[feature/performance] Wrap incoming HTTP requests in timeout handler (#2353)
* deinterface router, start messing about with deadlines * weeeee * thanks linter (thinter) * write Connection: close when timing out requests * update wording * don't replace req * don't bother with fancy Cause functions (I'll use them one day...)
This commit is contained in:
parent
7753f42132
commit
8d0c017cf2
|
@ -35,7 +35,7 @@ type ActivityPub struct {
|
||||||
signatureCheckMiddleware gin.HandlerFunc
|
signatureCheckMiddleware gin.HandlerFunc
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *ActivityPub) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (a *ActivityPub) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// create groupings for the 'emoji' and 'users' prefixes
|
// create groupings for the 'emoji' and 'users' prefixes
|
||||||
emojiGroup := r.AttachGroup("emoji")
|
emojiGroup := r.AttachGroup("emoji")
|
||||||
usersGroup := r.AttachGroup("users")
|
usersGroup := r.AttachGroup("users")
|
||||||
|
@ -54,7 +54,7 @@ func (a *ActivityPub) Route(r router.Router, m ...gin.HandlerFunc) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Public key endpoint requires different middleware + cache policies from other AP endpoints.
|
// Public key endpoint requires different middleware + cache policies from other AP endpoints.
|
||||||
func (a *ActivityPub) RoutePublicKey(r router.Router, m ...gin.HandlerFunc) {
|
func (a *ActivityPub) RoutePublicKey(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// Create grouping for the 'users/[username]/main-key' prefix.
|
// Create grouping for the 'users/[username]/main-key' prefix.
|
||||||
publicKeyGroup := r.AttachGroup(publickey.PublicKeyPath)
|
publicKeyGroup := r.AttachGroup(publickey.PublicKeyPath)
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ type Auth struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Route attaches 'auth' and 'oauth' groups to the given router.
|
// Route attaches 'auth' and 'oauth' groups to the given router.
|
||||||
func (a *Auth) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (a *Auth) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// create groupings for the 'auth' and 'oauth' prefixes
|
// create groupings for the 'auth' and 'oauth' prefixes
|
||||||
authGroup := r.AttachGroup("auth")
|
authGroup := r.AttachGroup("auth")
|
||||||
oauthGroup := r.AttachGroup("oauth")
|
oauthGroup := r.AttachGroup("oauth")
|
||||||
|
|
|
@ -79,7 +79,7 @@ type Client struct {
|
||||||
user *user.Module // api/v1/user
|
user *user.Module // api/v1/user
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (c *Client) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// create a new group on the top level client 'api' prefix
|
// create a new group on the top level client 'api' prefix
|
||||||
apiGroup := r.AttachGroup("api")
|
apiGroup := r.AttachGroup("api")
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ type Fileserver struct {
|
||||||
fileserver *fileserver.Module
|
fileserver *fileserver.Module
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *Fileserver) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (f *Fileserver) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
fileserverGroup := r.AttachGroup("fileserver")
|
fileserverGroup := r.AttachGroup("fileserver")
|
||||||
|
|
||||||
// Attach middlewares appropriate for this group.
|
// Attach middlewares appropriate for this group.
|
||||||
|
|
|
@ -29,7 +29,7 @@ type NodeInfo struct {
|
||||||
nodeInfo *nodeinfo.Module
|
nodeInfo *nodeinfo.Module
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *NodeInfo) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (w *NodeInfo) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// group nodeinfo endpoints together
|
// group nodeinfo endpoints together
|
||||||
nodeInfoGroup := r.AttachGroup("nodeinfo")
|
nodeInfoGroup := r.AttachGroup("nodeinfo")
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@ package util
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"codeberg.org/gruf/go-kv"
|
"codeberg.org/gruf/go-kv"
|
||||||
|
@ -90,19 +91,40 @@ func genericErrorHandler(c *gin.Context, instanceGet func(ctx context.Context) (
|
||||||
// try to serve an appropriate application/json content-type error.
|
// try to serve an appropriate application/json content-type error.
|
||||||
// To override the default response type, specify `offers`.
|
// To override the default response type, specify `offers`.
