hishtory/server/server.go

package main

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"os"

	"github.com/ddworken/hishtory/shared"
	_ "github.com/lib/pq"
	"gorm.io/driver/postgres"

	"gorm.io/driver/sqlite"
	"gorm.io/gorm"
)

const (
	PostgresDb = "postgresql://postgres:O74Ji4735C@postgres-postgresql.default.svc.cluster.local:5432/hishtory?sslmode=disable"
)

var (
	GLOBAL_DB      *gorm.DB
	ReleaseVersion string = "UNKNOWN"
)

func apiESubmitHandler(w http.ResponseWriter, r *http.Request) {
	data, err := ioutil.ReadAll(r.Body)
	if err != nil {
		panic(err)
	}
	var entries []shared.EncHistoryEntry
	err = json.Unmarshal(data, &entries)
	if err != nil {
		panic(fmt.Sprintf("body=%#v, err=%v", data, err))
	}
	GLOBAL_DB.Where("user_id = ?")
	fmt.Printf("apiESubmitHandler: received request containg %d EncHistoryEntry\n", len(entries))
	for _, entry := range entries {
		tx := GLOBAL_DB.Where("user_id = ?", entry.UserId)
		var devices []*shared.Device
		result := tx.Find(&devices)
		if result.Error != nil {
			panic(fmt.Errorf("DB query error: %v", result.Error))
		}
		if len(devices) == 0 {
			panic(fmt.Errorf("found no devices associated with user_id=%s, can't save history entry", entry.UserId))
		}
		fmt.Printf("apiESubmitHandler: Found %d devices\n", len(devices))
		for _, device := range devices {
			entry.DeviceId = device.DeviceId
			result := GLOBAL_DB.Create(&entry)
			if result.Error != nil {
				panic(result.Error)
			}
		}
	}
}

func apiEQueryHandler(w http.ResponseWriter, r *http.Request) {
	deviceId := r.URL.Query().Get("device_id")
	// Increment the count
	GLOBAL_DB.Exec("UPDATE enc_history_entries SET read_count = read_count + 1 WHERE device_id = ?", deviceId)

	// Then retrieve, to avoid a race condition
	tx := GLOBAL_DB.Where("device_id = ?", deviceId)
	var historyEntries []*shared.EncHistoryEntry
	result := tx.Find(&historyEntries)
	if result.Error != nil {
		panic(fmt.Errorf("DB query error: %v", result.Error))
	}
	fmt.Printf("apiEQueryHandler: Found %d entries\n", len(historyEntries))
	resp, err := json.Marshal(historyEntries)
	if err != nil {
		panic(err)
	}
	w.Write(resp)
}

// TODO: bootstrap is a janky solution for the initial version of this. Long term, need to support deleting entries from the DB which means replacing bootstrap with a queued message sent to any live instances.
func apiEBootstrapHandler(w http.ResponseWriter, r *http.Request) {
	userId := r.URL.Query().Get("user_id")
	tx := GLOBAL_DB.Where("user_id = ?", userId)
	var historyEntries []*shared.EncHistoryEntry
	result := tx.Find(&historyEntries)
	if result.Error != nil {
		panic(fmt.Errorf("DB query error: %v", result.Error))
	}
	resp, err := json.Marshal(historyEntries)
	if err != nil {
		panic(err)
	}
	w.Write(resp)
}

func apiERegisterHandler(w http.ResponseWriter, r *http.Request) {
	userId := r.URL.Query().Get("user_id")
	deviceId := r.URL.Query().Get("device_id")
	GLOBAL_DB.Create(&shared.Device{UserId: userId, DeviceId: deviceId})
}

func apiBannerHandler(w http.ResponseWriter, r *http.Request) {
	commitHash := r.URL.Query().Get("commit_hash")
	deviceId := r.URL.Query().Get("device_id")
	forcedBanner := r.URL.Query().Get("forced_banner")
	fmt.Printf("apiBannerHandler: commit_hash=%#v, device_id=%#v, forced_banner=%#v\n", commitHash, deviceId, forcedBanner)
	w.Write([]byte(forcedBanner))
}

func isTestEnvironment() bool {
	return os.Getenv("HISHTORY_TEST") != ""
}

func OpenDB() (*gorm.DB, error) {
	if isTestEnvironment() {
		db, err := gorm.Open(sqlite.Open("file::memory:?cache=shared"), &gorm.Config{})
		if err != nil {
			return nil, fmt.Errorf("failed to connect to the DB: %v", err)
		}
		db.AutoMigrate(&shared.EncHistoryEntry{})
		db.AutoMigrate(&shared.Device{})
		return db, nil
	}

	db, err := gorm.Open(postgres.Open(PostgresDb), &gorm.Config{})
	if err != nil {
		return nil, fmt.Errorf("failed to connect to the DB: %v", err)
	}
	db.AutoMigrate(&shared.EncHistoryEntry{})
	db.AutoMigrate(&shared.Device{})
	return db, nil
}

func init() {
	if ReleaseVersion == "UNKNOWN" {
		panic("server.go was built without a ReleaseVersion!")
	}
	InitDB()
}

