go
/
capstan
3
0
Fork 0
Code Issues 6 Pull Requests 0 Releases 0 Wiki Activity
Capstan is a Golang web framework that shares some similarities with others in its segment.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1110 Commits
10 Branches
2.2 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
capstan/router_listen.go

372 lines
10 KiB
Raw Permalink Normal View History

Moved routing files into base package.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Re-homed project and most declared dependencies.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
TODO
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Added AttachListener for external code.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Errorf fixes.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Added AttachListener for external code.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Added AttachListener for external code.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Added AttachListener for external code.
1 year ago
Workaround re-adding named listeners. This should be refactored.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Added timeout support.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Added timeout support.
1 year ago
Print debug output on close.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Function cleanup and added error returns.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Workaround re-adding named listeners. This should be refactored.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Function cleanup and added error returns.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Function cleanup and added error returns.
1 year ago
Rework listener halt.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Set listeners as appropriate when shutdown.
1 year ago
Function cleanup and added error returns.
1 year ago
Added API for closing specific listeners. Subject to change.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Actually return errors.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
TLS tweaks.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Breaking change: Top-level config is now required.
5 months ago
Split the router file into individual parts for easier understanding.
1 year ago
Use derived hostname.
6 months ago
Split the router file into individual parts for easier understanding.
1 year ago
TLS tweaks.
1 year ago
Split the router file into individual parts for easier understanding.
1 year ago
Moved helper functions to bottom.
1 year ago
Set listeners as appropriate when shutdown.
1 year ago
Moved helper functions to bottom.
1 year ago
Set listeners as appropriate when shutdown.
1 year ago
Moved helper functions to bottom.
1 year ago
Set listeners as appropriate when shutdown.
1 year ago
Moved helper functions to bottom.
1 year ago
 
  1. package capstan
  2. 

  3. import (
  4. 	"context"
  5. 	"crypto/tls"
  6. 	"crypto/x509"
  7. 	"fmt"
  8. 	"net"
  9. 	"net/http"
  10. 	"strings"
  11. 	"time"
  12. 

  13. 	"git.destrealm.org/go/capstan/internal/sys"
  14. )
  15. 

  16. // TODO: Consider refactoring named listeners to store their network address

  17. // instead.

  18. 

  19. // Apply http.Server instances to all stored listeners. Errors will be returned

  20. // via the error channel errc.

  21. //

  22. // This increments the Router waitgroup once for each configured listener.

  23. func (r *Router) listen(errc chan error) {
  24. 	for _, listener := range r.listeners {
  25. 		r.AttachListener(listener)
  26. 	}
  27. }
  28. 

  29. // Setup listeners to all configured addresses. Currently this only sets up 3

  30. // listeners for each of the following, if configured: ListenAddress,

  31. // ListenAddressTLS, and ListenSocket.

  32. //

  33. // If you wish to attach custom listeners, you must call AddListener (below) and

  34. // it should implement both net.Listener and syscall.Conn. While simply

  35. // implementing net.Listener should be sufficient, it may fail for high

  36. // availability configurations that expect graceful restart capabilities.

  37. func (r *Router) setupListeners() error {
  38. 	var requiresPriv bool
  39. 	config := r.app.Config().Server
  40. 

  41. 	r.proxy.Switch(r.mux)
  42. 

  43. 	if len(r.listeners) == 0 {
  44. 		requiresPriv = isPrivPort(r.app.Config().Server.ListenAddress)
  45. 		if listener, err := r.ListenHTTP(r.app.Config().Server.ListenAddress); err != nil {
  46. 			return err
  47. 		} else {
  48. 			r.namedListeners.tcp = listener
  49. 			r.AddListener(listener)
  50. 		}
  51. 

  52. 		requiresPriv = isPrivPort(r.app.Config().Server.ListenAddressTLS)
  53. 		if listener, err := r.ListenTLS(r.app.Config().Server.ListenAddressTLS); err != nil {
  54. 			return err
  55. 		} else {
  56. 			r.namedListeners.tls = listener
  57. 			r.AddListener(listener)
  58. 		}
  59. 