|
||||||
//
|
//
|
||||||
// If the requester already hung up on the request, ErrorHandler
|
// If the requester already hung up on the request, or the server
|
||||||
// will overwrite the given errWithCode with a 499 error to indicate
|
// timed out a very slow request, ErrorHandler will overwrite the
|
||||||
// that the failure wasn't due to something we did, and will avoid
|
// given errWithCode with a 408 or 499 error to indicate that the
|
||||||
// trying to write extensive bytes to the caller by just aborting.
|
// failure wasn't due to something we did, and will avoid trying
|
||||||
|
// to write extensive bytes to the caller by just aborting.
|
||||||
//
|
//
|
||||||
// See: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx.
|
// For 499, see https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx.
|
||||||
func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode), offers ...MIME) {
|
func ErrorHandler(
|
||||||
if c.Request.Context().Err() != nil {
|
c *gin.Context,
|
||||||
// Context error means requester probably left already.
|
errWithCode gtserror.WithCode,
|
||||||
// Wrap original error with a less alarming one. Then
|
instanceGet func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode),
|
||||||
// we can return early, because it doesn't matter what
|
offers ...MIME,
|
||||||
// we send to the client at this point; they're gone.
|
) {
|
||||||
errWithCode = gtserror.NewErrorClientClosedRequest(errWithCode.Unwrap())
|
if ctxErr := c.Request.Context().Err(); ctxErr != nil {
|
||||||
|
// Context error means either client has left already,
|
||||||
|
// or server has timed out a very slow request.
|
||||||
|
//
|
||||||
|
// Rewrap the error with something less scary,
|
||||||
|
// and just abort the request gracelessly.
|
||||||
|
err := errWithCode.Unwrap()
|
||||||
|
|
||||||
|
if errors.Is(ctxErr, context.DeadlineExceeded) {
|
||||||
|
// We timed out the request.
|
||||||
|
errWithCode = gtserror.NewErrorRequestTimeout(err)
|
||||||
|
|
||||||
|
// Be correct and write "close".
|
||||||
|
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection#close
|
||||||
|
// and: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/408
|
||||||
|
c.Header("Connection", "close")
|
||||||
|
} else {
|
||||||
|
// Client timed out the request.
|
||||||
|
errWithCode = gtserror.NewErrorClientClosedRequest(err)
|
||||||
|
}
|
||||||
|
|
||||||
c.AbortWithStatus(errWithCode.Code())
|
c.AbortWithStatus(errWithCode.Code())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,7 +33,7 @@ type WellKnown struct {
|
||||||
hostMeta *hostmeta.Module
|
hostMeta *hostmeta.Module
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WellKnown) Route(r router.Router, m ...gin.HandlerFunc) {
|
func (w *WellKnown) Route(r *router.Router, m ...gin.HandlerFunc) {
|
||||||
// group .well-known endpoints together
|
// group .well-known endpoints together
|
||||||
wellKnownGroup := r.AttachGroup(".well-known")
|
wellKnownGroup := r.AttachGroup(".well-known")
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ import (
|
||||||
// GoToSocial server instance.
|
// GoToSocial server instance.
|
||||||
type Server struct {
|
type Server struct {
|
||||||
db db.DB
|
db db.DB
|
||||||
apiRouter router.Router
|
apiRouter *router.Router
|
||||||
cleaner *cleaner.Cleaner
|
cleaner *cleaner.Cleaner
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ type Server struct {
|
||||||
// GoToSocial server instance.
|
// GoToSocial server instance.
|
||||||
func NewServer(
|
func NewServer(
|
||||||
db db.DB,
|
db db.DB,
|
||||||
apiRouter router.Router,
|
apiRouter *router.Router,
|
||||||
cleaner *cleaner.Cleaner,
|
cleaner *cleaner.Cleaner,
|
||||||
) *Server {
|
) *Server {
|
||||||
return &Server{
|
return &Server{
|
||||||
|
|
|
@ -198,3 +198,14 @@ func NewErrorClientClosedRequest(original error) WithCode {
|
||||||
code: StatusClientClosedRequest,
|
code: StatusClientClosedRequest,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewErrorRequestTimeout returns an ErrorWithCode 408 with the given original error.