func InitDB() {
	var err error
	GLOBAL_DB, err = OpenDB()
	if err != nil {
		panic(err)
	}
	tx, err := GLOBAL_DB.DB()
	if err != nil {
		panic(err)
	}
	err = tx.Ping()
	if err != nil {
		panic(err)
	}
}

func bindaryDownloadHandler(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, fmt.Sprintf("https://github.com/ddworken/hishtory/releases/download/%s/hishtory-linux-amd64", ReleaseVersion), http.StatusFound)
}

func attestationDownloadHandler(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, fmt.Sprintf("https://github.com/ddworken/hishtory/releases/download/%s/hishtory-linux-amd64.intoto.jsonl", ReleaseVersion), http.StatusFound)
}

func main() {
	fmt.Println("Listening on localhost:8080")
	http.HandleFunc("/api/v1/esubmit", apiESubmitHandler)
	http.HandleFunc("/api/v1/equery", apiEQueryHandler)
	http.HandleFunc("/api/v1/ebootstrap", apiEBootstrapHandler)
	http.HandleFunc("/api/v1/eregister", apiERegisterHandler)
	http.HandleFunc("/api/v1/banner", apiBannerHandler)
	http.HandleFunc("/download/hishtory-linux-amd64", bindaryDownloadHandler)
	http.HandleFunc("/download/hishtory-linux-amd64.intoto.jsonl", attestationDownloadHandler)
	log.Fatal(http.ListenAndServe(":8080", nil))
}
init versions pre-split 2022-01-09 05:27:18 +01:00			`package main`

			`import (`
			`"encoding/json"`
			`"fmt"`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			`"io/ioutil"`
working update 2022-04-07 03:18:46 +02:00			`"log"`
init versions pre-split 2022-01-09 05:27:18 +01:00			`"net/http"`
refactored to move no longer shared things out of the shared/ folder 2022-04-08 05:59:40 +02:00			`"os"`
init versions pre-split 2022-01-09 05:27:18 +01:00
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`"github.com/ddworken/hishtory/shared"`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`_ "github.com/lib/pq"`
			`"gorm.io/driver/postgres"`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00
			`"gorm.io/driver/sqlite"`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`"gorm.io/gorm"`
			`)`

			`const (`
Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`PostgresDb = "postgresql://postgres:O74Ji4735C@postgres-postgresql.default.svc.cluster.local:5432/hishtory?sslmode=disable"`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`)`
init versions pre-split 2022-01-09 05:27:18 +01:00
Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`var (`
			`GLOBAL_DB *gorm.DB`
			`ReleaseVersion string = "UNKNOWN"`
			`)`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00
			`func apiESubmitHandler(w http.ResponseWriter, r *http.Request) {`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			`data, err := ioutil.ReadAll(r.Body)`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`if err != nil {`
			`panic(err)`
			`}`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			`var entries []shared.EncHistoryEntry`
			`err = json.Unmarshal(data, &entries)`
			`if err != nil {`
			`panic(fmt.Sprintf("body=%#v, err=%v", data, err))`
			`}`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`GLOBAL_DB.Where("user_id = ?")`
refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`fmt.Printf("apiESubmitHandler: received request containg %d EncHistoryEntry\n", len(entries))`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`for _, entry := range entries {`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`tx := GLOBAL_DB.Where("user_id = ?", entry.UserId)`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`var devices []*shared.Device`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`result := tx.Find(&devices)`
			`if result.Error != nil {`
			`panic(fmt.Errorf("DB query error: %v", result.Error))`
			`}`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`if len(devices) == 0 {`
pre-commit + stricter formatting + pre-commit fixes 2022-04-08 06:40:22 +02:00			`panic(fmt.Errorf("found no devices associated with user_id=%s, can't save history entry", entry.UserId))`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`}`
refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`fmt.Printf("apiESubmitHandler: Found %d devices\n", len(devices))`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`for _, device := range devices {`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`entry.DeviceId = device.DeviceId`
refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`result := GLOBAL_DB.Create(&entry)`
			`if result.Error != nil {`
			`panic(result.Error)`
			`}`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`}`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`}`
			`}`

			`func apiEQueryHandler(w http.ResponseWriter, r *http.Request) {`
			`deviceId := r.URL.Query().Get("device_id")`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`// Increment the count`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`GLOBAL_DB.Exec("UPDATE enc_history_entries SET read_count = read_count + 1 WHERE device_id = ?", deviceId)`

