ezshare/actions/serve.go

367 lines
10 KiB
Go
Raw Normal View History

2021-12-06 05:08:17 +00:00
package actions
import (
"context"
"crypto/tls"
"crypto/x509"
"errors"
2021-12-06 05:08:17 +00:00
"fmt"
"io/fs"
2021-12-06 05:08:17 +00:00
"net"
"net/http"
"net/url"
2021-12-06 05:08:17 +00:00
"os"
"os/signal"
"strings"
2021-12-06 05:08:17 +00:00
"time"
"gitea.benny.dog/torjus/ezshare/certs"
"gitea.benny.dog/torjus/ezshare/pb"
"gitea.benny.dog/torjus/ezshare/server"
"gitea.benny.dog/torjus/ezshare/server/interceptors"
"gitea.benny.dog/torjus/ezshare/store"
"github.com/google/uuid"
"github.com/urfave/cli/v2"
2021-12-06 06:55:30 +00:00
"go.uber.org/zap"
2021-12-06 05:08:17 +00:00
"golang.org/x/crypto/bcrypt"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
func ActionServe(c *cli.Context) error {
cfg, err := getConfig(c)
if err != nil {
return err
}
2021-12-06 06:55:30 +00:00
logger := cfg.Server.GetLogger()
serverLogger := logger.Named("SERV")
authLogger := logger.Named("AUTH")
httpLogger := logger.Named("HTTP")
2021-12-06 18:14:39 +00:00
certLogger := logger.Named("CERT")
2021-12-08 04:42:25 +00:00
binsLogger := logger.Named("BINS")
2021-12-06 05:08:17 +00:00
// Read certificates
certificates, err := getCerts(c, serverLogger)
2021-12-06 05:08:17 +00:00
if err != nil {
return cli.Exit(fmt.Sprintf("Error getting certificates: %s", err), 1)
2021-12-06 05:08:17 +00:00
}
// Setup file store
s, fileCloseFunc, err := cfg.Server.FileStoreConfig.GetStore()
if err != nil {
return fmt.Errorf("unable to initialize file store: %w", err)
}
defer fileCloseFunc()
// Setup user store
2021-12-08 08:42:12 +00:00
dataStore, userCloseFunc, err := cfg.Server.DataStoreConfig.GetStore()
2021-12-06 05:08:17 +00:00
if err != nil {
return fmt.Errorf("unable to initialize user store: %w", err)
}
defer userCloseFunc()
// Create initial admin-user if neccessary
2021-12-08 08:42:12 +00:00
if err := initializeUsers(dataStore, serverLogger); err != nil {
2021-12-06 05:08:17 +00:00
return fmt.Errorf("error initializing store: %w", err)
}
// Setup cert-service
certSvc, err := certs.NewCertService(dataStore, certificates.caCert, certificates.caCertKey)
2021-12-06 05:08:17 +00:00
if err != nil {
return fmt.Errorf("error initializing certificate service: %w", err)
}
// Setup shutdown-handling
rootCtx, rootCancel := signal.NotifyContext(context.Background(), os.Interrupt)
defer rootCancel()
// Used to initiate grpc shutdown
grpcCtx, grpcCancel := context.WithCancel(rootCtx)
defer grpcCancel()
// Cancelled once grpc is successfully shut down
grpcShutdownCtx, grpcShutdownCancel := context.WithCancel(context.Background())
defer grpcShutdownCancel()
// Start grpc server
go func() {
grpcAddr := cfg.Server.GRPC.ListenAddr
if c.IsSet("grpc-addr") {
grpcAddr = c.String("grpc-addr")
}
// Setup file-service
grpcFileServer := server.NewGRPCFileServiceServer(s)
grpcFileServer.Hostname = cfg.Server.Hostname
2021-12-06 06:55:30 +00:00
grpcFileServer.Logger = logger.Named("FILE")
2021-12-06 05:08:17 +00:00
if c.IsSet("hostname") {
grpcFileServer.Hostname = c.String("hostname")
}
2021-12-06 18:14:39 +00:00
// Setup cert-service
2021-12-08 08:42:12 +00:00
certServiceServer := server.NewCertServiceServer(certSvc, dataStore, dataStore)
2021-12-06 18:14:39 +00:00
certServiceServer.Logger = certLogger
2021-12-06 05:08:17 +00:00
// Setup user-service
2021-12-08 08:42:12 +00:00
grpcUserServer := server.NewGRPCUserServiceServer(dataStore, certSvc)
2021-12-06 06:55:30 +00:00
grpcUserServer.Logger = logger.Named("USER")
2021-12-06 05:08:17 +00:00
2021-12-08 08:42:12 +00:00
binaryServer := server.NewBinaryServiceServer(dataStore)
2021-12-08 04:42:25 +00:00
binaryServer.Logger = binsLogger
2021-12-06 05:08:17 +00:00
lis, err := net.Listen("tcp", grpcAddr)
if err != nil {
2021-12-06 06:55:30 +00:00
serverLogger.Errorw("Unable to setup GRPC listener.", "error", err)
2021-12-06 05:08:17 +00:00
rootCancel()
}
srvCert, err := tls.X509KeyPair(certificates.serverCert, certificates.serverKey)
2021-12-06 05:08:17 +00:00
if err != nil {
2021-12-06 06:55:30 +00:00
serverLogger.Errorw("Unable to load server certs.", "error", err)
2021-12-06 05:08:17 +00:00
rootCancel()
}
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM(certificates.caCert) {
2021-12-06 06:55:30 +00:00
serverLogger.Errorw("Unable to load CA certs.")
