2023-04-21 03:21:46 +01:00
|
|
|
package servers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"github.com/MrMelon54/violet/utils"
|
|
|
|
|
"github.com/julienschmidt/httprouter"
|
2023-04-21 15:49:01 +01:00
|
|
|
"log"
|
2023-04-21 03:21:46 +01:00
|
|
|
"net/http"
|
2023-04-21 15:49:01 +01:00
|
|
|
"net/url"
|
|
|
|
|
"time"
|
2023-04-21 03:21:46 +01:00
|
|
|
)
|
|
|
|
|
|
2023-04-21 15:49:01 +01:00
|
|
|
// NewHttpServer creates and runs a http server containing the public http
|
|
|
|
|
// endpoints for the reverse proxy.
|
|
|
|
|
//
|
|
|
|
|
// `/.well-known/acme-challenge/{token}` is used for outputting answers for
|
|
|
|
|
// acme challenges, this is used for Lets Encrypt HTTP verification.
|
2023-04-22 18:11:21 +01:00
|
|
|
func NewHttpServer(conf *Conf) *http.Server {
|
2023-04-21 03:21:46 +01:00
|
|
|
r := httprouter.New()
|
2023-04-21 15:49:01 +01:00
|
|
|
var secureExtend string
|
2023-04-22 18:11:21 +01:00
|
|
|
_, httpsPort, ok := utils.SplitDomainPort(conf.HttpsListen, 443)
|
|
|
|
|
if !ok {
|
|
|
|
|
httpsPort = 443
|
|
|
|
|
}
|
2023-04-21 15:49:01 +01:00
|
|
|
if httpsPort != 443 {
|
|
|
|
|
secureExtend = fmt.Sprintf(":%d", httpsPort)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Endpoint for acme challenge outputs
|
|
|
|
|
r.GET("/.well-known/acme-challenge/{key}", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
|
|
|
|
|
if h, ok := utils.GetDomainWithoutPort(req.Host); ok {
|
|
|
|
|
// check if the host is valid
|
2023-04-22 18:11:21 +01:00
|
|
|
if !conf.Domains.IsValid(req.Host) {
|
2023-04-21 03:21:46 +01:00
|
|
|
http.Error(rw, fmt.Sprintf("%d %s\n", 420, "Invalid host"), 420)
|
|
|
|
|
return
|
|
|
|
|
}
|
2023-04-21 15:49:01 +01:00
|
|
|
|
|
|
|
|
// check if the key is valid
|
|
|
|
|
key := params.ByName("key")
|
|
|
|
|
if key == "" {
|
2023-04-21 16:40:26 +01:00
|
|
|
rw.WriteHeader(http.StatusNotFound)
|
2023-04-21 03:21:46 +01:00
|
|
|
return
|
|
|
|
|
}
|
2023-04-21 15:49:01 +01:00
|
|
|
|
2023-04-21 16:40:26 +01:00
|
|
|
// prepare for executing query
|
2023-04-22 18:11:21 +01:00
|
|
|
prepare, err := conf.DB.Prepare("select value from acme_challenges limit 1 where domain = ? and key = ?")
|
2023-04-21 16:40:26 +01:00
|
|
|
if err != nil {
|
|
|
|
|
utils.RespondHttpStatus(rw, http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// query the row and extract the value
|
|
|
|
|
row := prepare.QueryRow(h, key)
|
|
|
|
|
var value string
|
|
|
|
|
err = row.Scan(&value)
|
|
|
|
|
if err != nil {
|
|
|
|
|
utils.RespondHttpStatus(rw, http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// output response
|
|
|
|
|
rw.WriteHeader(http.StatusOK)
|
|
|
|
|
_, _ = rw.Write([]byte(value))
|
2023-04-21 03:21:46 +01:00
|
|
|
}
|
|
|
|
|
rw.WriteHeader(http.StatusNotFound)
|
|
|
|
|
})
|
2023-04-21 15:49:01 +01:00
|
|
|
|
|
|
|
|
// All other paths lead here and are forwarded to HTTPS
|
|
|
|
|
r.NotFound = http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
|
|
|
if h, ok := utils.GetDomainWithoutPort(req.Host); ok {
|
|
|
|
|
u := &url.URL{
|
|
|
|
|
Scheme: "https",
|
|
|
|
|
Host: h + secureExtend,
|
|
|
|
|
Path: req.URL.Path,
|
|
|
|
|
RawPath: req.URL.RawPath,
|
|
|
|
|
RawQuery: req.URL.RawQuery,
|
|
|
|
|
}
|
|
|
|
|
utils.FastRedirect(rw, req, u.String(), http.StatusPermanentRedirect)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Create and run http server
|
|
|
|
|
s := &http.Server{
|
2023-04-22 18:11:21 +01:00
|
|
|
Addr: conf.HttpListen,
|
2023-04-21 15:49:01 +01:00
|
|
|
Handler: r,
|
|
|
|
|
ReadTimeout: time.Minute,
|
|
|
|
|
ReadHeaderTimeout: time.Minute,
|
|
|
|
|
WriteTimeout: time.Minute,
|
|
|
|
|
IdleTimeout: time.Minute,
|
|
|
|
|
MaxHeaderBytes: 2500,
|
|
|
|
|
}
|
|
|
|
|
log.Printf("[HTTP] Starting HTTP server on: '%s'\n", s.Addr)
|
|
|
|
|
go utils.RunBackgroundHttp("HTTP", s)
|
|
|
|
|
return s
|
2023-04-21 03:21:46 +01:00
|
|
|
}
|