			`// Then retrieve, to avoid a race condition`
			`tx := GLOBAL_DB.Where("device_id = ?", deviceId)`
			`var historyEntries []*shared.EncHistoryEntry`
			`result := tx.Find(&historyEntries)`
			`if result.Error != nil {`
			`panic(fmt.Errorf("DB query error: %v", result.Error))`
			`}`
refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`fmt.Printf("apiEQueryHandler: Found %d entries\n", len(historyEntries))`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`resp, err := json.Marshal(historyEntries)`
			`if err != nil {`
			`panic(err)`
			`}`
			`w.Write(resp)`
			`}`

tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			`// TODO: bootstrap is a janky solution for the initial version of this. Long term, need to support deleting entries from the DB which means replacing bootstrap with a queued message sent to any live instances.`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`func apiEBootstrapHandler(w http.ResponseWriter, r *http.Request) {`
			`userId := r.URL.Query().Get("user_id")`
			`tx := GLOBAL_DB.Where("user_id = ?", userId)`
			`var historyEntries []*shared.EncHistoryEntry`
			`result := tx.Find(&historyEntries)`
			`if result.Error != nil {`
			`panic(fmt.Errorf("DB query error: %v", result.Error))`
			`}`
			`resp, err := json.Marshal(historyEntries)`
init versions pre-split 2022-01-09 05:27:18 +01:00			`if err != nil {`
			`panic(err)`
			`}`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`w.Write(resp)`
			`}`

adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`func apiERegisterHandler(w http.ResponseWriter, r *http.Request) {`
			`userId := r.URL.Query().Get("user_id")`
			`deviceId := r.URL.Query().Get("device_id")`
			`GLOBAL_DB.Create(&shared.Device{UserId: userId, DeviceId: deviceId})`
init versions pre-split 2022-01-09 05:27:18 +01:00			`}`

refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`func apiBannerHandler(w http.ResponseWriter, r *http.Request) {`
			`commitHash := r.URL.Query().Get("commit_hash")`
			`deviceId := r.URL.Query().Get("device_id")`
			`forcedBanner := r.URL.Query().Get("forced_banner")`
			`fmt.Printf("apiBannerHandler: commit_hash=%#v, device_id=%#v, forced_banner=%#v\n", commitHash, deviceId, forcedBanner)`
			`w.Write([]byte(forcedBanner))`
			`}`

refactored to move no longer shared things out of the shared/ folder 2022-04-08 05:59:40 +02:00			`func isTestEnvironment() bool {`
			`return os.Getenv("HISHTORY_TEST") != ""`
			`}`

Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`func OpenDB() (*gorm.DB, error) {`
refactored to move no longer shared things out of the shared/ folder 2022-04-08 05:59:40 +02:00			`if isTestEnvironment() {`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			`db, err := gorm.Open(sqlite.Open("file::memory:?cache=shared"), &gorm.Config{})`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to connect to the DB: %v", err)`
			`}`
			`db.AutoMigrate(&shared.EncHistoryEntry{})`
			`db.AutoMigrate(&shared.Device{})`
			`return db, nil`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`}`

Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`db, err := gorm.Open(postgres.Open(PostgresDb), &gorm.Config{})`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to connect to the DB: %v", err)`
			`}`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`db.AutoMigrate(&shared.EncHistoryEntry{})`
			`db.AutoMigrate(&shared.Device{})`
Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`return db, nil`
			`}`

still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`func init() {`
Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`if ReleaseVersion == "UNKNOWN" {`
			`panic("server.go was built without a ReleaseVersion!")`
			`}`
fixed the DB error, was stupid mistake in test-only code 2022-04-03 07:54:09 +02:00			`InitDB()`
			`}`

			`func InitDB() {`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`var err error`
			`GLOBAL_DB, err = OpenDB()`
init versions pre-split 2022-01-09 05:27:18 +01:00			`if err != nil {`
			`panic(err)`
			`}`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`tx, err := GLOBAL_DB.DB()`
			`if err != nil {`
			`panic(err)`
			`}`
			`err = tx.Ping()`
			`if err != nil {`
			`panic(err)`
			`}`
			`}`

Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`func bindaryDownloadHandler(w http.ResponseWriter, r *http.Request) {`
			`http.Redirect(w, r, fmt.Sprintf("https://github.com/ddworken/hishtory/releases/download/%s/hishtory-linux-amd64", ReleaseVersion), http.StatusFound)`
			`}`

			`func attestationDownloadHandler(w http.ResponseWriter, r *http.Request) {`
			`http.Redirect(w, r, fmt.Sprintf("https://github.com/ddworken/hishtory/releases/download/%s/hishtory-linux-amd64.intoto.jsonl", ReleaseVersion), http.StatusFound)`
			`}`

still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`func main() {`
init versions pre-split 2022-01-09 05:27:18 +01:00			`fmt.Println("Listening on localhost:8080")`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`http.HandleFunc("/api/v1/esubmit", apiESubmitHandler)`
			`http.HandleFunc("/api/v1/equery", apiEQueryHandler)`
			`http.HandleFunc("/api/v1/ebootstrap", apiEBootstrapHandler)`
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`http.HandleFunc("/api/v1/eregister", apiERegisterHandler)`
refactoring, better tests, commit hash, banner, and tested working locally 2022-04-07 07:43:07 +02:00			`http.HandleFunc("/api/v1/banner", apiBannerHandler)`
Add server handlers for downloads 2022-04-09 07:37:03 +02:00			`http.HandleFunc("/download/hishtory-linux-amd64", bindaryDownloadHandler)`
			`http.HandleFunc("/download/hishtory-linux-amd64.intoto.jsonl", attestationDownloadHandler)`
init versions pre-split 2022-01-09 05:27:18 +01:00			`log.Fatal(http.ListenAndServe(":8080", nil))`
			`}`