mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-23 14:28:51 +01:00
fd7282d3cf
* get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix
116 lines
3.9 KiB
Go
116 lines
3.9 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"github.com/gorilla/mux"
|
|
"github.com/rs/cors"
|
|
log "github.com/sirupsen/logrus"
|
|
s "github.com/wiretrustee/wiretrustee/management/server"
|
|
"github.com/wiretrustee/wiretrustee/management/server/http/handler"
|
|
"github.com/wiretrustee/wiretrustee/management/server/http/middleware"
|
|
"golang.org/x/crypto/acme/autocert"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
type Server struct {
|
|
server *http.Server
|
|
config *s.HttpServerConfig
|
|
certManager *autocert.Manager
|
|
tlsConfig *tls.Config
|
|
accountManager *s.AccountManager
|
|
}
|
|
|
|
// NewHttpsServer creates a new HTTPs server (with HTTPS support) and a certManager that is responsible for generating and renewing Let's Encrypt certificate
|
|
// The listening address will be :443 no matter what was specified in s.HttpServerConfig.Address
|
|
func NewHttpsServer(config *s.HttpServerConfig, certManager *autocert.Manager, accountManager *s.AccountManager) *Server {
|
|
server := &http.Server{
|
|
Addr: config.Address,
|
|
WriteTimeout: time.Second * 15,
|
|
ReadTimeout: time.Second * 15,
|
|
IdleTimeout: time.Second * 60,
|
|
}
|
|
return &Server{server: server, config: config, certManager: certManager, accountManager: accountManager}
|
|
}
|
|
|
|
// NewHttpsServerWithTLSConfig creates a new HTTPs server with a provided tls.Config.
|
|
// Usually used when you already have a certificate
|
|
func NewHttpsServerWithTLSConfig(config *s.HttpServerConfig, tlsConfig *tls.Config, accountManager *s.AccountManager) *Server {
|
|
server := &http.Server{
|
|
Addr: config.Address,
|
|
WriteTimeout: time.Second * 15,
|
|
ReadTimeout: time.Second * 15,
|
|
IdleTimeout: time.Second * 60,
|
|
}
|
|
return &Server{server: server, config: config, tlsConfig: tlsConfig, accountManager: accountManager}
|
|
}
|
|
|
|
// NewHttpServer creates a new HTTP server (without HTTPS)
|
|
func NewHttpServer(config *s.HttpServerConfig, accountManager *s.AccountManager) *Server {
|
|
return NewHttpsServer(config, nil, accountManager)
|
|
}
|
|
|
|
// Stop stops the http server
|
|
func (s *Server) Stop(ctx context.Context) error {
|
|
err := s.server.Shutdown(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Start defines http handlers and starts the http server. Blocks until server is shutdown.
|
|
func (s *Server) Start() error {
|
|
|
|
jwtMiddleware, err := middleware.NewJwtMiddleware(s.config.AuthIssuer, s.config.AuthAudience, s.config.AuthKeysLocation)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
corsMiddleware := cors.AllowAll()
|
|
|
|
r := mux.NewRouter()
|
|
r.Use(jwtMiddleware.Handler, corsMiddleware.Handler)
|
|
|
|
peersHandler := handler.NewPeers(s.accountManager, s.config.AuthAudience)
|
|
keysHandler := handler.NewSetupKeysHandler(s.accountManager, s.config.AuthAudience)
|
|
r.HandleFunc("/api/peers", peersHandler.GetPeers).Methods("GET", "OPTIONS")
|
|
r.HandleFunc("/api/peers/{id}", peersHandler.HandlePeer).Methods("GET", "PUT", "DELETE", "OPTIONS")
|
|
|
|
r.HandleFunc("/api/setup-keys", keysHandler.GetKeys).Methods("GET", "POST", "OPTIONS")
|
|
r.HandleFunc("/api/setup-keys/{id}", keysHandler.HandleKey).Methods("GET", "PUT", "OPTIONS")
|
|
http.Handle("/", r)
|
|
|
|
if s.certManager != nil {
|
|
// if HTTPS is enabled we reuse the listener from the cert manager
|
|
listener := s.certManager.Listener()
|
|
log.Infof("HTTPs server listening on %s with Let's Encrypt autocert configured", listener.Addr())
|
|
if err = http.Serve(listener, s.certManager.HTTPHandler(r)); err != nil {
|
|
log.Errorf("failed to serve https server: %v", err)
|
|
return err
|
|
}
|
|
} else if s.tlsConfig != nil {
|
|
listener, err := tls.Listen("tcp", s.config.Address, s.tlsConfig)
|
|
if err != nil {
|
|
log.Errorf("failed to serve https server: %v", err)
|
|
return err
|
|
}
|
|
log.Infof("HTTPs server listening on %s", listener.Addr())
|
|
|
|
if err = http.Serve(listener, r); err != nil {
|
|
log.Errorf("failed to serve https server: %v", err)
|
|
return err
|
|
}
|
|
|
|
} else {
|
|
log.Infof("HTTP server listening on %s", s.server.Addr)
|
|
if err = s.server.ListenAndServe(); err != nil {
|
|
log.Errorf("failed to serve http server: %v", err)
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|