-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.go
372 lines (314 loc) · 10.5 KB
/
app.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
package ambientapp
import (
"fmt"
"net/http"
"os"
"os/signal"
"syscall"
"github.com/ambientkit/ambient"
"github.com/ambientkit/ambient/internal/config"
"github.com/ambientkit/ambient/internal/devconsole"
"github.com/ambientkit/ambient/internal/grpcsystem"
"github.com/ambientkit/ambient/internal/injector"
"github.com/ambientkit/ambient/internal/pluginsafe"
"github.com/ambientkit/ambient/internal/secureconfig"
"github.com/ambientkit/ambient/pkg/envdetect"
"github.com/ambientkit/ambient/pkg/requestuuid"
)
// App represents an Ambient app that supports plugins.
type App struct {
log ambient.AppLogger
pluginsystem ambient.PluginSystem
grpcsystem ambient.GRPCSystem
sessionstorer ambient.SessionStorer
mux ambient.AppRouter
renderer ambient.Renderer
sess ambient.AppSession
recorder *pluginsafe.RouteRecorder
securesite *secureconfig.SecureSite
debugTemplates bool
escapeTemplates bool
}
// NewAppLogger returns a logger from Ambient without all the other dependencies.
func NewAppLogger(appName string, appVersion string, logPlugin ambient.LoggingPlugin, logLevel ambient.LogLevel) (ambient.AppLogger, error) {
// Set the time zone. Required for plugins that rely on timzone like MFA.
tz := os.Getenv("AMB_TIMEZONE")
if len(tz) > 0 {
os.Setenv("TZ", tz)
}
// Get the logger from the plugin.
log, err := loadLogger(appName, appVersion, logPlugin)
if err != nil {
return nil, err
}
// Set the initial log level.
log.SetLogLevel(logLevel)
return log, nil
}
// LoadLogger returns the logger.
func loadLogger(appName string, appVersion string, plugin ambient.LoggingPlugin) (ambient.AppLogger, error) {
// Validate plugin name and version.
err := ambient.Validate(plugin)
if err != nil {
return nil, err
}
// Get the logger from the plugins.
log, err := plugin.Logger(appName, appVersion, nil)
if err != nil {
return nil, err
} else if log == nil {
return nil, fmt.Errorf("ambient: no logger found")
} else {
log.Info("ambient: using logger from plugin: %v", plugin.PluginName())
}
return log, nil
}
// NewApp returns a new Ambient app that supports plugins.
func NewApp(appName string, appVersion string, logPlugin ambient.LoggingPlugin,
storagePluginGroup ambient.StoragePluginGroup, plugins *ambient.PluginLoader) (*App, ambient.AppLogger, error) {
// Set up the logger first.
log, err := NewAppLogger(appName, appVersion, logPlugin, ambient.EnvLogLevel())
if err != nil {
return nil, nil, err
}
log = log.Named("ambient")
// Get the storage manager.
storage, sessionstorer, err := loadStorage(log, storagePluginGroup)
if err != nil {
return nil, log, err
}
// Implicitly trust session manager so the middleware will work properly.
if plugins.SessionManager != nil {
plugins.TrustedPlugins[plugins.SessionManager.PluginName()] = true
}
// Initialize the plugin system.
pluginsystem, err := config.NewPluginSystem(log.Named("pluginsystem"), storage, plugins)
if err != nil {
log.Fatal(err.Error())
}
grpcsystem := grpcsystem.New(log, pluginsystem)
grpcsystem.ConnectAll()
ambientApp := &App{
log: log,
pluginsystem: pluginsystem,
grpcsystem: grpcsystem,
sessionstorer: sessionstorer,
escapeTemplates: true,
}
// Enable the trusted plugins.
ambientApp.grantAccess()
return ambientApp, log, nil
}
// PluginSystem returns the plugin system.
func (app *App) PluginSystem() ambient.PluginSystem {
return app.pluginsystem
}
// LoadStorage returns the storage.
func loadStorage(log ambient.AppLogger, pluginGroup ambient.StoragePluginGroup) (*config.Storage, ambient.SessionStorer, error) {
// Detect if storage plugin is missing.
if pluginGroup.Storage == nil {
return nil, nil, fmt.Errorf("ambient: storage plugin is missing")
}
plugin := pluginGroup.Storage
// Validate plugin name and version.
err := ambient.Validate(plugin)
if err != nil {
return nil, nil, err
}
// Define the storage managers.
var ds ambient.DataStorer
var ss ambient.SessionStorer
// Get the storage manager from the plugins.
pds, pss, err := plugin.Storage(log)
if err != nil {
log.Error(err.Error())
} else if pds != nil && pss != nil {
log.Info("using storage from first plugin: %v", plugin.PluginName())
ds = pds
ss = pss
}
if ds == nil || ss == nil {
return nil, nil, fmt.Errorf("ambient: no storage manager found")
}
// Set up the data storage provider.
storage, err := config.NewStorage(log, ds, pluginGroup.Encryption)
if err != nil {
return nil, nil, err
}
return storage, ss, err
}
// StopGRPCClients stops the gRPC plugins.
func (app *App) StopGRPCClients() {
app.grpcsystem.Disconnect()
}
// Handler loads the plugins and returns the handler.
func (app *App) Handler() (http.Handler, error) {
// Get the session manager from the plugins.
if app.pluginsystem.SessionManager() != nil {
sm, err := app.pluginsystem.SessionManager().SessionManager(app.log.Named("sessionmanager"), app.sessionstorer)
if err != nil {
app.log.Error(err.Error())
} else if sm != nil {
// Only set the session manager once.
app.log.Info("using session manager from plugin: %v", app.pluginsystem.SessionManager().PluginName())
app.sess = sm
}
}
if app.sess == nil {
return nil, fmt.Errorf("ambient: no session manager found, ensure it is trusted")
}
// Set up the template injector.