|
||||||
|
// This error type should only be used when the server has decided to hang up a client
|
||||||
|
// request after x amount of time, to avoid keeping extremely slow client requests open.
|
||||||
|
func NewErrorRequestTimeout(original error) WithCode {
|
||||||
|
return withCode{
|
||||||
|
original: original,
|
||||||
|
safe: errors.New(http.StatusText(http.StatusRequestTimeout)),
|
||||||
|
code: http.StatusRequestTimeout,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -19,18 +19,18 @@ package router
|
||||||
|
|
||||||
import "github.com/gin-gonic/gin"
|
import "github.com/gin-gonic/gin"
|
||||||
|
|
||||||
func (r *router) AttachGlobalMiddleware(handlers ...gin.HandlerFunc) gin.IRoutes {
|
func (r *Router) AttachGlobalMiddleware(handlers ...gin.HandlerFunc) gin.IRoutes {
|
||||||
return r.engine.Use(handlers...)
|
return r.engine.Use(handlers...)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *router) AttachNoRouteHandler(handler gin.HandlerFunc) {
|
func (r *Router) AttachNoRouteHandler(handler gin.HandlerFunc) {
|
||||||
r.engine.NoRoute(handler)
|
r.engine.NoRoute(handler)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *router) AttachGroup(relativePath string, handlers ...gin.HandlerFunc) *gin.RouterGroup {
|
func (r *Router) AttachGroup(relativePath string, handlers ...gin.HandlerFunc) *gin.RouterGroup {
|
||||||
return r.engine.Group(relativePath, handlers...)
|
return r.engine.Group(relativePath, handlers...)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *router) AttachHandler(method string, path string, handler gin.HandlerFunc) {
|
func (r *Router) AttachHandler(method string, path string, handler gin.HandlerFunc) {
|
||||||
r.engine.Handle(method, path, handler)
|
r.engine.Handle(method, path, handler)
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,6 +29,7 @@ import (
|
||||||
"codeberg.org/gruf/go-debug"
|
"codeberg.org/gruf/go-debug"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/config"
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||||
"github.com/superseriousbusiness/gotosocial/internal/log"
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
||||||
"golang.org/x/crypto/acme/autocert"
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
@ -42,94 +43,120 @@ const (
|
||||||
maxMultipartMemory = int64(8 * bytesize.MiB)
|
maxMultipartMemory = int64(8 * bytesize.MiB)
|
||||||
)
|
)
|
||||||
|
|
||||||
// Router provides the REST interface for gotosocial, using gin.
|
// Router provides the HTTP REST
|
||||||
type Router interface {
|
// interface for GoToSocial, using gin.
|
||||||
// Attach global gin middlewares to this router.
|
type Router struct {
|
||||||
AttachGlobalMiddleware(handlers ...gin.HandlerFunc) gin.IRoutes
|
|
||||||
// AttachGroup attaches the given handlers into a group with the given relativePath as
|
|
||||||
// base path for that group. It then returns the *gin.RouterGroup so that the caller
|
|
||||||
// can add any extra middlewares etc specific to that group, as desired.
|
|
||||||
AttachGroup(relativePath string, handlers ...gin.HandlerFunc) *gin.RouterGroup
|
|
||||||
// Attach a single gin handler to the router with the given method and path.
|
|
||||||
// To make middleware management easier, AttachGroup should be preferred where possible.
|
|
||||||
// However, this function can be used for attaching single handlers that only require
|
|
||||||
// global middlewares.
|
|
||||||
AttachHandler(method string, path string, handler gin.HandlerFunc)
|
|
||||||
|
|
||||||
// Attach 404 NoRoute handler
|
|
||||||
AttachNoRouteHandler(handler gin.HandlerFunc)
|
|
||||||
// Start the router
|
|
||||||
Start()
|
|
||||||
// Stop the router
|
|
||||||
Stop(ctx context.Context) error
|
|
||||||
}
|
|
||||||
|
|
||||||
// router fulfils the Router interface using gin and logrus
|
|
||||||
type router struct {
|
|
||||||
engine *gin.Engine
|
engine *gin.Engine
|
||||||
srv *http.Server
|
srv *http.Server
|
||||||
certManager *autocert.Manager
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Start starts the router nicely. It will serve two handlers if letsencrypt is enabled, and only the web/API handler if letsencrypt is not enabled.
