/* Copyright © 2023-2024 AGECEM */ package main import ( "crypto/subtle" "embed" "encoding/json" "fmt" "io" "log" "net/http" "os" "strings" "text/template" "codeberg.org/vlbeaudoin/pave/v2" "codeberg.org/vlbeaudoin/serpents" "git.agecem.com/agecem/agecem-org/media" "git.agecem.com/agecem/agecem-org/public" "git.agecem.com/agecem/agecem-org/templates" "git.agecem.com/agecem/agecem-org/version" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "github.com/spf13/cobra" "github.com/spf13/viper" ) // configCmd represents the config command var configCmd = &cobra.Command{ Use: "config", Short: "Print the config to stdout in indented JSON format", Run: func(cmd *cobra.Command, args []string) { var cfg Config if err := viper.Unmarshal(&cfg); err != nil { log.Fatal(err) } printConfig(cfg) }, } func init() { rootCmd.AddCommand(configCmd) } func printConfig(config Config) error { buf, err := json.MarshalIndent(config, "", " ") if err != nil { return err } fmt.Println(string(buf)) return nil } var cfgFile string // rootCmd represents the base command when called without any subcommands var rootCmd = &cobra.Command{ Use: "agecem-org", Short: "Application du site web de l'AGECEM", Long: "Application du site web de l'AGECEM, l'Association Générale Étudiante du Cégep Édouard-Montpetit.", } // Execute adds all child commands to the root command and sets flags appropriately. // This is called by main.main(). It only needs to happen once to the rootCmd. func Execute() { err := rootCmd.Execute() if err != nil { os.Exit(1) } } func init() { cobra.OnInitialize(initConfig) rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.agecem-org.yaml)") } // initConfig reads in config file and ENV variables if set. func initConfig() { if cfgFile != "" { // Use config file from the flag. viper.SetConfigFile(cfgFile) } else { // Find home directory. home, err := os.UserHomeDir() cobra.CheckErr(err) // Search config in home directory with name ".agecem-org" (without extension). viper.AddConfigPath(home) viper.SetConfigType("yaml") viper.SetConfigName(".agecem-org") } viper.SetEnvPrefix("AGECEM_ORG") viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_")) viper.AutomaticEnv() // read in environment variables that match // If a config file is found, read it in. if err := viper.ReadInConfig(); err == nil { fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed()) } } type Template struct { templates *template.Template } var cfg Config var ( publicFS embed.FS templatesFS embed.FS ) // serverCmd represents the server command var serverCmd = &cobra.Command{ Use: "server", Short: "Démarrer le serveur web", Run: func(cmd *cobra.Command, args []string) { if err := viper.Unmarshal(&cfg); err != nil { log.Fatal(err) } mediaClient, err := media.NewMediaClientFromViper() switch err != nil { case true: log.Printf("media.NewMediaClientFromViper error: %s", err) case false: new_buckets, err := mediaClient.Seed() if err != nil { log.Printf("(*media.MediaClient).Seed error: %s", err) } else { log.Printf("Seeded %d buckets.\n", len(new_buckets)) } } RunServer() }, } func init() { rootCmd.AddCommand(serverCmd) publicFS = public.GetPublicFS() templatesFS = templates.GetTemplatesFS() serpents.Int(serverCmd.Flags(), "server.port", "server-port", 8080, "Port to run the webserver on") // Not currently used /* // server.documents.location - --server-documents-location serverCmd.Flags().String("server-documents-location", "us-east", "Storage bucket location (config: server.documents.location)") viper.BindPFlag("server.documents.location", serverCmd.Flags().Lookup("server-documents-location")) */ serpents.String(serverCmd.Flags(), "server.documents.endpoint", "server-documents-endpoint", "minio:9000", "Storage server endpoint") serpents.String(serverCmd.Flags(), "server.documents.access_key_id", "server-documents-access-key-id", "agecem-org", "Storage server access key id") serpents.String(serverCmd.Flags(), "server.documents.secret_access_key", "server-documents-secret-access-key", "agecem-org", "Storage server secret access key") serpents.Bool(serverCmd.Flags(), "server.documents.use_ssl", "server-documents-use-ssl", false, "Storage server SSL status") serpents.StringToString(serverCmd.Flags(), "server.documents.buckets", "server-documents-buckets", map[string]string{ "proces-verbaux": "Procès-verbaux", "politiques": "Politiques", "reglements": "Règlements", "formulaires": "Formulaires", }, "Buckets that are allowed to be accessed by the API") serpents.Bool(serverCmd.Flags(), "server.api.auth", "server-api-auth", true, "Enable to allow key authentication for /v1 routes") serpents.String(serverCmd.Flags(), "server.api.key", "server-api-key", "agecem-org", "Key to use for authenticating to /v1 routes") serpents.Int(serverCmd.Flags(), "server.api.port", "server-api-port", 8080, "API server port") serpents.String(serverCmd.Flags(), "server.api.protocol", "server-api-protocol", "http", "API server protocol (http/https)") serpents.String(serverCmd.Flags(), "server.api.host", "server-api-host", "localhost", "API server host") serpents.Bool(serverCmd.Flags(), "server.admin.auth", "server-admin-auth", true, "Enable to allow basic authentication for /admin routes") serpents.String(serverCmd.Flags(), "server.admin.username", "server-admin-username", "agecem-org", "Username