2021-12-06 05:08:17 +00:00
rootCancel()
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{srvCert},
ClientAuth: tls.RequireAnyClientCert,
ClientCAs: certPool,
}
creds := credentials.NewTLS(tlsConfig)
grpcServer := grpc.NewServer(
2021-12-08 04:42:25 +00:00
grpc.MaxRecvMsgSize(100*1024*1024),
grpc.MaxSendMsgSize(100*1024*1024),
2021-12-06 05:08:17 +00:00
grpc.Creds(creds),
2021-12-08 08:42:12 +00:00
grpc.ChainUnaryInterceptor(interceptors.NewAuthInterceptor(dataStore, certSvc, authLogger)),
2021-12-06 05:08:17 +00:00
)
pb.RegisterFileServiceServer(grpcServer, grpcFileServer)
pb.RegisterUserServiceServer(grpcServer, grpcUserServer)
2021-12-06 18:14:39 +00:00
pb.RegisterCertificateServiceServer(grpcServer, certServiceServer)
2021-12-08 04:42:25 +00:00
pb.RegisterBinaryServiceServer(grpcServer, binaryServer)
2021-12-06 05:08:17 +00:00
// wait for cancel
go func() {
<-grpcCtx.Done()
grpcServer.GracefulStop()
}()
2021-12-06 06:55:30 +00:00
serverLogger.Info("Starting GRPC server.")
2021-12-06 05:08:17 +00:00
if err = grpcServer.Serve(lis); err != nil {
2021-12-06 06:55:30 +00:00
serverLogger.Warnw("GRPC shutdown with error", "error", err)
2021-12-06 05:08:17 +00:00
rootCancel()
}
2021-12-06 06:55:30 +00:00
serverLogger.Info("GRPC shutdown.")
2021-12-06 05:08:17 +00:00
grpcShutdownCancel()
}()
httpCtx, httpCancel := context.WithCancel(rootCtx)
defer httpCancel()
httpShutdownCtx, httpShutdownCancel := context.WithCancel(context.Background())
defer httpShutdownCancel()
// Start http server
go func() {
httpAddr := ":8088"
if c.IsSet("http-addr") {
httpAddr = c.String("http-addr")
}
httpServer := server.NewHTTPSever(s, dataStore, certificates.serverCert, cfg.Server.GRPCEndpoint)
2021-12-06 06:55:30 +00:00
httpServer.Logger = httpLogger
2021-12-06 05:08:17 +00:00
httpServer.Addr = httpAddr
// wait for cancel
go func() {
<-httpCtx.Done()
timeoutCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
httpServer.Shutdown(timeoutCtx)
}()
2021-12-06 06:55:30 +00:00
serverLogger.Info("Starting HTTP server.")
2021-12-06 05:08:17 +00:00
if err := httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
2021-12-06 06:55:30 +00:00
serverLogger.Warnw("HTTP server shutdown with error.", "error", err)
2021-12-06 05:08:17 +00:00
rootCancel()
}
2021-12-06 06:55:30 +00:00
serverLogger.Info("HTTP server shutdown.")
