summaryrefslogtreecommitdiffstats
path: root/lib/webserver
diff options
context:
space:
mode:
authorSebastien Douheret <sebastien.douheret@iot.bzh>2017-05-23 22:56:16 +0200
committerSebastien Douheret <sebastien.douheret@iot.bzh>2017-05-23 23:04:10 +0200
commit32bf4cb0c949f44343849607d0439a61d1e6ea49 (patch)
treee9ff143800a277aa8ecb99f890e00d3e843f14b0 /lib/webserver
parent3cdf92cf07607d60b266e2a458f503af753020f3 (diff)
Add API KEY support to allow CORS requests.
Signed-off-by: Sebastien Douheret <sebastien.douheret@iot.bzh>
Diffstat (limited to 'lib/webserver')
-rw-r--r--lib/webserver/server.go226
1 files changed, 226 insertions, 0 deletions
diff --git a/lib/webserver/server.go b/lib/webserver/server.go
new file mode 100644
index 0000000..b835a65
--- /dev/null
+++ b/lib/webserver/server.go
@@ -0,0 +1,226 @@
+package webserver
+
+import (
+ "fmt"
+ "net/http"
+ "strings"
+
+ "github.com/Sirupsen/logrus"
+ "github.com/gin-gonic/gin"
+ "github.com/googollee/go-socket.io"
+ "github.com/iotbzh/xds-agent/lib/apiv1"
+ "github.com/iotbzh/xds-agent/lib/session"
+ "github.com/iotbzh/xds-agent/lib/xdsconfig"
+)
+
+// ServerService .
+type ServerService struct {
+ router *gin.Engine
+ api *apiv1.APIService
+ sIOServer *socketio.Server
+ webApp *gin.RouterGroup
+ cfg *xdsconfig.Config
+ sessions *session.Sessions
+ log *logrus.Logger
+ stop chan struct{} // signals intentional stop
+}
+
+const indexFilename = "index.html"
+const cookieMaxAge = "3600"
+
+// New creates an instance of ServerService
+func New(conf *xdsconfig.Config, log *logrus.Logger) *ServerService {
+
+ // Setup logging for gin router
+ if log.Level == logrus.DebugLevel {
+ gin.SetMode(gin.DebugMode)
+ } else {
+ gin.SetMode(gin.ReleaseMode)
+ }
+
+ // TODO
+ // - try to bind gin DefaultWriter & DefaultErrorWriter to logrus logger
+ // - try to fix pb about isTerminal=false when out is in VSC Debug Console
+ //gin.DefaultWriter = ??
+ //gin.DefaultErrorWriter = ??
+
+ // Creates gin router
+ r := gin.New()
+
+ svr := &ServerService{
+ router: r,
+ api: nil,
+ sIOServer: nil,
+ webApp: nil,
+ cfg: conf,
+ log: log,
+ sessions: nil,
+ stop: make(chan struct{}),
+ }
+
+ return svr
+}
+
+// Serve starts a new instance of the Web Server
+func (s *ServerService) Serve() error {
+ var err error
+
+ // Setup middlewares
+ s.router.Use(gin.Logger())
+ s.router.Use(gin.Recovery())
+ s.router.Use(s.middlewareCORS())
+ s.router.Use(s.middlewareXDSDetails())
+ s.router.Use(s.middlewareCSRF())
+
+ // Sessions manager
+ s.sessions = session.NewClientSessions(s.router, s.log, cookieMaxAge)
+
+ s.router.GET("", s.slashHandler)
+
+ // Create REST API
+ s.api = apiv1.New(s.sessions, s.cfg, s.log, s.router)
+
+ // Websocket routes
+ s.sIOServer, err = socketio.NewServer(nil)
+ if err != nil {
+ s.log.Fatalln(err)
+ }
+
+ s.router.GET("/socket.io/", s.socketHandler)
+ s.router.POST("/socket.io/", s.socketHandler)
+ /* TODO: do we want to support ws://... ?
