documize/server/server.go

// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com

package server

import (
	"crypto/tls"
	"fmt"
	"net/http"
	"strings"

	"github.com/codegangsta/negroni"
	"github.com/documize/community/core/api/plugins"
	"github.com/documize/community/core/asset"
	"github.com/documize/community/core/database"
	"github.com/documize/community/core/env"
	"github.com/documize/community/domain/store"
	"github.com/documize/community/server/routing"
	"github.com/gorilla/handlers"
	"github.com/gorilla/mux"
)

var testHost string // used during automated testing

// Start router to handle all HTTP traffic.
func Start(rt *env.Runtime, s *store.Store, ready chan struct{}) {
	// decide which mode to serve up
	switch rt.Flags.SiteMode {
	case env.SiteModeOffline:
		rt.Log.Info("Serving OFFLINE web server")
	case env.SiteModeSetup:
		rt.Log.Info("Serving SETUP web server")
		dbHandler := database.Handler{Runtime: rt, Store: s}
		routing.Add(rt, routing.RoutePrefixPrivate, "setup", []string{"POST", "OPTIONS"}, nil, dbHandler.Setup)
	case env.SiteModeBadDB:
		rt.Log.Info("Serving BAD DATABASE web server")
	default:
		err := plugins.Setup(s)
		if err != nil {
			rt.Log.Error("plugin setup failed", err)
		}
		rt.Log.Info("Web Server: starting up")
	}

	// define middleware
	cm := middleware{Runtime: rt, Store: s}

	// define API endpoints
	routing.RegisterEndpoints(rt, s)

	// wire up API endpoints
	router := mux.NewRouter()

	// "/api/public/..."
	router.PathPrefix(routing.RoutePrefixPublic).Handler(negroni.New(
		negroni.HandlerFunc(cm.cors),
		negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixPublic)),
	))

	// "/api/..."
	router.PathPrefix(routing.RoutePrefixPrivate).Handler(negroni.New(
		negroni.HandlerFunc(cm.Authorize),
		negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixPrivate)),
	))

	// "/..."
	router.PathPrefix(routing.RoutePrefixRoot).Handler(negroni.New(
		negroni.HandlerFunc(cm.cors),
		negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixRoot)),
	))

	// Look out for reverse proxy headers.
	router.Use(handlers.ProxyHeaders)

	n := negroni.New()

	sfs, err := asset.GetPublicFileSystem(rt.Assets)
	if err != nil {
		rt.Log.Error("!!!!!!!!!! Cannot load public file system", err)
	}
	n.Use(negroni.NewStatic(sfs))

	n.Use(negroni.HandlerFunc(cm.cors))
	n.UseHandler(router)

	// tell caller we are ready to serve HTTP
	ready <- struct{}{}

	// start server
	if !rt.Flags.SSLEnabled() {
		rt.Log.Info("Web Server: binding non-SSL server on " + rt.Flags.HTTPPort)
		if rt.Flags.SiteMode == env.SiteModeSetup {
			rt.Log.Info("***")
			rt.Log.Info(fmt.Sprintf("*** Go to http://localhost:%s/setup in your web browser and complete setup wizard ***", rt.Flags.HTTPPort))
			rt.Log.Info("***")
		}

		n.Run(testHost + ":" + rt.Flags.HTTPPort)
	} else {
		if rt.Flags.ForceHTTPPort2SSL != "" {
			rt.Log.Info("Web Server: binding non-SSL server on " + rt.Flags.ForceHTTPPort2SSL + " and redirecting to SSL server on " + rt.Flags.HTTPPort)

