toby3d/auth
toby3d
/
auth
1
0
Fork 0
Code Actions Packages Releases Activity
auth/main.go

358 lines
10 KiB
Go
Raw Permalink Blame History

//go:generate go install github.com/valyala/quicktemplate/qtc@latest
//go:generate qtc -dir=./web
//go:generate go install golang.org/x/text/cmd/gotext@master
//go:generate gotext -srclang=en update -out=catalog_gen.go -lang=en,ru
package main
import (
"context"
"embed"
"errors"
"flag"
"io/fs"
"log"
"net/http"
_ "net/http/pprof"
"net/url"
"os"
"os/signal"
"path/filepath"
"runtime"
"runtime/pprof"
"strings"
"syscall"
"time"
"github.com/caarlos0/env/v9"
"github.com/jmoiron/sqlx"
"golang.org/x/text/language"
"golang.org/x/text/message"
_ "modernc.org/sqlite"
"source.toby3d.me/toby3d/auth/internal/auth"
authhttpdelivery "source.toby3d.me/toby3d/auth/internal/auth/delivery/http"
authucase "source.toby3d.me/toby3d/auth/internal/auth/usecase"
"source.toby3d.me/toby3d/auth/internal/client"
clienthttpdelivery "source.toby3d.me/toby3d/auth/internal/client/delivery/http"
clienthttprepo "source.toby3d.me/toby3d/auth/internal/client/repository/http"
clientucase "source.toby3d.me/toby3d/auth/internal/client/usecase"
"source.toby3d.me/toby3d/auth/internal/domain"
healthhttpdelivery "source.toby3d.me/toby3d/auth/internal/health/delivery/http"
metadatahttpdelivery "source.toby3d.me/toby3d/auth/internal/metadata/delivery/http"
"source.toby3d.me/toby3d/auth/internal/middleware"
"source.toby3d.me/toby3d/auth/internal/profile"
profilehttprepo "source.toby3d.me/toby3d/auth/internal/profile/repository/http"
profileucase "source.toby3d.me/toby3d/auth/internal/profile/usecase"
"source.toby3d.me/toby3d/auth/internal/session"
sessionmemoryrepo "source.toby3d.me/toby3d/auth/internal/session/repository/memory"
sessionsqlite3repo "source.toby3d.me/toby3d/auth/internal/session/repository/sqlite3"
sessionucase "source.toby3d.me/toby3d/auth/internal/session/usecase"
"source.toby3d.me/toby3d/auth/internal/token"
tokenhttpdelivery "source.toby3d.me/toby3d/auth/internal/token/delivery/http"
tokenmemoryrepo "source.toby3d.me/toby3d/auth/internal/token/repository/memory"
tokensqlite3repo "source.toby3d.me/toby3d/auth/internal/token/repository/sqlite3"
tokenucase "source.toby3d.me/toby3d/auth/internal/token/usecase"
"source.toby3d.me/toby3d/auth/internal/urlutil"
userhttpdelivery "source.toby3d.me/toby3d/auth/internal/user/delivery/http"
)
type (
App struct {
auth auth.UseCase
clients client.UseCase
matcher language.Matcher
sessions session.UseCase
profiles profile.UseCase
tokens token.UseCase
static fs.FS
}
NewAppOptions struct {
Client *http.Client
Clients client.Repository
Sessions session.Repository
Tokens token.Repository
Profiles profile.Repository
Static fs.FS
}
)
const (
DefaultReadTimeout time.Duration = 5 * time.Second
DefaultWriteTimeout time.Duration = 10 * time.Second
)
//nolint:gochecknoglobals
var (
// NOTE(toby3d): write logs in stdout, see: https://12factor.net/logs
logger = log.New(os.Stdout, "IndieAuth\t", log.Lmsgprefix|log.LstdFlags|log.LUTC)
// NOTE(toby3d): read configuration from environment, see: https://12factor.net/config
config = new(domain.Config)
)
//nolint:gochecknoglobals
var (
indieAuthClient *domain.Client
cpuProfilePath, memProfilePath string
)
//go:embed web/static/*
var static embed.FS
//nolint:gochecknoinits
func init() {
flag.StringVar(&cpuProfilePath, "cpuprofile", "", "set path to saving CPU memory profile")
flag.StringVar(&memProfilePath, "memprofile", "", "set path to saving pprof memory profile")
flag.Parse()
if err := env.ParseWithOptions(config, env.Options{Prefix: "AUTH_"}); err != nil {
logger.Fatalln(err)
}
// NOTE(toby3d): The server instance itself can be as a client.
