2018-02-20 00:24:10 +02:00
|
|
|
// Copyright 2018 Drone.IO Inc.
|
2018-03-21 15:02:17 +02:00
|
|
|
//
|
2018-02-20 00:24:10 +02:00
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
2018-03-21 15:02:17 +02:00
|
|
|
//
|
2018-02-20 00:24:10 +02:00
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
2018-03-21 15:02:17 +02:00
|
|
|
//
|
2018-02-20 00:24:10 +02:00
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2017-06-30 00:51:22 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2017-07-25 01:15:25 +02:00
|
|
|
"crypto/tls"
|
2017-06-30 01:35:38 +02:00
|
|
|
"errors"
|
2017-06-30 00:51:22 +02:00
|
|
|
"net"
|
|
|
|
"net/http"
|
2021-09-27 00:22:23 +02:00
|
|
|
"net/http/httputil"
|
2017-06-30 00:51:22 +02:00
|
|
|
"net/url"
|
2017-07-25 01:15:25 +02:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
2017-06-30 00:51:22 +02:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
2021-12-12 23:49:30 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
2021-10-12 09:25:13 +02:00
|
|
|
"github.com/rs/zerolog"
|
|
|
|
"github.com/rs/zerolog/log"
|
2021-10-27 21:03:14 +02:00
|
|
|
"github.com/urfave/cli/v2"
|
2021-10-12 09:25:13 +02:00
|
|
|
"golang.org/x/crypto/acme/autocert"
|
|
|
|
"golang.org/x/sync/errgroup"
|
2017-06-30 00:51:22 +02:00
|
|
|
"google.golang.org/grpc"
|
2018-01-08 22:46:44 +02:00
|
|
|
"google.golang.org/grpc/keepalive"
|
2017-06-30 01:35:38 +02:00
|
|
|
"google.golang.org/grpc/metadata"
|
2017-06-30 00:51:22 +02:00
|
|
|
|
2021-09-24 13:18:34 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/pipeline/rpc/proto"
|
2021-09-22 20:48:01 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server"
|
|
|
|
woodpeckerGrpcServer "github.com/woodpecker-ci/woodpecker/server/grpc"
|
2021-09-23 22:29:09 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/logging"
|
2021-09-23 16:12:46 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/plugins/sender"
|
2021-09-23 22:29:09 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/pubsub"
|
2021-09-23 18:25:51 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/remote"
|
2021-09-22 22:41:32 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/router"
|
|
|
|
"github.com/woodpecker-ci/woodpecker/server/router/middleware"
|
2021-09-23 13:33:59 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/store"
|
2021-11-26 10:50:56 +02:00
|
|
|
"github.com/woodpecker-ci/woodpecker/server/web"
|
2017-06-30 00:51:22 +02:00
|
|
|
)
|
|
|
|
|
2021-11-23 16:36:52 +02:00
|
|
|
func run(c *cli.Context) error {
|
2021-10-12 09:25:13 +02:00
|
|
|
if c.Bool("pretty") {
|
|
|
|
log.Logger = log.Output(
|
|
|
|
zerolog.ConsoleWriter{
|
|
|
|
Out: os.Stderr,
|
2021-10-27 21:03:14 +02:00
|
|
|
NoColor: c.Bool("nocolor"),
|
2021-10-12 09:25:13 +02:00
|
|
|
},
|
|
|
|
)
|
2017-06-30 00:51:22 +02:00
|
|
|
}
|
|
|
|
|
2021-10-17 00:41:36 +02:00
|
|
|
// TODO: format output & options to switch to json aka. option to add channels to send logs to
|
|
|
|
zerolog.SetGlobalLevel(zerolog.WarnLevel)
|
|
|
|
if c.IsSet("log-level") {
|
|
|
|
logLevelFlag := c.String("log-level")
|
|
|
|
lvl, err := zerolog.ParseLevel(logLevelFlag)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal().Msgf("unknown logging level: %s", logLevelFlag)
|
|
|
|
}
|
|
|
|
zerolog.SetGlobalLevel(lvl)
|
|
|
|
}
|
2021-12-09 00:40:00 +02:00
|
|
|
