account routes * add password validator * validation utils * require account approval flags * comments * comments * go fmt * comments * add distributor stub * rename api to federator * tidy a bit * validate new account requests * rename r router * comments * add domain blocks * add some more shortcuts * add some more shortcuts * check email + username availability * email block checking for signups * chunking away at it * tick off a few more things * some fiddling with tests * add mock package * relocate repo * move mocks around * set app id on new signups * initialize oauth server properly * rename oauth server * proper mocking tests * go fmt ./... * add required fields * change name of func * move validation to account.go * more tests! * add some file utility tools * add mediaconfig * new shortcut * add some more fields * add followrequest model * add notify * update mastotypes * mock out storage interface * start building media interface * start on update credentials * mess about with media a bit more * test image manipulation * media more or less working * account update nearly working * rearranging my package ;) ;) ;) * phew big stuff!!!! * fix type checking * *fiddles* * Add CreateTables func * account registration flow working * tidy * script to step through auth flow * add a lil helper for generating user uris * fiddling with federation a bit * update progress * Tidying and linting
2021-04-01 21:46:45 +03:00
"net/http"
2021-05-09 21:34:27 +03:00
"time"
"codeberg.org/gruf/go-bytesize"
"codeberg.org/gruf/go-debug"
"github.com/gin-gonic/gin"
Api/v1/accounts (#8) * start work on accounts module * plodding away on the accounts endpoint * groundwork for other account routes * add password validator * validation utils * require account approval flags * comments * comments * go fmt * comments * add distributor stub * rename api to federator * tidy a bit * validate new account requests * rename r router * comments * add domain blocks * add some more shortcuts * add some more shortcuts * check email + username availability * email block checking for signups * chunking away at it * tick off a few more things * some fiddling with tests * add mock package * relocate repo * move mocks around * set app id on new signups * initialize oauth server properly * rename oauth server * proper mocking tests * go fmt ./... * add required fields * change name of func * move validation to account.go * more tests! * add some file utility tools * add mediaconfig * new shortcut * add some more fields * add followrequest model * add notify * update mastotypes * mock out storage interface * start building media interface * start on update credentials * mess about with media a bit more * test image manipulation * media more or less working * account update nearly working * rearranging my package ;) ;) ;) * phew big stuff!!!! * fix type checking * *fiddles* * Add CreateTables func * account registration flow working * tidy * script to step through auth flow * add a lil helper for generating user uris * fiddling with federation a bit * update progress * Tidying and linting
2021-04-01 21:46:45 +03:00
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
[chore] use our own logging implementation (#716) * first commit Signed-off-by: kim <grufwub@gmail.com> * replace logging with our own log library Signed-off-by: kim <grufwub@gmail.com> * fix imports Signed-off-by: kim <grufwub@gmail.com> * fix log imports Signed-off-by: kim <grufwub@gmail.com> * add license text Signed-off-by: kim <grufwub@gmail.com> * fix package import cycle between config and log package Signed-off-by: kim <grufwub@gmail.com> * fix empty kv.Fields{} being passed to WithFields() Signed-off-by: kim <grufwub@gmail.com> * fix uses of log.WithFields() with whitespace issues and empty slices Signed-off-by: kim <grufwub@gmail.com> * *linter related grumbling* Signed-off-by: kim <grufwub@gmail.com> * gofmt the codebase! also fix more log.WithFields() formatting issues Signed-off-by: kim <grufwub@gmail.com> * update testrig code to match new changes Signed-off-by: kim <grufwub@gmail.com> * fix error wrapping in non fmt.Errorf function Signed-off-by: kim <grufwub@gmail.com> * add benchmarking of log.Caller() vs non-cached Signed-off-by: kim <grufwub@gmail.com> * fix syslog tests, add standard build tags to test runner to ensure consistency Signed-off-by: kim <grufwub@gmail.com> * make syslog tests more robust Signed-off-by: kim <grufwub@gmail.com> * fix caller depth arithmatic (is that how you spell it?) Signed-off-by: kim <grufwub@gmail.com> * update to use unkeyed fields in kv.Field{} instances Signed-off-by: kim <grufwub@gmail.com> * update go-kv library Signed-off-by: kim <grufwub@gmail.com> * update libraries list Signed-off-by: kim <grufwub@gmail.com> * fuck you linter get nerfed Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2022-07-19 11:47:55 +03:00
"github.com/superseriousbusiness/gotosocial/internal/log"
2021-05-09 12:25:13 +03:00
"golang.org/x/crypto/acme/autocert"
)
const (
readTimeout = 60 * time.Second
writeTimeout = 30 * time.Second
idleTimeout = 30 * time.Second
readHeaderTimeout = 30 * time.Second
shutdownTimeout = 30 * time.Second
maxMultipartMemory = int64(8 * bytesize.MiB)
)
// Router provides the HTTP REST
// interface for GoToSocial, using gin.