rootUrl, err := url.Parse(config.Server.GetRootURL())
if err != nil {
logger.Fatalln(err)
}
cid, err := domain.ParseClientID(rootUrl.String())
if err != nil {
logger.Fatalln("fail to read config:", err)
}
indieAuthClient = &domain.Client{
Logo: rootUrl.JoinPath("icon.svg"),
URL: rootUrl,
ID: *cid,
Name: config.Name,
RedirectURI: []*url.URL{rootUrl.JoinPath("callback")},
}
}
//nolint:funlen,cyclop // "god object" and the entry point of all modules
func main() {
ctx := context.Background()
var opts NewAppOptions
var err error
if opts.Static, err = fs.Sub(static, filepath.Join("web", "static")); err != nil {
logger.Fatalln(err)
}
switch strings.ToLower(config.Database.Type) {
default:
opts.Tokens = tokenmemoryrepo.NewMemoryTokenRepository()
opts.Sessions = sessionmemoryrepo.NewMemorySessionRepository(*config)
case "sqlite3":
store, err := sqlx.Open("sqlite", config.Database.Path)
if err != nil {
logger.Fatalln(err)
}
if err = store.Ping(); err != nil {
logger.Fatalf("cannot ping %s database: %v", "sqlite3", err)
}
opts.Tokens = tokensqlite3repo.NewSQLite3TokenRepository(store)
opts.Sessions = sessionsqlite3repo.NewSQLite3SessionRepository(store)
}
go opts.Sessions.GC()
opts.Client = new(http.Client)
opts.Clients = clienthttprepo.NewHTTPClientRepository(opts.Client)
opts.Profiles = profilehttprepo.NewHTPPClientRepository(opts.Client)
app := NewApp(opts)
server := &http.Server{
Addr: config.Server.GetAddress(),
BaseContext: nil,
ConnContext: nil,
ConnState: nil,
ErrorLog: logger,
Handler: app.Handler(),
IdleTimeout: 0,
MaxHeaderBytes: 0,
ReadHeaderTimeout: 0,
ReadTimeout: DefaultReadTimeout,
TLSConfig: nil,
TLSNextProto: nil,
WriteTimeout: DefaultWriteTimeout,
}
done := make(chan os.Signal, 1)
signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
if cpuProfilePath != "" {
cpuProfile, err := os.Create(cpuProfilePath)
if err != nil {
logger.Fatalln("could not create CPU profile:", err)
}
defer cpuProfile.Close()
if err = pprof.StartCPUProfile(cpuProfile); err != nil {
logger.Fatalln("could not start CPU profile:", err)
}
defer pprof.StopCPUProfile()
}
go func() {
logger.Printf("started at %s, available at %s", config.Server.GetAddress(),
config.Server.GetRootURL())
if config.Server.CertificateFile != "" && config.Server.KeyFile != "" {
err = server.ListenAndServeTLS(config.Server.CertificateFile, config.Server.KeyFile)
} else {
err = server.ListenAndServe()
}
if err != nil && !errors.Is(err, http.ErrServerClosed) {
logger.Fatalln("cannot listen and serve:", err)
}
}()
<-done
if err = server.Shutdown(ctx); err != nil {
logger.Fatalln("failed shutdown of server:", err)
}
if memProfilePath == "" {
return
}
memProfile, err := os.Create(memProfilePath)
if err != nil {
logger.Fatalln("could not create memory profile:", err)
}
defer memProfile.Close()
runtime.GC() // NOTE(toby3d): get up-to-date statistics
if err = pprof.WriteHeapProfile(memProfile); err != nil {
logger.Fatalln("could not write memory profile:", err)
}
}
func NewApp(opts NewAppOptions) *App {
return &App{
static: opts.Static,
auth: authucase.NewAuthUseCase(opts.Sessions, opts.Profiles, *config),
clients: clientucase.NewClientUseCase(opts.Clients),
matcher: language.NewMatcher(message.DefaultCatalog.Languages()),
profiles: profileucase.NewProfileUseCase(opts.Profiles),
sessions: sessionucase.NewSessionUseCase(opts.Sessions),
tokens: tokenucase.NewTokenUseCase(tokenucase.Config{
Config: *config,
Profiles: opts.Profiles,
Sessions: opts.Sessions,
Tokens: opts.Tokens,
}),
}
}
// TODO(toby3d): move module middlewares to here.
