Merge branch 'tableflip'

.github/workflows/test.yml

@@ -4,13 +4,15 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.20.x]
+        go-version: [1.22.x]
     runs-on: ubuntu-latest
     steps:
     - uses: actions/setup-go@v3
       with:
         go-version: ${{ matrix.go-version }}
     - uses: actions/checkout@v3
+    - run: sudo add-apt-repository ppa:inkscape.dev/stable
+    - run: sudo apt-get update
     - run: sudo apt-get install inkscape -y
     - run: go build ./cmd/violet/
     - run: go test ./...

.gitignore

@@ -1,3 +1,4 @@
 *.sqlite
 *.local
+.idea/
 .data

.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml

.idea/codeStyles/codeStyleConfig.xml

@@ -1,5 +0,0 @@
-<component name="ProjectCodeStyleConfiguration">
-  <state>
-    <option name="PREFERRED_PROJECT_CODE_STYLE" value="Default" />
-  </state>
-</component>

.idea/dataSources.xml

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
-    <data-source source="LOCAL" name="__db.sqlite" uuid="5aeb4e88-8ec4-4227-a921-ba4eaed357bf">
-      <driver-ref>sqlite.xerial</driver-ref>
-      <synchronize>true</synchronize>
-      <jdbc-driver>org.sqlite.JDBC</jdbc-driver>
-      <jdbc-url>jdbc:sqlite:__db.sqlite</jdbc-url>
-      <working-dir>$ProjectFileDir$</working-dir>
-    </data-source>
-  </component>
-</project>

.idea/discord.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="DiscordProjectSettings">
-    <option name="show" value="PROJECT_FILES" />
-    <option name="description" value="" />
-  </component>
-</project>

.idea/misc.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="MarkdownSettingsMigration">
-    <option name="stateVersion" value="1" />
-  </component>
-</project>

.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/violet.iml" filepath="$PROJECT_DIR$/.idea/violet.iml" />
-    </modules>
-  </component>
-</project>

.idea/sqldialects.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="SqlDialectMappings">
-    <file url="PROJECT" dialect="SQLite" />
-  </component>
-</project>

.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>

.idea/violet.iml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="Go" enabled="true" />
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

LICENSE.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

certs/certs.go

@@ -4,18 +4,21 @@ import (
 	"crypto/tls"
 	"crypto/x509/pkix"
 	"fmt"
-	"github.com/MrMelon54/certgen"
-	"github.com/MrMelon54/rescheduler"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/utils"
+	"github.com/mrmelon54/certgen"
+	"github.com/mrmelon54/rescheduler"
 	"io/fs"
-	"log"
 	"math/big"
-	"path/filepath"
+	"os"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
 )
 
+var Logger = logger.Logger.WithPrefix("Violet Certs")
+
 // Certs is the certificate loader and management system.
 type Certs struct {
 	cDir fs.FS
@@ -26,6 +29,8 @@ type Certs struct {
 	ca   *certgen.CertGen
 	sn   atomic.Int64
 	r    *rescheduler.Rescheduler
+	t    *time.Ticker
+	ts   chan struct{}
 }
 
 // New creates a new cert list
@@ -36,15 +41,26 @@ func New(certDir fs.FS, keyDir fs.FS, selfCert bool) *Certs {
 		ss:   selfCert,
 		s:    &sync.RWMutex{},
 		m:    make(map[string]*tls.Certificate),
+		ts:   make(chan struct{}, 1),
 	}
 
-	// the rescheduler isn't even used in self cert mode so why initialise it
 	if !selfCert {
+		// the rescheduler isn't even used in self cert mode so why initialise it
 		c.r = rescheduler.NewRescheduler(c.threadCompile)
-	}
 
-	// in self-signed mode generate a CA certificate to sign other certificates
-	if c.ss {
+		c.t = time.NewTicker(2 * time.Hour)
+		go func() {
+			for {
+				select {
+				case <-c.t.C:
+					c.Compile()
+				case <-c.ts:
+					return
+				}
+			}
+		}()
+	} else {
+		// in self-signed mode generate a CA certificate to sign other certificates
 		ca, err := certgen.MakeCaTls(4096, pkix.Name{
 			Country:            []string{"GB"},
 			Organization:       []string{"Violet"},
@@ -55,7 +71,7 @@ func New(certDir fs.FS, keyDir fs.FS, selfCert bool) *Certs {
 			return now.AddDate(10, 0, 0)
 		})
 		if err != nil {
-			log.Fatalln("Failed to generate CA cert for self-signed mode:", err)
+			logger.Logger.Fatal("Failed to generate CA cert for self-signed mode", "err", err)
 		}
 		c.ca = ca
 	}
@@ -117,6 +133,13 @@ func (c *Certs) Compile() {
 	c.r.Run()
 }
 
+func (c *Certs) Stop() {
+	if c.t != nil {
+		c.t.Stop()
+	}
+	close(c.ts)
+}
+
 func (c *Certs) threadCompile() {
 	// new map
 	certMap := make(map[string]*tls.Certificate)
@@ -124,7 +147,7 @@ func (c *Certs) threadCompile() {
 	// compile map and check errors
 	err := c.internalCompile(certMap)
 	if err != nil {
-		log.Printf("[Certs] Compile failed: %s\n", err)
+		Logger.Infof("Compile failed: %s\n", err)
 		return
 	}
 
@@ -147,7 +170,7 @@ func (c *Certs) internalCompile(m map[string]*tls.Certificate) error {
 		return fmt.Errorf("failed to read cert dir: %w", err)
 	}
 
-	log.Printf("[Certs] Compiling lookup table for %d certificates\n", len(files))
+	Logger.Infof("Compiling lookup table for %d certificates\n", len(files))
 
 	// find and parse certs
 	for _, i := range files {
@@ -158,8 +181,10 @@ func (c *Certs) internalCompile(m map[string]*tls.Certificate) error {
 
 		// get file name and extension
 		name := i.Name()
-		ext := filepath.Ext(name)
-		keyName := name[:len(name)-len(ext)] + ".key"
+		if !strings.HasSuffix(name, ".cert.pem") {
+			continue
+		}
+		keyName := name[:len(name)-len("cert.pem")] + "key.pem"
 
 		// try to read cert file
 		certData, err := fs.ReadFile(c.cDir, name)
@@ -170,6 +195,10 @@ func (c *Certs) internalCompile(m map[string]*tls.Certificate) error {
 		// try to read key file
 		keyData, err := fs.ReadFile(c.kDir, keyName)
 		if err != nil {
+			// ignore the file if the certificate doesn't exist
+			if os.IsNotExist(err) {
+				continue
+			}
 			return fmt.Errorf("failed to read key file '%s': %w", keyName, err)
 		}
 

certs/certs_test.go

@@ -3,7 +3,7 @@ package certs
 import (
 	"crypto/x509/pkix"
 	"fmt"
-	"github.com/MrMelon54/certgen"
+	"github.com/mrmelon54/certgen"
 	"github.com/stretchr/testify/assert"
 	"math/big"
 	"testing"
@@ -16,7 +16,7 @@ func TestCertsNew_Lookup(t *testing.T) {
 	// type to test that certificate files can be found and read correctly. This
 	// uses a MapFS for performance during tests.
 
-	ca, err := certgen.MakeCaTls(4096, pkix.Name{
+	ca, err := certgen.MakeCaTls(2048, pkix.Name{
 		Country:            []string{"GB"},
 		Organization:       []string{"Violet"},
 		OrganizationalUnit: []string{"Development"},
@@ -29,7 +29,7 @@ func TestCertsNew_Lookup(t *testing.T) {
 
 	domain := "example.com"
 	sn := int64(1)
-	serverTls, err := certgen.MakeServerTls(ca, 4096, pkix.Name{
+	serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{
 		Country:            []string{"GB"},
 		Organization:       []string{domain},
 		OrganizationalUnit: []string{domain},
@@ -41,13 +41,13 @@ func TestCertsNew_Lookup(t *testing.T) {
 	assert.NoError(t, err)
 
 	certDir := fstest.MapFS{
-		"example.com.pem": {
+		"example.com.cert.pem": {
 			Data: serverTls.GetCertPem(),
 		},
 	}
 
 	keyDir := fstest.MapFS{
-		"example.com.key": {
+		"example.com.key.pem": {
 			Data: serverTls.GetKeyPem(),
 		},
 	}
@@ -63,6 +63,10 @@ func TestCertsNew_Lookup(t *testing.T) {
 }
 
 func TestCertsNew_SelfSigned(t *testing.T) {
+	if testing.Short() {
+		return
+	}
+
 	certs := New(nil, nil, true)
 	cc := certs.GetCertForDomain("example.com")
 	leaf := certgen.TlsLeaf(cc)

cmd/violet/serve.go

@@ -2,22 +2,28 @@ package main
 
 import (
 	"context"
-	"database/sql"
 	"encoding/json"
 	"flag"
-	"fmt"
-	"github.com/MrMelon54/mjwt"
-	"github.com/MrMelon54/violet/certs"
-	"github.com/MrMelon54/violet/domains"
-	errorPages "github.com/MrMelon54/violet/error-pages"
-	"github.com/MrMelon54/violet/favicons"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/router"
-	"github.com/MrMelon54/violet/servers"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/mjwt"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/certs"
+	"github.com/1f349/violet/domains"
+	errorPages "github.com/1f349/violet/error-pages"
+	"github.com/1f349/violet/favicons"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
+	"github.com/1f349/violet/router"
+	"github.com/1f349/violet/servers"
+	"github.com/1f349/violet/servers/api"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/utils"
+	"github.com/charmbracelet/log"
+	"github.com/cloudflare/tableflip"
 	"github.com/google/subcommands"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/collectors"
 	"io/fs"
-	"log"
 	"net/http"
 	"os"
 	"os/signal"
@@ -26,156 +32,218 @@ import (
 	"time"
 )
 
-type serveCmd struct{ configPath string }
+type serveCmd struct {
+	configPath string
+	debugLog   bool
+	pidFile    string
+}
 
 func (s *serveCmd) Name() string     { return "serve" }
 func (s *serveCmd) Synopsis() string { return "Serve reverse proxy server" }
 func (s *serveCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&s.configPath, "conf", "", "/path/to/config.json : path to the config file")
+	f.BoolVar(&s.debugLog, "debug", false, "enable debug logging")
+	f.StringVar(&s.pidFile, "pid-file", "", "path to pid file")
 }
 func (s *serveCmd) Usage() string {
-	return `serve [-conf <config file>]
+	return `serve [-conf <config file>] [-debug] [-pid-file <pid file>]
   Serve reverse proxy server using information from config file
 `
 }
 
-func (s *serveCmd) Execute(ctx context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	log.Println("[Violet] Starting...")
+func (s *serveCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	if s.debugLog {
+		logger.Logger.SetLevel(log.DebugLevel)
+	}
+	logger.Logger.Info("Starting...")
+
+	upg, err := tableflip.New(tableflip.Options{
+		PIDFile: s.pidFile,
+	})
+	if err != nil {
+		panic(err)
+	}
+	defer upg.Stop()
 
 	if s.configPath == "" {
-		log.Println("[Violet] Error: config flag is missing")
+		logger.Logger.Info("Error: config flag is missing")
 		return subcommands.ExitUsageError
 	}
 
 	openConf, err := os.Open(s.configPath)
 	if err != nil {
 		if os.IsNotExist(err) {
-			log.Println("[Violet] Error: missing config file")
+			logger.Logger.Info("Error: missing config file")
 		} else {
-			log.Println("[Violet] Error: open config file: ", err)
+			logger.Logger.Info("Error: open config file: ", err)
 		}
 		return subcommands.ExitFailure
 	}
 
-	var conf startUpConfig
-	err = json.NewDecoder(openConf).Decode(&conf)
+	var config startUpConfig
+	err = json.NewDecoder(openConf).Decode(&config)
 	if err != nil {
-		log.Println("[Violet] Error: invalid config file: ", err)
+		logger.Logger.Info("Error: invalid config file: ", err)
 		return subcommands.ExitFailure
 	}
 
 	// working directory is the parent of the config file
 	wd := filepath.Dir(s.configPath)
-	normalLoad(conf, wd)
-	return subcommands.ExitSuccess
-}
 
-func normalLoad(conf startUpConfig, wd string) {
 	// the cert and key paths are useless in self-signed mode
-	if !conf.SelfSigned {
+	if !config.SelfSigned {
 		// create path to cert dir
 		err := os.MkdirAll(filepath.Join(wd, "certs"), os.ModePerm)
 		if err != nil {
-			log.Fatal("[Violet] Failed to create certificate path")
+			logger.Logger.Fatal("Failed to create certificate path")
 		}
 		// create path to key dir
 		err = os.MkdirAll(filepath.Join(wd, "keys"), os.ModePerm)
 		if err != nil {
-			log.Fatal("[Violet] Failed to create certificate key path")
+			logger.Logger.Fatal("Failed to create certificate key path")
 		}
 	}
 
 	// errorPageDir stores an FS interface for accessing the error page directory
 	var errorPageDir fs.FS
-	if conf.ErrorPagePath != "" {
-		errorPageDir = os.DirFS(conf.ErrorPagePath)
-		err := os.MkdirAll(conf.ErrorPagePath, os.ModePerm)
+	if config.ErrorPagePath != "" {
+		errorPageDir = os.DirFS(config.ErrorPagePath)
+		err := os.MkdirAll(config.ErrorPagePath, os.ModePerm)
 		if err != nil {
-			log.Fatalf("[Violet] Failed to create error page path '%s'", conf.ErrorPagePath)
+			logger.Logger.Fatal("Failed to create error page", "path", config.ErrorPagePath)
 		}
 	}
 
 	// load the MJWT RSA public key from a pem encoded file
 	mJwtVerify, err := mjwt.NewMJwtVerifierFromFile(filepath.Join(wd, "signer.public.pem"))
 	if err != nil {
-		log.Fatalf("[Violet] Failed to load MJWT verifier public key from file '%s': %s", filepath.Join(wd, "signer.public.pem"), err)
+		logger.Logger.Fatal("Failed to load MJWT verifier public key", "file", filepath.Join(wd, "signer.public.pem"), "err", err)
 	}
 
 	// open sqlite database
-	db, err := sql.Open("sqlite3", filepath.Join(wd, "violet.db.sqlite"))
+	db, err := violet.InitDB(filepath.Join(wd, "violet.db.sqlite"))
 	if err != nil {
-		log.Fatal("[Violet] Failed to open database")
+		logger.Logger.Fatal("Failed to open database", "err", err)
 	}
 
 	certDir := os.DirFS(filepath.Join(wd, "certs"))
 	keyDir := os.DirFS(filepath.Join(wd, "keys"))
 
-	allowedDomains := domains.New(db)                           // load allowed domains
-	acmeChallenges := utils.NewAcmeChallenge()                  // load acme challenge store
-	allowedCerts := certs.New(certDir, keyDir, conf.SelfSigned) // load certificate manager
-	hybridTransport := proxy.NewHybridTransport()               // load reverse proxy
-	dynamicFavicons := favicons.New(db, conf.InkscapeCmd)       // load dynamic favicon provider
-	dynamicErrorPages := errorPages.New(errorPageDir)           // load dynamic error page provider
-	dynamicRouter := router.NewManager(db, hybridTransport)     // load dynamic router manager
+	// setup registry for metrics
+	promRegistry := prometheus.NewRegistry()
+	promRegistry.MustRegister(
+		collectors.NewGoCollector(),
+		collectors.NewProcessCollector(collectors.ProcessCollectorOpts{}),
+	)
+
+	ws := websocket.NewServer()
+	allowedDomains := domains.New(db)                             // load allowed domains
+	acmeChallenges := utils.NewAcmeChallenge()                    // load acme challenge store
+	allowedCerts := certs.New(certDir, keyDir, config.SelfSigned) // load certificate manager
+	hybridTransport := proxy.NewHybridTransport(ws)               // load reverse proxy
+	dynamicFavicons := favicons.New(db, config.InkscapeCmd)       // load dynamic favicon provider
+	dynamicErrorPages := errorPages.New(errorPageDir)             // load dynamic error page provider
+	dynamicRouter := router.NewManager(db, hybridTransport)       // load dynamic router manager
 
 	// struct containing config for the http servers
-	srvConf := &servers.Conf{
-		ApiListen:   conf.Listen.Api,
-		HttpListen:  conf.Listen.Http,
-		HttpsListen: conf.Listen.Https,
-		RateLimit:   conf.RateLimit,
-		DB:          db,
-		Domains:     allowedDomains,
-		Acme:        acmeChallenges,
-		Certs:       allowedCerts,
-		Favicons:    dynamicFavicons,
-		Signer:      mJwtVerify,
-		ErrorPages:  dynamicErrorPages,
-		Router:      dynamicRouter,
+	srvConf := &conf.Conf{
+		RateLimit:  config.RateLimit,
+		DB:         db,
+		Domains:    allowedDomains,
+		Acme:       acmeChallenges,
+		Certs:      allowedCerts,
+		Favicons:   dynamicFavicons,
+		Signer:     mJwtVerify,
+		ErrorPages: dynamicErrorPages,
+		Router:     dynamicRouter,
 	}
 
 	// create the compilable list and run a first time compile
 	allCompilables := utils.MultiCompilable{allowedDomains, allowedCerts, dynamicFavicons, dynamicErrorPages, dynamicRouter}
 	allCompilables.Compile()
 
+	_, httpsPort, ok := utils.SplitDomainPort(config.Listen.Https, 443)
+	if !ok {
+		httpsPort = 443
+	}
+
 	var srvApi, srvHttp, srvHttps *http.Server
-	if srvConf.ApiListen != "" {
-		srvApi = servers.NewApiServer(srvConf, allCompilables)
-		log.Printf("[API] Starting API server on: '%s'\n", srvApi.Addr)
-		go utils.RunBackgroundHttp("API", srvApi)
+	if config.Listen.Api != "" {
+		// Listen must be called before Ready
+		lnApi, err := upg.Listen("tcp", config.Listen.Api)
+		if err != nil {
+			logger.Logger.Fatal("Listen failed", "err", err)
+		}
+		srvApi = api.NewApiServer(srvConf, allCompilables, promRegistry)
+		srvApi.SetKeepAlivesEnabled(false)
+		l := logger.Logger.With("server", "API")
+		l.Info("Starting server", "addr", config.Listen.Api)
+		go utils.RunBackgroundHttp(l, srvApi, lnApi)
 	}
-	if srvConf.HttpListen != "" {
-		srvHttp = servers.NewHttpServer(srvConf)
-		log.Printf("[HTTP] Starting HTTP server on: '%s'\n", srvHttp.Addr)
-		go utils.RunBackgroundHttp("HTTP", srvHttp)
+	if config.Listen.Http != "" {
+		// Listen must be called before Ready
+		lnHttp, err := upg.Listen("tcp", config.Listen.Http)
+		if err != nil {
+			logger.Logger.Fatal("Listen failed", "err", err)
+		}
+		srvHttp = servers.NewHttpServer(uint16(httpsPort), srvConf, promRegistry)
+		srvHttp.SetKeepAlivesEnabled(false)
+		l := logger.Logger.With("server", "HTTP")
+		l.Info("Starting server", "addr", config.Listen.Http)
+		go utils.RunBackgroundHttp(l, srvHttp, lnHttp)
 	}
-	if srvConf.HttpsListen != "" {
-		srvHttps = servers.NewHttpsServer(srvConf)
-		log.Printf("[HTTPS] Starting HTTPS server on: '%s'\n", srvHttps.Addr)
-		go utils.RunBackgroundHttps("HTTPS", srvHttps)
+	if config.Listen.Https != "" {
+		// Listen must be called before Ready
+		lnHttps, err := upg.Listen("tcp", config.Listen.Https)
+		if err != nil {
+			logger.Logger.Fatal("Listen failed", "err", err)
+		}
+		srvHttps = servers.NewHttpsServer(srvConf, promRegistry)
+		srvHttps.SetKeepAlivesEnabled(false)
+		l := logger.Logger.With("server", "HTTPS")
+		l.Info("Starting server", "addr", config.Listen.Https)
+		go utils.RunBackgroundHttps(l, srvHttps, lnHttps)
 	}
 
-	// Wait for exit signal
-	sc := make(chan os.Signal, 1)
-	signal.Notify(sc, syscall.SIGINT, syscall.SIGTERM, os.Interrupt, os.Kill)
-	<-sc
-	fmt.Println()
+	// Do an upgrade on SIGHUP
+	go func() {
+		sig := make(chan os.Signal, 1)
+		signal.Notify(sig, syscall.SIGHUP)
+		for range sig {
+			err := upg.Upgrade()
+			if err != nil {
+				logger.Logger.Error("Failed upgrade", "err", err)
+			}
+		}
+	}()
 
-	// Stop servers
-	log.Printf("[Violet] Stopping...")
-	n := time.Now()
+	logger.Logger.Info("Ready")
+	if err := upg.Ready(); err != nil {
+		panic(err)
+	}
+	<-upg.Exit()
+
+	time.AfterFunc(30*time.Second, func() {
+		logger.Logger.Warn("Graceful shutdown timed out")
+		os.Exit(1)
+	})
+
+	// stop updating certificates
+	allowedCerts.Stop()
+
+	// close websockets first
+	ws.Shutdown()
 
