forked from documize/community
/
server.go
187 lines (154 loc) · 5.59 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com
package endpoint
import (
"fmt"
"net/http"
"os"
"strings"
"github.com/codegangsta/negroni"
"github.com/documize/community/core"
"github.com/documize/community/core/api/plugins"
"github.com/documize/community/core/database"
"github.com/documize/community/core/environment"
"github.com/documize/community/core/log"
"github.com/documize/community/core/web"
"github.com/gorilla/mux"
)
var port, certFile, keyFile, forcePort2SSL string
// Product details app edition and version
var Product core.ProdInfo
func init() {
Product = core.Product()
environment.GetString(&certFile, "cert", false, "the cert.pem file used for https", nil)
environment.GetString(&keyFile, "key", false, "the key.pem file used for https", nil)
environment.GetString(&port, "port", false, "http/https port number", nil)
environment.GetString(&forcePort2SSL, "forcesslport", false, "redirect given http port number to TLS", nil)
}
var testHost string // used during automated testing
// Serve the Documize endpoint.
func Serve(ready chan struct{}) {
err := plugins.LibSetup()
if err != nil {
log.Error("Terminating before running - invalid plugin.json", err)
os.Exit(1)
}
log.Info(fmt.Sprintf("Starting %s version %s", Product.Title, Product.Version))
switch web.SiteMode {
case web.SiteModeOffline:
log.Info("Serving OFFLINE web app")
case web.SiteModeSetup:
Add(RoutePrefixPrivate, "setup", []string{"POST", "OPTIONS"}, nil, database.Create)
log.Info("Serving SETUP web app")
case web.SiteModeBadDB:
log.Info("Serving BAD DATABASE web app")
default:
log.Info("Starting web app")
}
router := mux.NewRouter()
// "/api/public/..."
router.PathPrefix(RoutePrefixPublic).Handler(negroni.New(
negroni.HandlerFunc(cors),
negroni.Wrap(buildRoutes(RoutePrefixPublic)),
))
// "/api/..."
router.PathPrefix(RoutePrefixPrivate).Handler(negroni.New(
negroni.HandlerFunc(Authorize),
negroni.Wrap(buildRoutes(RoutePrefixPrivate)),
))
// "/..."
router.PathPrefix(RoutePrefixRoot).Handler(negroni.New(
negroni.HandlerFunc(cors),
negroni.Wrap(buildRoutes(RoutePrefixRoot)),
))
n := negroni.New()
n.Use(negroni.NewStatic(web.StaticAssetsFileSystem()))
n.Use(negroni.HandlerFunc(cors))
n.Use(negroni.HandlerFunc(metrics))
n.UseHandler(router)
ready <- struct{}{}
if certFile == "" && keyFile == "" {
if port == "" {
port = "80"
}
log.Info("Starting non-SSL server on " + port)
n.Run(testHost + ":" + port)
} else {
if port == "" {
port = "443"
}
if forcePort2SSL != "" {
log.Info("Starting non-SSL server on " + forcePort2SSL + " and redirecting to SSL server on " + port)
go func() {
err := http.ListenAndServe(":"+forcePort2SSL, http.HandlerFunc(
func(w http.ResponseWriter, req *http.Request) {
var host = strings.Replace(req.Host, forcePort2SSL, port, 1) + req.RequestURI
http.Redirect(w, req, "https://"+host, http.StatusMovedPermanently)
}))
if err != nil {
log.Error("ListenAndServe on "+forcePort2SSL, err)
}
}()
}
log.Info("Starting SSL server on " + port + " with " + certFile + " " + keyFile)
// myTLSConfig := &tls.Config{
// CipherSuites: []uint16{
// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
// // tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
// // tls.TLS_RSA_WITH_AES_256_CBC_SHA256,
// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
// // tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
// // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}}
// // tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}}
// myTLSConfig.PreferServerCipherSuites = true
server := &http.Server{Addr: ":" + port, Handler: n /*, TLSConfig: myTLSConfig*/}
server.SetKeepAlivesEnabled(true)
if err := server.ListenAndServeTLS(certFile, keyFile); err != nil {
log.Error("ListenAndServeTLS on "+port, err)
}
}
}
func cors(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS, PATCH")
w.Header().Set("Access-Control-Allow-Headers", "host, content-type, accept, authorization, origin, referer, user-agent, cache-control, x-requested-with")
w.Header().Set("Access-Control-Expose-Headers", "x-documize-version")
if r.Method == "OPTIONS" {
if _, err := w.Write([]byte("")); err != nil {
log.Error("cors", err)
}
return
}
next(w, r)
}
func metrics(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
w.Header().Add("X-Documize-Version", Product.Version)
w.Header().Add("Cache-Control", "no-cache")
// Prevent page from being displayed in an iframe
w.Header().Add("X-Frame-Options", "DENY")
// Force SSL delivery
// if certFile != "" && keyFile != "" {
// w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
// }
next(w, r)
}
func version(w http.ResponseWriter, r *http.Request) {
if _, err := w.Write([]byte(Product.Version)); err != nil {
log.Error("versionHandler", err)
}
}