2017-06-27 11:00:33 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2018-09-10 08:17:00 +02:00
|
|
|
"context"
|
2017-07-01 23:25:08 +02:00
|
|
|
"crypto/subtle"
|
2017-06-27 11:00:33 +02:00
|
|
|
"fmt"
|
2019-05-08 13:42:48 +02:00
|
|
|
"net"
|
2017-06-27 11:00:33 +02:00
|
|
|
"net/http"
|
2017-07-03 06:08:47 +02:00
|
|
|
"time"
|
2018-03-15 18:58:11 +02:00
|
|
|
|
2019-05-08 13:42:48 +02:00
|
|
|
"golang.org/x/net/netutil"
|
2017-06-27 11:00:33 +02:00
|
|
|
)
|
|
|
|
|
|
2018-10-05 17:17:36 +02:00
|
|
|
var (
|
2018-10-25 13:31:31 +02:00
|
|
|
imgproxyIsRunningMsg = []byte("imgproxy is running")
|
2018-10-05 22:29:55 +02:00
|
|
|
|
|
|
|
|
errInvalidSecret = newError(403, "Invalid secret", "Forbidden")
|
2019-01-17 10:51:19 +02:00
|
|
|
)
|
2018-10-25 13:31:31 +02:00
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func buildRouter() *router {
|
|
|
|
|
r := newRouter()
|
2018-09-10 08:17:00 +02:00
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
r.PanicHandler = handlePanic
|
|
|
|
|
|
|
|
|
|
r.GET("/health", handleHealth)
|
|
|
|
|
r.GET("/", withCORS(withSecret(handleProcessing)))
|
|
|
|
|
r.OPTIONS("/", withCORS(handleOptions))
|
|
|
|
|
|
|
|
|
|
return r
|
2018-10-25 13:31:31 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-08 13:42:48 +02:00
|
|
|
func startServer() *http.Server {
|
|
|
|
|
l, err := net.Listen("tcp", conf.Bind)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logFatal(err.Error())
|
|
|
|
|
}
|
2019-06-03 17:16:49 +02:00
|
|
|
l = netutil.LimitListener(l, conf.MaxClients)
|
|
|
|
|
|
2019-05-08 13:42:48 +02:00
|
|
|
s := &http.Server{
|
2019-06-03 17:16:49 +02:00
|
|
|
Handler: buildRouter(),
|
2019-05-08 13:42:48 +02:00
|
|
|
ReadTimeout: time.Duration(conf.ReadTimeout) * time.Second,
|
|
|
|
|
MaxHeaderBytes: 1 << 20,
|
2018-09-10 08:17:00 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 19:02:46 +02:00
|
|
|
initProcessingHandler()
|
2019-01-17 10:51:19 +02:00
|
|
|
|
2018-09-10 08:17:00 +02:00
|
|
|
go func() {
|
2019-01-11 17:01:48 +02:00
|
|
|
logNotice("Starting server at %s", conf.Bind)
|
2019-06-03 17:16:49 +02:00
|
|
|
if err := s.Serve(l); err != nil && err != http.ErrServerClosed {
|
2019-01-11 17:01:48 +02:00
|
|
|
logFatal(err.Error())
|
2018-10-05 17:17:36 +02:00
|
|
|
}
|
2018-09-10 08:17:00 +02:00
|
|
|
}()
|
|
|
|
|
|
2019-05-08 13:42:48 +02:00
|
|
|
return s
|
2018-09-10 08:17:00 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-08 13:42:48 +02:00
|
|
|
func shutdownServer(s *http.Server) {
|
2019-01-11 17:01:48 +02:00
|
|
|
logNotice("Shutting down the server...")
|
2019-05-08 13:42:48 +02:00
|
|
|
|
|
|
|
|
ctx, close := context.WithTimeout(context.Background(), 5*time.Second)
|
|
|
|
|
defer close()
|
|
|
|
|
|
|
|
|
|
s.Shutdown(ctx)
|
2018-09-10 08:17:00 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func withCORS(h routeHandler) routeHandler {
|
|
|
|
|
return func(reqID string, rw http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if len(conf.AllowOrigin) > 0 {
|
|
|
|
|
rw.Header().Set("Access-Control-Allow-Origin", conf.AllowOrigin)
|
|
|
|
|
rw.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
|
|
|
|
|
}
|
2019-06-03 13:06:13 +02:00
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
h(reqID, rw, r)
|
|
|
|
|
}
|
2018-11-20 14:53:44 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func withSecret(h routeHandler) routeHandler {
|
|
|
|
|
if len(conf.Secret) == 0 {
|
|
|
|
|
return h
|
2019-05-06 10:42:30 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
authHeader := []byte(fmt.Sprintf("Bearer %s", conf.Secret))
|
2019-05-06 10:42:30 +02:00
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
return func(reqID string, rw http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if subtle.ConstantTimeCompare([]byte(r.Header.Get("Authorization")), authHeader) == 1 {
|
|
|
|
|
h(reqID, rw, r)
|
|
|
|
|
} else {
|
2019-06-03 19:02:46 +02:00
|
|
|
panic(errInvalidSecret)
|
2019-06-03 17:16:49 +02:00
|
|
|
}
|
2017-07-03 11:36:37 +02:00
|
|
|
}
|
2017-07-04 16:05:53 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func handlePanic(reqID string, rw http.ResponseWriter, r *http.Request, err error) {
|
|
|
|
|
reportError(err, r)
|
2018-10-05 17:17:36 +02:00
|
|
|
|
2019-06-03 19:02:46 +02:00
|
|
|
var (
|
|
|
|
|
ierr *imgproxyError
|
|
|
|
|
ok bool
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if ierr, ok = err.(*imgproxyError); !ok {
|
|
|
|
|
ierr = newUnexpectedError(err.Error(), 3)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logResponse(reqID, ierr.StatusCode, ierr.Message)
|
|
|
|
|
|
|
|
|
|
rw.WriteHeader(ierr.StatusCode)
|
|
|
|
|
|
|
|
|
|
if conf.DevelopmentErrorsMode {
|
|
|
|
|
rw.Write([]byte(ierr.Message))
|
2019-06-03 17:16:49 +02:00
|
|
|
} else {
|
2019-06-03 19:02:46 +02:00
|
|
|
rw.Write([]byte(ierr.PublicMessage))
|
2019-06-03 17:16:49 +02:00
|
|
|
}
|
2017-07-04 16:05:53 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func handleHealth(reqID string, rw http.ResponseWriter, r *http.Request) {
|
|
|
|
|
logResponse(reqID, 200, string(imgproxyIsRunningMsg))
|
|
|
|
|
rw.WriteHeader(200)
|
|
|
|
|
rw.Write(imgproxyIsRunningMsg)
|
2018-10-25 13:31:31 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:16:49 +02:00
|
|
|
func handleOptions(reqID string, rw http.ResponseWriter, r *http.Request) {
|
|
|
|
|
logResponse(reqID, 200, "Respond with options")
|
|
|
|
|
rw.WriteHeader(200)
|
2018-10-25 13:31:31 +02:00
|
|
|
}
|