 	// close http servers
 	if srvApi != nil {
-		srvApi.Close()
+		_ = srvApi.Close()
 	}
 	if srvHttp != nil {
-		srvHttp.Close()
+		_ = srvHttp.Close()
 	}
 	if srvHttps != nil {
-		srvHttps.Close()
+		_ = srvHttps.Close()
 	}
 
-	log.Printf("[Violet] Took '%s' to shutdown\n", time.Now().Sub(n))
-	log.Println("[Violet] Goodbye")
+	return subcommands.ExitSuccess
 }

cmd/violet/setup.go

@@ -2,17 +2,18 @@ package main
 
 import (
 	"context"
-	"database/sql"
 	"encoding/json"
 	"flag"
 	"fmt"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/domains"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
+	"github.com/1f349/violet/router"
+	"github.com/1f349/violet/target"
 	"github.com/AlecAivazis/survey/v2"
-	"github.com/MrMelon54/violet/domains"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/router"
-	"github.com/MrMelon54/violet/target"
 	"github.com/google/subcommands"
-	"log"
 	"net"
 	"net/http"
 	"net/url"
@@ -41,7 +42,7 @@ func (s *setupCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{})
 	// get absolute path to specify files
 	wdAbs, err := filepath.Abs(s.wdPath)
 	if err != nil {
-		fmt.Println("[Violet] Failed to get full directory path: ", err)
+		fmt.Println("Failed to get full directory path: ", err)
 		return subcommands.ExitFailure
 	}
 
@@ -49,11 +50,11 @@ func (s *setupCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{})
 	createFile := false
 	err = survey.AskOne(&survey.Confirm{Message: fmt.Sprintf("Create Violet config files in this directory: '%s'?", wdAbs)}, &createFile)
 	if err != nil {
-		fmt.Println("[Violet] Error: ", err)
+		fmt.Println("Error: ", err)
 		return subcommands.ExitFailure
 	}
 	if !createFile {
-		fmt.Println("[Violet] Goodbye")
+		fmt.Println("Goodbye")
 		return subcommands.ExitSuccess
 	}
 
@@ -110,7 +111,7 @@ func (s *setupCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{})
 		},
 	}, &answers)
 	if err != nil {
-		fmt.Println("[Violet] Error: ", err)
+		fmt.Println("Error: ", err)
 		return subcommands.ExitFailure
 	}
 
@@ -141,14 +142,14 @@ func (s *setupCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{})
 		RateLimit:   answers.RateLimit,
 	})
 	if err != nil {
-		fmt.Println("[Violet] Failed to write config file: ", err)
+		fmt.Println("Failed to write config file: ", err)
 		return subcommands.ExitFailure
 	}
 
 	// open sqlite database
-	db, err := sql.Open("sqlite3", databaseFile)
+	db, err := violet.InitDB(databaseFile)
 	if err != nil {
-		log.Fatalf("[Violet] Failed to open database '%s'...", databaseFile)
+		logger.Logger.Fatal("Failed to open database", "err", err)
 	}
 
 	// domain manager to add a domain, no need to compile here as the program needs
@@ -167,31 +168,36 @@ func (s *setupCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{})
 			return nil
 		}))
 		if err != nil {
-			fmt.Println("[Violet] Error: ", err)
+			fmt.Println("Error: ", err)
 			return subcommands.ExitFailure
 		}
 
 		// parse the api url
 		apiUrl, err := url.Parse(answers.ApiUrl)
 		if err != nil {
-			fmt.Println("[Violet] Failed to parse API URL: ", err)
+			fmt.Println("Failed to parse API URL: ", err)
 			return subcommands.ExitFailure
 		}
 
 		// add with the route manager, no need to compile as this will run when opened
 		// with the serve subcommand
-		routeManager := router.NewManager(db, proxy.NewHybridTransportWithCalls(&nilTransport{}, &nilTransport{}))
-		routeManager.Add(path.Join(apiUrl.Host, apiUrl.Path), target.Route{
-			Pre:         true,
-			Host:        answers.ApiListen,
-			Cors:        true,
-			ForwardHost: true,
-			ForwardAddr: true,
-		}, true)
+		routeManager := router.NewManager(db, proxy.NewHybridTransportWithCalls(&nilTransport{}, &nilTransport{}, &websocket.Server{}))
+		err = routeManager.InsertRoute(target.RouteWithActive{
+			Route: target.Route{
+				Src:   path.Join(apiUrl.Host, apiUrl.Path),
+				Dst:   answers.ApiListen,
+				Flags: target.FlagPre | target.FlagCors | target.FlagForwardHost | target.FlagForwardAddr,
+			},
+			Active: true,
+		})
+		if err != nil {
+			fmt.Println("Failed to insert api route into database: ", err)
+			return subcommands.ExitFailure
+		}
 	}
 
-	fmt.Println("[Violet] Setup complete")
-	fmt.Printf("[Violet] Run the reverse proxy with `violet serve -conf %s`\n", confFile)
+	fmt.Println("Setup complete")
+	fmt.Printf("Run the reverse proxy with `violet serve -conf %s`\n", confFile)
 
 	return subcommands.ExitSuccess
 }

database/db.go

@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.25.0
+
+package database
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}

database/domain.sql.go

@@ -0,0 +1,68 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.25.0
+// source: domain.sql
+
+package database
+
+import (
+	"context"
+)
+
+const addDomain = `-- name: AddDomain :exec
+INSERT OR
+REPLACE
+INTO domains (domain, active)
+VALUES (?, ?)
+`
+
+type AddDomainParams struct {
+	Domain string `json:"domain"`
+	Active bool   `json:"active"`
+}
+
+func (q *Queries) AddDomain(ctx context.Context, arg AddDomainParams) error {
+	_, err := q.db.ExecContext(ctx, addDomain, arg.Domain, arg.Active)
+	return err
+}
+
+const deleteDomain = `-- name: DeleteDomain :exec
+INSERT OR
+REPLACE
+INTO domains(domain, active)
+VALUES (?, false)
+`
+
+func (q *Queries) DeleteDomain(ctx context.Context, domain string) error {
+	_, err := q.db.ExecContext(ctx, deleteDomain, domain)
+	return err
+}
+
+const getActiveDomains = `-- name: GetActiveDomains :many
+SELECT domain
+FROM domains
+WHERE active = 1
+`
+
+func (q *Queries) GetActiveDomains(ctx context.Context) ([]string, error) {
+	rows, err := q.db.QueryContext(ctx, getActiveDomains)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []string
+	for rows.Next() {
+		var domain string
+		if err := rows.Scan(&domain); err != nil {
+			return nil, err
+		}
+		items = append(items, domain)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}

database/favicon.sql.go

@@ -0,0 +1,74 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.25.0
+// source: favicon.sql
+
+package database
+
+import (
+	"context"
+	"database/sql"
+)
+
+const getFavicons = `-- name: GetFavicons :many
+SELECT host, svg, png, ico
+FROM favicons
+`
+
+type GetFaviconsRow struct {
+	Host string         `json:"host"`
+	Svg  sql.NullString `json:"svg"`
+	Png  sql.NullString `json:"png"`
+	Ico  sql.NullString `json:"ico"`
+}
+
+func (q *Queries) GetFavicons(ctx context.Context) ([]GetFaviconsRow, error) {
+	rows, err := q.db.QueryContext(ctx, getFavicons)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetFaviconsRow
+	for rows.Next() {
+		var i GetFaviconsRow
+		if err := rows.Scan(
+			&i.Host,
+			&i.Svg,
+			&i.Png,
+			&i.Ico,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const updateFaviconCache = `-- name: UpdateFaviconCache :exec
+INSERT OR
+REPLACE INTO favicons (host, svg, png, ico)
+VALUES (?, ?, ?, ?)
+`
+
+type UpdateFaviconCacheParams struct {
+	Host string         `json:"host"`
+	Svg  sql.NullString `json:"svg"`
+	Png  sql.NullString `json:"png"`
+	Ico  sql.NullString `json:"ico"`
+}
+
+func (q *Queries) UpdateFaviconCache(ctx context.Context, arg UpdateFaviconCacheParams) error {
+	_, err := q.db.ExecContext(ctx, updateFaviconCache,
+		arg.Host,
+		arg.Svg,
+		arg.Png,
+		arg.Ico,
+	)
+	return err
+}

database/migrations/20240308125121_init.down.sql

@@ -0,0 +1,4 @@
+DROP TABLE domains;
+DROP TABLE favicons;
+DROP TABLE routes;
+DROP TABLE redirects;

database/migrations/20240308125121_init.up.sql

@@ -0,0 +1,36 @@
+CREATE TABLE IF NOT EXISTS domains
+(
+    id     INTEGER PRIMARY KEY AUTOINCREMENT,
+    domain TEXT UNIQUE NOT NULL,
+    active BOOLEAN     NOT NULL DEFAULT 1
+);
+
+CREATE TABLE IF NOT EXISTS favicons
+(
+    id   INTEGER PRIMARY KEY AUTOINCREMENT,
+    host VARCHAR NOT NULL,
+    svg  VARCHAR,
+    png  VARCHAR,
+    ico  VARCHAR
+);
+
+CREATE TABLE IF NOT EXISTS routes
+(
+    id          INTEGER PRIMARY KEY AUTOINCREMENT,
+    source      TEXT UNIQUE NOT NULL,
+    destination TEXT        NOT NULL,
+    description TEXT        NOT NULL,
+    flags       INTEGER     NOT NULL DEFAULT 0,
+    active      BOOLEAN     NOT NULL DEFAULT 1
+);
+
+CREATE TABLE IF NOT EXISTS redirects
+(
+    id          INTEGER PRIMARY KEY AUTOINCREMENT,
+    source      TEXT UNIQUE NOT NULL,
+    destination TEXT        NOT NULL,
+    description TEXT        NOT NULL,
+    flags       INTEGER     NOT NULL DEFAULT 0,
+    code        INTEGER     NOT NULL DEFAULT 0,
+    active      BOOLEAN     NOT NULL DEFAULT 1
+);

database/models.go

@@ -0,0 +1,44 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.25.0
+
+package database
+
+import (
+	"database/sql"
+
+	"github.com/1f349/violet/target"
+)
+
+type Domain struct {
+	ID     int64  `json:"id"`
+	Domain string `json:"domain"`
+	Active bool   `json:"active"`
+}
+
+type Favicon struct {
+	ID   int64          `json:"id"`
+	Host string         `json:"host"`
+	Svg  sql.NullString `json:"svg"`
+	Png  sql.NullString `json:"png"`
+	Ico  sql.NullString `json:"ico"`
+}
+
+type Redirect struct {
+	ID          int64        `json:"id"`
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Code        int64        `json:"code"`
+	Active      bool         `json:"active"`
+}
+
+type Route struct {
+	ID          int64        `json:"id"`
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Active      bool         `json:"active"`
+}

database/queries/domain.sql

@@ -0,0 +1,16 @@
+-- name: GetActiveDomains :many
+SELECT domain
+FROM domains
+WHERE active = 1;
+
+-- name: AddDomain :exec
+INSERT OR
+REPLACE
+INTO domains (domain, active)
+VALUES (?, ?);
+
+-- name: DeleteDomain :exec
+INSERT OR
+REPLACE
+INTO domains(domain, active)
+VALUES (?, false);

database/queries/favicon.sql

@@ -0,0 +1,8 @@
+-- name: GetFavicons :many
+SELECT host, svg, png, ico
+FROM favicons;
+
+-- name: UpdateFaviconCache :exec
+INSERT OR
+REPLACE INTO favicons (host, svg, png, ico)
+VALUES (?, ?, ?, ?);

database/queries/routing.sql

@@ -0,0 +1,39 @@
+-- name: GetActiveRoutes :many
+SELECT source, destination, flags
+FROM routes
+WHERE active = 1;
+
+-- name: GetActiveRedirects :many
+SELECT source, destination, flags, code
+FROM redirects
+WHERE active = 1;
+
+-- name: GetAllRoutes :many
+SELECT source, destination, description, flags, active
+FROM routes;
+
+-- name: GetAllRedirects :many
+SELECT source, destination, description, flags, code, active
+FROM redirects;
+
+-- name: AddRoute :exec
+INSERT OR
+REPLACE
+INTO routes (source, destination, description, flags, active)
+VALUES (?, ?, ?, ?, ?);
+
+-- name: AddRedirect :exec
+INSERT OR
+REPLACE
+INTO redirects (source, destination, description, flags, code, active)
+VALUES (?, ?, ?, ?, ?, ?);
+
+-- name: RemoveRoute :exec
+DELETE
+FROM routes
+WHERE source = ?;
+
+-- name: RemoveRedirect :exec
+DELETE
+FROM redirects
+WHERE source = ?;

database/routing.sql.go

@@ -0,0 +1,250 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.25.0
+// source: routing.sql
+
+package database
+
+import (
+	"context"
+
+	"github.com/1f349/violet/target"
+)
+
+const addRedirect = `-- name: AddRedirect :exec
+INSERT OR
+REPLACE
+INTO redirects (source, destination, description, flags, code, active)
+VALUES (?, ?, ?, ?, ?, ?)
+`
+
+type AddRedirectParams struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Code        int64        `json:"code"`
+	Active      bool         `json:"active"`
+}
+
+func (q *Queries) AddRedirect(ctx context.Context, arg AddRedirectParams) error {
+	_, err := q.db.ExecContext(ctx, addRedirect,
+		arg.Source,
+		arg.Destination,
+		arg.Description,
+		arg.Flags,
+		arg.Code,
+		arg.Active,
+	)
+	return err
+}
+
+const addRoute = `-- name: AddRoute :exec
+INSERT OR
+REPLACE
+INTO routes (source, destination, description, flags, active)
+VALUES (?, ?, ?, ?, ?)
+`
+
+type AddRouteParams struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Active      bool         `json:"active"`
+}
+
+func (q *Queries) AddRoute(ctx context.Context, arg AddRouteParams) error {
+	_, err := q.db.ExecContext(ctx, addRoute,
+		arg.Source,
+		arg.Destination,
+		arg.Description,
+		arg.Flags,
+		arg.Active,
+	)
+	return err
+}
+
+const getActiveRedirects = `-- name: GetActiveRedirects :many
+SELECT source, destination, flags, code
+FROM redirects
+WHERE active = 1
+`
+
+type GetActiveRedirectsRow struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Flags       target.Flags `json:"flags"`
+	Code        int64        `json:"code"`
+}
+
+func (q *Queries) GetActiveRedirects(ctx context.Context) ([]GetActiveRedirectsRow, error) {
+	rows, err := q.db.QueryContext(ctx, getActiveRedirects)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetActiveRedirectsRow
+	for rows.Next() {
+		var i GetActiveRedirectsRow
+		if err := rows.Scan(
+			&i.Source,
+			&i.Destination,
+			&i.Flags,
+			&i.Code,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getActiveRoutes = `-- name: GetActiveRoutes :many
+SELECT source, destination, flags
+FROM routes
+WHERE active = 1
+`
+
+type GetActiveRoutesRow struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Flags       target.Flags `json:"flags"`
+}
+
+func (q *Queries) GetActiveRoutes(ctx context.Context) ([]GetActiveRoutesRow, error) {
+	rows, err := q.db.QueryContext(ctx, getActiveRoutes)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetActiveRoutesRow
+	for rows.Next() {
+		var i GetActiveRoutesRow
+		if err := rows.Scan(&i.Source, &i.Destination, &i.Flags); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getAllRedirects = `-- name: GetAllRedirects :many
+SELECT source, destination, description, flags, code, active
+FROM redirects
+`
+
+type GetAllRedirectsRow struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Code        int64        `json:"code"`
+	Active      bool         `json:"active"`
+}
+
+func (q *Queries) GetAllRedirects(ctx context.Context) ([]GetAllRedirectsRow, error) {
+	rows, err := q.db.QueryContext(ctx, getAllRedirects)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetAllRedirectsRow
+	for rows.Next() {
+		var i GetAllRedirectsRow
+		if err := rows.Scan(
+			&i.Source,
+			&i.Destination,
+			&i.Description,
+			&i.Flags,
+			&i.Code,
+			&i.Active,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getAllRoutes = `-- name: GetAllRoutes :many
+SELECT source, destination, description, flags, active
+FROM routes
+`
+
+type GetAllRoutesRow struct {
+	Source      string       `json:"source"`
+	Destination string       `json:"destination"`
+	Description string       `json:"description"`
+	Flags       target.Flags `json:"flags"`
+	Active      bool         `json:"active"`
+}
+
+func (q *Queries) GetAllRoutes(ctx context.Context) ([]GetAllRoutesRow, error) {
+	rows, err := q.db.QueryContext(ctx, getAllRoutes)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []GetAllRoutesRow
+	for rows.Next() {
+		var i GetAllRoutesRow
+		if err := rows.Scan(
+			&i.Source,
+			&i.Destination,
+			&i.Description,
+			&i.Flags,
+			&i.Active,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const removeRedirect = `-- name: RemoveRedirect :exec
+DELETE
+FROM redirects
+WHERE source = ?
+`
+
+func (q *Queries) RemoveRedirect(ctx context.Context, source string) error {
+	_, err := q.db.ExecContext(ctx, removeRedirect, source)
+	return err
+}
+
+const removeRoute = `-- name: RemoveRoute :exec
+DELETE
+FROM routes
+WHERE source = ?
+`
+
+func (q *Queries) RemoveRoute(ctx context.Context, source string) error {
+	_, err := q.db.ExecContext(ctx, removeRoute, source)
+	return err
+}

domains/create-table-domains.sql

@@ -1,6 +0,0 @@
-CREATE TABLE IF NOT EXISTS domains
-(
-    id     INTEGER PRIMARY KEY AUTOINCREMENT,
-    domain TEXT UNIQUE,
-    active INTEGER DEFAULT 1
-);

domains/domains.go

@@ -1,41 +1,34 @@
 package domains
 
 import (
-	"database/sql"
+	"context"
 	_ "embed"
-	"github.com/MrMelon54/rescheduler"
-	"github.com/MrMelon54/violet/utils"
-	"log"
+	"github.com/1f349/violet/database"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/utils"
+	"github.com/mrmelon54/rescheduler"
 	"strings"
 	"sync"
 )
 
-//go:embed create-table-domains.sql
-var createTableDomains string
+var Logger = logger.Logger.WithPrefix("Violet Domains")
 
 // Domains is the domain list and management system.
 type Domains struct {
-	db *sql.DB
+	db *database.Queries
 	s  *sync.RWMutex
 	m  map[string]struct{}
 	r  *rescheduler.Rescheduler
 }
 
 // New creates a new domain list
-func New(db *sql.DB) *Domains {
+func New(db *database.Queries) *Domains {
 	a := &Domains{
 		db: db,
 		s:  &sync.RWMutex{},
 		m:  make(map[string]struct{}),
 	}
 	a.r = rescheduler.NewRescheduler(a.threadCompile)
-
-	// init domains table
-	_, err := a.db.Exec(createTableDomains)
-	if err != nil {
-		log.Printf("[WARN] Failed to generate 'domains' table\n")
-		return nil
-	}
 	return a
 }
 
@@ -77,7 +70,7 @@ func (d *Domains) threadCompile() {
 	// compile map and check errors
 	err := d.internalCompile(domainMap)
 	if err != nil {
-		log.Printf("[Domains] Compile failed: %s\n", err)
+		Logger.Info("Compile faile", "err", err)
 		return
 	}
 
@@ -90,43 +83,39 @@ func (d *Domains) threadCompile() {
 // internalCompile is a hidden internal method for querying the database during
 // the Compile() method.
 func (d *Domains) internalCompile(m map[string]struct{}) error {
-	log.Println("[Domains] Updating domains from database")
+	Logger.Info("Updating domains from database")
 
 	// sql or something?
-	rows, err := d.db.Query(`select domain from domains where active = 1`)
+	rows, err := d.db.GetActiveDomains(context.Background())
 	if err != nil {
 		return err
 	}
-	defer rows.Close()
 
-	// loop through rows and scan the allowed domain names
-	for rows.Next() {
-		var name string
-		err = rows.Scan(&name)
-		if err != nil {
-			return err
-		}
-		m[name] = struct{}{}
+	for _, i := range rows {
+		m[i] = struct{}{}
 	}
 
 	// check for errors
-	return rows.Err()
+	return nil
 }
 
 func (d *Domains) Put(domain string, active bool) {
 	d.s.Lock()
 	defer d.s.Unlock()
-	_, err := d.db.Exec("INSERT OR REPLACE INTO domains (domain, active) VALUES (?, ?)", domain, active)
+	err := d.db.AddDomain(context.Background(), database.AddDomainParams{
+		Domain: domain,
+		Active: active,
+	})
 	if err != nil {
-		log.Printf("[Violet] Database error: %s\n", err)
+		logger.Logger.Infof("Database error: %s\n", err)
 	}
 }
 
 func (d *Domains) Delete(domain string) {
 	d.s.Lock()
 	defer d.s.Unlock()
-	_, err := d.db.Exec("INSERT OR REPLACE INTO domains (domain, active) VALUES (?, ?)", domain, false)
+	err := d.db.DeleteDomain(context.Background(), domain)
 	if err != nil {
-		log.Printf("[Violet] Database error: %s\n", err)
+		logger.Logger.Infof("Database error: %s\n", err)
 	}
 }

domains/domains_test.go

@@ -1,18 +1,20 @@
 package domains
 
 import (
-	"database/sql"
+	"context"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/database"
 	_ "github.com/mattn/go-sqlite3"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
 func TestDomainsNew(t *testing.T) {
-	db, err := sql.Open("sqlite3", "file::memory:?cache=shared")
+	db, err := violet.InitDB("file:TestDomainsNew?mode=memory&cache=shared")
 	assert.NoError(t, err)
 
 	domains := New(db)
-	_, err = db.Exec("INSERT OR IGNORE INTO domains (domain, active) VALUES (?, ?)", "example.com", 1)
+	err = db.AddDomain(context.Background(), database.AddDomainParams{Domain: "example.com", Active: true})
 	assert.NoError(t, err)
 	domains.Compile()
 
