330 lines
11 KiB
Go
330 lines
11 KiB
Go
package main
|
|
|
|
import (
|
|
"flag"
|
|
"io/fs"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"path"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"srs.epita.fr/fic-server/admin/api"
|
|
"srs.epita.fr/fic-server/admin/generation"
|
|
"srs.epita.fr/fic-server/admin/pki"
|
|
"srs.epita.fr/fic-server/admin/sync"
|
|
"srs.epita.fr/fic-server/libfic"
|
|
"srs.epita.fr/fic-server/settings"
|
|
)
|
|
|
|
func main() {
|
|
var err error
|
|
bind := "127.0.0.1:8081"
|
|
cloudDAVBase := ""
|
|
cloudUsername := "fic"
|
|
cloudPassword := ""
|
|
localImporterDirectory := ""
|
|
gitImporterRemote := ""
|
|
gitImporterBranch := ""
|
|
localImporterSymlink := false
|
|
baseURL := "/"
|
|
checkplugins := sync.CheckPluginList{}
|
|
|
|
// Read paremeters from environment
|
|
if v, exists := os.LookupEnv("FICOIDC_ISSUER"); exists {
|
|
api.OidcIssuer = v
|
|
} else if v, exists := os.LookupEnv("FICOIDC_ISSUER_FILE"); exists {
|
|
fd, err := os.Open(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to open FICOIDC_ISSUER_FILE:", err)
|
|
}
|
|
|
|
b, _ := ioutil.ReadAll(fd)
|
|
api.OidcIssuer = strings.TrimSpace(string(b))
|
|
|
|
fd.Close()
|
|
}
|
|
if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists {
|
|
api.OidcSecret = v
|
|
} else if v, exists := os.LookupEnv("FICOIDC_SECRET_FILE"); exists {
|
|
fd, err := os.Open(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to open FICOIDC_SECRET_FILE:", err)
|
|
}
|
|
|
|
b, _ := ioutil.ReadAll(fd)
|
|
api.OidcSecret = strings.TrimSpace(string(b))
|
|
|
|
fd.Close()
|
|
}
|
|
if v, exists := os.LookupEnv("FICCA_PASS"); exists {
|
|
pki.SetCAPassword(v)
|
|
} else if v, exists := os.LookupEnv("FICCA_PASS_FILE"); exists {
|
|
fd, err := os.Open(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to open FICCA_PASS_FILE:", err)
|
|
}
|
|
|
|
b, _ := ioutil.ReadAll(fd)
|
|
pki.SetCAPassword(strings.TrimSpace(string(b)))
|
|
|
|
fd.Close()
|
|
} else {
|
|
log.Println("WARNING: no password defined for the CA, will use empty password to secure CA private key")
|
|
log.Println("WARNING: PLEASE DEFINE ENVIRONMENT VARIABLE: FICCA_PASS")
|
|
}
|
|
if v, exists := os.LookupEnv("FICCLOUD_URL"); exists {
|
|
cloudDAVBase = v
|
|
}
|
|
if v, exists := os.LookupEnv("FICCLOUD_USER"); exists {
|
|
cloudUsername = v
|
|
}
|
|
if v, exists := os.LookupEnv("FICCLOUD_PASS"); exists {
|
|
cloudPassword = v
|
|
} else if v, exists := os.LookupEnv("FICCLOUD_PASS_FILE"); exists {
|
|
fd, err := os.Open(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to open FICCLOUD_PASS_FILE:", err)
|
|
}
|
|
|
|
b, _ := ioutil.ReadAll(fd)
|
|
cloudPassword = strings.TrimSpace(string(b))
|
|
|
|
fd.Close()
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_BASEURL"); exists {
|
|
baseURL = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_4REAL"); exists {
|
|
api.IsProductionEnv, err = strconv.ParseBool(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to parse FIC_4REAL variable:", err)
|
|
}
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_ADMIN_BIND"); exists {
|
|
bind = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_TIMESTAMPCHECK"); exists {
|
|
api.TimestampCheck = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_SETTINGS"); exists {
|
|
settings.SettingsDir = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_FILES"); exists {
|
|
fic.FilesDir = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_SYNC_LOCALIMPORT"); exists {
|
|
localImporterDirectory = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_SYNC_LOCALIMPORTSYMLINK"); exists {
|
|
localImporterSymlink, err = strconv.ParseBool(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to parse FIC_SYNC_LOCALIMPORTSYMLINK variable:", err)
|
|
}
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_SYNC_GIT_IMPORT_REMOTE"); exists {
|
|
gitImporterRemote = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_SYNC_GIT_BRANCH"); exists {
|
|
gitImporterBranch = v
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_OPTIONALDIGEST"); exists {
|
|
fic.OptionalDigest, err = strconv.ParseBool(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to parse FIC_OPTIONALDIGEST variable:", err)
|
|
}
|
|
}
|
|
if v, exists := os.LookupEnv("FIC_STRONGDIGEST"); exists {
|
|
fic.StrongDigest, err = strconv.ParseBool(v)
|
|
if err != nil {
|
|
log.Fatal("Unable to parse FIC_STRONGDIGEST variable:", err)
|
|
}
|
|
}
|
|
|
|
// Read parameters from command line
|
|