//
//nolint:funlen
func (app *App) Handler() http.Handler {
//nolint:exhaustivestruct
metadata := metadatahttpdelivery.NewHandler(&domain.Metadata{
Issuer: indieAuthClient.ID.URL(),
AuthorizationEndpoint: indieAuthClient.ID.URL().JoinPath("authorize"),
TokenEndpoint: indieAuthClient.ID.URL().JoinPath("token"),
TicketEndpoint: indieAuthClient.ID.URL().JoinPath("ticket"),
MicropubEndpoint: nil,
MicrosubEndpoint: nil,
IntrospectionEndpoint: indieAuthClient.ID.URL().JoinPath("introspect"),
RevocationEndpoint: indieAuthClient.ID.URL().JoinPath("revocation"),
UserinfoEndpoint: indieAuthClient.ID.URL().JoinPath("userinfo"),
ServiceDocumentation: &url.URL{
Scheme: "https",
Host: "indieauth.net",
Path: "/source/",
},
IntrospectionEndpointAuthMethodsSupported: []string{"Bearer"},
RevocationEndpointAuthMethodsSupported: []string{"none"},
ScopesSupported: domain.Scopes{
domain.ScopeBlock,
domain.ScopeChannels,
domain.ScopeCreate,
domain.ScopeDelete,
domain.ScopeDraft,
domain.ScopeEmail,
domain.ScopeFollow,
domain.ScopeMedia,
domain.ScopeMute,
domain.ScopeProfile,
domain.ScopeRead,
domain.ScopeUpdate,
},
ResponseTypesSupported: []domain.ResponseType{
domain.ResponseTypeCode,
domain.ResponseTypeID,
},
GrantTypesSupported: []domain.GrantType{
domain.GrantTypeAuthorizationCode,
domain.GrantTypeTicket,
},
CodeChallengeMethodsSupported: []domain.CodeChallengeMethod{
domain.CodeChallengeMethodMD5,
domain.CodeChallengeMethodPLAIN,
domain.CodeChallengeMethodS1,
domain.CodeChallengeMethodS256,
domain.CodeChallengeMethodS512,
},
AuthorizationResponseIssParameterSupported: true,
})
health := healthhttpdelivery.NewHandler()
auth := authhttpdelivery.NewHandler(authhttpdelivery.NewHandlerOptions{
Auth: app.auth,
Clients: app.clients,
Config: *config,
Matcher: app.matcher,
Profiles: app.profiles,
})
token := tokenhttpdelivery.NewHandler(app.tokens, *config)
client := clienthttpdelivery.NewHandler(clienthttpdelivery.NewHandlerOptions{
Client: *indieAuthClient,
Config: *config,
Matcher: app.matcher,
Tokens: app.tokens,
})
user := userhttpdelivery.NewHandler(app.tokens, *config)
staticHandler := http.FileServer(http.FS(app.static))
return http.HandlerFunc(middleware.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
head, tail := urlutil.ShiftPath(r.URL.Path)
switch head {
default: // NOTE(toby3d): static or 404
staticHandler.ServeHTTP(w, r)
case "", "callback": // NOTE(toby3d): self-client
client.ServeHTTP(w, r)
case "token", "introspect", "revocation":
token.ServeHTTP(w, r)
case ".well-known": // NOTE(toby3d): public server config
r.URL.Path = tail
if head, _ = urlutil.ShiftPath(r.URL.Path); head == "oauth-authorization-server" {
metadata.ServeHTTP(w, r)
} else {
http.NotFound(w, r)
}
case "authorize":
r.URL.Path = tail
auth.ServeHTTP(w, r)
case "health":
r.URL.Path = tail
health.ServeHTTP(w, r)
case "userinfo":
r.URL.Path = tail
user.ServeHTTP(w, r)
}
}).Intercept(middleware.LogFmt()))
}
View Git Blame Copy Permalink