@@ -27,11 +29,11 @@ func TestDomainsNew(t *testing.T) {
 
 func TestDomains_IsValid(t *testing.T) {
 	// open sqlite database
-	db, err := sql.Open("sqlite3", "file::memory:?cache=shared")
+	db, err := violet.InitDB("file:TestDomains_IsValid?mode=memory&cache=shared")
 	assert.NoError(t, err)
 
 	domains := New(db)
-	_, err = domains.db.Exec("INSERT OR IGNORE INTO domains (domain, active) VALUES (?, ?)", "example.com", 1)
+	err = db.AddDomain(context.Background(), database.AddDomainParams{Domain: "example.com", Active: true})
 	assert.NoError(t, err)
 
 	domains.s.Lock()

error-pages/error-pages.go

@@ -2,9 +2,9 @@ package error_pages
 
 import (
 	"fmt"
-	"github.com/MrMelon54/rescheduler"
+	"github.com/1f349/violet/logger"
+	"github.com/mrmelon54/rescheduler"
 	"io/fs"
-	"log"
 	"net/http"
 	"path/filepath"
 	"strconv"
@@ -12,6 +12,8 @@ import (
 	"sync"
 )
 
+var Logger = logger.Logger.WithPrefix("Violet Error Pages")
+
 // ErrorPages stores the custom error pages and is called by the servers to
 // output meaningful pages for HTTP error codes
 type ErrorPages struct {
@@ -78,7 +80,7 @@ func (e *ErrorPages) threadCompile() {
 	if e.dir != nil {
 		err := e.internalCompile(errorPageMap)
 		if err != nil {
-			log.Printf("[ErrorPages] Compile failed: %s\n", err)
+			Logger.Info("Compile failed", "err", err)
 			return
 		}
 	}
@@ -96,7 +98,7 @@ func (e *ErrorPages) internalCompile(m map[int]func(rw http.ResponseWriter)) err
 		return fmt.Errorf("failed to read error pages dir: %w", err)
 	}
 
-	log.Printf("[ErrorPages] Compiling lookup table for %d error pages\n", len(files))
+	Logger.Info("Compiling lookup table", "page count", len(files))
 
 	// find and load error pages
 	for _, i := range files {
@@ -111,20 +113,20 @@ func (e *ErrorPages) internalCompile(m map[int]func(rw http.ResponseWriter)) err
 
 		// if the extension is not 'html' then ignore the file
 		if ext != ".html" {
-			log.Printf("[ErrorPages] WARNING: ignoring non '.html' file in error pages directory: '%s'\n", name)
+			Logger.Warn("Ignoring non '.html' file in error pages directory", "name", name)
 			continue
 		}
 
 		// if the name can't be
 		nameInt, err := strconv.Atoi(strings.TrimSuffix(name, ".html"))
 		if err != nil {
-			log.Printf("[ErrorPages] WARNING: ignoring invalid error page in error pages directory: '%s'\n", name)
+			Logger.Warn("Ignoring invalid error page in error pages directory", "name", name)
 			continue
 		}
 
 		// check if code is in range 100-599
 		if nameInt < 100 || nameInt >= 600 {
-			log.Printf("[ErrorPages] WARNING: ignoring invalid error page in error pages directory must be 100-599: '%s'\n", name)
+			Logger.Warn("Ignoring invalid error page in error pages directory must be 100-599", "name", name)
 			continue
 		}
 

favicons/favicon-image.go

@@ -1,5 +1,7 @@
 package favicons
 
+import "database/sql"
+
 // FaviconImage stores the url, hash and raw bytes of an image
 type FaviconImage struct {
 	Url  string
@@ -9,9 +11,9 @@ type FaviconImage struct {
 
 // CreateFaviconImage outputs a FaviconImage with the specified URL or nil if
 // the URL is an empty string.
-func CreateFaviconImage(url string) *FaviconImage {
-	if url == "" {
+func CreateFaviconImage(url sql.NullString) *FaviconImage {
+	if !url.Valid {
 		return nil
 	}
-	return &FaviconImage{Url: url}
+	return &FaviconImage{Url: url.String}
 }

favicons/favicon-list.go

@@ -6,7 +6,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/MrMelon54/png2ico"
+	"github.com/mrmelon54/png2ico"
 	"image/png"
 	"io"
 	"net/http"
@@ -74,7 +74,7 @@ func (l *FaviconList) PreProcess(convert func(in []byte) ([]byte, error)) error
 		// download SVG
 		l.Svg.Raw, err = getFaviconViaRequest(l.Svg.Url)
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to fetch SVG icon: %w", err)
+			return fmt.Errorf("favicons: failed to fetch SVG icon: %w", err)
 		}
 		l.Svg.Hash = hex.EncodeToString(sha256.New().Sum(l.Svg.Raw))
 	}
@@ -84,14 +84,14 @@ func (l *FaviconList) PreProcess(convert func(in []byte) ([]byte, error)) error
 		// download PNG
 		l.Png.Raw, err = getFaviconViaRequest(l.Png.Url)
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to fetch PNG icon: %w", err)
+			return fmt.Errorf("favicons: failed to fetch PNG icon: %w", err)
 		}
 	} else if l.Svg != nil {
 		// generate PNG from SVG
 		l.Png = &FaviconImage{}
 		l.Png.Raw, err = convert(l.Svg.Raw)
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to generate PNG icon: %w", err)
+			return fmt.Errorf("favicons: failed to generate PNG icon: %w", err)
 		}
 	}
 
@@ -100,19 +100,19 @@ func (l *FaviconList) PreProcess(convert func(in []byte) ([]byte, error)) error
 		// download ICO
 		l.Ico.Raw, err = getFaviconViaRequest(l.Ico.Url)
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to fetch ICO icon: %w", err)
+			return fmt.Errorf("favicons: failed to fetch ICO icon: %w", err)
 		}
 	} else if l.Png != nil {
 		// generate ICO from PNG
 		l.Ico = &FaviconImage{}
 		decode, err := png.Decode(bytes.NewReader(l.Png.Raw))
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to decode PNG icon: %w", err)
+			return fmt.Errorf("favicons: failed to decode PNG icon: %w", err)
 		}
 		b := decode.Bounds()
 		l.Ico.Raw, err = png2ico.ConvertPngToIco(l.Png.Raw, b.Dx(), b.Dy())
 		if err != nil {
-			return fmt.Errorf("[Favicons] Failed to generate ICO icon: %w", err)
+			return fmt.Errorf("favicons: failed to generate ICO icon: %w", err)
 		}
 	}
 
@@ -139,16 +139,16 @@ func (l *FaviconList) genSha256() {
 var getFaviconViaRequest = func(url string) ([]byte, error) {
 	req, err := http.NewRequest(http.MethodGet, url, nil)
 	if err != nil {
-		return nil, fmt.Errorf("[Favicons] Failed to send request '%s': %w", url, err)
+		return nil, fmt.Errorf("favicons: Failed to send request '%s': %w", url, err)
 	}
 	req.Header.Set("X-Violet-Raw-Favicon", "1")
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("[Favicons] Failed to do request '%s': %w", url, err)
+		return nil, fmt.Errorf("favicons: failed to do request '%s': %w", url, err)
 	}
 	rawBody, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("[Favicons] Failed to read response '%s': %w", url, err)
+		return nil, fmt.Errorf("favicons: failed to read response '%s': %w", url, err)
 	}
 	return rawBody, nil
 }

favicons/favicons.go

@@ -1,20 +1,24 @@
 package favicons
 
 import (
-	"database/sql"
+	"context"
+	_ "embed"
 	"errors"
 	"fmt"
-	"github.com/MrMelon54/rescheduler"
+	"github.com/1f349/violet/database"
+	"github.com/1f349/violet/logger"
+	"github.com/mrmelon54/rescheduler"
 	"golang.org/x/sync/errgroup"
-	"log"
 	"sync"
 )
 
+var Logger = logger.Logger.WithPrefix("Violet Favicons")
+
 var ErrFaviconNotFound = errors.New("favicon not found")
 
 // Favicons is a dynamic favicon generator which supports overwriting favicons
 type Favicons struct {
-	db         *sql.DB
+	db         *database.Queries
 	cmd        string
 	cLock      *sync.RWMutex
 	faviconMap map[string]*FaviconList
@@ -22,7 +26,7 @@ type Favicons struct {
 }
 
 // New creates a new dynamic favicon generator
-func New(db *sql.DB, inkscapeCmd string) *Favicons {
+func New(db *database.Queries, inkscapeCmd string) *Favicons {
 	f := &Favicons{
 		db:         db,
 		cmd:        inkscapeCmd,
@@ -31,13 +35,6 @@ func New(db *sql.DB, inkscapeCmd string) *Favicons {
 	}
 	f.r = rescheduler.NewRescheduler(f.threadCompile)
 
-	// init favicons table
-	_, err := f.db.Exec(`create table if not exists favicons (id integer primary key autoincrement, host varchar, svg varchar, png varchar, ico varchar)`)
-	if err != nil {
-		log.Printf("[WARN] Failed to generate 'favicons' table\n")
-		return nil
-	}
-
 	// run compile to get the initial data
 	f.Compile()
 	return f
@@ -71,7 +68,7 @@ func (f *Favicons) threadCompile() {
 	err := f.internalCompile(favicons)
 	if err != nil {
 		// log compile errors
-		log.Printf("[Favicons] Compile failed: %s\n", err)
+		Logger.Info("Compile failed", "err", err)
 		return
 	}
 
@@ -85,29 +82,23 @@ func (f *Favicons) threadCompile() {
 // favicons.
 func (f *Favicons) internalCompile(m map[string]*FaviconList) error {
 	// query all rows in database
-	query, err := f.db.Query(`select host, svg, png, ico from favicons`)
+	rows, err := f.db.GetFavicons(context.Background())
 	if err != nil {
-		return fmt.Errorf("failed to prepare query: %w", err)
+		return fmt.Errorf("failed to prepare rows: %w", err)
 	}
 
 	// loop over rows and scan in data using error group to catch errors
 	var g errgroup.Group
-	for query.Next() {
-		var host, rawSvg, rawPng, rawIco string
-		err := query.Scan(&host, &rawSvg, &rawPng, &rawIco)
-		if err != nil {
-			return fmt.Errorf("failed to scan row: %w", err)
-		}
-
+	for _, row := range rows {
 		// create favicon list for this row
 		l := &FaviconList{
-			Ico: CreateFaviconImage(rawIco),
-			Png: CreateFaviconImage(rawPng),
-			Svg: CreateFaviconImage(rawSvg),
+			Ico: CreateFaviconImage(row.Ico),
+			Png: CreateFaviconImage(row.Png),
+			Svg: CreateFaviconImage(row.Svg),
 		}
 
 		// save the favicon list to the map
-		m[host] = l
+		m[row.Host] = l
 
 		// run the pre-process in a separate goroutine
 		g.Go(func() error {

favicons/favicons_test.go

@@ -2,8 +2,11 @@ package favicons
 
 import (
 	"bytes"
+	"context"
 	"database/sql"
 	_ "embed"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/database"
 	_ "github.com/mattn/go-sqlite3"
 	"github.com/stretchr/testify/assert"
 	"image/png"
@@ -22,11 +25,17 @@ var (
 func TestFaviconsNew(t *testing.T) {
 	getFaviconViaRequest = func(_ string) ([]byte, error) { return exampleSvg, nil }
 
-	db, err := sql.Open("sqlite3", "file::memory:?cache=shared")
+	db, err := violet.InitDB("file:TestFaviconsNew?mode=memory&cache=shared")
 	assert.NoError(t, err)
 
 	favicons := New(db, "inkscape")
-	_, err = db.Exec("insert into favicons (host, svg, png, ico) values (?, ?, ?, ?)", "example.com", "https://example.com/assets/logo.svg", "", "")
+	err = db.UpdateFaviconCache(context.Background(), database.UpdateFaviconCacheParams{
+		Host: "example.com",
+		Svg: sql.NullString{
+			String: "https://example.com/assets/logo.svg",
+			Valid:  true,
+		},
+	})
 	assert.NoError(t, err)
 	favicons.cLock.Lock()
 	assert.NoError(t, favicons.internalCompile(favicons.faviconMap))

go.mod

@@ -1,37 +1,62 @@
-module github.com/MrMelon54/violet
+module github.com/1f349/violet
 
-go 1.20
+go 1.22
 
 require (
+	github.com/1f349/mjwt v0.2.5
 	github.com/AlecAivazis/survey/v2 v2.3.7
-	github.com/MrMelon54/certgen v0.0.1
-	github.com/MrMelon54/mjwt v0.1.1
-	github.com/MrMelon54/png2ico v1.0.1
-	github.com/MrMelon54/rescheduler v0.0.1
-	github.com/MrMelon54/trie v0.0.2
+	github.com/charmbracelet/log v0.4.0
+	github.com/cloudflare/tableflip v1.2.3
+	github.com/golang-migrate/migrate/v4 v4.17.1
 	github.com/google/subcommands v1.2.0
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.1
 	github.com/julienschmidt/httprouter v1.3.0
-	github.com/mattn/go-sqlite3 v1.14.16
-	github.com/rs/cors v1.9.0
-	github.com/sethvargo/go-limiter v0.7.2
-	github.com/stretchr/testify v1.8.4
-	golang.org/x/net v0.9.0
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+	github.com/mattn/go-sqlite3 v1.14.22
+	github.com/mrmelon54/certgen v0.0.2
+	github.com/mrmelon54/png2ico v1.0.2
+	github.com/mrmelon54/rescheduler v0.0.3
+	github.com/mrmelon54/trie v0.0.3
+	github.com/prometheus/client_golang v1.19.1
+	github.com/rs/cors v1.11.0
+	github.com/sethvargo/go-limiter v1.0.0
+	github.com/stretchr/testify v1.9.0
+	golang.org/x/net v0.25.0
+	golang.org/x/sync v0.7.0
 )
 
 require (
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/becheran/wildmatch-go v1.0.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/charmbracelet/lipgloss v0.10.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logfmt/logfmt v0.6.0 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/kr/pretty v0.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.2 // indirect
-	github.com/mattn/go-isatty v0.0.8 // indirect
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/term v0.7.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.53.0 // indirect
+	github.com/prometheus/procfs v0.14.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,94 +1,162 @@
+github.com/1f349/mjwt v0.2.5 h1:IxjLaali22ayTzZ628lH7j0JDdYJoj6+CJ/VktCqtXQ=
+github.com/1f349/mjwt v0.2.5/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
 github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
 github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
-github.com/MrMelon54/certgen v0.0.1 h1:ycWdZ2RlxQ5qSuejeBVv4aXjGo5hdqqL4j4EjrXnFMk=
-github.com/MrMelon54/certgen v0.0.1/go.mod h1:GHflVlSbtFLJZLpN1oWyUvDBRrR8qCWiwZLXCCnS2Gc=
-github.com/MrMelon54/mjwt v0.1.1 h1:m+aTpxbhQCrOPKHN170DQMFR5r938LkviU38unob5Jw=
-github.com/MrMelon54/mjwt v0.1.1/go.mod h1:oYrDBWK09Hju98xb+bRQ0wy+RuAzacxYvKYOZchR2Tk=
-github.com/MrMelon54/png2ico v1.0.1 h1:zJoSSl4OkvSIMWGyGPvb8fWNa0KrUvMIjgNGLNLJhVQ=
-github.com/MrMelon54/png2ico v1.0.1/go.mod h1:NOv3tO4497mInG+3tcFkIohmxCywUwMLU8WNxJZLVmU=
-github.com/MrMelon54/rescheduler v0.0.1 h1:gzNvL8X81M00uYN0i9clFVrXCkG1UuLNYxDcvjKyBqo=
-github.com/MrMelon54/rescheduler v0.0.1/go.mod h1:OQDFtZHdS4/qA/r7rtJUQA22/hbpnZ9MGQCXOPjhC6w=
-github.com/MrMelon54/trie v0.0.2 h1:ZXWcX5ij62O9K4I/anuHmVg8L3tF0UGdlPceAASwKEY=
-github.com/MrMelon54/trie v0.0.2/go.mod h1:sGCGOcqb+DxSxvHgSOpbpkmA7mFZR47YDExy9OCbVZI=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
+github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s=
+github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE=
+github.com/charmbracelet/log v0.4.0 h1:G9bQAcx8rWA2T3pWvx7YtPTPwgqpk7D68BX21IRW8ZM=
+github.com/charmbracelet/log v0.4.0/go.mod h1:63bXt/djrizTec0l11H20t8FDSvA4CRZJ1KH22MdptM=
+github.com/cloudflare/tableflip v1.2.3 h1:8I+B99QnnEWPHOY3fWipwVKxS70LGgUsslG7CSfmHMw=
+github.com/cloudflare/tableflip v1.2.3/go.mod h1:P4gRehmV6Z2bY5ao5ml9Pd8u6kuEnlB37pUFMmv7j2E=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
+github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-migrate/migrate/v4 v4.17.1 h1:4zQ6iqL6t6AiItphxJctQb3cFqWiSpMnX7wLTPnnYO4=
+github.com/golang-migrate/migrate/v4 v4.17.1/go.mod h1:m8hinFyWBn0SA4QKHuKh175Pm9wjmxj3S2Mia7dbXzM=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
-github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mrmelon54/certgen v0.0.2 h1:4CMDkA/gGZu+E4iikU+5qdOWK7qOQrk58KtUfnmyYmY=
+github.com/mrmelon54/certgen v0.0.2/go.mod h1:vwrWSXQmxZYqEyh+cf05IvDIFV2aYuxL4+O6ABIlN8M=
+github.com/mrmelon54/png2ico v1.0.2 h1:KyJd3ATmDjxAJS28MTSf44GxzYnlZ+7KT8SXzGb3sN8=
+github.com/mrmelon54/png2ico v1.0.2/go.mod h1:vp8Be9y5cz102ANon+BnsIzTUdet3VQRvOuWJTH9h0M=
+github.com/mrmelon54/rescheduler v0.0.3 h1:TrkJL6S7PKvXuo1mvdgRgsILA/pk5L1lrXhV/q7IEzQ=
+github.com/mrmelon54/rescheduler v0.0.3/go.mod h1:q415n6W1xcePPP5Rix6FOiADgcN66BYMyNOsFnNyoWQ=
+github.com/mrmelon54/trie v0.0.3 h1:wZmws84FiGNBZJ00garLyQ2EQhtx0SipVoV7fK8+kZE=
+github.com/mrmelon54/trie v0.0.3/go.mod h1:d3hl0YUBSWR3XN4S9BDLkGVzLT4VgwP2mZkBJM6uFpw=
+github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
+github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
+github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
+github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE=
-github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/sethvargo/go-limiter v0.7.2 h1:FgC4N7RMpV5gMrUdda15FaFTkQ/L4fEqM7seXMs4oO8=
-github.com/sethvargo/go-limiter v0.7.2/go.mod h1:C0kbSFbiriE5k2FFOe18M1YZbAR2Fiwf72uGu0CXCcU=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
+github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
+github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s=
+github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/sethvargo/go-limiter v1.0.0 h1:JqW13eWEMn0VFv86OKn8wiYJY/m250WoXdrjRV0kLe4=
+github.com/sethvargo/go-limiter v1.0.0/go.mod h1:01b6tW25Ap+MeLYBuD4aHunMrJoNO5PVUFdS9rac3II=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
-golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

initdb.go

@@ -0,0 +1,38 @@
+package violet
+
+import (
+	"database/sql"
+	"embed"
+	"errors"
+	"github.com/1f349/violet/database"
+	"github.com/golang-migrate/migrate/v4"
+	"github.com/golang-migrate/migrate/v4/database/sqlite3"
+	"github.com/golang-migrate/migrate/v4/source/iofs"
+)
+
+//go:embed database/migrations/*.sql
+var migrations embed.FS
+
+func InitDB(p string) (*database.Queries, error) {
+	migDrv, err := iofs.New(migrations, "database/migrations")
+	if err != nil {
+		return nil, err
+	}
+	dbOpen, err := sql.Open("sqlite3", p)
+	if err != nil {
+		return nil, err
+	}
+	dbDrv, err := sqlite3.WithInstance(dbOpen, &sqlite3.Config{})
+	if err != nil {
+		return nil, err
+	}
+	mig, err := migrate.NewWithInstance("iofs", migDrv, "sqlite3", dbDrv)
+	if err != nil {
+		return nil, err
+	}
+	err = mig.Up()
+	if err != nil && !errors.Is(err, migrate.ErrNoChange) {
+		return nil, err
+	}
+	return database.New(dbOpen), nil
+}

logger/logger.go

@@ -0,0 +1,12 @@
+package logger
+
+import (
+	"github.com/charmbracelet/log"
+	"os"
+)
+
+var Logger = log.NewWithOptions(os.Stderr, log.Options{
+	ReportCaller:    true,
+	ReportTimestamp: true,
+	Prefix:          "Violet",
+})

proxy/hybrid-transport.go

@@ -2,30 +2,37 @@ package proxy
 
 import (
 	"crypto/tls"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/proxy/websocket"
 	"net"
 	"net/http"
 	"sync"
 	"time"
 )
 
