gtsocial-umbx

router.go (8234B)

---

 // GoToSocial
 // Copyright (C) GoToSocial Authors admin@gotosocial.org
 // SPDX-License-Identifier: AGPL-3.0-or-later
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
 // the Free Software Foundation, either version 3 of the License, or
 // (at your option) any later version.
 //
 // This program is distributed in the hope that it will be useful,
 // but WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU Affero General Public License for more details.
 //
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package router
 
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"time"
 
 	"codeberg.org/gruf/go-bytesize"
 	"codeberg.org/gruf/go-debug"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 	"golang.org/x/crypto/acme/autocert"
 )
 
 const (
 	readTimeout        = 60 * time.Second
 	writeTimeout       = 30 * time.Second
 	idleTimeout        = 30 * time.Second
 	readHeaderTimeout  = 30 * time.Second
 	shutdownTimeout    = 30 * time.Second
 	maxMultipartMemory = int64(8 * bytesize.MiB)
 )
 
 // Router provides the REST interface for gotosocial, using gin.
 type Router interface {
 	// Attach global gin middlewares to this router.
 	AttachGlobalMiddleware(handlers ...gin.HandlerFunc) gin.IRoutes
 	// AttachGroup attaches the given handlers into a group with the given relativePath as
 	// base path for that group. It then returns the *gin.RouterGroup so that the caller
 	// can add any extra middlewares etc specific to that group, as desired.
 	AttachGroup(relativePath string, handlers ...gin.HandlerFunc) *gin.RouterGroup
 	// Attach a single gin handler to the router with the given method and path.
 	// To make middleware management easier, AttachGroup should be preferred where possible.
 	// However, this function can be used for attaching single handlers that only require
 	// global middlewares.
 	AttachHandler(method string, path string, handler gin.HandlerFunc)
 
 	// Attach 404 NoRoute handler
 	AttachNoRouteHandler(handler gin.HandlerFunc)
 	// Start the router
 	Start()
 	// Stop the router
 	Stop(ctx context.Context) error
 }
 
 // router fulfils the Router interface using gin and logrus
 type router struct {
 	engine      *gin.Engine
 	srv         *http.Server
 	certManager *autocert.Manager
 }
 
 // Start starts the router nicely. It will serve two handlers if letsencrypt is enabled, and only the web/API handler if letsencrypt is not enabled.
 func (r *router) Start() {
 	// listen is the server start function, by
 	// default pointing to regular HTTP listener,
 	// but updated to TLS if LetsEncrypt is enabled.
 	listen := r.srv.ListenAndServe
 
 	// During config validation we already checked that both Chain and Key are set
 	// so we can forego checking for both here
 	if chain := config.GetTLSCertificateChain(); chain != "" {
 		pkey := config.GetTLSCertificateKey()
 		cer, err := tls.LoadX509KeyPair(chain, pkey)
 		if err != nil {
 			log.Fatalf(
 				nil,
 				"tls: failed to load keypair from %s and %s, ensure they are PEM-encoded and can be read by this process: %s",
 				chain, pkey, err,
 			)
 		}
 		r.srv.TLSConfig = &tls.Config{
 			MinVersion:   tls.VersionTLS12,
 			Certificates: []tls.Certificate{cer},
 		}
 		// TLS is enabled, update the listen function
 		listen = func() error { return r.srv.ListenAndServeTLS("", "") }
 	}
 
 	if config.GetLetsEncryptEnabled() {
 		// LetsEncrypt support is enabled
 
 		// Prepare an HTTPS-redirect handler for LetsEncrypt fallback
 		redirect := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 			target := "https://" + r.Host + r.URL.Path
 			if len(r.URL.RawQuery) > 0 {
 				target += "?" + r.URL.RawQuery
 			}
 			http.Redirect(rw, r, target, http.StatusTemporaryRedirect)
 		})
 
 		go func() {
 			// Take our own copy of HTTP server
 			// with updated autocert manager endpoint
 			srv := (*r.srv) //nolint
 			srv.Handler = r.certManager.HTTPHandler(redirect)
 			srv.Addr = fmt.Sprintf("%s:%d",
 				config.GetBindAddress(),
 				config.GetLetsEncryptPort(),
 			)
 