if zerolog.GlobalLevel() <= zerolog.DebugLevel {
|
|
|
|
log.Logger = log.With().Caller().Logger()
|
2021-12-12 23:49:30 +02:00
|
|
|
} else {
|
|
|
|
gin.SetMode(gin.ReleaseMode)
|
2021-12-09 00:40:00 +02:00
|
|
|
}
|
2021-10-19 11:44:49 +02:00
|
|
|
log.Log().Msgf("LogLevel = %s", zerolog.GlobalLevel().String())
|
2021-10-17 00:41:36 +02:00
|
|
|
|
2017-07-12 20:48:56 +02:00
|
|
|
if c.String("server-host") == "" {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Fatal().Msg("WOODPECKER_HOST is not properly configured")
|
2017-07-12 20:48:56 +02:00
|
|
|
}
|
|
|
|
|
2017-12-20 04:08:55 +02:00
|
|
|
if !strings.Contains(c.String("server-host"), "://") {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Fatal().Msg(
|
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 15:43:44 +02:00
|
|
|
"WOODPECKER_HOST must be <scheme>://<hostname> format",
|
2017-12-20 04:08:55 +02:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-08-20 16:32:52 +02:00
|
|
|
if strings.Contains(c.String("server-host"), "://localhost") {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Warn().Msg(
|
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 15:43:44 +02:00
|
|
|
"WOODPECKER_HOST should probably be publicly accessible (not localhost)",
|
2021-08-20 16:32:52 +02:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2017-12-20 14:49:02 +02:00
|
|
|
if strings.HasSuffix(c.String("server-host"), "/") {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Fatal().Msg(
|
Clean up config environment variables for server and agent (#218)
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
2021-09-28 15:43:44 +02:00
|
|
|
"WOODPECKER_HOST must not have trailing slash",
|
2017-12-20 04:08:55 +02:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-12-01 15:22:06 +02:00
|
|
|
_remote, err := setupRemote(c)
|
2017-06-30 00:51:22 +02:00
|
|
|
if err != nil {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Fatal().Err(err).Msg("")
|
2017-06-30 00:51:22 +02:00
|
|
|
}
|
|
|
|
|
2021-12-01 15:22:06 +02:00
|
|
|
_store, err := setupStore(c)
|
2021-10-19 11:44:49 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal().Err(err).Msg("")
|
|
|
|
}
|
2021-11-13 21:18:06 +02:00
|
|
|
defer func() {
|
2021-12-01 15:22:06 +02:00
|
|
|
if err := _store.Close(); err != nil {
|
2021-11-13 21:18:06 +02:00
|
|
|
log.Error().Err(err).Msg("could not close store")
|
|
|
|
}
|
|
|
|
}()
|
2021-10-19 11:44:49 +02:00
|
|
|
|
2021-12-01 15:22:06 +02:00
|
|
|
setupEvilGlobals(c, _store, _remote)
|
2017-06-30 00:51:22 +02:00
|
|
|
|
2021-09-27 00:22:23 +02:00
|
|
|
proxyWebUI := c.String("www-proxy")
|
|
|
|
|
|
|
|
var webUIServe func(w http.ResponseWriter, r *http.Request)
|
|
|
|
|
|
|
|
if proxyWebUI == "" {
|
2021-11-26 10:50:56 +02:00
|
|
|
webUIServe = web.New().ServeHTTP
|
2021-09-27 00:22:23 +02:00
|
|
|
} else {
|
|
|
|
origin, _ := url.Parse(proxyWebUI)
|
|
|
|
|
|
|
|
director := func(req *http.Request) {
|
|
|
|
req.Header.Add("X-Forwarded-Host", req.Host)
|
|
|
|
req.Header.Add("X-Origin-Host", origin.Host)
|
|
|
|
req.URL.Scheme = origin.Scheme
|
|
|
|
req.URL.Host = origin.Host
|
|
|
|
}
|
|
|
|
|
|
|
|
proxy := &httputil.ReverseProxy{Director: director}
|
|
|
|
webUIServe = proxy.ServeHTTP
|
|
|
|
}
|
2017-07-31 21:15:05 +02:00
|
|
|
|
2017-06-30 00:51:22 +02:00
|
|
|
// setup the server and start the listener