			go func() {
				err := http.ListenAndServe(":"+rt.Flags.ForceHTTPPort2SSL, http.HandlerFunc(
					func(w http.ResponseWriter, req *http.Request) {
						w.Header().Set("Connection", "close")
						var host = strings.Replace(req.Host, rt.Flags.ForceHTTPPort2SSL, rt.Flags.HTTPPort, 1) + req.RequestURI
						http.Redirect(w, req, "https://"+host, http.StatusMovedPermanently)
					}))
				if err != nil {
					rt.Log.Error("ListenAndServe on "+rt.Flags.ForceHTTPPort2SSL, err)
				}
			}()
		}

		if rt.Flags.SiteMode == env.SiteModeSetup {
			rt.Log.Info("***")
			rt.Log.Info(fmt.Sprintf("*** Go to https://localhost:%s/setup in your web browser and complete setup wizard ***", rt.Flags.HTTPPort))
			rt.Log.Info("***")
		}

		cfg := &tls.Config{}
		if rt.Flags.TLSVersion == "1.0" {
			cfg.MinVersion = tls.VersionTLS10
		}
		if rt.Flags.TLSVersion == "1.1" {
			cfg.MinVersion = tls.VersionTLS11
		}
		if rt.Flags.TLSVersion == "1.2" {
			cfg.MinVersion = tls.VersionTLS12
		}
		if rt.Flags.TLSVersion == "1.3" {
			cfg.MinVersion = tls.VersionTLS13
		}

		rt.Log.Info("Web Server: starting SSL server on " + rt.Flags.HTTPPort + " with " + rt.Flags.SSLCertFile + " " + rt.Flags.SSLKeyFile + " TLS: " + rt.Flags.TLSVersion)

		server := &http.Server{Addr: ":" + rt.Flags.HTTPPort, Handler: n, TLSConfig: cfg}
		server.SetKeepAlivesEnabled(true)

		if err := server.ListenAndServeTLS(rt.Flags.SSLCertFile, rt.Flags.SSLKeyFile); err != nil {
			rt.Log.Error("ListenAndServeTLS on "+rt.Flags.HTTPPort, err)
		}
	}
}
define endpoints in a map 2016-07-21 17:57:38 +01:00			`// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.`
			`//`
			`// This software (Documize Community Edition) is licensed under`
			`// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html`
			`//`
			`// You can operate outside the AGPL restrictions by purchasing`
			`// Documize Enterprise Edition and obtaining a commercial license`
			`// by contacting <sales@documize.com>.`
			`//`
			`// https://documize.com`

refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`package server`
define endpoints in a map 2016-07-21 17:57:38 +01:00
			`import (`
Enforce TLS 1.2 minimum 2021-03-16 13:58:27 -04:00			`"crypto/tls"`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`"fmt"`
			`"net/http"`
			`"strings"`

			`"github.com/codegangsta/negroni"`
			`"github.com/documize/community/core/api/plugins"`
Move over to Go embed directive 2021-08-18 19:39:51 -04:00			`"github.com/documize/community/core/asset"`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`"github.com/documize/community/core/database"`
server init moved to new logger 2017-07-21 14:53:32 +01:00			`"github.com/documize/community/core/env"`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`"github.com/documize/community/domain/store"`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`"github.com/documize/community/server/routing"`
Improve reverse proxy support Should address edge cases and close #224 -- subject to field testing. Does require the NGINX deployments use the following: proxy_pass <http://documize-url:5001>; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $remote_addr; 2019-04-11 14:45:36 +01:00			`"github.com/gorilla/handlers"`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`"github.com/gorilla/mux"`
			`)`