2021-12-06 05:08:17 +00:00
httpShutdownCancel()
}()
<-grpcShutdownCtx.Done()
<-httpShutdownCtx.Done()
return nil
}
2021-12-06 06:55:30 +00:00
func initializeUsers(us store.UserStore, logger *zap.SugaredLogger) error {
2021-12-06 05:08:17 +00:00
// TODO: Logging
userIDs, err := us.ListUsers()
if err != nil {
return err
}
if len(userIDs) != 0 {
return nil
}
// no users, create initial admin-user
password := uuid.Must(uuid.NewRandom()).String()
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return err
}
admin := &pb.User{
Id: uuid.Must(uuid.NewRandom()).String(),
HashedPassword: hashedPassword,
Username: "admin",
UserRole: pb.User_ADMIN,
Active: true,
}
if err := us.StoreUser(admin); err != nil {
return err
}
2021-12-06 06:55:30 +00:00
logger.Infow("Created admin user.", "username", admin.Username, "password", password)
2021-12-06 05:08:17 +00:00
return nil
}
type certBytes struct {
caCert []byte
caCertKey []byte
serverCert []byte
serverKey []byte
}
func getCerts(c *cli.Context, logger *zap.SugaredLogger) (*certBytes, error) {
cfg, err := getConfig(c)
if err != nil {
return nil, err
}
cb := &certBytes{}
caCertBytes, caCertErr := cfg.Server.GRPC.CACerts.GetCertBytes()
caKeyBytes, caKeyErr := cfg.Server.GRPC.CACerts.GetKeyBytes()
if caCertErr != nil || caKeyErr != nil {
if errors.Is(caCertErr, fs.ErrNotExist) && errors.Is(caKeyErr, fs.ErrNotExist) {
// Neither cert or key found, generate
logger.Warn("Certificates not found. Generating.")
priv, pub, err := certs.GenCACert()
if err != nil {
return nil, err
}
cb.caCert = pub
cb.caCertKey = priv
// Since we remade ca certs, any existing server certs are useless
parsedUrl, err := url.Parse(cfg.Server.Hostname)
if err != nil {
return nil, fmt.Errorf("unable to parse hostname: %w", err)
}
host := parsedUrl.Host
if strings.Contains(host, ":") {
host, _, err = net.SplitHostPort(host)
if err != nil {
return nil, fmt.Errorf("unable to parse hostname: %w", err)
}
}
if err != nil {
return nil, fmt.Errorf("unable to generate certs due to unknown hostname")
}
priv, pub, err = certs.GenCert(host, cb.caCert, cb.caCertKey, []string{host})
if err != nil {
return nil, fmt.Errorf("error creating server cert: %s", err)
}
pub, err = certs.ToPEM(pub, "CERTIFICATE")
if err != nil {
return nil, fmt.Errorf("error encoding server cert: %s", err)
}
priv, err = certs.ToPEM(priv, "EC PRIVATE KEY")
if err != nil {
return nil, fmt.Errorf("error encoding server cert: %s", err)
}
cb.serverCert = pub
cb.serverKey = priv
cb.caCert, err = certs.ToPEM(cb.caCert, "CERTIFICATE")
if err != nil {
return nil, fmt.Errorf("error encoding server cert: %s", err)
}
cb.caCertKey, err = certs.ToPEM(cb.caCertKey, "EC PRIVATE KEY")
if err != nil {
return nil, fmt.Errorf("error encoding server cert: %s", err)
}
// Write them to files
if cfg.Server.GRPC.CACerts.CertificatePath != "" {
f, err := os.Create(cfg.Server.GRPC.CACerts.CertificatePath)
if err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
defer f.Close()
if _, err := f.Write(cb.caCert); err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
logger.Infow("Wrote CACert.", "path", cfg.Server.GRPC.CACerts.CertificatePath)
}
if cfg.Server.GRPC.CACerts.CertificateKeyPath != "" {
f, err := os.Create(cfg.Server.GRPC.CACerts.CertificateKeyPath)
if err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
defer f.Close()
if _, err := f.Write(cb.caCertKey); err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
logger.Infow("Wrote CACert key.", "path", cfg.Server.GRPC.CACerts.CertificateKeyPath)
}
if cfg.Server.GRPC.Certs.CertificateKeyPath != "" {
f, err := os.Create(cfg.Server.GRPC.Certs.CertificateKeyPath)
if err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
defer f.Close()
if _, err := f.Write(cb.serverKey); err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
logger.Infow("Wrote server cert key.", "path", cfg.Server.GRPC.Certs.CertificateKeyPath)
}
if cfg.Server.GRPC.Certs.CertificatePath != "" {
f, err := os.Create(cfg.Server.GRPC.Certs.CertificatePath)
if err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
defer f.Close()
if _, err := f.Write(cb.serverCert); err != nil {
return nil, fmt.Errorf("error writing certificate: %w", err)
}
logger.Infow("Wrote server cert key.", "path", cfg.Server.GRPC.Certs.CertificatePath)
}
return cb, nil
} else {
if caCertErr != nil {
return nil, caCertErr
}
return nil, caKeyErr
}
}
srvCertBytes, err := cfg.Server.GRPC.Certs.GetCertBytes()
if err != nil {
return nil, err
}
srvKeyBytes, err := cfg.Server.GRPC.Certs.GetKeyBytes()
if err != nil {
return nil, err
}
return &certBytes{
caCert: caCertBytes,
caCertKey: caKeyBytes,
serverCert: srvCertBytes,
serverKey: srvKeyBytes}, nil
}