miniflux-v2/service/httpd/httpd.go

// Copyright 2018 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.

package httpd // import "miniflux.app/service/httpd"

import (
	"crypto/tls"
	"net"
	"net/http"
	"os"
	"strings"
	"time"

	"miniflux.app/api"
	"miniflux.app/config"
	"miniflux.app/fever"
	"miniflux.app/logger"
	"miniflux.app/reader/feed"
	"miniflux.app/storage"
	"miniflux.app/ui"
	"miniflux.app/worker"

	"github.com/gorilla/mux"
	"golang.org/x/crypto/acme/autocert"
)

// Serve starts a new HTTP server.
func Serve(cfg *config.Config, store *storage.Storage, pool *worker.Pool, feedHandler *feed.Handler) *http.Server {
	certFile := cfg.CertFile()
	keyFile := cfg.KeyFile()
	certDomain := cfg.CertDomain()
	certCache := cfg.CertCache()
	listenAddr := cfg.ListenAddr()
	server := &http.Server{
		ReadTimeout:  30 * time.Second,
		WriteTimeout: 30 * time.Second,
		IdleTimeout:  60 * time.Second,
		Handler:      setupHandler(cfg, store, feedHandler, pool),
	}

	switch {
	case strings.HasPrefix(listenAddr, "/"):
		startUnixSocketServer(server, listenAddr)
	case certDomain != "" && certCache != "":
		cfg.IsHTTPS = true
		startAutoCertTLSServer(server, certDomain, certCache)
	case certFile != "" && keyFile != "":
		cfg.IsHTTPS = true
		server.Addr = listenAddr
		startTLSServer(server, certFile, keyFile)
	default:
		server.Addr = listenAddr
		startHTTPServer(server)
	}

	return server
}

func startUnixSocketServer(server *http.Server, socketFile string) {
	os.Remove(socketFile)

	go func(sock string) {
		listener, err := net.Listen("unix", sock)
		if err != nil {
			logger.Fatal(`Server failed to start: %v`, err)
		}
		defer listener.Close()

		logger.Info(`Listening on Unix socket %q`, sock)
		if err := server.Serve(listener); err != http.ErrServerClosed {
			logger.Fatal(`Server failed to start: %v`, err)
		}
	}(socketFile)
}

func startAutoCertTLSServer(server *http.Server, certDomain, certCache string) {
	server.Addr = ":https"
	certManager := autocert.Manager{
		Cache:      autocert.DirCache(certCache),
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(certDomain),
	}

	// Handle http-01 challenge.
	s := &http.Server{
		Handler: certManager.HTTPHandler(nil),
		Addr:    ":http",
	}
	go s.ListenAndServe()

	go func() {
		logger.Info(`Listening on %q by using auto-configured certificate for %q`, server.Addr, certDomain)
		if err := server.Serve(certManager.Listener()); err != http.ErrServerClosed {
			logger.Fatal(`Server failed to start: %v`, err)
		}
	}()
}

func startTLSServer(server *http.Server, certFile, keyFile string) {
	// See https://blog.cloudflare.com/exposing-go-on-the-internet/
	// And https://wiki.mozilla.org/Security/Server_Side_TLS
	server.TLSConfig = &tls.Config{
		MinVersion:               tls.VersionTLS12,
		PreferServerCipherSuites: true,
		CurvePreferences: []tls.CurveID{
			tls.CurveP256,
			tls.X25519,
		},
		CipherSuites: []uint16{
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		},
	}

	go func() {
		logger.Info(`Listening on %q by using certificate %q and key %q`, server.Addr, certFile, keyFile)
		if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed {
			logger.Fatal(`Server failed to start: %v`, err)
		}
	}()
}

func startHTTPServer(server *http.Server) {
	go func() {
		logger.Info(`Listening on %q without TLS`, server.Addr)
		if err := server.ListenAndServe(); err != http.ErrServerClosed {
			logger.Fatal(`Server failed to start: %v`, err)
		}
	}()
}

func setupHandler(cfg *config.Config, store *storage.Storage, feedHandler *feed.Handler, pool *worker.Pool) *mux.Router {
	router := mux.NewRouter()

	if cfg.BasePath() != "" {
		router = router.PathPrefix(cfg.BasePath()).Subrouter()
	}

	router.Use(newMiddleware(cfg).Serve)

	fever.Serve(router, cfg, store)
	api.Serve(router, store, feedHandler)
	ui.Serve(router, cfg, store, pool, feedHandler)

	return router
}
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`// Copyright 2018 Frédéric Guillot. All rights reserved.`
			`// Use of this source code is governed by the Apache 2.0`
			`// license that can be found in the LICENSE file.`