  60. 		if listener, err := r.ListenSocket(r.app.Config().Server.ListenSocket); err != nil {
  61. 			return err
  62. 		} else {
  63. 			r.namedListeners.sock = listener
  64. 			r.AddListener(listener)
  65. 		}
  66. 	}
  67. 

  68. 	if requiresPriv && sys.HasSuperuser() {
  69. 		if config.RunAs == "" {
  70. 			return fmt.Errorf("application is running as superuser with no RunAs configured")
  71. 		}
  72. 		err := sys.SwitchUser(config.RunAs)
  73. 		if err != nil {
  74. 			return fmt.Errorf("unable to drop privileges: %v", err)
  75. 		}
  76. 	}
  77. 

  78. 	return nil
  79. }
  80. 

  81. // AddListener accepts a listener against which the Chi handler will be attached

  82. // and will be used as the base listener for an HTTP or HTTPS service.

  83. //

  84. // This listener will be mapped to the configured network management as defined

  85. // in network.go and netlisten_*.go. If the specified listener does not

  86. // implement both net.Listen and syscall.Conn it will not be used for high

  87. // availability graceful restart. If you depend on a custom listener, you may

  88. // need to implement graceful restart yourself or implement syscall.Conn.

  89. func (r *Router) AddListener(listener net.Listener) {
  90. 	if listener != nil {
  91. 		r.listeners = append(r.listeners, listener)
  92. 	}
  93. }
  94. 

  95. // AttachListener to the current route handler.

  96. //

  97. // This may be used by external code to enable listeners.

  98. func (r *Router) AttachListener(listener net.Listener) {
  99. 	var server HTTPServer
  100. 	server.Handler = r.proxy
  101. 	server.ReadHeaderTimeout = time.Second * time.Duration(r.app.Config().Server.HeaderTimeout)
  102. 	server.IdleTimeout = time.Second * time.Duration(r.app.Config().Server.IdleConnectionTimeout)
  103. 	server.MaxHeaderBytes = r.app.Config().Server.MaxHeaderLength
  104. 	r.servers = append(r.servers, &server)
  105. 	r.wg.Add(1)
  106. 	go func(l net.Listener) {
  107. 		if err := server.Serve(l); err != http.ErrServerClosed {
  108. 			r.Close()
  109. 		}
  110. 		r.wg.Done()
  111. 	}(listener)
  112. }
  113. 

  114. func (r *Router) AttachNamedListener(name string, listener net.Listener) {
  115. 	switch name {
  116. 	case "tls":
  117. 		r.namedListeners.tls = listener
  118. 	case "tcp":
  119. 		r.namedListeners.tcp = listener
  120. 	case "sock":
  121. 		fallthrough
  122. 	case "socket":
  123. 		fallthrough
  124. 	case "file":
  125. 		r.namedListeners.sock = listener
  126. 	}
  127. 	r.AttachListener(listener)
  128. }
  129. 

  130. // Close all configured listeners gracefully. This calls Shutdown on each

  131. // http.Server and waits until all connections have closed before terminating.

  132. func (r *Router) Close() {
  133. 	r.app.Logger().Noticef("Shutting down (waiting max %d second(s) for connections to close)...", r.app.Config().Server.ShutdownTimeout)
  134. 	for _, server := range r.servers {
  135. 		ctx, cancel := context.WithTimeout(r.shutdownCtx,
  136. 			time.Second*time.Duration(r.app.Config().Server.ShutdownTimeout))
  137. 		defer cancel()
  138. 

  139. 		r.app.Logger().Debugf("closing listener: (%s) %s", server.Listener().Addr().Network(), server.Listener().Addr().String())
  140. 		err := server.Shutdown(ctx)
  141. 		if err != nil {
  142. 			r.app.Logger().Warning("Error shutting down server:", err)
  143. 		}
  144. 	}
  145. 