|
|
|
|
handler := router.Load(
|
2021-09-27 00:22:23 +02:00
|
|
|
webUIServe,
|
2021-11-26 10:50:56 +02:00
|
|
|
middleware.Logger(time.RFC3339, true),
|
2017-06-30 00:51:22 +02:00
|
|
|
middleware.Version,
|
|
|
|
middleware.Config(c),
|
2021-12-01 15:22:06 +02:00
|
|
|
middleware.Store(c, _store),
|
2017-06-30 00:51:22 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
var g errgroup.Group
|
|
|
|
|
|
|
|
// start the grpc server
|
|
|
|
g.Go(func() error {
|
2021-09-09 18:34:29 +02:00
|
|
|
lis, err := net.Listen("tcp", c.String("grpc-addr"))
|
2017-06-30 00:51:22 +02:00
|
|
|
if err != nil {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Err(err).Msg("")
|
2017-06-30 00:51:22 +02:00
|
|
|
return err
|
|
|
|
}
|
2021-11-24 03:01:12 +02:00
|
|
|
authorizer := &authorizer{
|
2017-06-30 01:35:38 +02:00
|
|
|
password: c.String("agent-secret"),
|
|
|
|
}
|
2019-06-28 14:23:52 +02:00
|
|
|
grpcServer := grpc.NewServer(
|
2021-11-24 03:01:12 +02:00
|
|
|
grpc.StreamInterceptor(authorizer.streamInterceptor),
|
|
|
|
grpc.UnaryInterceptor(authorizer.unaryIntercaptor),
|
2018-01-08 22:46:44 +02:00
|
|
|
grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{
|
|
|
|
MinTime: c.Duration("keepalive-min-time"),
|
|
|
|
}),
|
2017-06-30 01:35:38 +02:00
|
|
|
)
|
2021-09-29 02:10:09 +02:00
|
|
|
woodpeckerServer := woodpeckerGrpcServer.NewWoodpeckerServer(
|
2021-12-01 15:22:06 +02:00
|
|
|
_remote,
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Services.Queue,
|
|
|
|
server.Config.Services.Logs,
|
|
|
|
server.Config.Services.Pubsub,
|
2021-12-01 15:22:06 +02:00
|
|
|
_store,
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Server.Host,
|
|
|
|
)
|
2021-09-29 02:10:09 +02:00
|
|
|
proto.RegisterWoodpeckerServer(grpcServer, woodpeckerServer)
|
2017-06-30 00:51:22 +02:00
|
|
|
|
2019-06-28 14:23:52 +02:00
|
|
|
err = grpcServer.Serve(lis)
|
2017-06-30 00:51:22 +02:00
|
|
|
if err != nil {
|
2021-10-12 09:25:13 +02:00
|
|
|
log.Err(err).Msg("")
|
2017-06-30 00:51:22 +02:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
|
2021-12-01 15:22:06 +02:00
|
|
|
setupMetrics(&g, _store)
|
2019-05-30 12:15:29 +02:00
|
|
|
|
2017-06-30 00:51:22 +02:00
|
|
|
// start the server with tls enabled
|
|
|
|
if c.String("server-cert") != "" {
|
2017-07-26 16:44:38 +02:00
|
|
|
g.Go(func() error {
|
2017-11-15 00:01:07 +02:00
|
|
|
return http.ListenAndServe(":http", http.HandlerFunc(redirect))
|
2017-07-26 16:44:38 +02:00
|
|
|
})
|
|
|
|
g.Go(func() error {
|
2017-09-20 00:30:31 +02:00
|
|
|
serve := &http.Server{
|
|
|
|
Addr: ":https",
|
|
|
|
Handler: handler,
|
|
|
|
TLSConfig: &tls.Config{
|
2021-10-19 11:44:49 +02:00
|
|
|
NextProtos: []string{"h2", "http/1.1"},
|
2017-09-20 00:30:31 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
return serve.ListenAndServeTLS(
|
2017-07-26 16:44:38 +02:00
|
|
|
c.String("server-cert"),
|
|
|
|
c.String("server-key"),
|
|
|
|
)
|
|
|
|
})
|
|
|
|
return g.Wait()
|
2017-06-30 00:51:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// start the server without tls enabled
|
|
|
|
if !c.Bool("lets-encrypt") {
|
|
|
|
return http.ListenAndServe(
|
|
|
|
c.String("server-addr"),
|
|
|
|
handler,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
// start the server with lets encrypt enabled
|
|
|
|