|
// New returns a new Router, which wraps
|
||||||
func (r *router) Start() {
|
// an http server and gin handler engine.
|
||||||
// listen is the server start function, by
|
//
|
||||||
// default pointing to regular HTTP listener,
|
// The router's Attach functions should be
|
||||||
// but updated to TLS if LetsEncrypt is enabled.
|
// used *before* the router is Started.
|
||||||
listen := r.srv.ListenAndServe
|
//
|
||||||
|
// When the router's work is finished, Stop
|
||||||
|
// should be called on it to close connections
|
||||||
|
// gracefully.
|
||||||
|
//
|
||||||
|
// The provided context will be used as the base
|
||||||
|
// context for all requests passing through the
|
||||||
|
// underlying http.Server, so this should be a
|
||||||
|
// long-running context.
|
||||||
|
func New(ctx context.Context) (*Router, error) {
|
||||||
|
// TODO: make this configurable?
|
||||||
|
gin.SetMode(gin.ReleaseMode)
|
||||||
|
|
||||||
// During config validation we already checked that both Chain and Key are set
|
// Create the engine here -- this is the core
|
||||||
// so we can forego checking for both here
|
// request routing handler for GoToSocial.
|
||||||
if chain := config.GetTLSCertificateChain(); chain != "" {
|
engine := gin.New()
|
||||||
pkey := config.GetTLSCertificateKey()
|
engine.MaxMultipartMemory = maxMultipartMemory
|
||||||
cer, err := tls.LoadX509KeyPair(chain, pkey)
|
engine.HandleMethodNotAllowed = true
|
||||||
if err != nil {
|
|
||||||
log.Fatalf(
|
// Set up client IP forwarding via
|
||||||
nil,
|
// trusted x-forwarded-* headers.
|
||||||
"tls: failed to load keypair from %s and %s, ensure they are PEM-encoded and can be read by this process: %s",
|
trustedProxies := config.GetTrustedProxies()
|
||||||
chain, pkey, err,
|
if err := engine.SetTrustedProxies(trustedProxies); err != nil {
|
||||||
)
|
return nil, err
|
||||||
}
|
|
||||||
r.srv.TLSConfig = &tls.Config{
|
|
||||||
MinVersion: tls.VersionTLS12,
|
|
||||||
Certificates: []tls.Certificate{cer},
|
|
||||||
}
|
|
||||||
// TLS is enabled, update the listen function
|
|
||||||
listen = func() error { return r.srv.ListenAndServeTLS("", "") }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.GetLetsEncryptEnabled() {
|
// Attach functions used by HTML templating,
|
||||||
// LetsEncrypt support is enabled
|
// and load HTML templates into the engine.
|
||||||
|
LoadTemplateFunctions(engine)
|
||||||
// Prepare an HTTPS-redirect handler for LetsEncrypt fallback
|
if err := LoadTemplates(engine); err != nil {
|
||||||
redirect := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
return nil, err
|
||||||
target := "https://" + r.Host + r.URL.Path
|
|
||||||
if len(r.URL.RawQuery) > 0 {
|
|
||||||
target += "?" + r.URL.RawQuery
|
|
||||||
}
|
}
|
||||||
http.Redirect(rw, r, target, http.StatusTemporaryRedirect)
|
|
||||||
})
|
|
||||||
|
|
||||||
go func() {
|
// Use the passed-in cmd context as the base context for the
|
||||||
// Take our own copy of HTTP server
|
// server, since we'll never want the server to live past the
|
||||||
// with updated autocert manager endpoint
|
// `server start` command anyway.