for basic authentication for /admin routes") serpents.String(serverCmd.Flags(), "server.admin.password", "server-admin-password", "agecem-org", "Password for basic authentication for /admin routes") } func RunServer() { e := echo.New() t := &Template{ templates: template.Must(template.ParseFS(templatesFS, "html/*.html")), } e.Renderer = t e.Pre(middleware.RemoveTrailingSlash()) groupStatic := e.Group("/public/*") groupStatic.Use(middleware.StaticWithConfig(middleware.StaticConfig{ Root: "/", Filesystem: http.FS(publicFS), //TODO //Browse: true, })) groupV1 := e.Group("/v1") groupV1.Use(middleware.AddTrailingSlash()) if cfg.Server.Api.Auth { if len(cfg.Server.Api.Key) < 10 { log.Fatal("server.api.auth is enabled, but server.api.key is too small (needs at least 10 characters)") } groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) { return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.Api.Key)) == 1, nil })) log.Println("Key auth for /v1 activated") } groupAdmin := e.Group("/admin") groupAdmin.Use(middleware.AddTrailingSlash()) if cfg.Server.Admin.Auth { if len(cfg.Server.Admin.Username) < 5 { log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)") } if len(cfg.Server.Admin.Password) < 10 { log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)") } groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) { // Be careful to use constant time comparison to prevent timing attacks if subtle.ConstantTimeCompare([]byte(username_entered), []byte(cfg.Server.Admin.Username)) == 1 && subtle.ConstantTimeCompare([]byte(password_entered), []byte(cfg.Server.Admin.Password)) == 1 { return true, nil } return false, nil })) log.Println("Basic auth for /admin activated") } // API Routes mediaClient, err := media.NewMediaClientFromViper() if err != nil { log.Fatal("Error during NewMediaClientFromViper for API handlers") } p := pave.New() v1Handler := V1Handler{ Config: cfg, MediaClient: mediaClient, Pave: &p, } groupV1.GET("", v1Handler.ListRoutes) if err := pave.EchoRegister[ ExecuteSeedRequest, ExecuteSeedResponse](groupV1, &p, "/v1", http.MethodPost, "/seed", "Créer buckets manquants définis dans `server.documents.buckets`", "ExecuteSeed", v1Handler.ExecuteSeed); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ UpdateDocumentKeyRequest, UpdateDocumentKeyResponse](groupV1, &p, "/v1", http.MethodPut, "/bucket/:bucket/:document/key", "Renommer un document", "UpdateDocumentKey", v1Handler.UpdateDocumentKey); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ ReadSpecRequest, ReadSpecResponse](groupV1, &p, "/v1", http.MethodGet, "/spec", DescriptionV1SpecGET, "SpecRead", v1Handler.ReadSpec); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ ListBucketsRequest, ListBucketsResponse](groupV1, &p, "/v1", http.MethodGet, "/bucket", "List buckets", "ListBuckets", v1Handler.ListBuckets); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ ReadBucketRequest, ReadBucketResponse](groupV1, &p, "/v1", http.MethodGet, "/bucket/:bucket", "Read bucket content", "ReadBucket", v1Handler.ReadBucket); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ CreateDocumentsRequest, CreateDocumentsResponse](groupV1, &p, "/v1", http.MethodPost, "/bucket/:bucket/many", "Upload documents to specified bucket", "CreateDocuments", v1Handler.CreateDocuments); err != nil { log.Fatal(err) } if err := pave.EchoRegister[ CreateDocumentRequest, CreateDocumentResponse](groupV1, &p, "/v1", http.MethodPost, "/bucket/:bucket", "Upload document to specified bucket", "CreateDocument", v1Handler.CreateDocument); err != nil { log.Fatal(err) } // Do not move to pave, uses echo.Stream instead of echo.JSON groupV1.GET("/bucket/:bucket/:document", v1Handler.ReadDocument) if err := pave.EchoRegister[ DeleteDocumentRequest, DeleteDocumentResponse](groupV1, &p, "/v1", http.MethodDelete, "/bucket/:bucket/:document", "Delete document in specified bucket", "DeleteDocument", v1Handler.DeleteDocument); err != nil { log.Fatal(err) } // HTML Routes client := http.DefaultClient defer client.CloseIdleConnections() apiClient, err := NewAPIClientFromViper(client) if err != nil { log.Fatal(err) } webHandler := WebHandler{ ApiClient: apiClient, } e.GET("/", HandleIndex) //e.GET("/a-propos", HandleAPropos) //e.GET("/actualite", HandleActualite) //e.GET("/actualite/:article", HandleActualiteArticle) e.GET("/vie-etudiante", HandleVieEtudiante) e.GET("/vie-etudiante/:organisme", HandleVieEtudianteOrganisme) e.GET("/documentation", webHandler.HandleDocumentation) e.GET("/formulaires", HandleFormulaires) // Public Routes e.GET("/public/documentation/:bucket/:document", webHandler.HandlePublicDocumentation) // Admin Routes groupAdmin.GET("", HandleAdmin) groupAdmin.GET("/documents/upload", webHandler.HandleAdminDocumentsUpload) groupAdmin.POST("/documents/upload", webHandler.HandleAdminDocumentsUploadPOST) e.Logger.Fatal(e.Start( fmt.Sprintf(":%d", cfg.Server.Port))) } func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error { return t.templates.ExecuteTemplate(w, name, data) } // versionCmd represents the version command var versionCmd = &cobra.Command{ Use: "version", Short: "Print version registered at build time", Run: func(cmd *cobra.Command, args []string) { fmt.Println("agecem-org", version.Version()) }, } func init() { rootCmd.AddCommand(versionCmd) }