type Router struct {
engine *gin.Engine
srv *http.Server
}
// New returns a new Router, which wraps
// an http server and gin handler engine.
//
// The router's Attach functions should be
// used *before* the router is Started.
//
// When the router's work is finished, Stop
// should be called on it to close connections
// gracefully.
//
// The provided context will be used as the base
// context for all requests passing through the
// underlying http.Server, so this should be a
// long-running context.
func New(ctx context.Context) (*Router, error) {
// TODO: make this configurable?
gin.SetMode(gin.ReleaseMode)
// Create the engine here -- this is the core
// request routing handler for GoToSocial.
engine := gin.New()
engine.MaxMultipartMemory = maxMultipartMemory
engine.HandleMethodNotAllowed = true
// Set up client IP forwarding via
// trusted x-forwarded-* headers.
trustedProxies := config.GetTrustedProxies()
if err := engine.SetTrustedProxies(trustedProxies); err != nil {
return nil, err
}
// Attach functions used by HTML templating,
// and load HTML templates into the engine.
LoadTemplateFunctions(engine)
if err := LoadTemplates(engine); err != nil {
return nil, err
}
// Use the passed-in cmd context as the base context for the
// server, since we'll never want the server to live past the
// `server start` command anyway.
baseCtx := func(_ net.Listener) context.Context { return ctx }
addr := fmt.Sprintf("%s:%d",
config.GetBindAddress(),
config.GetPort(),
)
// Wrap the gin engine handler in our
// own timeout handler, to ensure we
// don't keep very slow requests around.
handler := timeoutHandler{engine}
s := &http.Server{
Addr: addr,
Handler: handler,
ReadTimeout: readTimeout,
ReadHeaderTimeout: readHeaderTimeout,
WriteTimeout: writeTimeout,
IdleTimeout: idleTimeout,
BaseContext: baseCtx,
}
return &Router{
engine: engine,
srv: s,
}, nil
}
// Start starts the router nicely.
//
// It will serve two handlers if letsencrypt is enabled,
// and only the web/API handler if letsencrypt is not enabled.
func (r *Router) Start() {
var (
// listen is the server start function.
// By default this points to a regular
// HTTP listener, but will be changed to
// TLS if custom certs or LE are enabled.
listen func() error
err error
certFile = config.GetTLSCertificateChain()
keyFile = config.GetTLSCertificateKey()
leEnabled = config.GetLetsEncryptEnabled()
)
switch {
// TLS with custom certs.
case certFile != "":
// During config validation we already checked
// that either both or neither of Chain and Key
// are set, so we can forego checking again here.
listen, err = r.customTLS(certFile, keyFile)
// TLS with letsencrypt.
case leEnabled:
listen, err = r.letsEncryptTLS()
// Default listen. TLS must
// be handled by reverse proxy.
default:
listen = r.srv.ListenAndServe
}
if err != nil {
log.Fatal(nil, err)
}
// Pass the server handler through a debug pprof middleware handler.