  146. 	for _, listener := range r.listeners {
  147. 		listener.Close()
  148. 	}
  149. }
  150. 

  151. // CloseNamed listener.

  152. //

  153. // This will gracefully shut down the named listener, if available. The special

  154. // names "tls," "tcp," and "file" are used to close reserved listeners for TLS,

  155. // TCP, and Unix domain socket traffic.

  156. //

  157. // This will also remove the listener from the router's listeners store.

  158. func (r *Router) CloseNamed(name string) (err error) {
  159. 	var listener net.Listener
  160. 

  161. 	switch name {
  162. 	case "tls":
  163. 		listener = r.namedListeners.tls
  164. 	case "tcp":
  165. 		listener = r.namedListeners.tcp
  166. 	case "sock":
  167. 		fallthrough
  168. 	case "socket":
  169. 		fallthrough
  170. 	case "file":
  171. 		listener = r.namedListeners.sock
  172. 	}
  173. 

  174. 	if listener == nil {
  175. 		return
  176. 	}
  177. 

  178. 	l := make([]net.Listener, 0)
  179. 	for _, mapped := range r.listeners {
  180. 		if mapped != listener {
  181. 			l = append(l, mapped)
  182. 		}
  183. 	}
  184. 	r.listeners = l
  185. 

  186. 	r.app.Logger().Error("Shutting down listener (waiting max 10 seconds for connections to close)...")
  187. 	ctx, _ := context.WithTimeout(r.shutdownCtx, time.Second*10)
  188. 	for _, server := range r.servers {
  189. 		if server.Listener() == listener {
  190. 			if err = server.Shutdown(ctx); err != nil {
  191. 				r.app.Logger().Warning("error shutting down listener:", err)
  192. 				return
  193. 			} else {
  194. 				StopListening(listener)
  195. 			}
  196. 		}
  197. 	}
  198. 

  199. 	switch name {
  200. 	case "tls":
  201. 		r.namedListeners.tls = nil
  202. 	case "tcp":
  203. 		r.namedListeners.tcp = nil
  204. 	case "sock":
  205. 		fallthrough
  206. 	case "socket":
  207. 		fallthrough
  208. 	case "file":
  209. 		r.namedListeners.sock = nil
  210. 	}
  211. 

  212. 	return
  213. }
  214. 

  215. // Listen on all configured listeners and wait until they close.

  216. //

  217. // If an error is received by this function it will call Router.Close itself and

  218. // begin the shutdown process.

  219. func (r *Router) Listen() error {
  220. 	var err error
  221. 	errc := make(chan error)
  222. 

  223. 	if err := r.setupListeners(); err != nil {
  224. 		return err
  225. 	}
  226. 

  227. 	r.listen(errc)
  228. 	go func() {
  229. 		err = <-errc
  230. 		if err != nil {
  231. 			r.Close()
  232. 			r.wg.Done()
  233. 			return
  234. 		}
  235. 	}()
  236. 

  237. 	r.wg.Wait()
  238. 

  239. 	return err
  240. }
  241. 

  242. // ListenHTTP allows client code to configure a new port to listen on. This

  243. // should not be called if the server is already listening on an HTTP port. This

  244. // is called internally if ListenAddress is set.

  245. func (r *Router) ListenHTTP(addr string) (net.Listener, error) {
  246. 	// An HTTP port most liekly wasn't specified.

  247. 	if addr == "" {
  248. 		return nil, nil
  249. 	}
  250. 

  251. 	return Listen("tcp", addr)
  252. }
  253. 

  254. // ListenSocket allows client code to configure a new UNIX domain socket to

  255. // listen on. This should not be called if the server is already listening on

  256. // the same socket. This is called internally if ListenSocket is set.

  257. func (r *Router) ListenSocket(sock string) (net.Listener, error) {
  258. 	if sock == "" {
  259. 		return nil, nil
  260. 	}
  261. 

  262. 	return Listen("unix", sock)
  263. }
  264. 