+var loggerSecure = logger.Logger.WithPrefix("Violet Secure Transport")
+var loggerInsecure = logger.Logger.WithPrefix("Violet Insecure Transport")
+var loggerWebsocket = logger.Logger.WithPrefix("Violet Websocket Transport")
+
 type HybridTransport struct {
 	baseDialer        *net.Dialer
 	normalTransport   http.RoundTripper
 	insecureTransport http.RoundTripper
 	socksSync         *sync.RWMutex
 	socksTransport    map[string]http.RoundTripper
+	ws                *websocket.Server
 }
 
 // NewHybridTransport creates a new hybrid transport
-func NewHybridTransport() *HybridTransport {
-	return NewHybridTransportWithCalls(nil, nil)
+func NewHybridTransport(ws *websocket.Server) *HybridTransport {
+	return NewHybridTransportWithCalls(nil, nil, ws)
 }
 
 // NewHybridTransportWithCalls creates new hybrid transport with custom normal
 // and insecure http.RoundTripper functions.
 //
 // NewHybridTransportWithCalls(nil, nil) is equivalent to NewHybridTransport()
-func NewHybridTransportWithCalls(normal, insecure http.RoundTripper) *HybridTransport {
+func NewHybridTransportWithCalls(normal, insecure http.RoundTripper, ws *websocket.Server) *HybridTransport {
 	h := &HybridTransport{
 		baseDialer: &net.Dialer{
 			Timeout:   30 * time.Second,
@@ -33,6 +40,7 @@ func NewHybridTransportWithCalls(normal, insecure http.RoundTripper) *HybridTran
 		},
 		normalTransport:   normal,
 		insecureTransport: insecure,
+		ws:                ws,
 	}
 	if h.normalTransport == nil {
 		h.normalTransport = &http.Transport{
@@ -44,6 +52,7 @@ func NewHybridTransportWithCalls(normal, insecure http.RoundTripper) *HybridTran
 			IdleConnTimeout:       30 * time.Second,
 			ExpectContinueTimeout: 1 * time.Second,
 			ResponseHeaderTimeout: 10 * time.Second,
+			DisableKeepAlives:     true,
 		}
 	}
 	if h.insecureTransport == nil {
@@ -57,6 +66,7 @@ func NewHybridTransportWithCalls(normal, insecure http.RoundTripper) *HybridTran
 			ExpectContinueTimeout: 1 * time.Second,
 			ResponseHeaderTimeout: 10 * time.Second,
 			TLSClientConfig:       &tls.Config{InsecureSkipVerify: true},
+			DisableKeepAlives:     true,
 		}
 	}
 	return h
@@ -71,3 +81,8 @@ func (h *HybridTransport) SecureRoundTrip(req *http.Request) (*http.Response, er
 func (h *HybridTransport) InsecureRoundTrip(req *http.Request) (*http.Response, error) {
 	return h.insecureTransport.RoundTrip(req)
 }
+
+// ConnectWebsocket calls the websocket upgrader and thus hijacks the connection
+func (h *HybridTransport) ConnectWebsocket(rw http.ResponseWriter, req *http.Request) {
+	h.ws.Upgrade(rw, req)
+}

proxy/hybrid-transport_test.go

@@ -7,7 +7,7 @@ import (
 )
 
 func TestNewHybridTransport(t *testing.T) {
-	h := NewHybridTransport()
+	h := NewHybridTransport(nil)
 	req, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
 	assert.NoError(t, err)
 	trip, err := h.SecureRoundTrip(req)

proxy/websocket/server.go

@@ -0,0 +1,134 @@
+package websocket
+
+import (
+	"github.com/1f349/violet/logger"
+	"github.com/gorilla/websocket"
+	"net/http"
+	"slices"
+	"sync"
+	"time"
+)
+
+var Logger = logger.Logger.WithPrefix("Violet Websocket")
+
+var upgrader = websocket.Upgrader{
+	HandshakeTimeout: time.Second * 5,
+	ReadBufferSize:   1024,
+	WriteBufferSize:  1024,
+	CheckOrigin: func(r *http.Request) bool {
+		// allow requests from any origin
+		// the internal service can decide what origins to allow
+		return true
+	},
+}
+
+type Server struct {
+	connLock *sync.RWMutex
+	connStop bool
+	conns    map[string]*websocket.Conn
+}
+
+func NewServer() *Server {
+	return &Server{
+		connLock: new(sync.RWMutex),
+		conns:    make(map[string]*websocket.Conn),
+	}
+}
+
+func (s *Server) Upgrade(rw http.ResponseWriter, req *http.Request) {
+	req.URL.Scheme = "ws"
+	Logger.Info("Upgrading request", "url", req.URL, "origin", req.Header.Get("Origin"))
+
+	c, err := upgrader.Upgrade(rw, req, nil)
+	if err != nil {
+		return
+	}
+
+	defer c.Close()
+	s.connLock.Lock()
+
+	// no more connections allowed
+	if s.connStop {
+		s.connLock.Unlock()
+		return
+	}
+
+	// save connection for shutdown
+	s.conns[c.RemoteAddr().String()] = c
+	s.connLock.Unlock()
+
+	Logger.Info("Dialing", "url", req.URL)
+
+	// dial for internal connection
+	ic, _, err := websocket.DefaultDialer.DialContext(req.Context(), req.URL.String(), filterWebsocketHeaders(req.Header))
+	if err != nil {
+		Logger.Info("Failed to dial", "url", req.URL, "err", err)
+		s.Remove(c)
+		return
+	}
+	defer ic.Close()
+
+	d1 := make(chan struct{}, 1)
+	d2 := make(chan struct{}, 1)
+
+	// relay messages each way
+	go s.wsRelay(d1, c, ic)
+	go s.wsRelay(d2, ic, c)
+
+	// wait for done signal and close both connections
+	Logger.Info("Completed websocket hijacking")
+
+	// waiting until d1 or d2 close then automatically defer close both connections
+	select {
+	case <-d1:
+	case <-d2:
+	}
+}
+
+// filterWebsocketHeaders allows specific headers to forward to the underlying websocket connection
+func filterWebsocketHeaders(headers http.Header) (out http.Header) {
+	out = make(http.Header)
+	for k, v := range headers {
+		if k == "Origin" {
+			out[k] = slices.Clone(v)
+		}
+	}
+	return
+}
+
+func (s *Server) wsRelay(done chan struct{}, a, b *websocket.Conn) {
+	defer func() {
+		close(done)
+	}()
+	for {
+		mt, message, err := a.ReadMessage()
+		if err != nil {
+			Logger.Info("Read message", "err", err)
+			return
+		}
+		if b.WriteMessage(mt, message) != nil {
+			return
+		}
+	}
+}
+
+func (s *Server) Remove(c *websocket.Conn) {
+	s.connLock.Lock()
+	delete(s.conns, c.RemoteAddr().String())
+	s.connLock.Unlock()
+	_ = c.Close()
+}
+
+func (s *Server) Shutdown() {
+	s.connLock.Lock()
+	defer s.connLock.Unlock()
+
+	// flag shutdown and close all open connections
+	s.connStop = true
+	for _, i := range s.conns {
+		_ = i.Close()
+	}
+
+	// clear connections, not required but do it anyway
+	s.conns = make(map[string]*websocket.Conn)
+}

router/create-table-redirects.sql

@@ -1,10 +0,0 @@
-CREATE TABLE IF NOT EXISTS redirects
-(
-    id          INTEGER PRIMARY KEY AUTOINCREMENT,
-    source      TEXT,
-    pre         INTEGER,
-    destination TEXT,
-    abs         INTEGER,
-    code        INTEGER,
-    active      INTEGER DEFAULT 1
-);

router/create-table-routes.sql

@@ -1,14 +0,0 @@
-CREATE TABLE IF NOT EXISTS routes
-(
-    id           INTEGER PRIMARY KEY AUTOINCREMENT,
-    source       TEXT,
-    pre          INTEGER,
-    destination  TEXT,
-    abs          INTEGER,
-    cors         INTEGER,
-    secure_mode  INTEGER,
-    forward_host INTEGER,
-    forward_addr INTEGER,
-    ignore_cert  INTEGER,
-    active       INTEGER DEFAULT 1
-);

router/manager.go

@@ -1,44 +1,33 @@
 package router
 
 import (
-	"database/sql"
+	"context"
 	_ "embed"
-	"fmt"
-	"github.com/MrMelon54/rescheduler"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/target"
-	"github.com/MrMelon54/violet/utils"
-	"log"
+	"github.com/1f349/violet/database"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/target"
+	"github.com/mrmelon54/rescheduler"
 	"net/http"
-	"path"
 	"strings"
 	"sync"
 )
 
+var Logger = logger.Logger.WithPrefix("Violet Manager")
+
 // Manager is a database and mutex wrap around router allowing it to be
 // dynamically regenerated after updating the database of routes.
 type Manager struct {
-	db *sql.DB
+	db *database.Queries
 	s  *sync.RWMutex
 	r  *Router
 	p  *proxy.HybridTransport
 	z  *rescheduler.Rescheduler
 }
 
-var (
-	//go:embed create-table-routes.sql
-	createTableRoutes string
-	//go:embed create-table-redirects.sql
-	createTableRedirects string
-	//go:embed query-table-routes.sql
-	queryTableRoutes string
-	//go:embed query-table-redirects.sql
-	queryTableRedirects string
-)
-
 // NewManager create a new manager, initialises the routes and redirects tables
 // in the database and runs a first time compile.
-func NewManager(db *sql.DB, proxy *proxy.HybridTransport) *Manager {
+func NewManager(db *database.Queries, proxy *proxy.HybridTransport) *Manager {
 	m := &Manager{
 		db: db,
 		s:  &sync.RWMutex{},
@@ -46,27 +35,14 @@ func NewManager(db *sql.DB, proxy *proxy.HybridTransport) *Manager {
 		p:  proxy,
 	}
 	m.z = rescheduler.NewRescheduler(m.threadCompile)
-
-	// init routes table
-	_, err := m.db.Exec(createTableRoutes)
-	if err != nil {
-		log.Printf("[WARN] Failed to generate 'routes' table\n")
-		return nil
-	}
-
-	// init redirects table
-	_, err = m.db.Exec(createTableRedirects)
-	if err != nil {
-		log.Printf("[WARN] Failed to generate 'redirects' table\n")
-		return nil
-	}
 	return m
 }
 
 func (m *Manager) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	m.s.RLock()
-	m.r.ServeHTTP(rw, req)
+	r := m.r
 	m.s.RUnlock()
+	r.ServeHTTP(rw, req)
 }
 
 func (m *Manager) Compile() {
@@ -80,7 +56,7 @@ func (m *Manager) threadCompile() {
 	// compile router and check errors
 	err := m.internalCompile(router)
 	if err != nil {
-		log.Printf("[Manager] Compile failed: %s\n", err)
+		Logger.Info("Compile failed", "err", err)
 		return
 	}
 
@@ -93,148 +69,160 @@ func (m *Manager) threadCompile() {
 // internalCompile is a hidden internal method for querying the database during
 // the Compile() method.
 func (m *Manager) internalCompile(router *Router) error {
-	log.Println("[Manager] Updating routes from database")
+	Logger.Info("Updating routes from database")
 
 	// sql or something?
-	rows, err := m.db.Query(queryTableRoutes)
+	routeRows, err := m.db.GetActiveRoutes(context.Background())
 	if err != nil {
 		return err
 	}
-	defer rows.Close()
 
-	// loop through rows and scan the options
-	for rows.Next() {
-		var (
-			pre, abs, cors, secure_mode, forward_host, forward_addr, ignore_cert bool
-			src, dst                                                             string
-		)
-		err := rows.Scan(&src, &pre, &dst, &abs, &cors, &secure_mode, &forward_host, &forward_addr, &ignore_cert)
-		if err != nil {
-			return err
-		}
-
-		err = addRoute(router, src, dst, target.Route{
-			Pre:         pre,
-			Abs:         abs,
-			Cors:        cors,
-			SecureMode:  secure_mode,
-			ForwardHost: forward_host,
-			ForwardAddr: forward_addr,
-			IgnoreCert:  ignore_cert,
+	for _, row := range routeRows {
+		router.AddRoute(target.Route{
+			Src:   row.Source,
+			Dst:   row.Destination,
+			Flags: row.Flags.NormaliseRouteFlags(),
 		})
-		if err != nil {
-			return err
-		}
-	}
-
-	// check for errors
-	if err := rows.Err(); err != nil {
-		return err
 	}
 
 	// sql or something?
-	rows, err = m.db.Query(queryTableRedirects)
+	redirectsRows, err := m.db.GetActiveRedirects(context.Background())
 	if err != nil {
 		return err
 	}
-	defer rows.Close()
 
-	// loop through rows and scan the options
-	for rows.Next() {
-		var (
-			pre, abs bool
-			code     int
-			src, dst string
-		)
-		err := rows.Scan(&src, &pre, &dst, &abs, &code)
-		if err != nil {
-			return err
-		}
-
-		err = addRedirect(router, src, dst, target.Redirect{
-			Pre:  pre,
-			Abs:  abs,
-			Code: code,
+	for _, row := range redirectsRows {
+		router.AddRedirect(target.Redirect{
+			Src:   row.Source,
+			Dst:   row.Destination,
+			Flags: row.Flags.NormaliseRedirectFlags(),
+			Code:  row.Code,
 		})
-		if err != nil {
-			return err
-		}
 	}
 
 	// check for errors
-	return rows.Err()
-}
-
-func (m *Manager) Add(source string, route target.Route, active bool) {
-	m.s.Lock()
-	defer m.s.Unlock()
-	_, err := m.db.Exec(`INSERT INTO routes (source, pre, destination, abs, cors, secure_mode, forward_host, forward_addr, ignore_cert, active) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, source, route.Pre, path.Join(route.Host, route.Path), route.Abs, route.Cors, route.SecureMode, route.ForwardHost, route.ForwardAddr, route.IgnoreCert, active)
-	if err != nil {
-		log.Printf("[Violet] Database error: %s\n", err)
-	}
-}
-
-// addRoute is an alias to parse the src and dst then add the route
-func addRoute(router *Router, src string, dst string, t target.Route) error {
-	srcHost, srcPath, dstHost, dstPort, dstPath, err := parseSrcDstHost(src, dst)
-	if err != nil {
-		return err
-	}
-
-	// update target route values and add route
-	t.Host = dstHost
-	t.Port = dstPort
-	t.Path = dstPath
-	router.AddRoute(srcHost, srcPath, t)
 	return nil
 }
 
-// addRedirect is an alias to parse the src and dst then add the redirect
-func addRedirect(router *Router, src string, dst string, t target.Redirect) error {
-	srcHost, srcPath, dstHost, dstPort, dstPath, err := parseSrcDstHost(src, dst)
+func (m *Manager) GetAllRoutes(hosts []string) ([]target.RouteWithActive, error) {
+	if len(hosts) < 1 {
+		return []target.RouteWithActive{}, nil
+	}
+
+	s := make([]target.RouteWithActive, 0)
+
+	rows, err := m.db.GetAllRoutes(context.Background())
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	t.Host = dstHost
-	t.Port = dstPort
-	t.Path = dstPath
-	router.AddRedirect(srcHost, srcPath, t)
-	return nil
+	for _, row := range rows {
+		a := target.RouteWithActive{
+			Route: target.Route{
+				Src:   row.Source,
+				Dst:   row.Destination,
+				Desc:  row.Description,
+				Flags: row.Flags,
+			},
+			Active: row.Active,
+		}
+
+		for _, i := range hosts {
+			// if this is never true then the domain was mistakenly grabbed from the database
+			if a.OnDomain(i) {
+				s = append(s, a)
+				break
+			}
+		}
+	}
+
+	return s, nil
 }
 
-// parseSrcDstHost extracts the host/path and host:port/path from the src and dst values
-func parseSrcDstHost(src string, dst string) (string, string, string, int, string, error) {
-	// check if source has path
-	var srcHost, srcPath string
-	nSrc := strings.IndexByte(src, '/')
-	if nSrc == -1 {
-		// set host then path to /
-		srcHost = src
-		srcPath = "/"
-	} else {
-		// set host then custom path
-		srcHost = src[:nSrc]
-		srcPath = src[nSrc:]
-	}
-
-	// check if destination has path
-	var dstPath string
-	nDst := strings.IndexByte(dst, '/')
-	if nDst == -1 {
-		// set path to /
-		dstPath = "/"
-	} else {
-		// set custom path then trim dst string to the host
-		dstPath = dst[nDst:]
-		dst = dst[:nDst]
-	}
-
-	// try to split the destination host into domain + port
-	dstHost, dstPort, ok := utils.SplitDomainPort(dst, 0)
-	if !ok {
-		return "", "", "", 0, "", fmt.Errorf("failed to split destination '%s' into host + port", dst)
-	}
-
-	return srcHost, srcPath, dstHost, dstPort, dstPath, nil
+func (m *Manager) InsertRoute(route target.RouteWithActive) error {
+	return m.db.AddRoute(context.Background(), database.AddRouteParams{
+		Source:      route.Src,
+		Destination: route.Dst,
+		Description: route.Desc,
+		Flags:       route.Flags,
+		Active:      route.Active,
+	})
+}
+
+func (m *Manager) DeleteRoute(source string) error {
+	return m.db.RemoveRoute(context.Background(), source)
+}
+
+func (m *Manager) GetAllRedirects(hosts []string) ([]target.RedirectWithActive, error) {
+	if len(hosts) < 1 {
+		return []target.RedirectWithActive{}, nil
+	}
+
+	s := make([]target.RedirectWithActive, 0)
+
+	rows, err := m.db.GetAllRedirects(context.Background())
+	if err != nil {
+		return nil, err
+	}
+
+	for _, row := range rows {
+		a := target.RedirectWithActive{
+			Redirect: target.Redirect{
+				Src:   row.Source,
+				Dst:   row.Destination,
+				Desc:  row.Description,
+				Flags: row.Flags,
+				Code:  row.Code,
+			},
+			Active: row.Active,
+		}
+
+		for _, i := range hosts {
+			// if this is never true then the domain was mistakenly grabbed from the database
+			if a.OnDomain(i) {
+				s = append(s, a)
+				break
+			}
+		}
+	}
+
+	return s, nil
+}
+
+func (m *Manager) InsertRedirect(redirect target.RedirectWithActive) error {
+	return m.db.AddRedirect(context.Background(), database.AddRedirectParams{
+		Source:      redirect.Src,
+		Destination: redirect.Dst,
+		Description: redirect.Desc,
+		Flags:       redirect.Flags,
+		Code:        redirect.Code,
+		Active:      redirect.Active,
+	})
+}
+
+func (m *Manager) DeleteRedirect(source string) error {
+	return m.db.RemoveRedirect(context.Background(), source)
+}
+
+// GenerateHostSearch this should help improve performance
+// TODO(Melon) discover how to implement this correctly
+func GenerateHostSearch(hosts []string) (string, []string) {
+	var searchString strings.Builder
+	searchString.WriteString("WHERE ")
+
+	hostArgs := make([]string, len(hosts)*2)
+	for i := range hosts {
+		if i != 0 {
+			searchString.WriteString(" OR ")
+		}
+		// these like checks are not perfect but do reduce load on the database
+		searchString.WriteString("source LIKE '%' + ? + '/%'")
+		searchString.WriteString(" OR source LIKE '%' + ?")
+
+		// loads the hostname into even and odd args
+		hostArgs[i*2] = hosts[i]
+		hostArgs[i*2+1] = hosts[i]
+	}
+
+	return searchString.String(), hostArgs
 }

router/manager_test.go

@@ -1,8 +1,12 @@
 package router
 
 import (
-	"database/sql"
-	"github.com/MrMelon54/violet/proxy"
+	"context"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/database"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
+	"github.com/1f349/violet/target"
 	_ "github.com/mattn/go-sqlite3"
 	"github.com/stretchr/testify/assert"
 	"net/http"
@@ -20,11 +24,11 @@ func (f *fakeTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 }
 
 func TestNewManager(t *testing.T) {
-	db, err := sql.Open("sqlite3", "file::memory:?cache=shared")
+	db, err := violet.InitDB("file:TestNewManager?mode=memory&cache=shared")
 	assert.NoError(t, err)
 
 	ft := &fakeTransport{}
-	ht := proxy.NewHybridTransportWithCalls(ft, ft)
+	ht := proxy.NewHybridTransportWithCalls(ft, ft, &websocket.Server{})
 	m := NewManager(db, ht)
 	assert.NoError(t, m.internalCompile(m.r))
 
@@ -37,7 +41,13 @@ func TestNewManager(t *testing.T) {
 	assert.Equal(t, http.StatusTeapot, res.StatusCode)
 	assert.Nil(t, ft.req)
 