// For standard production builds this will be a no-op, but when the
// "debug" or "debugenv" build-tag is set pprof stats will be served
// at the standard "/debug/pprof" URL.
r.srv.Handler = debug.WithPprof(r.srv.Handler)
if debug.DEBUG {
// Profiling requires timeouts longer than 30s, so reset these.
log.Warn(nil, "resetting http.Server{} timeout to support profiling")
r.srv.ReadTimeout = 0
r.srv.WriteTimeout = 0
2021-05-09 12:25:13 +03:00
}
// Start the main listener.
go func() {
log.Infof(nil, "listening on %s", r.srv.Addr)
if err := listen(); err != nil && err != http.ErrServerClosed {
log.Fatalf(nil, "listen: %s", err)
}
}()
}
// Stop shuts down the router nicely
func (r *Router) Stop(ctx context.Context) error {
log.Infof(nil, "shutting down http router with %s grace period", shutdownTimeout)
timeout, cancel := context.WithTimeout(ctx, shutdownTimeout)
defer cancel()
if err := r.srv.Shutdown(timeout); err != nil {
return fmt.Errorf("error shutting down http router: %s", err)
}
log.Info(nil, "http router closed connections and shut down gracefully")
return nil
}
// customTLS modifies the router's underlying
// http server to use custom TLS cert/key pair.
func (r *Router) customTLS(
certFile string,
keyFile string,
) (func() error, error) {
// Load certificates from disk.
cer, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
err = gtserror.Newf(
"failed to load keypair from %s and %s, ensure they are "+
"PEM-encoded and can be read by this process: %w",
certFile, keyFile, err,
)
return nil, err
}
// Override server's TLSConfig.
r.srv.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
Certificates: []tls.Certificate{cer},
}
// Update listen function to use custom TLS.
listen := func() error { return r.srv.ListenAndServeTLS("", "") }
return listen, nil
}
// letsEncryptTLS modifies the router's underlying http
// server to use LetsEncrypt via an ACME Autocert manager.
//
// It also starts a listener on the configured LetsEncrypt
// port to validate LE requests.
func (r *Router) letsEncryptTLS() (func() error, error) {
acm := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(config.GetHost()),
Cache: autocert.DirCache(config.GetLetsEncryptCertDir()),
Email: config.GetLetsEncryptEmailAddress(),
}
// Override server's TLSConfig.
r.srv.TLSConfig = acm.TLSConfig()
// Prepare a fallback handler for LetsEncrypt.
//
// This will redirect all non-LetsEncrypt http
// reqs to https, preserving path and query params.
var fallback http.HandlerFunc = func(
w http.ResponseWriter,
r *http.Request,
) {
// Rewrite target to https.
target := "https://" + r.Host + r.URL.Path
if len(r.URL.RawQuery) > 0 {
target += "?" + r.URL.RawQuery
}
http.Redirect(w, r, target, http.StatusTemporaryRedirect)
2021-05-09 21:34:27 +03:00
}
2021-05-09 12:25:13 +03:00
// Take our own copy of the HTTP server,
// and update it to serve LetsEncrypt
// requests via the autocert manager.
leSrv := (*r.srv) //nolint:govet
leSrv.Handler = acm.HTTPHandler(fallback)
leSrv.Addr = fmt.Sprintf("%s:%d",
config.GetBindAddress(),
config.GetLetsEncryptPort(),
)
go func() {
// Start the LetsEncrypt autocert manager HTTP server.
log.Infof(nil, "letsencrypt listening on %s", leSrv.Addr)
if err := leSrv.ListenAndServe(); err != nil &&
err != http.ErrServerClosed {
log.Fatalf(nil, "letsencrypt: listen: %s", err)
2021-05-09 12:25:13 +03:00
}
}()
2021-05-09 12:25:13 +03:00
// Update listen function to use LetsEncrypt TLS.
listen := func() error { return r.srv.ListenAndServeTLS("", "") }
return listen, nil
}