  265. // ListenTLS allows client code to configure a new TLS port to listen on. This

  266. // should not be called if the server is already listening on a TLS port. This

  267. // is called internally if ListenAddressTLS is set.

  268. func (r *Router) ListenTLS(addr string) (net.Listener, error) {
  269. 	// TLS most likely wasn't specified.

  270. 	if addr == "" {
  271. 		return nil, nil
  272. 	}
  273. 

  274. 	var err error
  275. 	var tc *tls.Config
  276. 	var pool *x509.CertPool
  277. 	ciphers := []uint16{
  278. 		tls.TLS_AES_256_GCM_SHA384,
  279. 		tls.TLS_AES_128_GCM_SHA256,
  280. 		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  281. 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  282. 		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  283. 		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  284. 		tls.TLS_CHACHA20_POLY1305_SHA256,
  285. 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
  286. 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  287. 		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
  288. 

  289. 		// No forward secrecy but disabling these may reduce client

  290. 		// compatibility.

  291. 		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
  292. 		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
  293. 	}
  294. 

  295. 	config := r.app.Config().Server
  296. 	if config.TLSConfig != nil {
  297. 		tc = config.TLSConfig
  298. 	} else {
  299. 		host := config.CalculatedHostname()
  300. 		if strings.Contains(host, ":") {
  301. 			host, _, err = net.SplitHostPort(host)
  302. 			if err != nil && host == "" {
  303. 				host = "localhost"
  304. 			} else if err != nil {
  305. 				return nil, err
  306. 			}
  307. 		}
  308. 

  309. 		if config.MinVersion == 0 {
  310. 			config.MinVersion = tls.VersionTLS11
  311. 		}
  312. 		if config.MaxVersion == 0 {
  313. 			config.MaxVersion = tls.VersionTLS13
  314. 		}
  315. 

  316. 		pool = x509.NewCertPool()
  317. 

  318. 		tc = &tls.Config{
  319. 			Certificates: config.Certificates,
  320. 			RootCAs:      pool,
  321. 			ServerName:   host,
  322. 			MinVersion:   config.MinVersion,
  323. 			MaxVersion:   config.MaxVersion,
  324. 			CipherSuites: ciphers,
  325. 			NextProtos:   []string{"h2"},
  326. 			// https://blog.cloudflare.com/exposing-go-on-the-internet/

  327. 			PreferServerCipherSuites: true,
  328. 			CurvePreferences: []tls.CurveID{
  329. 				tls.CurveP256,
  330. 				tls.X25519,
  331. 			},
  332. 		}
  333. 	}
  334. 

  335. 	listener, err := Listen("tcp", addr)
  336. 	if err != nil {
  337. 		return nil, err
  338. 	}
  339. 

  340. 	return tls.NewListener(listener, tc), nil
  341. }
  342. 

  343. // HasSocket returns true if Capstan was configured to listen on a domain

  344. // socket.

  345. //

  346. // As with other Has* functions for listeners, this does not indicate a status

  347. // for manually-configured listeners and applies only to those that were started

  348. // via the Listen* methods (either automatically, via configuration, or

  349. // manually).

  350. func (r *Router) HasSocket() bool {
  351. 	return r.namedListeners.sock != nil
  352. }
  353. 

  354. // HasTCP returns true if Capstan was configured to listen on a TCP socket.

  355. //

  356. // As with other Has* functions for listeners, this does not indicate a status

  357. // for manually-configured listeners and applies only to those that were started

  358. // via the Listen* methods (either automatically, via configuration, or

  359. // manually).

  360. func (r *Router) HasTCP() bool {
  361. 	return r.namedListeners.tcp != nil
  362. }
  363. 

  364. // HasTLS returns true if Capstan was configured to listen on a TLS socket.

  365. //

  366. // As with other Has* functions for listeners, this does not indicate a status

  367. // for manually-configured listeners and applies only to those that were started

  368. // via the Listen* methods (either automatically, via configuration, or

  369. // manually).

  370. func (r *Router) HasTLS() bool {
  371. 	return r.namedListeners.tls != nil
  372. }