			`var testHost string // used during automated testing`

refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`// Start router to handle all HTTP traffic.`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`func Start(rt env.Runtime, s store.Store, ready chan struct{}) {`
cosmetics 2017-07-21 18:21:34 +01:00			`// decide which mode to serve up`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`switch rt.Flags.SiteMode {`
			`case env.SiteModeOffline:`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`rt.Log.Info("Serving OFFLINE web server")`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`case env.SiteModeSetup:`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`rt.Log.Info("Serving SETUP web server")`
improved setup wizard redirection 2017-08-29 17:55:41 +01:00			`dbHandler := database.Handler{Runtime: rt, Store: s}`
			`routing.Add(rt, routing.RoutePrefixPrivate, "setup", []string{"POST", "OPTIONS"}, nil, dbHandler.Setup)`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`case env.SiteModeBadDB:`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`rt.Log.Info("Serving BAD DATABASE web server")`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`default:`
utf8mb4, MariaDB, pluggable stiorage provider Closes #109, #102, #74 2017-08-09 16:18:03 +01:00			`err := plugins.Setup(s)`
			`if err != nil {`
improved setup wizard redirection 2017-08-29 17:55:41 +01:00			`rt.Log.Error("plugin setup failed", err)`
utf8mb4, MariaDB, pluggable stiorage provider Closes #109, #102, #74 2017-08-09 16:18:03 +01:00			`}`
Boot process logger message consistency and improvements 2018-09-14 13:00:58 +01:00			`rt.Log.Info("Web Server: starting up")`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`}`

major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`// define middleware`
moving endpoints to new API (WIP) 2017-07-26 10:50:26 +01:00			`cm := middleware{Runtime: rt, Store: s}`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00
cosmetics 2017-07-21 18:21:34 +01:00			`// define API endpoints`
moving endpoints to new API (WIP) 2017-07-26 10:50:26 +01:00			`routing.RegisterEndpoints(rt, s)`
cosmetics 2017-07-21 18:21:34 +01:00
			`// wire up API endpoints`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`router := mux.NewRouter()`

			`// "/api/public/..."`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`router.PathPrefix(routing.RoutePrefixPublic).Handler(negroni.New(`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`negroni.HandlerFunc(cm.cors),`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixPublic)),`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`))`

			`// "/api/..."`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`router.PathPrefix(routing.RoutePrefixPrivate).Handler(negroni.New(`
removed old API 2017-08-02 15:26:31 +01:00			`negroni.HandlerFunc(cm.Authorize),`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixPrivate)),`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`))`

			`// "/..."`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`router.PathPrefix(routing.RoutePrefixRoot).Handler(negroni.New(`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`negroni.HandlerFunc(cm.cors),`
refactored routing/web serving logic 2017-07-21 18:14:19 +01:00			`negroni.Wrap(routing.BuildRoutes(rt, routing.RoutePrefixRoot)),`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`))`

Improve reverse proxy support Should address edge cases and close #224 -- subject to field testing. Does require the NGINX deployments use the following: proxy_pass <http://documize-url:5001>; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $remote_addr; 2019-04-11 14:45:36 +01:00			`// Look out for reverse proxy headers.`
			`router.Use(handlers.ProxyHeaders)`

define endpoints in a map 2016-07-21 17:57:38 +01:00			`n := negroni.New()`
Move over to Go embed directive 2021-08-18 19:39:51 -04:00
			`sfs, err := asset.GetPublicFileSystem(rt.Assets)`
			`if err != nil {`
			`rt.Log.Error("!!!!!!!!!! Cannot load public file system", err)`
			`}`
			`n.Use(negroni.NewStatic(sfs))`

major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`n.Use(negroni.HandlerFunc(cm.cors))`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`n.UseHandler(router)`

send ready signal after HTTP server init 2017-08-10 11:14:29 +01:00			`// tell caller we are ready to serve HTTP`
			`ready <- struct{}{}`

cosmetics 2017-07-21 18:21:34 +01:00			`// start server`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`if !rt.Flags.SSLEnabled() {`
Boot process logger message consistency and improvements 2018-09-14 13:00:58 +01:00			`rt.Log.Info("Web Server: binding non-SSL server on " + rt.Flags.HTTPPort)`
setup mode message & license change callback params 2017-08-10 12:38:05 +01:00			`if rt.Flags.SiteMode == env.SiteModeSetup {`
			`rt.Log.Info("***")`
			`rt.Log.Info(fmt.Sprintf("* Go to http://localhost:%s/setup in your web browser and complete setup wizard *", rt.Flags.HTTPPort))`
			`rt.Log.Info("***")`
			`}`