-	_, err = db.Exec(`INSERT INTO routes (source, pre, destination, abs, cors, secure_mode, forward_host, forward_addr, ignore_cert, active) VALUES (?,?,?,?,?,?,?,?,?,?)`, "*.example.com", 0, "127.0.0.1:8080", 1, 0, 0, 1, 1, 0, 1)
+	err = db.AddRoute(context.Background(), database.AddRouteParams{
+		Source:      "*.example.com",
+		Destination: "127.0.0.1:8080",
+		Description: "",
+		Flags:       target.FlagAbs | target.FlagForwardHost | target.FlagForwardAddr,
+		Active:      true,
+	})
 	assert.NoError(t, err)
 
 	assert.NoError(t, m.internalCompile(m.r))
@@ -48,3 +58,71 @@ func TestNewManager(t *testing.T) {
 	assert.Equal(t, http.StatusOK, res.StatusCode)
 	assert.NotNil(t, ft.req)
 }
+
+func TestManager_GetAllRoutes(t *testing.T) {
+	db, err := violet.InitDB("file:TestManager_GetAllRoutes?mode=memory&cache=shared")
+	assert.NoError(t, err)
+	m := NewManager(db, nil)
+	a := []error{
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "example.com"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "test.example.com"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "example.com/hello"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "test.example.com/hello"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "example.org"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "test.example.org"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "example.org/hello"}, Active: true}),
+		m.InsertRoute(target.RouteWithActive{Route: target.Route{Src: "test.example.org/hello"}, Active: true}),
+	}
+	for _, i := range a {
+		if i != nil {
+			t.Fatal(i)
+		}
+	}
+	routes, err := m.GetAllRoutes([]string{"example.com"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Equal(t, []target.RouteWithActive{
+		{Route: target.Route{Src: "example.com"}, Active: true},
+		{Route: target.Route{Src: "test.example.com"}, Active: true},
+		{Route: target.Route{Src: "example.com/hello"}, Active: true},
+		{Route: target.Route{Src: "test.example.com/hello"}, Active: true},
+	}, routes)
+}
+
+func TestManager_GetAllRedirects(t *testing.T) {
+	db, err := violet.InitDB("file:TestManager_GetAllRedirects?mode=memory&cache=shared")
+	assert.NoError(t, err)
+	m := NewManager(db, nil)
+	a := []error{
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "example.com"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "test.example.com"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "example.com/hello"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "test.example.com/hello"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "example.org"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "test.example.org"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "example.org/hello"}, Active: true}),
+		m.InsertRedirect(target.RedirectWithActive{Redirect: target.Redirect{Src: "test.example.org/hello"}, Active: true}),
+	}
+	for _, i := range a {
+		if i != nil {
+			t.Fatal(i)
+		}
+	}
+	redirects, err := m.GetAllRedirects([]string{"example.com"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Equal(t, []target.RedirectWithActive{
+		{Redirect: target.Redirect{Src: "example.com"}, Active: true},
+		{Redirect: target.Redirect{Src: "test.example.com"}, Active: true},
+		{Redirect: target.Redirect{Src: "example.com/hello"}, Active: true},
+		{Redirect: target.Redirect{Src: "test.example.com/hello"}, Active: true},
+	}, redirects)
+}
+
+func TestGenerateHostSearch(t *testing.T) {
+	query, args := GenerateHostSearch([]string{"example.com", "example.org"})
+	assert.Equal(t, "WHERE source LIKE '%' + ? + '/%' OR source LIKE '%' + ? OR source LIKE '%' + ? + '/%' OR source LIKE '%' + ?", query)
+	assert.Equal(t, []string{"example.com", "example.com", "example.org", "example.org"}, args)
+}

router/query-table-redirects.sql

@@ -1,7 +0,0 @@
-select source,
-       pre,
-       destination,
-       abs,
-       code
-from redirects
-where active = true

router/query-table-routes.sql

@@ -1,11 +0,0 @@
-select source,
-       pre,
-       destination,
-       abs,
-       cors,
-       secure_mode,
-       forward_host,
-       forward_addr,
-       ignore_cert
-from routes
-where active = true

router/router.go

@@ -2,10 +2,10 @@ package router
 
 import (
 	"fmt"
-	"github.com/MrMelon54/trie"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/target"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/target"
+	"github.com/1f349/violet/utils"
+	"github.com/mrmelon54/trie"
 	"net/http"
 	"strings"
 )
@@ -46,16 +46,14 @@ func (r *Router) hostRedirect(host string) *trie.Trie[target.Redirect] {
 	return h
 }
 
-func (r *Router) AddService(host string, t target.Route) {
-	r.AddRoute(host, "/", t)
-}
-
-func (r *Router) AddRoute(host string, path string, t target.Route) {
+func (r *Router) AddRoute(t target.Route) {
 	t.Proxy = r.proxy
+	host, path := utils.SplitHostPath(t.Src)
 	r.hostRoute(host).PutString(path, t)
 }
 
-func (r *Router) AddRedirect(host, path string, t target.Redirect) {
+func (r *Router) AddRedirect(t target.Redirect) {
+	host, path := utils.SplitHostPath(t.Src)
 	r.hostRedirect(host).PutString(path, t)
 }
 
@@ -92,29 +90,29 @@ func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 
 func (r *Router) serveRouteHTTP(rw http.ResponseWriter, req *http.Request, host string) bool {
 	h := r.route[host]
-	if h != nil {
-		pairs := h.GetAllKeyValues([]byte(req.URL.Path))
-		for i := len(pairs) - 1; i >= 0; i-- {
-			if pairs[i].Value.Pre || pairs[i].Key == req.URL.Path {
-				req.URL.Path = strings.TrimPrefix(req.URL.Path, pairs[i].Key)
-				pairs[i].Value.ServeHTTP(rw, req)
-				return true
-			}
-		}
-	}
-	return false
+	return getServeData(rw, req, h)
 }
 
 func (r *Router) serveRedirectHTTP(rw http.ResponseWriter, req *http.Request, host string) bool {
 	h := r.redirect[host]
-	if h != nil {
-		pairs := h.GetAllKeyValues([]byte(req.URL.Path))
-		for i := len(pairs) - 1; i >= 0; i-- {
-			if pairs[i].Value.Pre || pairs[i].Key == req.URL.Path {
-				req.URL.Path = strings.TrimPrefix(req.URL.Path, pairs[i].Key)
-				pairs[i].Value.ServeHTTP(rw, req)
-				return true
-			}
+	return getServeData(rw, req, h)
+}
+
+type serveDataInterface interface {
+	HasFlag(flag target.Flags) bool
+	ServeHTTP(rw http.ResponseWriter, req *http.Request)
+}
+
+func getServeData[T serveDataInterface](rw http.ResponseWriter, req *http.Request, h *trie.Trie[T]) bool {
+	if h == nil {
+		return false
+	}
+	pairs := h.GetAllKeyValues([]byte(req.URL.Path))
+	for i := len(pairs) - 1; i >= 0; i-- {
+		if pairs[i].Value.HasFlag(target.FlagPre) || pairs[i].Key == req.URL.Path {
+			req.URL.Path = strings.TrimPrefix(req.URL.Path, pairs[i].Key)
+			pairs[i].Value.ServeHTTP(rw, req)
+			return true
 		}
 	}
 	return false

router/router_test.go

@@ -1,11 +1,16 @@
 package router
 
 import (
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/target"
+	"fmt"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
+	"github.com/1f349/violet/target"
+	"github.com/mrmelon54/trie"
+	"github.com/stretchr/testify/assert"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"path"
 	"testing"
 )
 
@@ -29,31 +34,31 @@ var (
 			"/":      "/",
 			"/hello": "",
 		}},
-		{"/", target.Route{Path: "/world"}, mss{
+		{"/", target.Route{Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "",
 		}},
-		{"/", target.Route{Abs: true}, mss{
+		{"/", target.Route{Flags: target.FlagAbs}, mss{
 			"/":      "/",
 			"/hello": "",
 		}},
-		{"/", target.Route{Abs: true, Path: "world"}, mss{
+		{"/", target.Route{Flags: target.FlagAbs, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "",
 		}},
-		{"/", target.Route{Pre: true}, mss{
+		{"/", target.Route{Flags: target.FlagPre}, mss{
 			"/":      "/",
 			"/hello": "/hello",
 		}},
-		{"/", target.Route{Pre: true, Path: "world"}, mss{
+		{"/", target.Route{Flags: target.FlagPre, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "/world/hello",
 		}},
-		{"/", target.Route{Pre: true, Abs: true}, mss{
+		{"/", target.Route{Flags: target.FlagPre | target.FlagAbs}, mss{
 			"/":      "/",
 			"/hello": "/",
 		}},
-		{"/", target.Route{Pre: true, Abs: true, Path: "world"}, mss{
+		{"/", target.Route{Flags: target.FlagPre | target.FlagAbs, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "/world",
 		}},
@@ -62,37 +67,37 @@ var (
 			"/hello":    "/",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Route{Path: "world"}, mss{
+		{"/hello", target.Route{Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Route{Abs: true}, mss{
+		{"/hello", target.Route{Flags: target.FlagAbs}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Route{Abs: true, Path: "world"}, mss{
+		{"/hello", target.Route{Flags: target.FlagAbs, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Route{Pre: true}, mss{
+		{"/hello", target.Route{Flags: target.FlagPre}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "/hi",
 		}},
-		{"/hello", target.Route{Pre: true, Path: "world"}, mss{
+		{"/hello", target.Route{Flags: target.FlagPre, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "/world/hi",
 		}},
-		{"/hello", target.Route{Pre: true, Abs: true}, mss{
+		{"/hello", target.Route{Flags: target.FlagPre | target.FlagAbs}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "/",
 		}},
-		{"/hello", target.Route{Pre: true, Abs: true, Path: "world"}, mss{
+		{"/hello", target.Route{Flags: target.FlagPre | target.FlagAbs, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "/world",
@@ -103,31 +108,31 @@ var (
 			"/":      "/",
 			"/hello": "",
 		}},
-		{"/", target.Redirect{Path: "world"}, mss{
+		{"/", target.Redirect{Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "",
 		}},
-		{"/", target.Redirect{Abs: true}, mss{
+		{"/", target.Redirect{Flags: target.FlagAbs}, mss{
 			"/":      "/",
 			"/hello": "",
 		}},
-		{"/", target.Redirect{Abs: true, Path: "world"}, mss{
+		{"/", target.Redirect{Flags: target.FlagAbs, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "",
 		}},
-		{"/", target.Redirect{Pre: true}, mss{
+		{"/", target.Redirect{Flags: target.FlagPre}, mss{
 			"/":      "/",
 			"/hello": "/hello",
 		}},
-		{"/", target.Redirect{Pre: true, Path: "world"}, mss{
+		{"/", target.Redirect{Flags: target.FlagPre, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "/world/hello",
 		}},
-		{"/", target.Redirect{Pre: true, Abs: true}, mss{
+		{"/", target.Redirect{Flags: target.FlagPre | target.FlagAbs}, mss{
 			"/":      "/",
 			"/hello": "/",
 		}},
-		{"/", target.Redirect{Pre: true, Abs: true, Path: "world"}, mss{
+		{"/", target.Redirect{Flags: target.FlagPre | target.FlagAbs, Dst: "world"}, mss{
 			"/":      "/world",
 			"/hello": "/world",
 		}},
@@ -136,37 +141,37 @@ var (
 			"/hello":    "/",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Redirect{Path: "world"}, mss{
+		{"/hello", target.Redirect{Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Redirect{Abs: true}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagAbs}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Redirect{Abs: true, Path: "world"}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagAbs, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "",
 		}},
-		{"/hello", target.Redirect{Pre: true}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagPre}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "/hi",
 		}},
-		{"/hello", target.Redirect{Pre: true, Path: "world"}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagPre, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "/world/hi",
 		}},
-		{"/hello", target.Redirect{Pre: true, Abs: true}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagPre | target.FlagAbs}, mss{
 			"/":         "",
 			"/hello":    "/",
 			"/hello/hi": "/",
 		}},
-		{"/hello", target.Redirect{Pre: true, Abs: true, Path: "world"}, mss{
+		{"/hello", target.Redirect{Flags: target.FlagPre | target.FlagAbs, Dst: "world"}, mss{
 			"/":         "",
 			"/hello":    "/world",
 			"/hello/hi": "/world",
@@ -179,12 +184,12 @@ func TestRouter_AddRoute(t *testing.T) {
 	transInsecure := &fakeTransport{}
 
 	for _, i := range routeTests {
-		r := New(proxy.NewHybridTransportWithCalls(transSecure, transInsecure))
+		r := New(proxy.NewHybridTransportWithCalls(transSecure, transInsecure, &websocket.Server{}))
 		dst := i.dst
-		dst.Host = "127.0.0.1"
-		dst.Port = 8080
+		dst.Dst = path.Join("127.0.0.1:8080", dst.Dst)
+		dst.Src = path.Join("example.com", i.path)
 		t.Logf("Running tests for %#v\n", dst)
-		r.AddRoute("example.com", i.path, dst)
+		r.AddRoute(dst)
 		for k, v := range i.tests {
 			u1 := &url.URL{Scheme: "https", Host: "example.com", Path: k}
 			req, _ := http.NewRequest(http.MethodGet, u1.String(), nil)
@@ -193,7 +198,7 @@ func TestRouter_AddRoute(t *testing.T) {
 			if v == "" {
 				if transSecure.req != nil {
 					t.Logf("Test URL: %#v\n", req.URL)
-					t.Log(r.redirect["example.com"].String())
+					t.Log(r.route["example.com"].String())
 					t.Fatalf("%s => %s\n", k, v)
 				}
 			} else {
@@ -217,10 +222,11 @@ func TestRouter_AddRedirect(t *testing.T) {
 	for _, i := range redirectTests {
 		r := New(nil)
 		dst := i.dst
-		dst.Host = "example.com"
+		dst.Dst = path.Join("example.com", dst.Dst)
 		dst.Code = http.StatusFound
+		dst.Src = path.Join("www.example.com", i.path)
 		t.Logf("Running tests for %#v\n", dst)
-		r.AddRedirect("www.example.com", i.path, dst)
+		r.AddRedirect(dst)
 		for k, v := range i.tests {
 			u1 := &url.URL{Scheme: "https", Host: "example.com", Path: v}
 			if v == "" {
@@ -264,32 +270,32 @@ func TestRouter_AddWildcardRoute(t *testing.T) {
 	transInsecure := &fakeTransport{}
 
 	for _, i := range routeTests {
-		r := New(proxy.NewHybridTransportWithCalls(transSecure, transInsecure))
+		r := New(proxy.NewHybridTransportWithCalls(transSecure, transInsecure, &websocket.Server{}))
 		dst := i.dst
-		dst.Host = "127.0.0.1"
-		dst.Port = 8080
+		dst.Dst = path.Join("127.0.0.1:8080", dst.Dst)
+		dst.Src = path.Join("*.example.com", i.path)
 		t.Logf("Running tests for %#v\n", dst)
-		r.AddRoute("example.com", i.path, dst)
+		r.AddRoute(dst)
 		for k, v := range i.tests {
-			u1 := &url.URL{Scheme: "https", Host: "example.com", Path: k}
+			u1 := &url.URL{Scheme: "https", Host: "test.example.com", Path: k}
 			req, _ := http.NewRequest(http.MethodGet, u1.String(), nil)
 			rec := httptest.NewRecorder()
 			r.ServeHTTP(rec, req)
 			if v == "" {
 				if transSecure.req != nil {
 					t.Logf("Test URL: %#v\n", req.URL)
-					t.Log(r.redirect["example.com"].String())
+					t.Log(r.route["*.example.com"].String())
 					t.Fatalf("%s => %s\n", k, v)
 				}
 			} else {
 				if transSecure.req == nil {
 					t.Logf("Test URL: %#v\n", req.URL)
-					t.Log(r.route["example.com"].String())
+					t.Log(r.route["*.example.com"].String())
 					t.Fatalf("\nexpected %s => %s\n     got %s => %s\n", k, v, k, "")
 				}
 				if v != transSecure.req.URL.Path {
 					t.Logf("Test URL: %#v\n", req.URL)
-					t.Log(r.route["example.com"].String())
+					t.Log(r.route["*.example.com"].String())
 					t.Fatalf("\nexpected %s => %s\n     got %s => %s\n", k, v, k, transSecure.req.URL.Path)
 				}
 				transSecure.req = nil
@@ -297,3 +303,24 @@ func TestRouter_AddWildcardRoute(t *testing.T) {
 		}
 	}
 }
+
+type fakeRoundTripper struct{}
+
+func (f *fakeRoundTripper) RoundTrip(_ *http.Request) (*http.Response, error) {
+	rec := httptest.NewRecorder()
+	rec.WriteHeader(http.StatusNotFound)
+	return rec.Result(), nil
+}
+
+func TestGetServeData_Route(t *testing.T) {
+	hyb := proxy.NewHybridTransportWithCalls(&fakeRoundTripper{}, &fakeRoundTripper{}, nil)
+	req, err := http.NewRequest(http.MethodGet, "https://example.com/hello/world/this/is/a/test", nil)
+	assert.NoError(t, err)
+	h := trie.BuildFromMap(map[string]target.Route{
+		"/hello/world": {Flags: target.FlagPre, Proxy: hyb},
+	})
+	rec := httptest.NewRecorder()
+	pairs := h.GetAllKeyValues([]byte(req.URL.Path))
+	fmt.Printf("%#v\n", pairs)
+	assert.True(t, getServeData(rec, req, h))
+}

servers/api.go

@@ -1,115 +0,0 @@
-package servers
-
-import (
-	"github.com/MrMelon54/mjwt"
-	"github.com/MrMelon54/mjwt/auth"
-	"github.com/MrMelon54/violet/utils"
-	"github.com/julienschmidt/httprouter"
-	"net/http"
-	"time"
-)
-
-// NewApiServer creates and runs a http server containing all the API
-// endpoints for the software
-//
-// `/compile` - reloads all domains, routes and redirects
-func NewApiServer(conf *Conf, compileTarget utils.MultiCompilable) *http.Server {
-	r := httprouter.New()
-
-	// Endpoint for compile action
-	r.POST("/compile", func(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
-		if !hasPerms(conf.Signer, req, "violet:compile") {
-			utils.RespondHttpStatus(rw, http.StatusForbidden)
-			return
-		}
-
-		// Trigger the compile action
-		compileTarget.Compile()
-		rw.WriteHeader(http.StatusAccepted)
-	})
-
-	// Endpoint for domains
-	r.PUT("/domain/:domain", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
-		if !hasPerms(conf.Signer, req, "violet:domains") {
-			utils.RespondHttpStatus(rw, http.StatusForbidden)
-			return
-		}
-
-		// add domain with active state
-		q := req.URL.Query()
-		conf.Domains.Put(params.ByName("domain"), q.Get("active") == "1")
-		conf.Domains.Compile()
-	})
-	r.DELETE("/domain/:domain", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
-		if !hasPerms(conf.Signer, req, "violet:domains") {
-			utils.RespondHttpStatus(rw, http.StatusForbidden)
-			return
-		}
-
-		// add domain with active state
-		q := req.URL.Query()
-		conf.Domains.Put(params.ByName("domain"), q.Get("active") == "1")
-		conf.Domains.Compile()
-	})
-
-	// Endpoint for routes
-	r.POST("/route", func(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
-
-	})
-
-	// Endpoint for acme-challenge
-	r.PUT("/acme-challenge/:domain/:key/:value", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
-		if !hasPerms(conf.Signer, req, "violet:acme-challenge") {
-			utils.RespondHttpStatus(rw, http.StatusForbidden)
-			return
-		}
-		domain := params.ByName("domain")
-		if !conf.Domains.IsValid(domain) {
-			utils.RespondVioletError(rw, http.StatusBadRequest, "Invalid ACME challenge domain")
-			return
-		}
-		conf.Acme.Put(domain, params.ByName("key"), params.ByName("value"))
-		rw.WriteHeader(http.StatusAccepted)
-	})
-	r.DELETE("/acme-challenge/:domain/:key", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
-		if !hasPerms(conf.Signer, req, "violet:acme-challenge") {
-			utils.RespondHttpStatus(rw, http.StatusForbidden)
-			return
-		}
-		domain := params.ByName("domain")
-		if !conf.Domains.IsValid(domain) {
-			utils.RespondVioletError(rw, http.StatusBadRequest, "Invalid ACME challenge domain")
-			return
-		}
-		conf.Acme.Delete(domain, params.ByName("key"))
-		rw.WriteHeader(http.StatusAccepted)
-	})
-
-	// Create and run http server
-	return &http.Server{
-		Addr:              conf.ApiListen,
-		Handler:           r,
-		ReadTimeout:       time.Minute,
-		ReadHeaderTimeout: time.Minute,
-		WriteTimeout:      time.Minute,
-		IdleTimeout:       time.Minute,
-		MaxHeaderBytes:    2500,
-	}
-}
-
-func hasPerms(verify mjwt.Verifier, req *http.Request, perm string) bool {
-	// Get bearer token
-	bearer := utils.GetBearer(req)
-	if bearer == "" {
-		return false
-	}
-
-	// Read claims from mjwt
-	_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](verify, bearer)
-	if err != nil {
-		return false
-	}
-
-	// Token must have perm
-	return b.Claims.Perms.Has(perm)
-}