+ s.router.Handle("WS", "/socket.io/", s.socketHandler)
+ s.router.Handle("WSS", "/socket.io/", s.socketHandler)
+ */
+
+ // Serve in the background
+ serveError := make(chan error, 1)
+ go func() {
+ fmt.Printf("Web Server running on localhost:%s ...\n", s.cfg.HTTPPort)
+ serveError <- http.ListenAndServe(":"+s.cfg.HTTPPort, s.router)
+ }()
+
+ fmt.Printf("XDS agent running...\n")
+
+ // Wait for stop, restart or error signals
+ select {
+ case <-s.stop:
+ // Shutting down permanently
+ s.sessions.Stop()
+ s.log.Infoln("shutting down (stop)")
+ case err = <-serveError:
+ // Error due to listen/serve failure
+ s.log.Errorln(err)
+ }
+
+ return nil
+}
+
+// Stop web server
+func (s *ServerService) Stop() {
+ close(s.stop)
+}
+
+// serveSlash provides response to GET "/"
+func (s *ServerService) slashHandler(c *gin.Context) {
+ c.String(200, "Hello from XDS agent!")
+}
+
+// Add details in Header
+func (s *ServerService) middlewareXDSDetails() gin.HandlerFunc {
+ return func(c *gin.Context) {
+ c.Header("XDS-Agent-Version", s.cfg.Version)
+ c.Header("XDS-API-Version", s.cfg.APIVersion)
+ c.Next()
+ }
+}
+
+func (s *ServerService) isValidAPIKey(key string) bool {
+ return (key == s.cfg.FileConf.XDSAPIKey && key != "")
+}
+
+func (s *ServerService) middlewareCSRF() gin.HandlerFunc {
+ return func(c *gin.Context) {
+ // Allow requests carrying a valid API key
+ if s.isValidAPIKey(c.Request.Header.Get("X-API-Key")) {
+ // Set the access-control-allow-origin header for CORS requests
+ // since a valid API key has been provided
+ c.Header("Access-Control-Allow-Origin", "*")
+ c.Next()
+ return
+ }
+
+ // Allow io.socket request
+ if strings.HasPrefix(c.Request.URL.Path, "/socket.io") {
+ c.Next()
+ return
+ }
+
+ /* FIXME Add really CSRF support
+
+ // Allow requests for anything not under the protected path prefix,
+ // and set a CSRF cookie if there isn't already a valid one.
+ if !strings.HasPrefix(c.Request.URL.Path, prefix) {
+ cookie, err := c.Cookie("CSRF-Token-" + unique)
+ if err != nil || !validCsrfToken(cookie.Value) {
+ s.log.Debugln("new CSRF cookie in response to request for", c.Request.URL)
+ c.SetCookie("CSRF-Token-"+unique, newCsrfToken(), 600, "/", "", false, false)
+ }
+ c.Next()
+ return
+ }
+
+ // Verify the CSRF token
+ token := c.Request.Header.Get("X-CSRF-Token-" + unique)
+ if !validCsrfToken(token) {
+ c.AbortWithError(403, "CSRF Error")
+ return
+ }
+
+ c.Next()
+ */
+ c.AbortWithError(403, fmt.Errorf("Not valid API key"))
+ }
+}
+
+// CORS middleware
+func (s *ServerService) middlewareCORS() gin.HandlerFunc {
+ return func(c *gin.Context) {
+ if c.Request.Method == "OPTIONS" {
+ c.Header("Access-Control-Allow-Origin", "*")
+ c.Header("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
+ c.Header("Access-Control-Allow-Methods", "GET, POST, DELETE")
+ c.Header("Access-Control-Max-Age", cookieMaxAge)
+ c.AbortWithStatus(204)
+ return
+ }
+ c.Next()
+ }
+}
+
+// socketHandler is the handler for the "main" websocket connection
+func (s *ServerService) socketHandler(c *gin.Context) {
+
+ // Retrieve user session
+ sess := s.sessions.Get(c)
+ if sess == nil {
+ c.JSON(500, gin.H{"error": "Cannot retrieve session"})
+ return
+ }
+
+ s.sIOServer.On("connection", func(so socketio.Socket) {
+ s.log.Debugf("WS Connected (SID=%v)", so.Id())
+ s.sessions.UpdateIOSocket(sess.ID, &so)
+
+ so.On("disconnection", func() {
+ s.log.Debugf("WS disconnected (SID=%v)", so.Id())
+ s.sessions.UpdateIOSocket(sess.ID, nil)
+ })
+ })
+
+ s.sIOServer.On("error", func(so socketio.Socket, err error) {
+ s.log.Errorf("WS SID=%v Error : %v", so.Id(), err.Error())
+ })
+
+ s.sIOServer.ServeHTTP(c.Writer, c.Request)
+}