			`package httpd // import "miniflux.app/service/httpd"`

			`import (`
			`"crypto/tls"`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`"net"`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`"net/http"`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`"os"`
			`"strings"`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`"time"`

			`"miniflux.app/api"`
			`"miniflux.app/config"`
			`"miniflux.app/fever"`
			`"miniflux.app/logger"`
			`"miniflux.app/reader/feed"`
			`"miniflux.app/storage"`
			`"miniflux.app/ui"`
			`"miniflux.app/worker"`

			`"github.com/gorilla/mux"`
			`"golang.org/x/crypto/acme/autocert"`
			`)`

			`// Serve starts a new HTTP server.`
			`func Serve(cfg config.Config, store storage.Storage, pool worker.Pool, feedHandler feed.Handler) *http.Server {`
			`certFile := cfg.CertFile()`
			`keyFile := cfg.KeyFile()`
			`certDomain := cfg.CertDomain()`
			`certCache := cfg.CertCache()`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`listenAddr := cfg.ListenAddr()`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`server := &http.Server{`
			`ReadTimeout: 30 * time.Second,`
			`WriteTimeout: 30 * time.Second,`
			`IdleTimeout: 60 * time.Second,`
			`Handler: setupHandler(cfg, store, feedHandler, pool),`
			`}`

Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`switch {`
			`case strings.HasPrefix(listenAddr, "/"):`
			`startUnixSocketServer(server, listenAddr)`
			`case certDomain != "" && certCache != "":`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`cfg.IsHTTPS = true`
			`startAutoCertTLSServer(server, certDomain, certCache)`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`case certFile != "" && keyFile != "":`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`cfg.IsHTTPS = true`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`server.Addr = listenAddr`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`startTLSServer(server, certFile, keyFile)`
Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`default:`
			`server.Addr = listenAddr`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`startHTTPServer(server)`
			`}`

			`return server`
			`}`

Add the possiblity to listen on Unix socket 2018-11-12 01:21:57 +01:00			`func startUnixSocketServer(server *http.Server, socketFile string) {`
			`os.Remove(socketFile)`

			`go func(sock string) {`
			`listener, err := net.Listen("unix", sock)`
			`if err != nil {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
			`defer listener.Close()`

			logger.Info(`Listening on Unix socket %q`, sock)
			`if err := server.Serve(listener); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
			`}(socketFile)`
			`}`

Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00			`func startAutoCertTLSServer(server *http.Server, certDomain, certCache string) {`
			`server.Addr = ":https"`
			`certManager := autocert.Manager{`
			`Cache: autocert.DirCache(certCache),`
			`Prompt: autocert.AcceptTOS,`
			`HostPolicy: autocert.HostWhitelist(certDomain),`
			`}`

			`// Handle http-01 challenge.`
			`s := &http.Server{`
			`Handler: certManager.HTTPHandler(nil),`
			`Addr: ":http",`
			`}`
			`go s.ListenAndServe()`

			`go func() {`
			logger.Info(`Listening on %q by using auto-configured certificate for %q`, server.Addr, certDomain)
			`if err := server.Serve(certManager.Listener()); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
			`}()`
			`}`

			`func startTLSServer(server *http.Server, certFile, keyFile string) {`
			`// See https://blog.cloudflare.com/exposing-go-on-the-internet/`
			`// And https://wiki.mozilla.org/Security/Server_Side_TLS`
			`server.TLSConfig = &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`PreferServerCipherSuites: true,`
			`CurvePreferences: []tls.CurveID{`
			`tls.CurveP256,`
			`tls.X25519,`
			`},`
			`CipherSuites: []uint16{`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
			`},`
			`}`

			`go func() {`
			logger.Info(`Listening on %q by using certificate %q and key %q`, server.Addr, certFile, keyFile)
			`if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
			`}()`
			`}`

			`func startHTTPServer(server *http.Server) {`
			`go func() {`
			logger.Info(`Listening on %q without TLS`, server.Addr)
			`if err := server.ListenAndServe(); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
			`}()`
			`}`

			`func setupHandler(cfg config.Config, store storage.Storage, feedHandler feed.Handler, pool worker.Pool) *mux.Router {`
			`router := mux.NewRouter()`

			`if cfg.BasePath() != "" {`
			`router = router.PathPrefix(cfg.BasePath()).Subrouter()`
			`}`

Simplify application HTTP middlewares 2018-11-12 19:23:39 +01:00			`router.Use(newMiddleware(cfg).Serve)`
Replace daemon and scheduler package with service package 2018-11-12 00:32:48 +01:00
			`fever.Serve(router, cfg, store)`
			`api.Serve(router, store, feedHandler)`
			`ui.Serve(router, cfg, store, pool, feedHandler)`

			`return router`
			`}`