// listen on ports 443 and 80
|
2018-01-13 06:54:49 +02:00
|
|
|
address, err := url.Parse(c.String("server-host"))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
dir := cacheDir()
|
2022-01-05 22:50:23 +02:00
|
|
|
if err := os.MkdirAll(dir, 0o700); err != nil {
|
2021-11-23 16:36:52 +02:00
|
|
|
return err
|
|
|
|
}
|
2018-01-13 06:54:49 +02:00
|
|
|
|
2018-01-18 18:33:41 +02:00
|
|
|
manager := &autocert.Manager{
|
2018-01-13 06:54:49 +02:00
|
|
|
Prompt: autocert.AcceptTOS,
|
|
|
|
HostPolicy: autocert.HostWhitelist(address.Host),
|
|
|
|
Cache: autocert.DirCache(dir),
|
|
|
|
}
|
2017-06-30 00:51:22 +02:00
|
|
|
g.Go(func() error {
|
2018-01-13 06:54:49 +02:00
|
|
|
return http.ListenAndServe(":http", manager.HTTPHandler(http.HandlerFunc(redirect)))
|
2017-06-30 00:51:22 +02:00
|
|
|
})
|
|
|
|
g.Go(func() error {
|
2017-09-20 00:30:31 +02:00
|
|
|
serve := &http.Server{
|
|
|
|
Addr: ":https",
|
|
|
|
Handler: handler,
|
|
|
|
TLSConfig: &tls.Config{
|
|
|
|
GetCertificate: manager.GetCertificate,
|
2021-10-19 11:44:49 +02:00
|
|
|
NextProtos: []string{"h2", "http/1.1"},
|
2017-09-20 00:30:31 +02:00
|
|
|
},
|
2017-07-25 01:15:25 +02:00
|
|
|
}
|
2017-09-20 00:30:31 +02:00
|
|
|
return serve.ListenAndServeTLS("", "")
|
2017-06-30 00:51:22 +02:00
|
|
|
})
|
|
|
|
|
|
|
|
return g.Wait()
|
|
|
|
}
|
|
|
|
|
|
|
|
func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
|
|
|
|
// storage
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Storage.Files = v
|
2017-06-30 00:51:22 +02:00
|
|
|
|
2021-11-26 14:01:54 +02:00
|
|
|
// remote
|
|
|
|
server.Config.Services.Remote = r
|
|
|
|
|
2017-06-30 00:51:22 +02:00
|
|
|
// services
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Services.Queue = setupQueue(c, v)
|
|
|
|
server.Config.Services.Logs = logging.New()
|
|
|
|
server.Config.Services.Pubsub = pubsub.New()
|
2021-11-23 16:36:52 +02:00
|
|
|
if err := server.Config.Services.Pubsub.Create(context.Background(), "topic/events"); err != nil {
|
|
|
|
log.Error().Err(err).Msg("could not create pubsub service")
|
|
|
|
}
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Services.Registries = setupRegistryService(c, v)
|
|
|
|
server.Config.Services.Secrets = setupSecretService(c, v)
|
|
|
|
server.Config.Services.Senders = sender.New(v, v)
|
|
|
|
server.Config.Services.Environ = setupEnvironService(c, v)
|
2017-06-30 00:51:22 +02:00
|
|
|
|
|
|
|
if endpoint := c.String("gating-service"); endpoint != "" {
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Services.Senders = sender.NewRemote(endpoint)
|
2017-06-30 00:51:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// limits
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Pipeline.Limits.MemSwapLimit = c.Int64("limit-mem-swap")
|
|
|
|
server.Config.Pipeline.Limits.MemLimit = c.Int64("limit-mem")
|
|
|
|
server.Config.Pipeline.Limits.ShmSize = c.Int64("limit-shm-size")
|
|
|
|
server.Config.Pipeline.Limits.CPUQuota = c.Int64("limit-cpu-quota")
|
|
|
|
server.Config.Pipeline.Limits.CPUShares = c.Int64("limit-cpu-shares")
|
|
|
|
server.Config.Pipeline.Limits.CPUSet = c.String("limit-cpu-set")
|
2017-06-30 00:51:22 +02:00
|
|
|
|
|
|
|
// server configuration
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Server.Cert = c.String("server-cert")
|
|
|
|
server.Config.Server.Key = c.String("server-key")