 			// Start the LetsEncrypt autocert manager HTTP server.
 			log.Infof(nil, "letsencrypt listening on %s", srv.Addr)
 			if err := srv.ListenAndServe(); err != nil &&
 				err != http.ErrServerClosed {
 				log.Fatalf(nil, "letsencrypt: listen: %s", err)
 			}
 		}()
 
 		// TLS is enabled, update the listen function
 		listen = func() error { return r.srv.ListenAndServeTLS("", "") }
 	}
 
 	// Pass the server handler through a debug pprof middleware handler.
 	// For standard production builds this will be a no-op, but when the
 	// "debug" or "debugenv" build-tag is set pprof stats will be served
 	// at the standard "/debug/pprof" URL.
 	r.srv.Handler = debug.WithPprof(r.srv.Handler)
 	if debug.DEBUG {
 		// Profiling requires timeouts longer than 30s, so reset these.
 		log.Warn(nil, "resetting http.Server{} timeout to support profiling")
 		r.srv.ReadTimeout = 0
 		r.srv.WriteTimeout = 0
 	}
 
 	// Start the main listener.
 	go func() {
 		log.Infof(nil, "listening on %s", r.srv.Addr)
 		if err := listen(); err != nil && err != http.ErrServerClosed {
 			log.Fatalf(nil, "listen: %s", err)
 		}
 	}()
 }
 
 // Stop shuts down the router nicely
 func (r *router) Stop(ctx context.Context) error {
 	log.Infof(nil, "shutting down http router with %s grace period", shutdownTimeout)
 	timeout, cancel := context.WithTimeout(ctx, shutdownTimeout)
 	defer cancel()
 
 	if err := r.srv.Shutdown(timeout); err != nil {
 		return fmt.Errorf("error shutting down http router: %s", err)
 	}
 
 	log.Info(nil, "http router closed connections and shut down gracefully")
 	return nil
 }
 
 // New returns a new Router.
 //
 // The router's Attach functions should be used *before* the router is Started.
 //
 // When the router's work is finished, Stop should be called on it to close connections gracefully.
 //
 // The provided context will be used as the base context for all requests passing
 // through the underlying http.Server, so this should be a long-running context.
 func New(ctx context.Context) (Router, error) {
 	gin.SetMode(gin.TestMode)
 
 	// create the actual engine here -- this is the core request routing handler for gts
 	engine := gin.New()
 	engine.MaxMultipartMemory = maxMultipartMemory
 
 	// set up IP forwarding via x-forward-* headers.
 	trustedProxies := config.GetTrustedProxies()
 	if err := engine.SetTrustedProxies(trustedProxies); err != nil {
 		return nil, err
 	}
 
 	// set template functions
 	LoadTemplateFunctions(engine)
 
 	// load templates onto the engine
 	if err := LoadTemplates(engine); err != nil {
 		return nil, err
 	}
 
 	// use the passed-in command context as the base context for the server,
 	// since we'll never want the server to live past the command anyway
 	baseCtx := func(_ net.Listener) context.Context {
 		return ctx
 	}
 
 	bindAddress := config.GetBindAddress()
 	port := config.GetPort()
 	addr := fmt.Sprintf("%s:%d", bindAddress, port)
 
 	s := &http.Server{
 		Addr:              addr,
 		Handler:           engine, // use gin engine as handler
 		ReadTimeout:       readTimeout,
 		ReadHeaderTimeout: readHeaderTimeout,
 		WriteTimeout:      writeTimeout,
 		IdleTimeout:       idleTimeout,
 		BaseContext:       baseCtx,
 	}
 
 	// We need to spawn the underlying server slightly differently depending on whether lets encrypt is enabled or not.
 	// In either case, the gin engine will still be used for routing requests.
 	leEnabled := config.GetLetsEncryptEnabled()
 
 	var m *autocert.Manager
 	if leEnabled {
 		// le IS enabled, so roll up an autocert manager for handling letsencrypt requests
 		host := config.GetHost()
 		leCertDir := config.GetLetsEncryptCertDir()
 		leEmailAddress := config.GetLetsEncryptEmailAddress()
 		m = &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(host),
 			Cache:      autocert.DirCache(leCertDir),
 			Email:      leEmailAddress,
 		}
 		s.TLSConfig = m.TLSConfig()
 	}
 
 	return &router{
 		engine:      engine,
 		srv:         s,
 		certManager: m,
 	}, nil
 }