2018-02-20 12:49:03 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2020-03-01 17:10:02 +00:00
|
|
|
"context"
|
2021-03-25 13:38:20 +00:00
|
|
|
"encoding/base64"
|
2018-02-20 12:49:03 +00:00
|
|
|
"flag"
|
2020-03-01 17:10:02 +00:00
|
|
|
"fmt"
|
2018-02-20 12:49:03 +00:00
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
2020-03-01 17:10:02 +00:00
|
|
|
"os"
|
|
|
|
"os/signal"
|
2018-02-20 12:49:03 +00:00
|
|
|
"path"
|
|
|
|
"strings"
|
2020-03-01 17:10:02 +00:00
|
|
|
"syscall"
|
2020-03-27 13:57:14 +00:00
|
|
|
|
2021-10-31 15:43:43 +00:00
|
|
|
"git.nemunai.re/srs/adlin/libadlin"
|
2018-02-20 12:49:03 +00:00
|
|
|
)
|
|
|
|
|
2021-03-25 13:38:20 +00:00
|
|
|
var (
|
|
|
|
baseURL string = "/"
|
|
|
|
)
|
2018-02-20 12:49:03 +00:00
|
|
|
|
|
|
|
type ResponseWriterPrefix struct {
|
|
|
|
real http.ResponseWriter
|
|
|
|
prefix string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r ResponseWriterPrefix) Header() http.Header {
|
|
|
|
return r.real.Header()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r ResponseWriterPrefix) WriteHeader(s int) {
|
2020-03-01 17:21:04 +00:00
|
|
|
if v, exists := r.real.Header()["Location"]; exists && len(v) > 0 && !strings.HasPrefix(v[0], "https://") && !strings.HasPrefix(v[0], "http://") {
|
2018-02-20 12:49:03 +00:00
|
|
|
r.real.Header().Set("Location", r.prefix+v[0])
|
|
|
|
}
|
|
|
|
r.real.WriteHeader(s)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r ResponseWriterPrefix) Write(z []byte) (int, error) {
|
|
|
|
return r.real.Write(z)
|
|
|
|
}
|
|
|
|
|
|
|
|
func StripPrefix(prefix string, h http.Handler) http.Handler {
|
|
|
|
if prefix == "" {
|
|
|
|
return h
|
|
|
|
}
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if prefix != "/" && r.URL.Path == "/" {
|
|
|
|
http.Redirect(w, r, prefix+"/", http.StatusFound)
|
|
|
|
} else if p := strings.TrimPrefix(r.URL.Path, prefix); len(p) < len(r.URL.Path) {
|
|
|
|
r2 := new(http.Request)
|
|
|
|
*r2 = *r
|
|
|
|
r2.URL = new(url.URL)
|
|
|
|
*r2.URL = *r.URL
|
|
|
|
r2.URL.Path = p
|
|
|
|
h.ServeHTTP(ResponseWriterPrefix{w, prefix}, r2)
|
|
|
|
} else {
|
|
|
|
h.ServeHTTP(w, r)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
2021-03-25 13:38:20 +00:00
|
|
|
var err error
|
|
|
|
|
2021-02-13 17:31:52 +00:00
|
|
|
if v, exists := os.LookupEnv("ADLIN_NS_HOST"); exists {
|
|
|
|
ControlSocket = v
|
|
|
|
}
|
|
|
|
if v, exists := os.LookupEnv("ADLIN_TSIG_NAME"); exists {
|
|
|
|
tsigName = v
|
|
|
|
}
|
|
|
|
if v, exists := os.LookupEnv("ADLIN_TSIG_SECRET"); exists {
|
|
|
|
tsigSecret = v
|
|
|
|
}
|
2022-02-19 10:52:09 +00:00
|
|
|
if v, exists := os.LookupEnv("ADLIN_SHARED_SECRET"); exists {
|
|
|
|
adlin.SharedSecret = v
|
|
|
|
}
|
2021-03-25 13:38:20 +00:00
|
|
|
if v, exists := os.LookupEnv("ADLIN_COLLECTOR_SECRET"); !exists {
|
2022-03-26 16:42:42 +00:00
|
|
|
log.Println("Warning: Please define ADLIN_COLLECTOR_SECRET environment variable")
|
2021-03-25 13:38:20 +00:00
|
|
|
} else if t, err := base64.StdEncoding.DecodeString(v); err != nil {
|
|
|
|
log.Fatal("Error reading ADLIN_COLLECTOR_SECRET variable:", err)
|
|
|
|
} else {
|
|
|
|
adlin.SetCollectorSecret(t)
|
|
|
|
}
|
2021-02-13 17:31:52 +00:00
|
|
|
|