pi := injector.NewPlugininjector(app.log, app.pluginsystem, app.sess, app.debugTemplates, app.escapeTemplates)
// Get the template engine.
if app.pluginsystem.TemplateEngine() != nil {
tt, err := app.pluginsystem.TemplateEngine().TemplateEngine(app.log.Named("templateengine"), pi)
if err != nil {
return nil, err
} else if tt != nil {
// Only set the router once.
app.log.Info("using template engine from plugin: %v", app.pluginsystem.TemplateEngine().PluginName())
app.renderer = tt
}
}
if app.renderer == nil {
return nil, fmt.Errorf("ambient: no template engine found")
}
// Get the router.
if app.pluginsystem.Router() != nil {
rm, err := app.pluginsystem.Router().Router(app.log.Named("router"), app.renderer)
if err != nil {
return nil, err
} else if rm != nil {
// Only set the router once.
app.log.Info("using router from plugin: %v", app.pluginsystem.Router().PluginName())
app.mux = rm
}
}
if app.mux == nil {
return nil, fmt.Errorf("ambient: no router found")
}
app.recorder = pluginsafe.NewRouteRecorder(app.log, app.pluginsystem, app.mux)
// Create secure site for the core app and use "ambient" so it gets
// full permissions.
var err error
var handler http.Handler
app.securesite, handler, err = secureconfig.NewSecureSite("ambient", app.log.Named("securesite"), app.pluginsystem, app.sess, app.mux, app.renderer, app.recorder, true)
if err != nil {
return nil, err
}
// Start monitoring with the ability to restart/reload plugin.
app.grpcsystem.Monitor(app.securesite)
// Start Dev Console if enabled via environment variable.
if envdetect.DevConsoleEnabled() {
// TODO: Should probably store in an object that can be edited by system.
dc := devconsole.NewDevConsole(app.log.Named("devconsole"), app.pluginsystem, app.pluginsystem.StorageManager(), app.securesite)
dc.EnableDevConsole()
}
// Add a request UUID around all routes.
return requestuuid.Middleware(handler), nil
}
// GrantAccess grants access to all trusted plugins.
func (app *App) grantAccess() {
pluginsData := app.pluginsystem.PluginsData()
// Enable trusted plugins.
for _, pluginName := range app.pluginsystem.TrustedPluginNames() {
// If plugin is not enabled, then enable.
pluginInfo, found := pluginsData[pluginName]
if !found {
continue
}
if !pluginInfo.Enabled {
app.log.Info("enabling trusted plugin: %v", pluginName)
err := app.pluginsystem.SetEnabled(pluginName, true)
if err != nil {
app.log.Error(err.Error())
}
}
p, err := app.pluginsystem.Plugin(pluginName)
if err != nil {
app.log.Error("error with plugin (%v): %v", pluginName, err.Error())
return
}
for _, request := range p.GrantRequests() {
// If plugin is not granted permission, then grant.
if !app.pluginsystem.Granted(pluginName, request.Grant) {
app.log.Info("for plugin (%v), adding grant: %v", pluginName, request.Grant)
err = app.pluginsystem.SetGrant(pluginName, request.Grant)
if err != nil {
app.log.Error(err.Error())
}
}
}
}
}
// SetDebugTemplates sets the injector to enable verbose debug output in
// templates.
func (app *App) SetDebugTemplates(enable bool) {
app.debugTemplates = enable
}
// SetLogLevel sets the log level.
func (app *App) SetLogLevel(level ambient.LogLevel) {
app.log.SetLogLevel(level)
}
// SetEscapeTemplates sets the injector to disable (enabled by default) escaping
// templates.
func (app *App) SetEscapeTemplates(enable bool) {
app.escapeTemplates = enable
}
// ListenAndServe will start the web listener on port 8080 or will pull the
// environment variable from:
// PORT (GCP), _LAMBDA_SERVER_PORT (AWS), or FUNCTIONS_CUSTOMHANDLER_PORT (Azure).
func (app *App) ListenAndServe(h http.Handler) error {
// Start the web server. Google Cloud uses standardized PORT env variable.
port := os.Getenv("PORT")
if port == "" {
port = "8080"
}
// Get the AWS Lambda port if it's set.
awsPort, exists := os.LookupEnv("_LAMBDA_SERVER_PORT")
if exists {
port = awsPort
}
// Get the Microsoft Azure Functions port if it's set.
azurePort, exists := os.LookupEnv("FUNCTIONS_CUSTOMHANDLER_PORT")
if exists {
port = azurePort
}
app.handleExit()
app.log.Info("web server listening on port: %v", port)
return http.ListenAndServe(":"+port, h)
}
// handleExit will handle app shutdown when Ctrl+c is pressed.
func (app *App) handleExit() {
c := make(chan os.Signal)
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
go func() {
<-c
app.CleanUp()
os.Exit(0)
}()
}
// SecureSite returns the secure site configuration.
func (app *App) SecureSite() *secureconfig.SecureSite {
return app.securesite
}
// CleanUp runs the final steps to ensure the server shutdown doesn't leave
// the app in a bad state.
func (app *App) CleanUp() {
var err error
app.log.Info("shutdown started")
app.log.Info("stopping gRPC plugins")
app.StopGRPCClients()
// Load decrypted just in case the storage was decrypted by AMB.
app.log.Info("loading storage")
err = app.pluginsystem.StorageManager().LoadDecrypted()
if err != nil {
app.log.Error("could not load storage: %v", err.Error())
}
app.log.Info("saving storage")
err = app.pluginsystem.StorageManager().Save()
if err != nil {
app.log.Error("could not save storage: %v", err.Error())
}
app.log.Info("shutdown done")
}