|
|
|
|
server.Config.Server.Pass = c.String("agent-secret")
|
|
|
|
server.Config.Server.Host = c.String("server-host")
|
2021-12-13 21:22:09 +02:00
|
|
|
if c.IsSet("server-dev-oauth-host") {
|
|
|
|
server.Config.Server.OAuthHost = c.String("server-dev-oauth-host")
|
|
|
|
} else {
|
|
|
|
server.Config.Server.OAuthHost = c.String("server-host")
|
|
|
|
}
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Server.Port = c.String("server-addr")
|
2021-10-12 18:21:13 +02:00
|
|
|
server.Config.Server.Docs = c.String("docs")
|
2022-01-29 21:37:36 +02:00
|
|
|
server.Config.Server.StatusContext = c.String("status-context")
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Server.SessionExpires = c.Duration("session-expires")
|
|
|
|
server.Config.Pipeline.Networks = c.StringSlice("network")
|
|
|
|
server.Config.Pipeline.Volumes = c.StringSlice("volume")
|
|
|
|
server.Config.Pipeline.Privileged = c.StringSlice("escalate")
|
2018-03-21 14:51:54 +02:00
|
|
|
|
|
|
|
// prometheus
|
2021-09-22 20:48:01 +02:00
|
|
|
server.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
|
2021-12-19 13:04:29 +02:00
|
|
|
|
|
|
|
// TODO(485) temporary workaround to not hit api rate limits
|
|
|
|
server.Config.FlatPermissions = c.Bool("flat-permissions")
|
2017-06-30 00:51:22 +02:00
|
|
|
}
|
2017-06-30 01:35:38 +02:00
|
|
|
|
|
|
|
type authorizer struct {
|
|
|
|
password string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *authorizer) streamInterceptor(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
|
|
|
if err := a.authorize(stream.Context()); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return handler(srv, stream)
|
|
|
|
}
|
|
|
|
|
2021-10-19 11:44:49 +02:00
|
|
|
func (a *authorizer) unaryIntercaptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
2017-06-30 01:35:38 +02:00
|
|
|
if err := a.authorize(ctx); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return handler(ctx, req)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *authorizer) authorize(ctx context.Context) error {
|
2020-05-18 16:46:13 +02:00
|
|
|
if md, ok := metadata.FromIncomingContext(ctx); ok {
|
2017-06-30 01:35:38 +02:00
|
|
|
if len(md["password"]) > 0 && md["password"][0] == a.password {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return errors.New("invalid agent token")
|
|
|
|
}
|
|
|
|
return errors.New("missing agent token")
|
|
|
|
}
|
2017-07-25 01:15:25 +02:00
|
|
|
|
2017-11-15 00:01:07 +02:00
|
|
|
func redirect(w http.ResponseWriter, req *http.Request) {
|
2021-09-24 16:29:26 +02:00
|
|
|
serverHost := server.Config.Server.Host
|
2017-11-15 00:01:07 +02:00
|
|
|
serverHost = strings.TrimPrefix(serverHost, "http://")
|
|
|
|
serverHost = strings.TrimPrefix(serverHost, "https://")
|
|
|
|
req.URL.Scheme = "https"
|
|
|
|
req.URL.Host = serverHost
|
2017-11-16 06:27:57 +02:00
|
|
|
|
|
|
|
w.Header().Set("Strict-Transport-Security", "max-age=31536000")
|
|
|
|
|
2017-11-15 00:01:07 +02:00
|
|
|
http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
|
|
|
|
}
|
|
|
|
|
2017-07-25 01:15:25 +02:00
|
|
|
func cacheDir() string {
|
|
|
|
const base = "golang-autocert"
|
|
|
|
if xdg := os.Getenv("XDG_CACHE_HOME"); xdg != "" {
|
|
|
|
return filepath.Join(xdg, base)
|
|
|
|
}
|
|
|
|
return filepath.Join(os.Getenv("HOME"), ".cache", base)
|
|
|
|
}
|