150 lines
4.6 KiB
Go
150 lines
4.6 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"html/template"
|
|
"io/fs"
|
|
"log/slog"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
|
|
"git.coopcloud.tech/wiki-cafe/member-console/internal/auth"
|
|
"git.coopcloud.tech/wiki-cafe/member-console/internal/embeds"
|
|
"git.coopcloud.tech/wiki-cafe/member-console/internal/middleware"
|
|
"github.com/rs/cors"
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
// Config holds the configuration for the server.
|
|
type Config struct {
|
|
Port string
|
|
Env string
|
|
CSRFSecret string
|
|
Logger *slog.Logger
|
|
}
|
|
|
|
// Start initializes and starts the HTTP server.
|
|
func Start(ctx context.Context, cfg Config) error {
|
|
// Create a new HTTP request router
|
|
httpRequestRouter := http.NewServeMux()
|
|
|
|
// Set up authentication
|
|
authConfig, err := auth.Setup()
|
|
if err != nil {
|
|
cfg.Logger.Error("failed to set up authentication", slog.Any("error", err))
|
|
return err
|
|
}
|
|
|
|
// Register auth handlers
|
|
authConfig.RegisterHandlers(httpRequestRouter)
|
|
|
|
// Create CORS configuration with default options
|
|
corsOptions := cors.Options{
|
|
// Define minimal defaults - GET method is required
|
|
AllowedMethods: []string{"GET"},
|
|
}
|
|
|
|
// Create empty CSRF configuration with default values
|
|
var csrfConfig middleware.CSRFConfig
|
|
|
|
// Get and validate CSRF secret from config
|
|
csrfKey, err := middleware.ParseCSRFKey(cfg.CSRFSecret)
|
|
if err != nil {
|
|
cfg.Logger.Error("invalid csrf-secret",
|
|
slog.String("error", err.Error()),
|
|
slog.String("hint", "must be exactly 32 bytes and persist across restarts"))
|
|
return err
|
|
}
|
|
|
|
csrfConfig.Secret = csrfKey
|
|
|
|
// Only override specific settings when needed
|
|
if cfg.Env == "development" {
|
|
// In development, cookies often need to work without HTTPS
|
|
csrfConfig.Cookie.Secure = false
|
|
}
|
|
|
|
// Create middleware stack
|
|
stack := middleware.CreateStack(
|
|
middleware.RequestID(), // Generate a unique request ID
|
|
middleware.Logging(), // Log requests with structured logging
|
|
middleware.Recovery(), // Catch all panics
|
|
middleware.Timeout(32*time.Second), // Set request timeout
|
|
middleware.MaxBodySize(1024*1024), // 1MB size limit
|
|
middleware.SecureHeaders(), // Set secure headers
|
|
middleware.CORS(corsOptions), // CORS configuration
|
|
middleware.CSRF(csrfConfig), // CSRF protection
|
|
middleware.Compress(), // Response compression
|
|
authConfig.Middleware(), // OIDC authentication middleware
|
|
)
|
|
|
|
// Create HTTP server
|
|
server := http.Server{
|
|
Addr: ":" + cfg.Port,
|
|
Handler: stack(httpRequestRouter),
|
|
ReadTimeout: 4 * time.Second,
|
|
WriteTimeout: 8 * time.Second,
|
|
IdleTimeout: 16 * time.Second,
|
|
MaxHeaderBytes: 1024 * 1024, // 1MB
|
|
BaseContext: func(_ net.Listener) context.Context { return ctx }, // Pass base context to all requests
|
|
}
|
|
|
|
// For embedded templates
|
|
templateSubFS, err := fs.Sub(embeds.Templates, "templates")
|
|
if err != nil {
|
|
cfg.Logger.Error("Failed to create sub filesystem for templates", slog.Any("error", err))
|
|
return err
|
|
}
|
|
|
|
// Parse templates from embedded FS
|
|
tmpl := template.Must(template.ParseFS(templateSubFS, "*.html"))
|
|
|
|
// Serve index.html via template rendering
|
|
httpRequestRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
// Always serve HTML
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
// Ensure user is authenticated
|
|
session, err := authConfig.Store.Get(r, authConfig.SessionName)
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login", http.StatusFound)
|
|
return
|
|
}
|
|
name, _ := session.Values["name"].(string)
|
|
username, _ := session.Values["username"].(string)
|
|
email, _ := session.Values["email"].(string)
|
|
|
|
// Create Keycloak Account URL
|
|
keycloakAccountURL := viper.GetString("oidc-idp-issuer-url") + "/account"
|
|
|
|
data := struct {
|
|
Name string
|
|
Username string
|
|
Email string
|
|
KeycloakAccountURL string
|
|
}{Name: name, Username: username, Email: email, KeycloakAccountURL: keycloakAccountURL}
|
|
|
|
if err := tmpl.ExecuteTemplate(w, "index.html", data); err != nil {
|
|
cfg.Logger.Error("template execute error", slog.Any("error", err))
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
}
|
|
})
|
|
|
|
// For embedded static files
|
|
httpRequestRouter.Handle("/static/", http.FileServer(http.FS(embeds.Static)))
|
|
|
|
// Log server startup with structured logging
|
|
cfg.Logger.Info("starting server",
|
|
slog.String("port", cfg.Port),
|
|
slog.String("environment", cfg.Env),
|
|
slog.String("address", "http://localhost:"+cfg.Port))
|
|
|
|
// Start server and log any errors
|
|
if err := server.ListenAndServe(); err != nil {
|
|
cfg.Logger.Error("server error", slog.Any("error", err))
|
|
return err
|
|
}
|
|
return nil
|
|
}
|