servers/api/api.go

@@ -0,0 +1,112 @@
+package api
+
+import (
+	"encoding/json"
+	"github.com/1f349/mjwt"
+	"github.com/1f349/mjwt/claims"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/utils"
+	"github.com/julienschmidt/httprouter"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"net/http"
+	"time"
+)
+
+// NewApiServer creates and runs a http server containing all the API
+// endpoints for the software
+//
+// `/compile` - reloads all domains, routes and redirects
+func NewApiServer(conf *conf.Conf, compileTarget utils.MultiCompilable, registry *prometheus.Registry) *http.Server {
+	r := httprouter.New()
+
+	r.GET("/", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
+		http.Error(rw, "Violet API Endpoint", http.StatusOK)
+	})
+	r.GET("/metrics", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
+		promhttp.HandlerFor(registry, promhttp.HandlerOpts{}).ServeHTTP(rw, req)
+	})
+
+	// Endpoint for compile action
+	r.POST("/compile", checkAuthWithPerm(conf.Signer, "violet:compile", func(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, b AuthClaims) {
+		// Trigger the compile action
+		compileTarget.Compile()
+		rw.WriteHeader(http.StatusAccepted)
+	}))
+
+	// Endpoint for domains
+	domainFunc := domainManage(conf.Signer, conf.Domains)
+	r.PUT("/domain/:domain", domainFunc)
+	r.DELETE("/domain/:domain", domainFunc)
+
+	SetupTargetApis(r, conf.Signer, conf.Router)
+
+	// Endpoint for acme-challenge
+	acmeChallengeFunc := acmeChallengeManage(conf.Signer, conf.Domains, conf.Acme)
+	r.PUT("/acme-challenge/:domain/:key/:value", acmeChallengeFunc)
+	r.DELETE("/acme-challenge/:domain/:key", acmeChallengeFunc)
+
+	// Create and run http server
+	return &http.Server{
+		Handler:           r,
+		ReadTimeout:       time.Minute,
+		ReadHeaderTimeout: time.Minute,
+		WriteTimeout:      time.Minute,
+		IdleTimeout:       time.Minute,
+		MaxHeaderBytes:    2500,
+	}
+}
+
+// apiError outputs a generic JSON error message
+func apiError(rw http.ResponseWriter, code int, m string) {
+	rw.WriteHeader(code)
+	_ = json.NewEncoder(rw).Encode(map[string]string{
+		"error": m,
+	})
+}
+
+func domainManage(verify mjwt.Verifier, domains utils.DomainProvider) httprouter.Handle {
+	return checkAuthWithPerm(verify, "violet:domains", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		// add domain with active state
+		domains.Put(params.ByName("domain"), req.Method == http.MethodPut)
+		domains.Compile()
+		rw.WriteHeader(http.StatusAccepted)
+	})
+}
+
+func acmeChallengeManage(verify mjwt.Verifier, domains utils.DomainProvider, acme utils.AcmeChallengeProvider) httprouter.Handle {
+	return checkAuthWithPerm(verify, "violet:acme-challenge", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		domain := params.ByName("domain")
+		if !domains.IsValid(domain) {
+			utils.RespondVioletError(rw, http.StatusBadRequest, "Invalid ACME challenge domain")
+			return
+		}
+		if req.Method == http.MethodPut {
+			acme.Put(domain, params.ByName("key"), params.ByName("value"))
+		} else {
+			acme.Delete(domain, params.ByName("key"))
+		}
+		rw.WriteHeader(http.StatusAccepted)
+	})
+}
+
+// getDomainOwnershipClaims returns the domains marked as owned from PermStorage,
+// they match `domain:owns=<fqdn>` where fqdn will be returned
+func getDomainOwnershipClaims(perms *claims.PermStorage) []string {
+	a := perms.Search("domain:owns=*")
+	for i := range a {
+		a[i] = a[i][len("domain:owns="):]
+	}
+	return a
+}
+
+// validateDomainOwnershipClaims validates if the claims contain the
+// `domain:owns=<fqdn>` field with the matching top level domain
+func validateDomainOwnershipClaims(a string, perms *claims.PermStorage) bool {
+	if fqdn, ok := utils.GetTopFqdn(a); ok {
+		if perms.Has("domain:owns=" + fqdn) {
+			return true
+		}
+	}
+	return false
+}

servers/api/api_test.go

@@ -1,60 +1,23 @@
-package servers
+package api
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
-	"github.com/MrMelon54/mjwt"
-	"github.com/MrMelon54/mjwt/auth"
-	"github.com/MrMelon54/mjwt/claims"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/utils"
+	"github.com/1f349/violet/utils/fake"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"net/http/httptest"
 	"testing"
-	"time"
 )
 
-var snakeOilProv = genSnakeOilProv()
-
-type fakeDomains struct{}
-
-func (f *fakeDomains) IsValid(host string) bool { return host == "example.com" }
-func (f *fakeDomains) Put(string, bool)         {}
-func (f *fakeDomains) Delete(string)            {}
-func (f *fakeDomains) Compile()                 {}
-
-func genSnakeOilProv() mjwt.Signer {
-	key, err := rsa.GenerateKey(rand.Reader, 1024)
-	if err != nil {
-		panic(err)
-	}
-	return mjwt.NewMJwtSigner("violet.test", key)
-}
-
-func genSnakeOilKey(perm string) string {
-	p := claims.NewPermStorage()
-	p.Set(perm)
-	val, err := snakeOilProv.GenerateJwt("abc", "abc", nil, 5*time.Minute, auth.AccessTokenClaims{Perms: p})
-	if err != nil {
-		panic(err)
-	}
-	return val
-}
-
-type fakeCompilable struct{ done bool }
-
-func (f *fakeCompilable) Compile() { f.done = true }
-
-var _ utils.Compilable = &fakeCompilable{}
-
 func TestNewApiServer_Compile(t *testing.T) {
-	apiConf := &Conf{
-		Domains: &fakeDomains{},
+	apiConf := &conf.Conf{
+		Domains: &fake.Domains{},
 		Acme:    utils.NewAcmeChallenge(),
-		Signer:  snakeOilProv,
+		Signer:  fake.SnakeOilProv,
 	}
-	f := &fakeCompilable{}
-	srv := NewApiServer(apiConf, utils.MultiCompilable{f})
+	f := &fake.Compilable{}
+	srv := NewApiServer(apiConf, utils.MultiCompilable{f}, nil)
 
 	req, err := http.NewRequest(http.MethodPost, "https://example.com/compile", nil)
 	assert.NoError(t, err)
@@ -63,25 +26,25 @@ func TestNewApiServer_Compile(t *testing.T) {
 	srv.Handler.ServeHTTP(rec, req)
 	res := rec.Result()
 	assert.Equal(t, http.StatusForbidden, res.StatusCode)
-	assert.False(t, f.done)
+	assert.False(t, f.Done)
 
-	req.Header.Set("Authorization", "Bearer "+genSnakeOilKey("violet:compile"))
+	req.Header.Set("Authorization", "Bearer "+fake.GenSnakeOilKey("violet:compile"))
 
 	rec = httptest.NewRecorder()
 	srv.Handler.ServeHTTP(rec, req)
 	res = rec.Result()
 	assert.Equal(t, http.StatusAccepted, res.StatusCode)
-	assert.True(t, f.done)
+	assert.True(t, f.Done)
 }
 
 func TestNewApiServer_AcmeChallenge_Put(t *testing.T) {
-	apiConf := &Conf{
-		Domains: &fakeDomains{},
+	apiConf := &conf.Conf{
+		Domains: &fake.Domains{},
 		Acme:    utils.NewAcmeChallenge(),
-		Signer:  snakeOilProv,
+		Signer:  fake.SnakeOilProv,
 	}
-	srv := NewApiServer(apiConf, utils.MultiCompilable{})
-	acmeKey := genSnakeOilKey("violet:acme-challenge")
+	srv := NewApiServer(apiConf, utils.MultiCompilable{}, nil)
+	acmeKey := fake.GenSnakeOilKey("violet:acme-challenge")
 
 	// Valid domain
 	req, err := http.NewRequest(http.MethodPut, "https://example.com/acme-challenge/example.com/123/123abc", nil)
@@ -119,13 +82,13 @@ func TestNewApiServer_AcmeChallenge_Put(t *testing.T) {
 }
 
 func TestNewApiServer_AcmeChallenge_Delete(t *testing.T) {
-	apiConf := &Conf{
-		Domains: &fakeDomains{},
+	apiConf := &conf.Conf{
+		Domains: &fake.Domains{},
 		Acme:    utils.NewAcmeChallenge(),
-		Signer:  snakeOilProv,
+		Signer:  fake.SnakeOilProv,
 	}
-	srv := NewApiServer(apiConf, utils.MultiCompilable{})
-	acmeKey := genSnakeOilKey("violet:acme-challenge")
+	srv := NewApiServer(apiConf, utils.MultiCompilable{}, nil)
+	acmeKey := fake.GenSnakeOilKey("violet:acme-challenge")
 
 	// Valid domain
 	req, err := http.NewRequest(http.MethodDelete, "https://example.com/acme-challenge/example.com/123", nil)

servers/api/auth.go

@@ -0,0 +1,49 @@
+package api
+
+import (
+	"github.com/1f349/mjwt"
+	"github.com/1f349/mjwt/auth"
+	"github.com/1f349/violet/utils"
+	"github.com/julienschmidt/httprouter"
+	"net/http"
+)
+
+type AuthClaims mjwt.BaseTypeClaims[auth.AccessTokenClaims]
+
+type AuthCallback func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims)
+
+// checkAuth validates the bearer token against a mjwt.Verifier and returns an
+// error message or continues to the next handler
+func checkAuth(verify mjwt.Verifier, cb AuthCallback) httprouter.Handle {
+	return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
+		// Get bearer token
+		bearer := utils.GetBearer(req)
+		if bearer == "" {
+			apiError(rw, http.StatusForbidden, "Missing bearer token")
+			return
+		}
+
+		// Read claims from mjwt
+		_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](verify, bearer)
+		if err != nil {
+			apiError(rw, http.StatusForbidden, "Invalid token")
+			return
+		}
+
+		cb(rw, req, params, AuthClaims(b))
+	}
+}
+
+// checkAuthWithPerm validates the bearer token and checks if it contains a
+// required permission and returns an error message or continues to the next
+// handler
+func checkAuthWithPerm(verify mjwt.Verifier, perm string, cb AuthCallback) httprouter.Handle {
+	return checkAuth(verify, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		// check perms
+		if !b.Claims.Perms.Has(perm) {
+			apiError(rw, http.StatusForbidden, "No permission")
+			return
+		}
+		cb(rw, req, params, b)
+	})
+}

servers/api/target-types.go

@@ -0,0 +1,27 @@
+package api
+
+import (
+	"github.com/1f349/violet/target"
+)
+
+type sourceJson struct {
+	Src string `json:"src"`
+}
+
+func (s sourceJson) GetSource() string { return s.Src }
+
+type routeSource target.RouteWithActive
+
+func (r routeSource) GetSource() string { return r.Src }
+
+type redirectSource target.RedirectWithActive
+
+func (r redirectSource) GetSource() string { return r.Src }
+
+var (
+	_ sourceGetter = sourceJson{}
+	_ sourceGetter = routeSource{}
+	_ sourceGetter = redirectSource{}
+)
+
+type sourceGetter interface{ GetSource() string }

servers/api/target.go

@@ -0,0 +1,105 @@
+package api
+
+import (
+	"encoding/json"
+	"github.com/1f349/mjwt"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/router"
+	"github.com/1f349/violet/target"
+	"github.com/1f349/violet/utils"
+	"github.com/julienschmidt/httprouter"
+	"net/http"
+	"strings"
+)
+
+func SetupTargetApis(r *httprouter.Router, verify mjwt.Verifier, manager *router.Manager) {
+	// Endpoint for routes
+	r.GET("/route", checkAuthWithPerm(verify, "violet:route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		domains := getDomainOwnershipClaims(b.Claims.Perms)
+
+		routes, err := manager.GetAllRoutes(domains)
+		if err != nil {
+			logger.Logger.Infof("Failed to get routes from database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to get routes from database")
+			return
+		}
+		rw.WriteHeader(http.StatusOK)
+		_ = json.NewEncoder(rw).Encode(routes)
+	}))
+	r.POST("/route", parseJsonAndCheckOwnership[routeSource](verify, "route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, t routeSource) {
+		err := manager.InsertRoute(target.RouteWithActive(t))
+		if err != nil {
+			logger.Logger.Infof("Failed to insert route into database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to insert route into database")
+			return
+		}
+		manager.Compile()
+	}))
+	r.DELETE("/route", parseJsonAndCheckOwnership[sourceJson](verify, "route", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, t sourceJson) {
+		err := manager.DeleteRoute(t.Src)
+		if err != nil {
+			logger.Logger.Infof("Failed to delete route from database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to delete route from database")
+			return
+		}
+		manager.Compile()
+	}))
+
+	// Endpoint for redirects
+	r.GET("/redirect", checkAuthWithPerm(verify, "violet:redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		domains := getDomainOwnershipClaims(b.Claims.Perms)
+
+		redirects, err := manager.GetAllRedirects(domains)
+		if err != nil {
+			logger.Logger.Infof("Failed to get redirects from database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to get redirects from database")
+			return
+		}
+		rw.WriteHeader(http.StatusOK)
+		_ = json.NewEncoder(rw).Encode(redirects)
+	}))
+	r.POST("/redirect", parseJsonAndCheckOwnership[redirectSource](verify, "redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, t redirectSource) {
+		err := manager.InsertRedirect(target.RedirectWithActive(t))
+		if err != nil {
+			logger.Logger.Infof("Failed to insert redirect into database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to insert redirect into database")
+			return
+		}
+		manager.Compile()
+	}))
+	r.DELETE("/redirect", parseJsonAndCheckOwnership[sourceJson](verify, "redirect", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, t sourceJson) {
+		err := manager.DeleteRedirect(t.Src)
+		if err != nil {
+			logger.Logger.Infof("Failed to delete redirect from database: %s\n", err)
+			apiError(rw, http.StatusInternalServerError, "Failed to delete redirect from database")
+			return
+		}
+		manager.Compile()
+	}))
+}
+
+type AuthWithJsonCallback[T any] func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, t T)
+
+func parseJsonAndCheckOwnership[T sourceGetter](verify mjwt.Verifier, t string, cb AuthWithJsonCallback[T]) httprouter.Handle {
+	return checkAuthWithPerm(verify, "violet:"+t, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims) {
+		var j T
+		if json.NewDecoder(req.Body).Decode(&j) != nil {
+			apiError(rw, http.StatusBadRequest, "Invalid request body")
+			return
+		}
+
+		// check token owns this domain
+		host, _ := utils.SplitHostPath(j.GetSource())
+		if strings.IndexByte(host, ':') != -1 {
+			apiError(rw, http.StatusBadRequest, "Invalid route source")
+			return
+		}
+
+		if !validateDomainOwnershipClaims(host, b.Claims.Perms) {
+			apiError(rw, http.StatusBadRequest, "Token cannot modify the specified domain")
+			return
+		}
+
+		cb(rw, req, params, b, j)
+	})
+}

servers/conf.go

@@ -1,44 +0,0 @@
-package servers
-
-import (
-	"crypto/tls"
-	"database/sql"
-	"github.com/MrMelon54/mjwt"
-	errorPages "github.com/MrMelon54/violet/error-pages"
-	"github.com/MrMelon54/violet/favicons"
-	"github.com/MrMelon54/violet/router"
-)
-
-// Conf stores the shared configuration for the API, HTTP and HTTPS servers.
-type Conf struct {
-	ApiListen   string // api server listen address
-	HttpListen  string // http server listen address
-	HttpsListen string // https server listen address
-	RateLimit   uint64 // rate limit per minute
-	DB          *sql.DB
-	Domains     DomainProvider
-	Acme        AcmeChallengeProvider
-	Certs       CertProvider
-	Favicons    *favicons.Favicons
-	Signer      mjwt.Verifier
-	ErrorPages  *errorPages.ErrorPages
-	Router      *router.Manager
-}
-
-type DomainProvider interface {
-	IsValid(host string) bool
-	Put(domain string, active bool)
-	Delete(domain string)
-	Compile()
-}
-
-type AcmeChallengeProvider interface {
-	Get(domain, key string) string
-	Put(domain, key, value string)
-	Delete(domain, key string)
-}
-
-type CertProvider interface {
-	GetCertForDomain(domain string) *tls.Certificate
-	Compile()
-}

servers/conf/conf.go

@@ -0,0 +1,23 @@
+package conf
+
+import (
+	"github.com/1f349/mjwt"
+	"github.com/1f349/violet/database"
+	errorPages "github.com/1f349/violet/error-pages"
+	"github.com/1f349/violet/favicons"
+	"github.com/1f349/violet/router"
+	"github.com/1f349/violet/utils"
+)
+
+// Conf stores the shared configuration for the API, HTTP and HTTPS servers.
+type Conf struct {
+	RateLimit  uint64 // rate limit per minute
+	DB         *database.Queries
+	Domains    utils.DomainProvider
+	Acme       utils.AcmeChallengeProvider
+	Certs      utils.CertProvider
+	Favicons   *favicons.Favicons
+	Signer     mjwt.Verifier
+	ErrorPages *errorPages.ErrorPages
+	Router     *router.Manager
+}

servers/http.go

@@ -2,8 +2,11 @@ package servers
 
 import (
 	"fmt"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/servers/metrics"
+	"github.com/1f349/violet/utils"
 	"github.com/julienschmidt/httprouter"
+	"github.com/prometheus/client_golang/prometheus"
 	"net/http"
 	"net/url"
 	"time"
@@ -14,13 +17,9 @@ import (
 //
 // `/.well-known/acme-challenge/{token}` is used for outputting answers for
 // acme challenges, this is used for Let's Encrypt HTTP verification.
-func NewHttpServer(conf *Conf) *http.Server {
+func NewHttpServer(httpsPort uint16, conf *conf.Conf, registry *prometheus.Registry) *http.Server {
 	r := httprouter.New()
 	var secureExtend string
-	_, httpsPort, ok := utils.SplitDomainPort(conf.HttpsListen, 443)
-	if !ok {
-		httpsPort = 443
-	}
 	if httpsPort != 443 {
 		secureExtend = fmt.Sprintf(":%d", httpsPort)
 	}
@@ -60,10 +59,16 @@ func NewHttpServer(conf *Conf) *http.Server {
 		utils.FastRedirect(rw, req, u.String(), http.StatusPermanentRedirect)
 	})
 
+	metricsMiddleware := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		r.ServeHTTP(rw, req)
+	})
+	if registry != nil {
+		metricsMiddleware = metrics.New(registry, nil).WrapHandler("violet-http-insecure", r)
+	}
+
 	// Create and run http server
 	return &http.Server{
-		Addr:              conf.HttpListen,
-		Handler:           r,
+		Handler:           metricsMiddleware,
 		ReadTimeout:       time.Minute,
 		ReadHeaderTimeout: time.Minute,
 		WriteTimeout:      time.Minute,

servers/http_test.go

@@ -2,7 +2,9 @@ package servers
 
 import (
 	"bytes"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/utils"
+	"github.com/1f349/violet/utils/fake"
 	"github.com/stretchr/testify/assert"
 	"io"
 	"net/http"
@@ -11,12 +13,12 @@ import (
 )
 
 func TestNewHttpServer_AcmeChallenge(t *testing.T) {
-	httpConf := &Conf{
-		Domains: &fakeDomains{},
+	httpConf := &conf.Conf{
+		Domains: &fake.Domains{},
 		Acme:    utils.NewAcmeChallenge(),
-		Signer:  snakeOilProv,
+		Signer:  fake.SnakeOilProv,
 	}
-	srv := NewHttpServer(httpConf)
+	srv := NewHttpServer(443, httpConf, nil)
 	httpConf.Acme.Put("example.com", "456", "456def")
 
 	req, err := http.NewRequest(http.MethodGet, "https://example.com/.well-known/acme-challenge/456", nil)

servers/https.go

@@ -3,46 +3,78 @@ package servers
 import (
 	"crypto/tls"
 	"fmt"
-	"github.com/MrMelon54/violet/favicons"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/favicons"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/servers/metrics"
+	"github.com/1f349/violet/utils"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sethvargo/go-limiter/httplimit"
 	"github.com/sethvargo/go-limiter/memorystore"
-	"log"
-	"net"
 	"net/http"
 	"path"
+	"runtime"
 	"time"
 )
 
 // NewHttpsServer creates and runs a http server containing the public https
 // endpoints for the reverse proxy.
-func NewHttpsServer(conf *Conf) *http.Server {
+func NewHttpsServer(conf *conf.Conf, registry *prometheus.Registry) *http.Server {
+	r := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		logger.Logger.Debug("Request", "method", req.Method, "url", req.URL, "remote", req.RemoteAddr, "host", req.Host, "length", req.ContentLength, "goroutine", runtime.NumGoroutine())
+		conf.Router.ServeHTTP(rw, req)
+	})
+	favMiddleware := setupFaviconMiddleware(conf.Favicons, r)
+
+	metricsMeta := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		r.ServeHTTP(rw, req)
+	})
+	if registry != nil {
+		metricsMiddleware := metrics.New(registry, nil).WrapHandler("violet-https", favMiddleware)
+		metricsMeta = func(rw http.ResponseWriter, req *http.Request) {
+			metricsMiddleware.ServeHTTP(rw, metrics.AddHostCtx(req))
+		}
+	}
+	rateLimiter := setupRateLimiter(conf.RateLimit, metricsMeta)
+	hsts := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		rw.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+		rateLimiter.ServeHTTP(rw, req)
+	})
+
 	return &http.Server{
-		Addr:    conf.HttpsListen,
-		Handler: setupRateLimiter(conf.RateLimit, setupFaviconMiddleware(conf.Favicons, conf.Router)),
-		TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
-			// error out on invalid domains
-			if !conf.Domains.IsValid(info.ServerName) {
-				return nil, fmt.Errorf("invalid hostname used: '%s'", info.ServerName)
-			}
+		Handler: hsts,
+		TLSConfig: &tls.Config{
+			// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
+			MinVersion: tls.VersionTLS12,
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			},
+			GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				// error out on invalid domains
+				if !conf.Domains.IsValid(info.ServerName) {
+					return nil, fmt.Errorf("invalid hostname used: '%s'", info.ServerName)
+				}
 
