forked from mendersoftware/useradm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.go
116 lines (94 loc) · 3.11 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
// Copyright 2016 Mender Software AS
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"net/http"
"github.com/ant0ine/go-json-rest/rest"
"github.com/mendersoftware/go-lib-micro/config"
"github.com/mendersoftware/go-lib-micro/log"
"github.com/mendersoftware/useradm/authz"
"github.com/pkg/errors"
)
func SetupAPI(stacktype string, authz authz.Authorizer) (*rest.Api, error) {
api := rest.NewApi()
if err := SetupMiddleware(api, stacktype, authz); err != nil {
return nil, errors.Wrap(err, "failed to setup middleware")
}
//this will override the framework's error resp to the desired one:
// {"error": "msg"}
// instead of:
// {"Error": "msg"}
rest.ErrorFieldName = "error"
return api, nil
}
func RunServer(c config.Reader) error {
l := log.New(log.Ctx{})
privKey, err := getRSAPrivKey(c.GetString(SettingPrivKeyPath))
if err != nil {
return errors.Wrap(err, "failed to read rsa private key")
}
jwth := NewJWTHandlerRS256(privKey, l)
authz := NewSimpleAuthz(jwth, l)
useradmapi := NewUserAdmApiHandlers(
func(l *log.Logger) (UserAdmApp, error) {
db, err := GetDataStoreMongo(c.GetString(SettingDb), l)
if err != nil {
return nil, errors.Wrap(err, "database connection failed")
}
jwtHandler := NewJWTHandlerRS256(privKey, l)
ua := NewUserAdm(jwtHandler, db, UserAdmConfig{
Issuer: c.GetString(SettingJWTIssuer),
ExpirationTime: int64(c.GetInt(SettingJWTExpirationTimeout)),
})
return ua, nil
})
api, err := SetupAPI(c.GetString(SettingMiddleware), authz)
if err != nil {
return errors.Wrap(err, "API setup failed")
}
apph, err := useradmapi.GetApp()
if err != nil {
return errors.Wrap(err, "inventory API handlers setup failed")
}
api.SetApp(apph)
addr := c.GetString(SettingListen)
l.Printf("listening on %s", addr)
return http.ListenAndServe(addr, api.MakeHandler())
}
func getRSAPrivKey(privKeyPath string) (*rsa.PrivateKey, error) {
// read key from file
pemData, err := ioutil.ReadFile(privKeyPath)
if err != nil {
return nil, errors.Wrap(err, "jwt: can't open key")
}
// decode pem key
block, _ := pem.Decode(pemData)
if block == nil {
return nil, errors.Wrap(err, "jwt: can't decode key")
}
// check if it is an RSA PRIVATE KEY
if got, want := block.Type, "RSA PRIVATE KEY"; got != want {
return nil, errors.New("jwt: can't open key - not an rsa private key")
}
// return parsed key
privkey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, errors.Wrap(err, "jwt: can't parse key")
}
return privkey, nil
}