mirror of
https://github.com/openziti/zrok.git
synced 2025-01-24 23:09:32 +01:00
53940d51ab
* added tls support to controller and access proxies * few pr comments
154 lines
5.1 KiB
Go
154 lines
5.1 KiB
Go
package controller
|
|
|
|
import (
|
|
"context"
|
|
"github.com/jessevdk/go-flags"
|
|
"github.com/openziti/zrok/controller/config"
|
|
"github.com/openziti/zrok/controller/limits"
|
|
"github.com/openziti/zrok/controller/metrics"
|
|
"github.com/sirupsen/logrus"
|
|
"log"
|
|
"net/http"
|
|
_ "net/http/pprof"
|
|
|
|
"github.com/go-openapi/loads"
|
|
influxdb2 "github.com/influxdata/influxdb-client-go/v2"
|
|
"github.com/openziti/zrok/controller/store"
|
|
"github.com/openziti/zrok/rest_server_zrok"
|
|
"github.com/openziti/zrok/rest_server_zrok/operations"
|
|
"github.com/openziti/zrok/rest_server_zrok/operations/account"
|
|
"github.com/openziti/zrok/rest_server_zrok/operations/metadata"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
var (
|
|
cfg *config.Config
|
|
str *store.Store
|
|
idb influxdb2.Client
|
|
limitsAgent *limits.Agent
|
|
)
|
|
|
|
func Run(inCfg *config.Config) error {
|
|
cfg = inCfg
|
|
|
|
if cfg.Admin != nil && cfg.Admin.ProfileEndpoint != "" {
|
|
go func() {
|
|
log.Println(http.ListenAndServe(cfg.Admin.ProfileEndpoint, nil))
|
|
}()
|
|
}
|
|
|
|
swaggerSpec, err := loads.Embedded(rest_server_zrok.SwaggerJSON, rest_server_zrok.FlatSwaggerJSON)
|
|
if err != nil {
|
|
return errors.Wrap(err, "error loading embedded swagger spec")
|
|
}
|
|
|
|
api := operations.NewZrokAPI(swaggerSpec)
|
|
api.KeyAuth = newZrokAuthenticator(cfg).authenticate
|
|
api.AccountInviteHandler = newInviteHandler(cfg)
|
|
api.AccountLoginHandler = account.LoginHandlerFunc(loginHandler)
|
|
api.AccountRegisterHandler = newRegisterHandler(cfg)
|
|
api.AccountResetPasswordHandler = newResetPasswordHandler(cfg)
|
|
api.AccountResetPasswordRequestHandler = newResetPasswordRequestHandler()
|
|
api.AccountVerifyHandler = newVerifyHandler()
|
|
api.AdminCreateFrontendHandler = newCreateFrontendHandler()
|
|
api.AdminCreateIdentityHandler = newCreateIdentityHandler()
|
|
api.AdminDeleteFrontendHandler = newDeleteFrontendHandler()
|
|
api.AdminInviteTokenGenerateHandler = newInviteTokenGenerateHandler()
|
|
api.AdminListFrontendsHandler = newListFrontendsHandler()
|
|
api.AdminUpdateFrontendHandler = newUpdateFrontendHandler()
|
|
api.EnvironmentEnableHandler = newEnableHandler()
|
|
api.EnvironmentDisableHandler = newDisableHandler()
|
|
api.MetadataGetAccountDetailHandler = newAccountDetailHandler()
|
|
api.MetadataConfigurationHandler = newConfigurationHandler(cfg)
|
|
if cfg.Metrics != nil && cfg.Metrics.Influx != nil {
|
|
api.MetadataGetAccountMetricsHandler = newGetAccountMetricsHandler(cfg.Metrics.Influx)
|
|
api.MetadataGetEnvironmentMetricsHandler = newGetEnvironmentMetricsHandler(cfg.Metrics.Influx)
|
|
api.MetadataGetShareMetricsHandler = newGetShareMetricsHandler(cfg.Metrics.Influx)
|
|
}
|
|
api.MetadataGetEnvironmentDetailHandler = newEnvironmentDetailHandler()
|
|
api.MetadataGetFrontendDetailHandler = newGetFrontendDetailHandler()
|
|
api.MetadataGetShareDetailHandler = newShareDetailHandler()
|
|
api.MetadataOverviewHandler = newOverviewHandler()
|
|
api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
|
|
api.ShareAccessHandler = newAccessHandler()
|
|
api.ShareShareHandler = newShareHandler()
|
|
api.ShareUnaccessHandler = newUnaccessHandler()
|
|
api.ShareUnshareHandler = newUnshareHandler()
|
|
api.ShareUpdateShareHandler = newUpdateShareHandler()
|
|
|
|
if err := controllerStartup(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if v, err := store.Open(cfg.Store); err == nil {
|
|
str = v
|
|
} else {
|
|
return errors.Wrap(err, "error opening store")
|
|
}
|
|
|
|
if cfg.Metrics != nil && cfg.Metrics.Influx != nil {
|
|
idb = influxdb2.NewClient(cfg.Metrics.Influx.Url, cfg.Metrics.Influx.Token)
|
|
} else {
|
|
logrus.Warn("skipping influx client; no configuration")
|
|
}
|
|
|
|
if cfg.Metrics != nil && cfg.Metrics.Agent != nil && cfg.Metrics.Influx != nil {
|
|
ma, err := metrics.NewAgent(cfg.Metrics.Agent, str, cfg.Metrics.Influx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "error creating metrics agent")
|
|
}
|
|
if err := ma.Start(); err != nil {
|
|
return errors.Wrap(err, "error starting metrics agent")
|
|
}
|
|
defer func() { ma.Stop() }()
|
|
|
|
if cfg.Limits != nil && cfg.Limits.Enforcing {
|
|
limitsAgent, err = limits.NewAgent(cfg.Limits, cfg.Metrics.Influx, cfg.Ziti, cfg.Email, str)
|
|
if err != nil {
|
|
return errors.Wrap(err, "error creating limits agent")
|
|
}
|
|
ma.AddUsageSink(limitsAgent)
|
|
limitsAgent.Start()
|
|
defer func() { limitsAgent.Stop() }()
|
|
}
|
|
}
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer func() {
|
|
cancel()
|
|
}()
|
|
|
|
if cfg.Maintenance != nil {
|
|
if cfg.Maintenance.Registration != nil {
|
|
go newRegistrationMaintenanceAgent(ctx, cfg.Maintenance.Registration).run()
|
|
}
|
|
if cfg.Maintenance.ResetPassword != nil {
|
|
go newMaintenanceResetPasswordAgent(ctx, cfg.Maintenance.ResetPassword).run()
|
|
}
|
|
}
|
|
|
|
server := rest_server_zrok.NewServer(api)
|
|
defer func() { _ = server.Shutdown() }()
|
|
if cfg.Tls != nil {
|
|
server.TLSHost = cfg.Endpoint.Host
|
|
server.TLSPort = cfg.Endpoint.Port
|
|
server.TLSCertificate = flags.Filename(cfg.Tls.CertPath)
|
|
server.TLSCertificateKey = flags.Filename(cfg.Tls.KeyPath)
|
|
server.EnabledListeners = []string{"https"}
|
|
} else {
|
|
server.Host = cfg.Endpoint.Host
|
|
server.Port = cfg.Endpoint.Port
|
|
}
|
|
rest_server_zrok.HealthCheck = HealthCheckHTTP
|
|
server.ConfigureAPI()
|
|
if err := server.Serve(); err != nil {
|
|
return errors.Wrap(err, "api server error")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func Store() *store.Store {
|
|
return str
|
|
}
|