2018-02-20 12:49:03 +00:00
|
|
|
var bind = flag.String("bind", ":8081", "Bind port/socket")
|
2020-03-27 13:57:14 +00:00
|
|
|
var dsn = flag.String("dsn", adlin.DSNGenerator(), "DSN to connect to the MySQL server")
|
2020-03-01 17:15:19 +00:00
|
|
|
flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
|
2022-02-19 10:52:09 +00:00
|
|
|
flag.StringVar(&adlin.SharedSecret, "sharedsecret", adlin.SharedSecret, "secret used to communicate with remote validator")
|
2019-02-26 15:48:55 +00:00
|
|
|
flag.StringVar(&AuthorizedKeysLocation, "authorizedkeyslocation", AuthorizedKeysLocation, "File for allowing user to SSH to the machine")
|
|
|
|
flag.StringVar(&SshPiperLocation, "sshPiperLocation", SshPiperLocation, "Directory containing directories for sshpiperd")
|
2021-02-13 17:31:52 +00:00
|
|
|
flag.StringVar(&ControlSocket, "ns-host", ControlSocket, "Host:port of the nameserver to use")
|
|
|
|
flag.StringVar(&tsigName, "tsig-name", tsigName, "TSIG name to use to contact NS")
|
|
|
|
flag.StringVar(&tsigSecret, "tsig-secret", tsigSecret, "TSIG secret to use to contact NS")
|
2019-07-15 15:31:13 +00:00
|
|
|
var dummyauth = flag.Bool("dummyauth", false, "don't perform password check")
|
2018-02-20 12:49:03 +00:00
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
// Sanitize options
|
|
|
|
log.Println("Checking paths...")
|
2020-02-27 14:07:27 +00:00
|
|
|
if err = sanitizeStaticOptions(); err != nil {
|
2018-02-20 12:49:03 +00:00
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2020-03-01 17:15:19 +00:00
|
|
|
if baseURL != "/" {
|
|
|
|
baseURL = path.Clean(baseURL)
|
2018-02-20 12:49:03 +00:00
|
|
|
} else {
|
2020-03-01 17:15:19 +00:00
|
|
|
baseURL = ""
|
2018-02-20 12:49:03 +00:00
|
|
|
}
|
|
|
|
|
2019-07-15 15:31:13 +00:00
|
|
|
if *dummyauth {
|
|
|
|
AuthFunc = dummyAuth
|
|
|
|
}
|
|
|
|
|
2020-03-01 17:21:46 +00:00
|
|
|
initializeOIDC()
|
|
|
|
|
2018-02-20 12:49:03 +00:00
|
|
|
// Initialize contents
|
|
|
|
log.Println("Opening database...")
|
2020-03-27 13:57:14 +00:00
|
|
|
if err := adlin.DBInit(*dsn); err != nil {
|
2018-02-20 12:49:03 +00:00
|
|
|
log.Fatal("Cannot open the database: ", err)
|
|
|
|
}
|
2020-03-27 13:57:14 +00:00
|
|
|
defer adlin.DBClose()
|
2018-02-20 12:49:03 +00:00
|
|
|
|
|
|
|
log.Println("Creating database...")
|
2020-03-27 13:57:14 +00:00
|
|
|
if err := adlin.DBCreate(); err != nil {
|
2018-02-20 12:49:03 +00:00
|
|
|
log.Fatal("Cannot create database: ", err)
|
|
|
|
}
|
|
|
|
|
2020-03-01 17:10:02 +00:00
|
|
|
// Prepare graceful shutdown
|
|
|
|
interrupt := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
|
|
|
|
|
|
|
|
srv := &http.Server{
|
|
|
|
Addr: *bind,
|
2020-03-01 17:15:19 +00:00
|
|
|
Handler: StripPrefix(baseURL, Router()),
|
2018-02-20 12:49:03 +00:00
|
|
|
}
|
2020-03-01 17:10:02 +00:00
|
|
|
|
|
|
|
// Serve content
|
|
|
|
go func() {
|
|
|
|
log.Fatal(srv.ListenAndServe())
|
|
|
|
}()
|
|
|
|
log.Println(fmt.Sprintf("Ready, listening on %s", *bind))
|
|
|
|
|
|
|
|
// Wait shutdown signal
|
|
|
|
<-interrupt
|
|
|
|
|
|
|
|
log.Print("The service is shutting down...")
|
|
|
|
srv.Shutdown(context.Background())
|
|
|
|
log.Println("done")
|
2018-02-20 12:49:03 +00:00
|
|
|
}
|