poc of serve domain args

apis/serve.go

@@ -11,11 +11,13 @@ import (
 	"time"
 
 	"github.com/fatih/color"
+	"github.com/labstack/echo/v5"
 	"github.com/labstack/echo/v5/middleware"
 	"github.com/pocketbase/dbx"
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/migrations"
 	"github.com/pocketbase/pocketbase/migrations/logs"
+	"github.com/pocketbase/pocketbase/tools/list"
 	"github.com/pocketbase/pocketbase/tools/migrate"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
@@ -26,12 +28,20 @@ type ServeConfig struct {
 	// ShowStartBanner indicates whether to show or hide the server start console message.
 	ShowStartBanner bool
 
-	// HttpAddr is the HTTP server address to bind (eg. `127.0.0.1:80`).
+	// HttpAddr is the TCP address to listen for the HTTP server (eg. `127.0.0.1:80`).
 	HttpAddr string
 
-	// HttpsAddr is the HTTPS server address to bind (eg. `127.0.0.1:443`).
+	// HttpsAddr is the TCP address to listen for the HTTPS server (eg. `127.0.0.1:443`).
 	HttpsAddr string
 
+	// Optional domains list to use when issuing the TLS certificate.
+	//
+	// If not set, the host from the bound server address will be used.
+	//
+	// For convenience, for each "non-www" domain a "www" entry and
+	// redirect will be automatically added.
+	CertificateDomains []string
+
 	// AllowedOrigins is an optional list of CORS origins (default to "*").
 	AllowedOrigins []string
 }
@@ -85,16 +95,53 @@ func Serve(app core.App, config ServeConfig) (*http.Server, error) {
 		mainAddr = config.HttpsAddr
 	}
 
-	mainHost, _, _ := net.SplitHostPort(mainAddr)
+	var wwwRedirects []string
+
+	// extract the host names for the certificate host policy
+	hostNames := config.CertificateDomains
+	if len(hostNames) == 0 {
+		host, _, _ := net.SplitHostPort(mainAddr)
+		hostNames = append(hostNames, host)
+	}
+	for _, host := range hostNames {
+		if strings.HasPrefix(host, "www.") {
+			continue // explicitly set www host
+		}
+
+		wwwHost := "www." + host
+		if !list.ExistInSlice(wwwHost, hostNames) {
+			hostNames = append(hostNames, wwwHost)
+			wwwRedirects = append(wwwRedirects, wwwHost)
+		}
+	}
+
+	// implicit www->non-www redirect(s)
+	if len(wwwRedirects) > 0 {
+		router.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {
+			return func(c echo.Context) error {
+				host := c.Request().Host
+
+				if strings.HasPrefix(host, "www.") && list.ExistInSlice(host, wwwRedirects) {
+					return c.Redirect(
+						http.StatusTemporaryRedirect,
+						(c.Scheme() + "://" + host[4:] + c.Request().RequestURI),
+					)
+				}
+
+				return next(c)
+			}
+		})
+	}
 
 	certManager := &autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		Cache:      autocert.DirCache(filepath.Join(app.DataDir(), ".autocert_cache")),
-		HostPolicy: autocert.HostWhitelist(mainHost, "www."+mainHost),
+		HostPolicy: autocert.HostWhitelist(hostNames...),
 	}
 
 	server := &http.Server{
 		TLSConfig: &tls.Config{
+			MinVersion:     tls.VersionTLS12,
 			GetCertificate: certManager.GetCertificate,
 			NextProtos:     []string{acme.ALPNProto},
 		},
@@ -117,8 +164,14 @@ func Serve(app core.App, config ServeConfig) (*http.Server, error) {
 
 	if config.ShowStartBanner {
 		schema := "http"
+		addr := server.Addr
+
 		if config.HttpsAddr != "" {
 			schema = "https"
+
+			if len(config.CertificateDomains) > 0 {
+				addr = config.CertificateDomains[0]
+			}
 		}
 
 		date := new(strings.Builder)
@@ -128,12 +181,12 @@ func Serve(app core.App, config ServeConfig) (*http.Server, error) {
 		bold.Printf(
 			"%s Server started at %s\n",
 			strings.TrimSpace(date.String()),
-			color.CyanString("%s://%s", schema, server.Addr),
+			color.CyanString("%s://%s", schema, addr),
 		)
 
 		regular := color.New()
-		regular.Printf("├─ REST API: %s\n", color.CyanString("%s://%s/api/", schema, server.Addr))
-		regular.Printf("└─ Admin UI: %s\n", color.CyanString("%s://%s/_/", schema, server.Addr))
+		regular.Printf("├─ REST API: %s\n", color.CyanString("%s://%s/api/", schema, addr))
+		regular.Printf("└─ Admin UI: %s\n", color.CyanString("%s://%s/_/", schema, addr))
 	}
 
 	// try to gracefully shutdown the server on app termination