ots/main.go

package main

import (
	"embed"
	"fmt"
	"mime"
	"net/http"
	"os"
	"path"
	"strings"
	"text/template"

	"github.com/gorilla/mux"
	"github.com/pkg/errors"
	log "github.com/sirupsen/logrus"

	http_helpers "github.com/Luzifer/go_helpers/v2/http"
	"github.com/Luzifer/rconfig/v2"
)

var (
	cfg struct {
		Listen         string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
		LogLevel       string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
		StorageType    string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
		VersionAndExit bool   `flag:"version" default:"false" description:"Print version information and exit"`
	}

	product = "ots"
	version = "dev"
)

//go:embed frontend/*
var assets embed.FS

func init() {
	if err := rconfig.ParseAndValidate(&cfg); err != nil {
		log.Fatalf("Error parsing CLI arguments: %s", err)
	}

	if l, err := log.ParseLevel(cfg.LogLevel); err == nil {
		log.SetLevel(l)
	} else {
		log.Fatalf("Invalid log level: %s", err)
	}

	if cfg.VersionAndExit {
		fmt.Printf("%s %s\n", product, version)
		os.Exit(0)
	}
}

func main() {
	store, err := getStorageByType(cfg.StorageType)
	if err != nil {
		log.Fatalf("Could not initialize storage: %s", err)
	}
	api := newAPI(store)

	r := mux.NewRouter()
	r.Use(http_helpers.GzipHandler)

	api.Register(r.PathPrefix("/api").Subrouter())

	r.HandleFunc("/", handleIndex)
	r.PathPrefix("/").HandlerFunc(assetDelivery)

	log.Fatalf("HTTP server quit: %s", http.ListenAndServe(cfg.Listen, http_helpers.NewHTTPLogHandler(r)))
}

func assetDelivery(w http.ResponseWriter, r *http.Request) {
	assetName := r.URL.Path

	dot := strings.LastIndex(assetName, ".")
	if dot < 0 {
		// There are no assets with no dot in it
		http.Error(w, "404 not found", http.StatusNotFound)
		return
	}

	ext := assetName[dot:]
	assetData, err := assets.ReadFile(path.Join("frontend", assetName))
	if err != nil {
		http.Error(w, "404 not found", http.StatusNotFound)
		return
	}

	w.Header().Set("Content-Type", mime.TypeByExtension(ext))
	w.Header().Set("X-Content-Type-Options", "nosniff")
	w.Write(assetData)
}

var (
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
	cspHeader = strings.Join([]string{
		"default-src 'none'",
		"connect-src 'self'",
		"font-src 'self'",
		"img-src 'self'",
		"script-src 'self' 'unsafe-inline'",
		"style-src 'self' 'unsafe-inline'",
	}, ";")

	indexTpl *template.Template
)

func init() {
	source, err := assets.ReadFile("frontend/index.html")
	if err != nil {
		log.WithError(err).Fatal("frontend folder should contain index.html Go template")
	}
	indexTpl = template.Must(template.New("index.html").Funcs(tplFuncs).Parse(string(source)))
}

func handleIndex(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/html; charset=utf-8")
	w.Header().Set("Referrer-Policy", "no-referrer")
	w.Header().Set("X-Frame-Options", "DENY")
	w.Header().Set("X-Xss-Protection", "1; mode=block")
	w.Header().Set("Content-Security-Policy", cspHeader)
	w.Header().Set("X-Content-Type-Options", "nosniff")

	if err := indexTpl.Execute(w, struct {
		Version string
	}{
		Version: version,
	}); err != nil {
		http.Error(w, errors.Wrap(err, "executing template").Error(), http.StatusInternalServerError)
		return
	}
}
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`package main`

			`import (`
Switch to Go 1.16 embed functionality (#42) commit 8b9ecaaa2fe8b65e3a32317e2979387af39b5262 Author: Vic Demuzere <vic@demuzere.be> Date: Tue Aug 24 15:14:38 2021 +0200 Switch to Go 1.6 embed functionality This means the go-bindata compile-time dependency is no longer needed. closes #42 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2021-09-06 10:37:52 +00:00			`"embed"`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`"fmt"`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00			`"mime"`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`"net/http"`
			`"os"`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00			`"path"`
			`"strings"`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`"text/template"`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00
			`"github.com/gorilla/mux"`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`"github.com/pkg/errors"`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`log "github.com/sirupsen/logrus"`
Add gzip compression for included assets Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-05-10 14:19:20 +00:00
Switch to Go 1.11+ modules Signed-off-by: Knut Ahlers <knut@ahlers.me> 2020-01-24 15:15:17 +00:00			`http_helpers "github.com/Luzifer/go_helpers/v2/http"`
			`"github.com/Luzifer/rconfig/v2"`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`)`

			`var (`
			`cfg struct {`
			Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
			LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
			StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
			VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"`
			`}`

			`product = "ots"`
			`version = "dev"`
			`)`

Switch to Go 1.16 embed functionality (#42) commit 8b9ecaaa2fe8b65e3a32317e2979387af39b5262 Author: Vic Demuzere <vic@demuzere.be> Date: Tue Aug 24 15:14:38 2021 +0200 Switch to Go 1.6 embed functionality This means the go-bindata compile-time dependency is no longer needed. closes #42 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2021-09-06 10:37:52 +00:00			`//go:embed frontend/*`
			`var assets embed.FS`

Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`func init() {`
			`if err := rconfig.ParseAndValidate(&cfg); err != nil {`
			`log.Fatalf("Error parsing CLI arguments: %s", err)`
			`}`

			`if l, err := log.ParseLevel(cfg.LogLevel); err == nil {`
			`log.SetLevel(l)`
			`} else {`
			`log.Fatalf("Invalid log level: %s", err)`
			`}`

			`if cfg.VersionAndExit {`
			`fmt.Printf("%s %s\n", product, version)`
			`os.Exit(0)`
			`}`
			`}`

			`func main() {`
			`store, err := getStorageByType(cfg.StorageType)`
			`if err != nil {`
			`log.Fatalf("Could not initialize storage: %s", err)`
			`}`
			`api := newAPI(store)`

			`r := mux.NewRouter()`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`r.Use(http_helpers.GzipHandler)`

Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00			`api.Register(r.PathPrefix("/api").Subrouter())`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00
			`r.HandleFunc("/", handleIndex)`
			`r.PathPrefix("/").HandlerFunc(assetDelivery)`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00
			`log.Fatalf("HTTP server quit: %s", http.ListenAndServe(cfg.Listen, http_helpers.NewHTTPLogHandler(r)))`
			`}`

[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`func assetDelivery(w http.ResponseWriter, r *http.Request) {`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00			`assetName := r.URL.Path`

Remove duplicate call LastIndex (#41) 2021-09-06 10:33:38 +00:00			`dot := strings.LastIndex(assetName, ".")`
			`if dot < 0 {`
Move frontend to Vue Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-05-10 21:12:00 +00:00			`// There are no assets with no dot in it`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`http.Error(w, "404 not found", http.StatusNotFound)`
Move frontend to Vue Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-05-10 21:12:00 +00:00			`return`
			`}`

Remove duplicate call LastIndex (#41) 2021-09-06 10:33:38 +00:00			`ext := assetName[dot:]`
Switch to Go 1.16 embed functionality (#42) commit 8b9ecaaa2fe8b65e3a32317e2979387af39b5262 Author: Vic Demuzere <vic@demuzere.be> Date: Tue Aug 24 15:14:38 2021 +0200 Switch to Go 1.6 embed functionality This means the go-bindata compile-time dependency is no longer needed. closes #42 Signed-off-by: Knut Ahlers <knut@ahlers.me> 2021-09-06 10:37:52 +00:00			`assetData, err := assets.ReadFile(path.Join("frontend", assetName))`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00			`if err != nil {`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`http.Error(w, "404 not found", http.StatusNotFound)`
Add frontend Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 16:32:30 +00:00			`return`
			`}`
Initial API Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-03 12:13:53 +00:00
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`w.Header().Set("Content-Type", mime.TypeByExtension(ext))`
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`w.Header().Set("X-Content-Type-Options", "nosniff")`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`w.Write(assetData)`
Move frontend to Vue Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-05-10 21:12:00 +00:00			`}`
Add localization for en-US and de-DE Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-04 19:16:00 +00:00
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`var (`
			`// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP`
			`cspHeader = strings.Join([]string{`
			`"default-src 'none'",`
			`"connect-src 'self'",`
			`"font-src 'self'",`
			`"img-src 'self'",`
			`"script-src 'self' 'unsafe-inline'",`
			`"style-src 'self' 'unsafe-inline'",`
			`}, ";")`

			`indexTpl *template.Template`
			`)`
Add localization for en-US and de-DE Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-04 19:16:00 +00:00
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`func init() {`
			`source, err := assets.ReadFile("frontend/index.html")`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`if err != nil {`
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`log.WithError(err).Fatal("frontend folder should contain index.html Go template")`
Add localization for en-US and de-DE Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-04 19:16:00 +00:00			`}`
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`indexTpl = template.Must(template.New("index.html").Funcs(tplFuncs).Parse(string(source)))`
			`}`
Add localization for en-US and de-DE Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-08-04 19:16:00 +00:00
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`func handleIndex(w http.ResponseWriter, r *http.Request) {`
			`w.Header().Set("Content-Type", "text/html; charset=utf-8")`
			`w.Header().Set("Referrer-Policy", "no-referrer")`
			`w.Header().Set("X-Frame-Options", "DENY")`
			`w.Header().Set("X-Xss-Protection", "1; mode=block")`
			`w.Header().Set("Content-Security-Policy", cspHeader)`
			`w.Header().Set("X-Content-Type-Options", "nosniff")`

			`if err := indexTpl.Execute(w, struct {`
			`Version string`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`}{`
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`Version: version,`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`}); err != nil {`
Add security HTTP headers (#45) 2021-09-26 14:47:25 +00:00			`http.Error(w, errors.Wrap(err, "executing template").Error(), http.StatusInternalServerError)`
[#46] Remove external font deps, add SRI checks (#47) 2021-09-26 12:49:18 +00:00			`return`
Move frontend to Vue Signed-off-by: Knut Ahlers <knut@ahlers.me> 2019-05-10 21:12:00 +00:00			`}`
			`}`