flag.StringVar(&bind, "bind", bind, "Bind port/socket")
|
|
var dsn = flag.String("dsn", fic.DSNGenerator(), "DSN to connect to the MySQL server")
|
|
flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
|
|
flag.StringVar(&api.TimestampCheck, "timestampCheck", api.TimestampCheck, "Path regularly touched by frontend to check time synchronisation")
|
|
flag.StringVar(&pki.PKIDir, "pki", "./PKI", "Base directory where found PKI scripts")
|
|
var staticDir = flag.String("static", "", "Directory containing static files (default if not provided: use embedded files)")
|
|
flag.StringVar(&api.TeamsDir, "teams", "./TEAMS", "Base directory where save teams JSON files")
|
|
flag.StringVar(&api.DashboardDir, "dashbord", "./DASHBOARD", "Base directory where save public JSON files")
|
|
flag.StringVar(&settings.SettingsDir, "settings", settings.SettingsDir, "Base directory where load and save settings")
|
|
flag.StringVar(&fic.FilesDir, "files", fic.FilesDir, "Base directory where found challenges files, local part")
|
|
flag.StringVar(&generation.GeneratorSocket, "generator", "./GENERATOR/generator.socket", "Path to the generator socket (used to trigger issues.json generations, use an empty string to generate locally)")
|
|
flag.StringVar(&localImporterDirectory, "localimport", localImporterDirectory,
|
|
"Base directory where found challenges files to import, local part")
|
|
flag.BoolVar(&localImporterSymlink, "localimportsymlink", localImporterSymlink,
|
|
"Copy files or just create symlink?")
|
|
flag.StringVar(&gitImporterRemote, "git-import-remote", gitImporterRemote,
|
|
"Remote URL of the git repository to use as synchronization source")
|
|
flag.StringVar(&gitImporterBranch, "git-branch", gitImporterBranch,
|
|
"Branch to use in the git repository")
|
|
flag.StringVar(&cloudDAVBase, "clouddav", cloudDAVBase,
|
|
"Base directory where found challenges files to import, cloud part")
|
|
flag.StringVar(&cloudUsername, "clouduser", cloudUsername, "Username used to sync")
|
|
flag.StringVar(&cloudPassword, "cloudpass", cloudPassword, "Password used to sync")
|
|
flag.BoolVar(&fic.OptionalDigest, "optionaldigest", fic.OptionalDigest, "Is the digest required when importing files?")
|
|
flag.BoolVar(&fic.StrongDigest, "strongdigest", fic.StrongDigest, "Are BLAKE2b digests required or is SHA-1 good enough?")
|
|
flag.BoolVar(&api.IsProductionEnv, "4real", api.IsProductionEnv, "Set this flag when running for a real challenge (it disallows or avoid most of mass user progression deletion)")
|
|
flag.Var(&checkplugins, "rules-plugins", "List of libraries containing others rules to checks")
|
|
flag.Var(&sync.RemoteFileDomainWhitelist, "remote-file-domain-whitelist", "List of domains which are allowed to store remote files")
|
|
flag.Parse()
|
|
|
|
log.SetPrefix("[admin] ")
|
|
|
|
// Instantiate importer
|
|
if localImporterDirectory != "" && cloudDAVBase != "" {
|
|
log.Fatal("Cannot have both --clouddav and --localimport defined.")
|
|
return
|
|
} else if gitImporterRemote != "" && cloudDAVBase != "" {
|
|
log.Fatal("Cannot have both --clouddav and --git-import-remote defined.")
|
|
return
|
|
} else if gitImporterRemote != "" {
|
|
sync.GlobalImporter = sync.NewGitImporter(sync.LocalImporter{Base: localImporterDirectory, Symlink: localImporterSymlink}, gitImporterRemote, gitImporterBranch)
|
|
} else if localImporterDirectory != "" {
|
|
sync.GlobalImporter = sync.LocalImporter{Base: localImporterDirectory, Symlink: localImporterSymlink}
|
|
} else if cloudDAVBase != "" {
|
|
sync.GlobalImporter, _ = sync.NewCloudImporter(cloudDAVBase, cloudUsername, cloudPassword)
|
|
}
|
|
if sync.GlobalImporter != nil {
|
|
if err := sync.GlobalImporter.Init(); err != nil {
|
|
log.Fatal("Unable to initialize the importer: ", err.Error())
|
|
}
|
|
log.Println("Using", sync.GlobalImporter.Kind())
|
|
|
|
// Update distributed challenge.json
|
|
if _, err := os.Stat(path.Join(settings.SettingsDir, settings.ChallengeFile)); os.IsNotExist(err) {
|
|
challengeinfo, err := sync.GetFileContent(sync.GlobalImporter, settings.ChallengeFile)
|
|
if err == nil {
|
|
if fd, err := os.Create(path.Join(settings.SettingsDir, settings.ChallengeFile)); err != nil {
|
|
log.Fatal("Unable to open SETTINGS/challenge.json:", err)
|
|
} else {
|
|
fd.Write([]byte(challengeinfo))
|
|
err = fd.Close()
|
|
if err != nil {
|
|
log.Fatal("Something went wrong during SETTINGS/challenge.json writing:", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Sanitize options
|
|
log.Println("Checking paths...")
