107 lines
2.4 KiB
Go
107 lines
2.4 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
|
|
"go.fixergrid.net/servicedemon/appconfig"
|
|
"go.fixergrid.net/servicedemon/pubsub"
|
|
"go.fixergrid.net/servicedemon/registrar"
|
|
)
|
|
|
|
func main() {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
logger := log.New(os.Stdout, "main: ", log.LstdFlags|log.Lshortfile)
|
|
logger.Println("Starting .... the >HUB<")
|
|
|
|
pubsub := pubsub.New()
|
|
repo := registrar.NewRepo()
|
|
|
|
r := registrar.NewRegistrar(
|
|
pubsub,
|
|
repo,
|
|
)
|
|
|
|
al := registrar.NewApprovalListener(
|
|
pubsub,
|
|
nil,
|
|
repo,
|
|
)
|
|
go al.Run(ctx)
|
|
|
|
appConfig := appconfig.NewProvider()
|
|
|
|
mux := http.NewServeMux()
|
|
logger.Println("Registering endpoints...")
|
|
mux.HandleFunc("/register", postjson(r.HandleRegistration))
|
|
logger.Println("POST /register")
|
|
|
|
mux.Handle("/approvals/", http.StripPrefix("/approvals/", wrapHandleFunc(postjson(r.HandleApproval))))
|
|
logger.Println("POST /approvals/:id")
|
|
|
|
mux.Handle("/application/", http.StripPrefix("/application", appConfig.Handler()))
|
|
logger.Println("GET /application/config/authz")
|
|
|
|
server, err := newServer()
|
|
if err != nil {
|
|
logger.Fatal(err)
|
|
}
|
|
|
|
server.Handler = mux
|
|
log.Println(server.ListenAndServeTLS("", ""))
|
|
}
|
|
|
|
func newServer() (*http.Server, error) {
|
|
// "./certs/combined.pem", "./certs/server-key.pem"
|
|
requiredVars := map[string]string{
|
|
"HUB_CA_CERT_FILE": "",
|
|
"HUB_SERVER_CERT_FILE": "",
|
|
"HUB_SERVER_KEY_FILE": "",
|
|
}
|
|
|
|
for k, _ := range requiredVars {
|
|
val, isSet := os.LookupEnv(k)
|
|
if !isSet {
|
|
return nil, fmt.Errorf("hub: required environment variable is unset: %s", k)
|
|
}
|
|
requiredVars[k] = val
|
|
}
|
|
|
|
certFile, err := os.Open(requiredVars["HUB_CA_CERT_FILE"])
|
|
if err != nil {
|
|
return nil, fmt.Errorf("hub: failed to open ca.pem: %w", err)
|
|
}
|
|
|
|
caCert, err := io.ReadAll(certFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("hub: failed to read in ca: %w", err)
|
|
}
|
|
|
|
pool := x509.NewCertPool()
|
|
pool.AppendCertsFromPEM(caCert)
|
|
|
|
serverCert, err := tls.LoadX509KeyPair(requiredVars["HUB_SERVER_CERT_FILE"], requiredVars["HUB_SERVER_KEY_FILE"])
|
|
if err != nil {
|
|
return nil, fmt.Errorf("hub: failed to load server certs: %w", err)
|
|
}
|
|
|
|
server := &http.Server{
|
|
Addr: ":3001",
|
|
TLSConfig: &tls.Config{
|
|
ClientCAs: pool,
|
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
Certificates: []tls.Certificate{serverCert},
|
|
},
|
|
}
|
|
|
|
return server, nil
|
|
}
|