forked from canonical/lxd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.go
122 lines (101 loc) · 2.92 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"bytes"
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"log"
"net/http"
"github.com/gorilla/mux"
"github.com/lxc/lxd/lxd/response"
"github.com/lxc/lxd/lxd/util"
"github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/logger"
)
func restServer(tlsConfig *tls.Config, cert *x509.Certificate, debug bool, d *Daemon) *http.Server {
mux := mux.NewRouter()
mux.StrictSlash(false)
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
response.SyncResponse(true, []string{"/1.0"}).Render(w)
})
for _, c := range api10 {
createCmd(mux, "1.0", c, cert, debug, d)
}
return &http.Server{Handler: mux, TLSConfig: tlsConfig}
}
func createCmd(restAPI *mux.Router, version string, c APIEndpoint, cert *x509.Certificate, debug bool, d *Daemon) {
var uri string
if c.Path == "" {
uri = fmt.Sprintf("/%s", version)
} else {
uri = fmt.Sprintf("/%s/%s", version, c.Path)
}
route := restAPI.HandleFunc(uri, func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if !authenticate(r, cert) {
log.Println("Not authorized")
response.InternalError(fmt.Errorf("Not authorized")).Render(w)
return
}
// Dump full request JSON when in debug mode
if r.Method != "GET" && util.IsJSONRequest(r) {
newBody := &bytes.Buffer{}
captured := &bytes.Buffer{}
multiW := io.MultiWriter(newBody, captured)
if _, err := io.Copy(multiW, r.Body); err != nil {
response.InternalError(err).Render(w)
return
}
r.Body = shared.BytesReadCloser{Buf: newBody}
shared.DebugJson(captured)
}
// Actually process the request
var resp response.Response
resp = response.NotImplemented(nil)
handleRequest := func(action APIEndpointAction) response.Response {
if action.Handler == nil {
return response.NotImplemented(nil)
}
return action.Handler(d, r)
}
switch r.Method {
case "GET":
resp = handleRequest(c.Get)
case "PUT":
resp = handleRequest(c.Put)
case "POST":
resp = handleRequest(c.Post)
case "DELETE":
resp = handleRequest(c.Delete)
case "PATCH":
resp = handleRequest(c.Patch)
default:
resp = response.NotFound(fmt.Errorf("Method '%s' not found", r.Method))
}
// Handle errors
err := resp.Render(w)
if err != nil {
err := response.InternalError(err).Render(w)
if err != nil {
logger.Errorf("Failed writing error for error, giving up")
}
}
})
// If the endpoint has a canonical name then record it so it can be used to build URLS
// and accessed in the context of the request by the handler function.
if c.Name != "" {
route.Name(c.Name)
}
}
func authenticate(r *http.Request, cert *x509.Certificate) bool {
clientCerts := map[string]x509.Certificate{"0": *cert}
for _, cert := range r.TLS.PeerCertificates {
trusted, _ := util.CheckTrustState(*cert, clientCerts, nil, false)
if trusted {
return true
}
}
return false
}