major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`n.Run(testHost + ":" + rt.Flags.HTTPPort)`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`} else {`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`if rt.Flags.ForceHTTPPort2SSL != "" {`
Boot process logger message consistency and improvements 2018-09-14 13:00:58 +01:00			`rt.Log.Info("Web Server: binding non-SSL server on " + rt.Flags.ForceHTTPPort2SSL + " and redirecting to SSL server on " + rt.Flags.HTTPPort)`
define endpoints in a map 2016-07-21 17:57:38 +01:00
			`go func() {`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`err := http.ListenAndServe(":"+rt.Flags.ForceHTTPPort2SSL, http.HandlerFunc(`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`func(w http.ResponseWriter, req *http.Request) {`
removed this.set 2017-05-19 11:36:28 +01:00			`w.Header().Set("Connection", "close")`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`var host = strings.Replace(req.Host, rt.Flags.ForceHTTPPort2SSL, rt.Flags.HTTPPort, 1) + req.RequestURI`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`http.Redirect(w, req, "https://"+host, http.StatusMovedPermanently)`
			`}))`
			`if err != nil {`
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`rt.Log.Error("ListenAndServe on "+rt.Flags.ForceHTTPPort2SSL, err)`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`}`
			`}()`
			`}`

setup mode message & license change callback params 2017-08-10 12:38:05 +01:00			`if rt.Flags.SiteMode == env.SiteModeSetup {`
			`rt.Log.Info("***")`
			`rt.Log.Info(fmt.Sprintf("* Go to https://localhost:%s/setup in your web browser and complete setup wizard *", rt.Flags.HTTPPort))`
			`rt.Log.Info("***")`
			`}`

Support TLS version selection Allow config file and ENV variables to define minimum TLS version used for SSL connections. tlsversion=1.3 2022-10-10 17:40:36 -04:00			`cfg := &tls.Config{}`
			`if rt.Flags.TLSVersion == "1.0" {`
			`cfg.MinVersion = tls.VersionTLS10`
			`}`
			`if rt.Flags.TLSVersion == "1.1" {`
			`cfg.MinVersion = tls.VersionTLS11`
			`}`
			`if rt.Flags.TLSVersion == "1.2" {`
			`cfg.MinVersion = tls.VersionTLS12`
Enforce TLS 1.2 minimum 2021-03-16 13:58:27 -04:00			`}`
Support TLS version selection Allow config file and ENV variables to define minimum TLS version used for SSL connections. tlsversion=1.3 2022-10-10 17:40:36 -04:00			`if rt.Flags.TLSVersion == "1.3" {`
			`cfg.MinVersion = tls.VersionTLS13`
			`}`

			`rt.Log.Info("Web Server: starting SSL server on " + rt.Flags.HTTPPort + " with " + rt.Flags.SSLCertFile + " " + rt.Flags.SSLKeyFile + " TLS: " + rt.Flags.TLSVersion)`
Enforce TLS 1.2 minimum 2021-03-16 13:58:27 -04:00
			`server := &http.Server{Addr: ":" + rt.Flags.HTTPPort, Handler: n, TLSConfig: cfg}`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`server.SetKeepAlivesEnabled(true)`
server init moved to new logger 2017-07-21 14:53:32 +01:00
major code repair from old to new API -- WIP 2017-07-24 16:24:21 +01:00			`if err := server.ListenAndServeTLS(rt.Flags.SSLCertFile, rt.Flags.SSLKeyFile); err != nil {`
			`rt.Log.Error("ListenAndServeTLS on "+rt.Flags.HTTPPort, err)`
define endpoints in a map 2016-07-21 17:57:38 +01:00			`}`
			`}`
			`}`