|
|
if staticDir != nil && *staticDir != "" {
|
|
if sDir, err := filepath.Abs(*staticDir); err != nil {
|
|
log.Fatal(err)
|
|
} else {
|
|
log.Println("Serving pages from", sDir)
|
|
staticFS = http.Dir(sDir)
|
|
sync.DeepReportPath = path.Join(sDir, sync.DeepReportPath)
|
|
}
|
|
} else {
|
|
sub, err := fs.Sub(assets, "static")
|
|
if err != nil {
|
|
log.Fatal("Unable to cd to static/ directory:", err)
|
|
}
|
|
log.Println("Serving pages from memory.")
|
|
staticFS = http.FS(sub)
|
|
|
|
sync.DeepReportPath = path.Join("SYNC", sync.DeepReportPath)
|
|
if _, err := os.Stat("SYNC"); os.IsNotExist(err) {
|
|
os.MkdirAll("SYNC", 0751)
|
|
}
|
|
}
|
|
if fic.FilesDir, err = filepath.Abs(fic.FilesDir); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if pki.PKIDir, err = filepath.Abs(pki.PKIDir); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if api.DashboardDir, err = filepath.Abs(api.DashboardDir); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if api.TeamsDir, err = filepath.Abs(api.TeamsDir); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if api.TimestampCheck, err = filepath.Abs(api.TimestampCheck); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if settings.SettingsDir, err = filepath.Abs(settings.SettingsDir); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
if baseURL != "/" {
|
|
baseURL = path.Clean(baseURL)
|
|
} else {
|
|
baseURL = ""
|
|
}
|
|
|
|
// Creating minimal directories structure
|
|
os.MkdirAll(fic.FilesDir, 0751)
|
|
os.MkdirAll(pki.PKIDir, 0711)
|
|
os.MkdirAll(api.TeamsDir, 0751)
|
|
os.MkdirAll(api.DashboardDir, 0751)
|
|
os.MkdirAll(settings.SettingsDir, 0751)
|
|
|
|
// Load rules plugins
|
|
for _, p := range checkplugins {
|
|
if err := sync.LoadChecksPlugin(p); err != nil {
|
|
log.Fatalf("Unable to load rule plugin %q: %s", p, err.Error())
|
|
} else {
|
|
log.Printf("Rules plugin %q successfully loaded", p)
|
|
}
|
|
}
|
|
|
|
// Initialize settings and load them
|
|
if !settings.ExistsSettings(path.Join(settings.SettingsDir, settings.SettingsFile)) {
|
|
if err = api.ResetSettings(); err != nil {
|
|
log.Fatal("Unable to initialize settings.json:", err)
|
|
}
|
|
}
|
|
var config *settings.Settings
|
|
if config, err = settings.ReadSettings(path.Join(settings.SettingsDir, settings.SettingsFile)); err != nil {
|
|
log.Fatal("Unable to read settings.json:", err)
|
|
} else {
|
|
api.ApplySettings(config)
|
|
}
|
|
|
|
// Initialize dashboard presets
|
|
if err = api.InitDashboardPresets(api.DashboardDir); err != nil {
|
|
log.Println("Unable to initialize dashboards presets:", err)
|
|
}
|
|
|
|
// Database connection
|
|
log.Println("Opening database...")
|
|
if err = fic.DBInit(*dsn); err != nil {
|
|
log.Fatal("Cannot open the database: ", err)
|
|
}
|
|
defer fic.DBClose()
|
|
|
|
log.Println("Creating database...")
|
|
if err = fic.DBCreate(); err != nil {
|
|
log.Fatal("Cannot create database: ", err)
|
|
}
|
|
|
|
// Update base URL on main page
|
|
log.Println("Changing base URL to", baseURL+"/", "...")
|
|
genIndex(baseURL)
|
|
|
|
// Prepare graceful shutdown
|
|
interrupt := make(chan os.Signal, 1)
|
|
signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
|
|
|
|
app := NewApp(config, baseURL, bind)
|
|
go app.Start()
|
|
|
|
// Wait shutdown signal
|
|
<-interrupt
|
|
|
|
log.Print("The service is shutting down...")
|
|
app.Stop()
|
|
log.Println("done")
|
|
}
|