-			// find a certificate
-			cert := conf.Certs.GetCertForDomain(info.ServerName)
-			if cert == nil {
-				return nil, fmt.Errorf("failed to find certificate for: '%s'", info.ServerName)
-			}
+				// find a certificate
+				cert := conf.Certs.GetCertForDomain(info.ServerName)
+				if cert == nil {
+					return nil, fmt.Errorf("failed to find certificate for: '%s'", info.ServerName)
+				}
 
-			// time to return
-			return cert, nil
-		}},
+				// time to return
+				return cert, nil
+			},
+		},
 		ReadTimeout:       150 * time.Second,
 		ReadHeaderTimeout: 150 * time.Second,
 		WriteTimeout:      150 * time.Second,
 		IdleTimeout:       150 * time.Second,
 		MaxHeaderBytes:    4096000,
-		ConnState: func(conn net.Conn, state http.ConnState) {
-			fmt.Printf("[HTTPS] %s => %s: %s\n", conn.LocalAddr(), conn.RemoteAddr(), state.String())
-		},
 	}
 }
 
@@ -55,19 +87,24 @@ func setupRateLimiter(rateLimit uint64, next http.Handler) http.Handler {
 		Interval: time.Minute,
 	})
 	if err != nil {
-		log.Fatalln(err)
+		logger.Logger.Fatal("Failed to initialize memory store", "err", err)
 	}
 
 	// create a middleware using ips as the key for rate limits
 	middleware, err := httplimit.NewMiddleware(store, httplimit.IPKeyFunc())
 	if err != nil {
-		log.Fatalln(err)
+		logger.Logger.Fatal("Failed to initialize httplimit middleware", "err", err)
 	}
 	return middleware.Handle(next)
 }
 
 func setupFaviconMiddleware(fav *favicons.Favicons, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.Header.Get("X-Violet-Loop-Detect") == "1" {
+			rw.WriteHeader(http.StatusLoopDetected)
+			_, _ = rw.Write([]byte("Detected a routing loop\n"))
+			return
+		}
 		if req.Header.Get("X-Violet-Raw-Favicon") != "1" {
 			switch req.URL.Path {
 			case "/favicon.svg", "/favicon.png", "/favicon.ico":

servers/https_test.go

@@ -1,10 +1,13 @@
 package servers
 
 import (
-	"database/sql"
-	"github.com/MrMelon54/violet/certs"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/router"
+	"github.com/1f349/violet"
+	"github.com/1f349/violet/certs"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
+	"github.com/1f349/violet/router"
+	"github.com/1f349/violet/servers/conf"
+	"github.com/1f349/violet/utils/fake"
 	_ "github.com/mattn/go-sqlite3"
 	"github.com/stretchr/testify/assert"
 	"net/http"
@@ -22,18 +25,18 @@ func (f *fakeTransport) RoundTrip(_ *http.Request) (*http.Response, error) {
 }
 
 func TestNewHttpsServer_RateLimit(t *testing.T) {
-	db, err := sql.Open("sqlite3", "file::memory:?cache=shared")
+	db, err := violet.InitDB("file:TestNewHttpsServer_RateLimit?mode=memory&cache=shared")
 	assert.NoError(t, err)
 
 	ft := &fakeTransport{}
-	httpsConf := &Conf{
+	httpsConf := &conf.Conf{
 		RateLimit: 5,
-		Domains:   &fakeDomains{},
+		Domains:   &fake.Domains{},
 		Certs:     certs.New(nil, nil, true),
-		Signer:    snakeOilProv,
-		Router:    router.NewManager(db, proxy.NewHybridTransportWithCalls(ft, ft)),
+		Signer:    fake.SnakeOilProv,
+		Router:    router.NewManager(db, proxy.NewHybridTransportWithCalls(ft, ft, &websocket.Server{})),
 	}
-	srv := NewHttpsServer(httpsConf)
+	srv := NewHttpsServer(httpsConf, nil)
 
 	req, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
 	req.RemoteAddr = "127.0.0.1:1447"

servers/metrics/httpmiddleware.go

@@ -0,0 +1,118 @@
+package metrics
+
+import (
+	"context"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"net/http"
+)
+
+// Copyright 2022 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package metrics is adapted from
+// https://github.com/bwplotka/correlator/tree/main/examples/observability/ping/pkg/httpinstrumentation
+// https://github.com/prometheus/client_golang/blob/main/examples/middleware/httpmiddleware/httpmiddleware.go
+
+type Middleware interface {
+	// WrapHandler wraps the given HTTP handler for instrumentation.
+	WrapHandler(handlerName string, handler http.Handler) http.HandlerFunc
+}
+
+type middleware struct {
+	buckets  []float64
+	registry prometheus.Registerer
+}
+
+// WrapHandler wraps the given HTTP handler for instrumentation:
+// It registers four metric collectors (if not already done) and reports HTTP
+// metrics to the (newly or already) registered collectors.
+// Each has a constant label named "handler" with the provided handlerName as
+// value.
+func (m *middleware) WrapHandler(handlerName string, handler http.Handler) http.HandlerFunc {
+	reg := prometheus.WrapRegistererWith(prometheus.Labels{"handler": handlerName}, m.registry)
+
+	requestsTotal := promauto.With(reg).NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "http_requests_total",
+			Help: "Tracks the number of HTTP requests.",
+		}, []string{"method", "code", "host"},
+	)
+	requestDuration := promauto.With(reg).NewHistogramVec(
+		prometheus.HistogramOpts{
+			Name:    "http_request_duration_seconds",
+			Help:    "Tracks the latencies for HTTP requests.",
+			Buckets: m.buckets,
+		},
+		[]string{"method", "code", "host"},
+	)
+	requestSize := promauto.With(reg).NewSummaryVec(
+		prometheus.SummaryOpts{
+			Name: "http_request_size_bytes",
+			Help: "Tracks the size of HTTP requests.",
+		},
+		[]string{"method", "code", "host"},
+	)
+	responseSize := promauto.With(reg).NewSummaryVec(
+		prometheus.SummaryOpts{
+			Name: "http_response_size_bytes",
+			Help: "Tracks the size of HTTP responses.",
+		},
+		[]string{"method", "code", "host"},
+	)
+
+	hostCtxGetter := promhttp.WithLabelFromCtx("host", func(ctx context.Context) string {
+		s, _ := ctx.Value(hostCtxKey(0)).(string)
+		return s
+	})
+
+	// Wraps the provided http.Handler to observe the request result with the provided metrics.
+	base := promhttp.InstrumentHandlerCounter(
+		requestsTotal,
+		promhttp.InstrumentHandlerDuration(
+			requestDuration,
+			promhttp.InstrumentHandlerRequestSize(
+				requestSize,
+				promhttp.InstrumentHandlerResponseSize(
+					responseSize,
+					handler,
+					hostCtxGetter,
+				),
+				hostCtxGetter,
+			),
+			hostCtxGetter,
+		),
+		hostCtxGetter,
+	)
+
+	return base.ServeHTTP
+}
+
+// New returns a Middleware interface.
+func New(registry prometheus.Registerer, buckets []float64) Middleware {
+	if buckets == nil {
+		buckets = prometheus.ExponentialBuckets(0.1, 1.5, 5)
+	}
+
+	return &middleware{
+		buckets:  buckets,
+		registry: registry,
+	}
+}
+
+type hostCtxKey uint8
+
+func AddHostCtx(req *http.Request) *http.Request {
+	return req.WithContext(context.WithValue(req.Context(), hostCtxKey(0), req.Host))
+}

sqlc.yaml

@@ -0,0 +1,15 @@
+version: "2"
+sql:
+  - engine: sqlite
+    queries: database/queries
+    schema: database/migrations
+    gen:
+      go:
+        package: "database"
+        out: "database"
+        emit_json_tags: true
+        overrides:
+          - column: "routes.flags"
+            go_type: "github.com/1f349/violet/target.Flags"
+          - column: "redirects.flags"
+            go_type: "github.com/1f349/violet/target.Flags"

target/flags.go

@@ -0,0 +1,42 @@
+package target
+
+type Flags uint64
+
+const (
+	FlagPre Flags = 1 << iota
+	FlagAbs
+	FlagCors
+	FlagSecureMode
+	FlagForwardHost
+	FlagForwardAddr
+	FlagIgnoreCert
+	FlagWebsocket
+)
+
+var (
+	routeFlagMask    = FlagPre | FlagAbs | FlagCors | FlagSecureMode | FlagForwardHost | FlagForwardAddr | FlagIgnoreCert | FlagWebsocket
+	redirectFlagMask = FlagPre | FlagAbs
+)
+
+// HasFlag returns true if the bits contain the requested flag
+func (f Flags) HasFlag(flag Flags) bool {
+	// 0110 & 0100 == 0100  (value != 0 thus true)
+	// 0011 & 0100 == 0000  (value == 0 thus false)
+	return f&flag != 0
+}
+
+// NormaliseRouteFlags returns only the bits used for routes
+func (f Flags) NormaliseRouteFlags() Flags {
+	// removes bits outside the mask
+	// 0110 & 0111 == 0110
+	// 1010 & 0111 == 0010  (values are different)
+	return f & routeFlagMask
+}
+
+// NormaliseRedirectFlags returns only the bits used for redirects
+func (f Flags) NormaliseRedirectFlags() Flags {
+	// removes bits outside the mask
+	// 0110 & 0111 == 0110
+	// 1010 & 0111 == 0010  (values are different)
+	return f & redirectFlagMask
+}

target/redirect.go

@@ -2,7 +2,7 @@ package target
 
 import (
 	"fmt"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/utils"
 	"net/http"
 	"net/url"
 	"path"
@@ -12,20 +12,31 @@ import (
 // Redirect is a target used by the router to manage redirecting the request
 // using the specified configuration.
 type Redirect struct {
-	Pre  bool   // if the path has had a prefix removed
-	Host string // target host
-	Port int    // target port
-	Path string // target path (possibly a prefix or absolute)
-	Abs  bool   // if the path is a prefix or absolute
-	Code int    // status code used to redirect
+	Src   string `json:"src"`   // request source
+	Dst   string `json:"dst"`   // redirect destination
+	Desc  string `json:"desc"`  // description for admin panel use
+	Flags Flags  `json:"flags"` // extra flags
+	Code  int64  `json:"code"`  // status code used to redirect
 }
 
-// FullHost outputs a host:port combo or just the host if the port is 0.
-func (r Redirect) FullHost() string {
-	if r.Port == 0 {
-		return r.Host
+type RedirectWithActive struct {
+	Redirect
+	Active bool `json:"active"`
+}
+
+func (r Redirect) OnDomain(domain string) bool {
+	// if there is no / then the first part is still the domain
+	domainPart, _, _ := strings.Cut(r.Src, "/")
+	if domainPart == domain {
+		return true
 	}
-	return fmt.Sprintf("%s:%d", r.Host, r.Port)
+
+	// domainPart could start with a subdomain
+	return strings.HasSuffix(domainPart, "."+domain)
+}
+
+func (r Redirect) HasFlag(flag Flags) bool {
+	return r.Flags&flag != 0
 }
 
 // ServeHTTP responds with the redirect to the response writer provided.
@@ -36,10 +47,12 @@ func (r Redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		code = http.StatusFound
 	}
 
+	// split the host and path
+	host, p := utils.SplitHostPath(r.Dst)
+
 	// if not Abs then join with the ending of the current path
-	p := r.Path
-	if !r.Abs {
-		p = path.Join(r.Path, req.URL.Path)
+	if !r.Flags.HasFlag(FlagAbs) {
+		p = path.Join(p, req.URL.Path)
 
 		// replace the trailing slash that path.Join() strips off
 		if strings.HasSuffix(req.URL.Path, "/") {
@@ -55,12 +68,17 @@ func (r Redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	// create a new URL
 	u := &url.URL{
 		Scheme: req.URL.Scheme,
-		Host:   r.FullHost(),
+		Host:   host,
 		Path:   p,
 	}
 
+	// close the incoming body after use
+	if req.Body != nil {
+		defer req.Body.Close()
+	}
+
 	// use fast redirect for speed
-	utils.FastRedirect(rw, req, u.String(), code)
+	utils.FastRedirect(rw, req, u.String(), int(code))
 }
 
 // String outputs a debug string for the redirect.

target/redirect_test.go

@@ -7,9 +7,20 @@ import (
 	"testing"
 )
 
-func TestRedirect_FullHost(t *testing.T) {
-	assert.Equal(t, "localhost", Redirect{Host: "localhost"}.FullHost())
-	assert.Equal(t, "localhost:22", Redirect{Host: "localhost", Port: 22}.FullHost())
+func TestRedirect_OnDomain(t *testing.T) {
+	assert.True(t, Route{Src: "example.com"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "test.example.com"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "example.com/hello"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "test.example.com/hello"}.OnDomain("example.com"))
+	assert.False(t, Route{Src: "example.com"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "test.example.com"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "example.com/hello"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "test.example.com/hello"}.OnDomain("example.org"))
+}
+
+func TestRedirect_HasFlag(t *testing.T) {
+	assert.True(t, Route{Flags: FlagPre | FlagAbs}.HasFlag(FlagPre))
+	assert.False(t, Route{Flags: FlagPre | FlagAbs}.HasFlag(FlagCors))
 }
 
 func TestRedirect_ServeHTTP(t *testing.T) {
@@ -17,14 +28,14 @@ func TestRedirect_ServeHTTP(t *testing.T) {
 		Redirect
 		target string
 	}{
-		{Redirect{Host: "example.com", Path: "/bye", Abs: true, Code: http.StatusFound}, "https://example.com/bye"},
-		{Redirect{Host: "example.com", Path: "/bye", Code: http.StatusFound}, "https://example.com/bye/hello/world"},
+		{Redirect{Dst: "example.com/bye", Flags: FlagAbs, Code: http.StatusFound}, "https://example.com/bye"},
+		{Redirect{Dst: "example.com/bye", Code: http.StatusFound}, "https://example.com/bye/hello/world"},
 	}
 	for _, i := range a {
 		res := httptest.NewRecorder()
 		req := httptest.NewRequest(http.MethodGet, "https://www.example.com/hello/world", nil)
 		i.ServeHTTP(res, req)
-		assert.Equal(t, i.Code, res.Code)
+		assert.Equal(t, i.Code, int64(res.Code))
 		assert.Equal(t, i.target, res.Header().Get("Location"))
 	}
 }

target/route.go

@@ -1,14 +1,14 @@
 package target
 
 import (
-	"context"
 	"fmt"
-	"github.com/MrMelon54/violet/proxy"
-	"github.com/MrMelon54/violet/utils"
+	"github.com/1f349/violet/logger"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/utils"
+	websocket2 "github.com/gorilla/websocket"
 	"github.com/rs/cors"
 	"golang.org/x/net/http/httpguts"
 	"io"
-	"log"
 	"net"
 	"net/http"
 	"net/textproto"
@@ -17,10 +17,13 @@ import (
 	"strings"
 )
 
+var Logger = logger.Logger.WithPrefix("Violet Serve Route")
+
 // serveApiCors outputs the cors headers to make APIs work.
 var serveApiCors = cors.New(cors.Options{
-	AllowedOrigins: []string{"*"}, // allow all origins for api requests
-	AllowedHeaders: []string{"Content-Type", "Authorization"},
+	// allow all origins for api requests
+	AllowOriginFunc: func(origin string) bool { return true },
+	AllowedHeaders:  []string{"Content-Type", "Authorization"},
 	AllowedMethods: []string{
 		http.MethodGet,
 		http.MethodHead,
@@ -36,18 +39,32 @@ var serveApiCors = cors.New(cors.Options{
 // Route is a target used by the router to manage forwarding traffic to an
 // internal server using the specified configuration.
 type Route struct {
-	Pre         bool                   // if the path has had a prefix removed
-	Host        string                 // target host
-	Port        int                    // target port
-	Path        string                 // target path (possibly a prefix or absolute)
-	Abs         bool                   // if the path is a prefix or absolute
-	Cors        bool                   // add CORS headers
-	SecureMode  bool                   // use HTTPS internally
-	ForwardHost bool                   // forward host header internally
-	ForwardAddr bool                   // forward remote address
-	IgnoreCert  bool                   // ignore self-cert
-	Headers     http.Header            // extra headers
-	Proxy       *proxy.HybridTransport // reverse proxy handler
+	Src     string                 `json:"src"`   // request source
+	Dst     string                 `json:"dst"`   // proxy destination
+	Desc    string                 `json:"desc"`  // description for admin panel use
+	Flags   Flags                  `json:"flags"` // extra flags
+	Headers http.Header            `json:"-"`     // extra headers
+	Proxy   *proxy.HybridTransport `json:"-"`     // reverse proxy handler
+}
+
+type RouteWithActive struct {
+	Route
+	Active bool `json:"active"`
+}
+
+func (r Route) OnDomain(domain string) bool {
+	// if there is no / then the first part is still the domain
+	domainPart, _, _ := strings.Cut(r.Src, "/")
+	if domainPart == domain {
+		return true
+	}
+
+	// domainPart could start with a subdomain
+	return strings.HasSuffix(domainPart, "."+domain)
+}
+
+func (r Route) HasFlag(flag Flags) bool {
+	return r.Flags&flag != 0
 }
 
 // UpdateHeaders takes an existing set of headers and overwrites them with the
@@ -58,18 +75,10 @@ func (r Route) UpdateHeaders(header http.Header) {
 	}
 }
 
-// FullHost outputs a host:port combo or just the host if the port is 0.
-func (r Route) FullHost() string {
-	if r.Port == 0 {
-		return r.Host
-	}
-	return fmt.Sprintf("%s:%d", r.Host, r.Port)
-}
-
 // ServeHTTP responds with the data proxied from the internal server to the
 // response writer provided.
 func (r Route) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	if r.Cors {
+	if r.HasFlag(FlagCors) {
 		// wraps with CORS handler
 		serveApiCors.Handler(http.HandlerFunc(r.internalServeHTTP)).ServeHTTP(rw, req)
 	} else {
@@ -82,21 +91,16 @@ func (r Route) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	// set the scheme and port using defaults if the port is 0
 	scheme := "http"
-	if r.SecureMode {
+	if r.HasFlag(FlagSecureMode) {
 		scheme = "https"
-		if r.Port == 0 {
-			r.Port = 443
-		}
-	} else {
-		if r.Port == 0 {
-			r.Port = 80
-		}
 	}
 
+	// split the host and path
+	host, p := utils.SplitHostPath(r.Dst)
+
 	// if not Abs then join with the ending of the current path
-	p := r.Path
-	if !r.Abs {
-		p = path.Join(r.Path, req.URL.Path)
+	if !r.HasFlag(FlagAbs) {
+		p = path.Join(p, req.URL.Path)
 
 		// replace the trailing slash that path.Join() strips off
 		if strings.HasSuffix(req.URL.Path, "/") {
@@ -112,7 +116,7 @@ func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	// create a new URL
 	u := &url.URL{
 		Scheme:   scheme,
-		Host:     r.FullHost(),
+		Host:     host,
 		Path:     p,
 		RawQuery: req.URL.RawQuery,
 	}
@@ -125,8 +129,7 @@ func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	// create the internal request
 	req2, err := http.NewRequest(req.Method, u.String(), req.Body)
 	if err != nil {
-		log.Printf("[ServeRoute::ServeHTTP()] Error generating new request: %s\n", err)
-		utils.RespondVioletError(rw, http.StatusBadGateway, "error generating new request")
+		utils.RespondVioletError(rw, http.StatusBadGateway, "Invalid request for proxy")
 		return
 	}
 
@@ -150,23 +153,47 @@ func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	}
 
 	// if forward host is enabled then send the host
-	if r.ForwardHost {
+	if r.HasFlag(FlagForwardHost) {
 		req2.Host = req.Host
 	}
-	if r.ForwardAddr {
-		req2.Header.Add("X-Forwarded-For", req.RemoteAddr)
-	}
 
 	// adds extra request metadata
-	r.internalReverseProxyMeta(rw, req)
+	if r.internalReverseProxyMeta(rw, req, req2) {
+		return
+	}
+
+	// switch to websocket handler
+	// internally the http hijack method is called
+	if r.HasFlag(FlagWebsocket) && websocket2.IsWebSocketUpgrade(req2) {
+		r.Proxy.ConnectWebsocket(rw, req2)
+		return
+	}
+
+	req2.Header.Set("X-Violet-Loop-Detect", "1")
 
 	// serve request with reverse proxy
 	var resp *http.Response
-	if r.IgnoreCert {
+	if r.HasFlag(FlagIgnoreCert) {
 		resp, err = r.Proxy.InsecureRoundTrip(req2)
 	} else {
 		resp, err = r.Proxy.SecureRoundTrip(req2)
 	}
+	if err != nil {
+		Logger.Warn("Error receiving internal round trip response", "route src", r.Src, "url", req2.URL.String(), "err", err)
+		utils.RespondVioletError(rw, http.StatusBadGateway, "Error receiving internal round trip response")
+		return
+	}
+
+	// make sure to close response body after use
+	if resp.Body != nil {
+		defer resp.Body.Close()
+	}
+
+	if resp.StatusCode == http.StatusLoopDetected {
+		Logger.Warn("Loop Detected", "method", req.Method, "url", req.URL, "url2", req2.URL.String())
+		utils.RespondVioletError(rw, http.StatusLoopDetected, "Error loop detected")
+		return
+	}
 
 	// copy headers and status code
 	copyHeader(rw.Header(), resp.Header)
@@ -176,14 +203,6 @@ func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	if resp.Body != nil {
 		_, err := io.Copy(rw, resp.Body)
 		if err != nil {
-			// hijack and close upon error
-			if h, ok := rw.(http.Hijacker); ok {
-				hijack, _, err := h.Hijack()
-				if err != nil {
-					return
-				}
-				_ = hijack.Close()
-			}
 			return
 		}
 	}
@@ -193,30 +212,20 @@ func (r Route) internalServeHTTP(rw http.ResponseWriter, req *http.Request) {
 // due to the highly custom nature of this reverse proxy software we use a copy
 // of the code instead of the full httputil implementation to prevent overhead
 // from the more generic implementation
-func (r Route) internalReverseProxyMeta(rw http.ResponseWriter, req *http.Request) {
-	outreq := req.Clone(context.Background())
+func (r Route) internalReverseProxyMeta(rw http.ResponseWriter, req, req2 *http.Request) bool {
 	if req.ContentLength == 0 {
-		outreq.Body = nil // Issue 16036: nil Body for http.Transport retries
+		req2.Body = nil // Issue 16036: nil Body for http.Transport retries
 	}
-	if outreq.Body != nil {
-		// Reading from the request body after returning from a handler is not
-		// allowed, and the RoundTrip goroutine that reads the Body can outlive
-		// this handler. This can lead to a crash if the handler panics (see
-		// Issue 46866). Although calling Close doesn't guarantee there isn't
-		// any Read in flight after the handle returns, in practice it's safe to
-		// read after closing it.
-		defer outreq.Body.Close()
-	}
-	if outreq.Header == nil {
-		outreq.Header = make(http.Header) // Issue 33142: historical behavior was to always allocate
+	if req2.Header == nil {
+		req2.Header = make(http.Header) // Issue 33142: historical behavior was to always allocate
 	}
 
-	reqUpType := upgradeType(outreq.Header)
+	reqUpType := upgradeType(req2.Header)
 	if !asciiIsPrint(reqUpType) {
-		utils.RespondVioletError(rw, http.StatusBadRequest, fmt.Sprintf("client tried to switch to invalid protocol %q", reqUpType))
-		return
+		utils.RespondVioletError(rw, http.StatusBadRequest, fmt.Sprintf("Invalid protocol %s", reqUpType))
+		return true
 	}
-	removeHopByHopHeaders(outreq.Header)
+	removeHopByHopHeaders(req2.Header)
 
 	// Issue 21096: tell backend applications that care about trailer support
 	// that we support trailers. (We do, but we don't go out of our way to
@@ -224,29 +233,33 @@ func (r Route) internalReverseProxyMeta(rw http.ResponseWriter, req *http.Reques
 	// mentioning.) Note that we look at req.Header, not outreq.Header, since
 	// the latter has passed through removeHopByHopHeaders.
 	if httpguts.HeaderValuesContainsToken(req.Header["Te"], "trailers") {
-		outreq.Header.Set("Te", "trailers")
+		req2.Header.Set("Te", "trailers")
 	}
 
 	// After stripping all the hop-by-hop connection headers above, add back any
 	// necessary for protocol upgrades, such as for websockets.
 	if reqUpType != "" {
-		outreq.Header.Set("Connection", "Upgrade")
-		outreq.Header.Set("Upgrade", reqUpType)
+		req2.Header.Set("Connection", "Upgrade")
+		req2.Header.Set("Upgrade", reqUpType)
 	}
 
-	if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
-		// If we aren't the first proxy retain prior
-		// X-Forwarded-For information as a comma+space
-		// separated list and fold multiple headers into one.
-		prior, ok := outreq.Header["X-Forwarded-For"]
-		omit := ok && prior == nil // Issue 38079: nil now means don't populate the header
-		if len(prior) > 0 {
-			clientIP = strings.Join(prior, ", ") + ", " + clientIP
-		}
-		if !omit {
-			outreq.Header.Set("X-Forwarded-For", clientIP)
+	if r.HasFlag(FlagForwardAddr) {
+		if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
+			// If we aren't the first proxy retain prior
+			// X-Forwarded-For information as a comma+space
+			// separated list and fold multiple headers into one.
+			prior, ok := req2.Header["X-Forwarded-For"]
+			omit := ok && prior == nil // Issue 38079: nil now means don't populate the header
+			if len(prior) > 0 {
+				clientIP = strings.Join(prior, ", ") + ", " + clientIP
+			}
+			if !omit {
+				req2.Header.Set("X-Forwarded-For", clientIP)
+			}
 		}
 	}
+
+	return false
 }
 
 // String outputs a debug string for the route.

target/route_test.go

@@ -1,8 +1,12 @@
 package target
 
 import (
-	"github.com/MrMelon54/violet/proxy"
+	"bytes"
+	"github.com/1f349/violet/proxy"
+	"github.com/1f349/violet/proxy/websocket"
 	"github.com/stretchr/testify/assert"
+	"io"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -14,7 +18,7 @@ type proxyTester struct {
 }
 
 func (p *proxyTester) makeHybridTransport() *proxy.HybridTransport {
-	return proxy.NewHybridTransportWithCalls(p, p)
+	return proxy.NewHybridTransportWithCalls(p, p, &websocket.Server{})
 }
 
 func (p *proxyTester) RoundTrip(req *http.Request) (*http.Response, error) {
@@ -23,9 +27,20 @@ func (p *proxyTester) RoundTrip(req *http.Request) (*http.Response, error) {
 	return &http.Response{StatusCode: http.StatusOK}, nil
 }
 
-func TestRoute_FullHost(t *testing.T) {
-	assert.Equal(t, "localhost", Route{Host: "localhost"}.FullHost())
-	assert.Equal(t, "localhost:22", Route{Host: "localhost", Port: 22}.FullHost())
+func TestRoute_OnDomain(t *testing.T) {
+	assert.True(t, Route{Src: "example.com"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "test.example.com"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "example.com/hello"}.OnDomain("example.com"))
+	assert.True(t, Route{Src: "test.example.com/hello"}.OnDomain("example.com"))
+	assert.False(t, Route{Src: "example.com"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "test.example.com"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "example.com/hello"}.OnDomain("example.org"))
+	assert.False(t, Route{Src: "test.example.com/hello"}.OnDomain("example.org"))
+}
+
+func TestRoute_HasFlag(t *testing.T) {
+	assert.True(t, Route{Flags: FlagPre | FlagAbs}.HasFlag(FlagPre))
+	assert.False(t, Route{Flags: FlagPre | FlagAbs}.HasFlag(FlagCors))
 }
 
 func TestRoute_ServeHTTP(t *testing.T) {
@@ -33,12 +48,12 @@ func TestRoute_ServeHTTP(t *testing.T) {
 		Route
 		target string
 	}{
-		{Route{Host: "localhost", Port: 1234, Path: "/bye", Abs: true}, "http://localhost:1234/bye"},
-		{Route{Host: "1.2.3.4", Path: "/bye"}, "http://1.2.3.4:80/bye/hello/world"},
-		{Route{Host: "2.2.2.2", Path: "/world", Abs: true, SecureMode: true}, "https://2.2.2.2:443/world"},
-		{Route{Host: "api.example.com", Path: "/world", Abs: true, SecureMode: true, ForwardHost: true}, "https://api.example.com:443/world"},
-		{Route{Host: "api.example.org", Path: "/world", Abs: true, SecureMode: true, ForwardAddr: true}, "https://api.example.org:443/world"},
-		{Route{Host: "3.3.3.3", Path: "/headers", Abs: true, Headers: http.Header{"X-Other": []string{"test value"}}}, "http://3.3.3.3:80/headers"},
+		{Route{Dst: "localhost:1234/bye", Flags: FlagAbs}, "http://localhost:1234/bye"},
+		{Route{Dst: "1.2.3.4/bye"}, "http://1.2.3.4/bye/hello/world"},
+		{Route{Dst: "2.2.2.2/world", Flags: FlagAbs | FlagSecureMode}, "https://2.2.2.2/world"},
+		{Route{Dst: "api.example.com/world", Flags: FlagAbs | FlagSecureMode | FlagForwardHost}, "https://api.example.com/world"},
+		{Route{Dst: "api.example.org/world", Flags: FlagAbs | FlagSecureMode | FlagForwardAddr}, "https://api.example.org/world"},
+		{Route{Dst: "3.3.3.3/headers", Flags: FlagAbs, Headers: http.Header{"X-Other": []string{"test value"}, "X-Violet-Loop-Detect": []string{"1"}}}, "http://3.3.3.3/headers"},
 	}
 	for _, i := range a {
 		pt := &proxyTester{}
@@ -49,10 +64,12 @@ func TestRoute_ServeHTTP(t *testing.T) {
 
 		assert.True(t, pt.got)
 		assert.Equal(t, i.target, pt.req.URL.String())
-		if i.ForwardAddr {
-			assert.Equal(t, req.RemoteAddr, pt.req.Header.Get("X-Forwarded-For"))
+		if i.HasFlag(FlagForwardAddr) {
+			host, _, err := net.SplitHostPort(req.RemoteAddr)
+			assert.NoError(t, err)
+			assert.Equal(t, host, pt.req.Header.Get("X-Forwarded-For"))
 		}
-		if i.ForwardHost {
+		if i.HasFlag(FlagForwardHost) {
 			assert.Equal(t, req.Host, pt.req.Host)
 		}
 		if i.Headers != nil {
@@ -66,14 +83,32 @@ func TestRoute_ServeHTTP_Cors(t *testing.T) {
 	res := httptest.NewRecorder()
 	req := httptest.NewRequest(http.MethodOptions, "https://www.example.com/test", nil)
 	req.Header.Set("Origin", "https://test.example.com")
-	i := &Route{Host: "1.1.1.1", Port: 8080, Path: "/hello", Cors: true, Proxy: pt.makeHybridTransport()}
+	i := &Route{Dst: "1.1.1.1:8080/hello", Flags: FlagCors, Proxy: pt.makeHybridTransport()}
 	i.ServeHTTP(res, req)
 
 	assert.True(t, pt.got)
 	assert.Equal(t, http.MethodOptions, pt.req.Method)
 	assert.Equal(t, "http://1.1.1.1:8080/hello/test", pt.req.URL.String())
 	assert.Equal(t, "Origin", res.Header().Get("Vary"))
-	assert.Equal(t, "*", res.Header().Get("Access-Control-Allow-Origin"))
+	assert.Equal(t, "https://test.example.com", res.Header().Get("Access-Control-Allow-Origin"))
 	assert.Equal(t, "true", res.Header().Get("Access-Control-Allow-Credentials"))
 	assert.Equal(t, "Origin", res.Header().Get("Vary"))
 }
+
+func TestRoute_ServeHTTP_Body(t *testing.T) {
+	pt := &proxyTester{}
+	res := httptest.NewRecorder()
+	buf := bytes.NewBuffer([]byte{0x54})
+	req := httptest.NewRequest(http.MethodPost, "https://www.example.com/test", buf)
+	req.Header.Set("Origin", "https://test.example.com")
+	i := &Route{Dst: "1.1.1.1:8080/hello", Flags: FlagCors, Proxy: pt.makeHybridTransport()}
+	i.ServeHTTP(res, req)
+
+	assert.True(t, pt.got)
+	assert.Equal(t, http.MethodPost, pt.req.Method)
+	assert.Equal(t, "http://1.1.1.1:8080/hello/test", pt.req.URL.String())
+	all, err := io.ReadAll(pt.req.Body)
+	assert.NoError(t, err)
+	assert.Equal(t, 0, bytes.Compare(all, []byte{0x54}))
+	assert.NoError(t, pt.req.Body.Close())
+}

utils/domain-utils.go

@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"golang.org/x/net/publicsuffix"
 	"strconv"
 	"strings"
 )
@@ -65,21 +66,41 @@ func GetParentDomain(domain string) (string, bool) {
 //
 // hello.world.example.com => example.com
 func GetTopFqdn(domain string) (string, bool) {
-	var countDot int
-	n := strings.LastIndexFunc(domain, func(r rune) bool {
-		// return true if this is the second '.'
-		// otherwise counts one and continues
-		if r == '.' {
-			if countDot == 1 {
-				return true
-			}
-			countDot++
-		}
-		return false
-	})
-	// if a valid index isn't found then return false
-	if n == -1 {
-		return "", false
-	}
-	return domain[n+1:], true
+	out, err := publicsuffix.EffectiveTLDPlusOne(domain)
+	return out, err == nil
+}
+
+// SplitHostPath extracts the host/path from the input
+func SplitHostPath(a string) (host, path string) {
+	// check if source has path
+	n := strings.IndexByte(a, '/')
+	if n == -1 {
+		// set host then path to /
+		host = a
+		path = "/"
+	} else {
+		// set host then custom path
+		host = a[:n]
+		path = a[n:] // this required to keep / at the start of the path
+	}
+	return
+}
+
+// SplitHostPathQuery extracts the host/path?query from the input
+func SplitHostPathQuery(a string) (host, path, query string) {
+	host, path = SplitHostPath(a)
+	if path == "/" {
+		n := strings.IndexByte(host, '?')
+		if n != -1 {
+			query = host[n+1:]
+			host = host[:n]
+		}
+		return
+	}
+	n := strings.IndexByte(path, '?')
+	if n != -1 {
+		query = path[n+1:]
+		path = path[:n] // reassign happens after
+	}
+	return
 }

utils/domain-utils_test.go

@@ -52,7 +52,11 @@ func TestGetBaseDomain(t *testing.T) {
 }
 
 func TestGetTopFqdn(t *testing.T) {
-	domain, ok := GetTopFqdn("www.example.com")
+	domain, ok := GetTopFqdn("example.com")
+	assert.True(t, ok, "Output should be true")
+	assert.Equal(t, "example.com", domain)
+
+	domain, ok = GetTopFqdn("www.example.com")
 	assert.True(t, ok, "Output should be true")
 	assert.Equal(t, "example.com", domain)
 
@@ -60,3 +64,40 @@ func TestGetTopFqdn(t *testing.T) {
 	assert.True(t, ok, "Output should be true")
 	assert.Equal(t, "example.com", domain)
 }
+
+func TestSplitHostPath(t *testing.T) {
+	h, p := SplitHostPath("example.com/hello/world")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/hello/world", p)
+
+	h, p = SplitHostPath("example.com")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/", p)
+}
+
+func TestSplitHostPathQuery(t *testing.T) {
+	h, p, q := SplitHostPathQuery("example.com/hello/world")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/hello/world", p)
+	assert.Equal(t, "", q)
+
+	h, p, q = SplitHostPathQuery("example.com")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/", p)
+	assert.Equal(t, "", q)
+
+	h, p, q = SplitHostPathQuery("example.com/hello/world?a=b")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/hello/world", p)
+	assert.Equal(t, "a=b", q)
+
+	h, p, q = SplitHostPathQuery("example.com?a=b")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/", p)
+	assert.Equal(t, "a=b", q)
+
+	h, p, q = SplitHostPathQuery("example.com/?a=b")
+	assert.Equal(t, "example.com", h)
+	assert.Equal(t, "/", p)
+	assert.Equal(t, "a=b", q)
+}

utils/fake/fake-compilable.go

@@ -0,0 +1,11 @@
+package fake
+
+import "github.com/1f349/violet/utils"
+
+// Compilable implements utils.Compilable and stores if the Compile function
+// is called.
+type Compilable struct{ Done bool }
+
+func (f *Compilable) Compile() { f.Done = true }
+
+var _ utils.Compilable = &Compilable{}

utils/fake/fake-domains.go

@@ -0,0 +1,13 @@
+package fake
+
+import "github.com/1f349/violet/utils"
+
+// Domains implements DomainProvider and makes sure `example.com` is valid
+type Domains struct{}
+
+func (f *Domains) IsValid(host string) bool { return host == "example.com" }
+func (f *Domains) Put(string, bool)         {}
+func (f *Domains) Delete(string)            {}
+func (f *Domains) Compile()                 {}
+
+var _ utils.DomainProvider = &Domains{}

utils/fake/fake.go

@@ -0,0 +1,2 @@
+// Package fake contains fake structs used during tests
+package fake

utils/fake/mjwt.go

@@ -0,0 +1,30 @@
+package fake
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"github.com/1f349/mjwt"
+	"github.com/1f349/mjwt/auth"
+	"github.com/1f349/mjwt/claims"
+	"time"
+)
+
+var SnakeOilProv = GenSnakeOilProv()
+
+func GenSnakeOilProv() mjwt.Signer {
+	key, err := rsa.GenerateKey(rand.Reader, 1024)
+	if err != nil {
+		panic(err)
+	}
+	return mjwt.NewMJwtSigner("violet.test", key)
+}
+
+func GenSnakeOilKey(perm string) string {
+	p := claims.NewPermStorage()
+	p.Set(perm)
+	val, err := SnakeOilProv.GenerateJwt("abc", "abc", nil, 5*time.Minute, auth.AccessTokenClaims{Perms: p})
+	if err != nil {
+		panic(err)
+	}
+	return val
+}

utils/interfaces.go

@@ -0,0 +1,21 @@
+package utils
+
+import "crypto/tls"
+
+type DomainProvider interface {
+	IsValid(host string) bool
+	Put(domain string, active bool)
+	Delete(domain string)
+	Compile()
+}
+
+type AcmeChallengeProvider interface {
+	Get(domain, key string) string
+	Put(domain, key, value string)
+	Delete(domain, key string)
+}
+
+type CertProvider interface {
+	GetCertForDomain(domain string) *tls.Certificate
+	Compile()
+}

utils/server-utils.go

@@ -1,33 +1,35 @@
 package utils
 
 import (
-	"log"
+	"errors"
+	"github.com/charmbracelet/log"
+	"net"
 	"net/http"
 	"strings"
 )
 
 // logHttpServerError is the internal function powering the logging in
 // RunBackgroundHttp and RunBackgroundHttps.
-func logHttpServerError(prefix string, err error) {
+func logHttpServerError(logger *log.Logger, err error) {
 	if err != nil {
-		if err == http.ErrServerClosed {
-			log.Printf("[%s] The http server shutdown successfully\n", prefix)
+		if errors.Is(err, http.ErrServerClosed) {
+			logger.Info("The http server shutdown successfully")
 		} else {
-			log.Printf("[%s] Error trying to host the http server: %s\n", prefix, err.Error())
+			logger.Info("Error trying to host the http server", "err", err.Error())
 		}
 	}
 }
 
 // RunBackgroundHttp runs a http server and logs when the server closes or
 // errors.
-func RunBackgroundHttp(prefix string, s *http.Server) {
-	logHttpServerError(prefix, s.ListenAndServe())
+func RunBackgroundHttp(logger *log.Logger, s *http.Server, ln net.Listener) {
+	logHttpServerError(logger, s.Serve(ln))
 }
 
 // RunBackgroundHttps runs a http server with TLS encryption and logs when the
 // server closes or errors.
-func RunBackgroundHttps(prefix string, s *http.Server) {
-	logHttpServerError(prefix, s.ListenAndServeTLS("", ""))
+func RunBackgroundHttps(logger *log.Logger, s *http.Server, ln net.Listener) {
+	logHttpServerError(logger, s.ServeTLS(ln, "", ""))
 }
 
 // GetBearer returns the bearer from the Authorization header or an empty string

violet.openapi.yaml

@@ -0,0 +1,77 @@
+openapi: 3.0.3
+info:
+  title: Violet
+  description: Violet
+  version: 1.0.0
+  contact:
+    name: Webmaster
+    email: webmaster@1f349.net
+servers:
+  - url: 'https://api.1f349.net/v1/violet'
+paths:
+  /compile:
+    post:
+      summary: Compile quick access data
+      tags:
+        - compile
+      responses:
+        '202':
+          description: Compile trigger sent
+  /domain/{domain}:
+    put:
+      summary: Add an allowed domain
+      tags:
+        - domain
+      parameters:
+        - name: domain
+          in: path
+          required: true
+          description: The domain to add
+          schema:
+            type: string
+      responses:
+        '202':
+          description: Domain added and compiled list reloaded
+    delete:
+      summary: Remove an allowed domain
+      tags:
+        - domain
+      parameters:
+        - name: domain
+          in: path
+          required: true
+          description: The domain to remove
+          schema:
+            type: string
+      responses:
+        '202':
+          description: Domain removed and compiled list reloaded
+  /acme-challenge/{domain}/{key}/{value}:
+    put:
+      summary: Add ACME challenge value
+      tags:
+        - acme-challenge
+      parameters:
+        - name: domain
+          in: path
+          required: true
+          description: The domain to add the challenge on
+          schema:
+            type: string
+      responses:
+        '202':
+          description: ACME challenge added
+    delete:
+      summary: Add ACME challenge value
+      tags:
+        - acme-challenge
+      parameters:
+        - name: domain
+          in: path
+          required: true
+          description: The domain to add the challenge on
+          schema:
+            type: string
+      responses:
+        '202':
+          description: ACME challenge added