|
||||||
srv := (*r.srv) //nolint
|
baseCtx := func(_ net.Listener) context.Context { return ctx }
|
||||||
srv.Handler = r.certManager.HTTPHandler(redirect)
|
|
||||||
srv.Addr = fmt.Sprintf("%s:%d",
|
addr := fmt.Sprintf("%s:%d",
|
||||||
config.GetBindAddress(),
|
config.GetBindAddress(),
|
||||||
config.GetLetsEncryptPort(),
|
config.GetPort(),
|
||||||
)
|
)
|
||||||
|
|
||||||
// Start the LetsEncrypt autocert manager HTTP server.
|
// Wrap the gin engine handler in our
|
||||||
log.Infof(nil, "letsencrypt listening on %s", srv.Addr)
|
// own timeout handler, to ensure we
|
||||||
if err := srv.ListenAndServe(); err != nil &&
|
// don't keep very slow requests around.
|
||||||
err != http.ErrServerClosed {
|
handler := timeoutHandler{engine}
|
||||||
log.Fatalf(nil, "letsencrypt: listen: %s", err)
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
// TLS is enabled, update the listen function
|
s := &http.Server{
|
||||||
listen = func() error { return r.srv.ListenAndServeTLS("", "") }
|
Addr: addr,
|
||||||
|
Handler: handler,
|
||||||
|
ReadTimeout: readTimeout,
|
||||||
|
ReadHeaderTimeout: readHeaderTimeout,
|
||||||
|
WriteTimeout: writeTimeout,
|
||||||
|
IdleTimeout: idleTimeout,
|
||||||
|
BaseContext: baseCtx,
|
||||||
|
}
|
||||||
|
|
||||||
|
return &Router{
|
||||||
|
engine: engine,
|
||||||
|
srv: s,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Start starts the router nicely.
|
||||||
|
//
|
||||||
|
// It will serve two handlers if letsencrypt is enabled,
|
||||||
|
// and only the web/API handler if letsencrypt is not enabled.
|
||||||
|
func (r *Router) Start() {
|
||||||
|
var (
|
||||||
|
// listen is the server start function.
|
||||||
|
// By default this points to a regular
|
||||||
|
// HTTP listener, but will be changed to
|
||||||
|
// TLS if custom certs or LE are enabled.
|
||||||
|
listen func() error
|
||||||
|
err error
|
||||||
|
|
||||||
|
certFile = config.GetTLSCertificateChain()
|
||||||
|
keyFile = config.GetTLSCertificateKey()
|
||||||
|
leEnabled = config.GetLetsEncryptEnabled()
|
||||||
|
)
|
||||||
|
|
||||||
|
switch {
|
||||||
|
// TLS with custom certs.
|
||||||
|
case certFile != "":
|
||||||
|
// During config validation we already checked
|
||||||
|
// that either both or neither of Chain and Key
|
||||||
|
// are set, so we can forego checking again here.
|
||||||
|
listen, err = r.customTLS(certFile, keyFile)
|
||||||
|
|
||||||
|
// TLS with letsencrypt.
|
||||||
|
case leEnabled:
|
||||||
|
listen, err = r.letsEncryptTLS()
|
||||||
|
|
||||||
|
// Default listen. TLS must
|
||||||
|
// be handled by reverse proxy.
|
||||||
|
default:
|
||||||
|
listen = r.srv.ListenAndServe
|
||||||
|
}
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(nil, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Pass the server handler through a debug pprof middleware handler.
|
// Pass the server handler through a debug pprof middleware handler.
|
||||||
|
@ -154,7 +181,7 @@ func (r *router) Start() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Stop shuts down the router nicely
|
// Stop shuts down the router nicely
|
||||||
func (r *router) Stop(ctx context.Context) error {
|
func (r *Router) Stop(ctx context.Context) error {
|
||||||
log.Infof(nil, "shutting down http router with %s grace period", shutdownTimeout)
|
log.Infof(nil, "shutting down http router with %s grace period", shutdownTimeout)
|
||||||
timeout, cancel := context.WithTimeout(ctx, shutdownTimeout)
|
timeout, cancel := context.WithTimeout(ctx, shutdownTimeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
@ -167,78 +194,87 @@ func (r *router) Stop(ctx context.Context) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// New returns a new Router.
|
// customTLS modifies the router's underlying
|
||||||
//
|
// http server to use custom TLS cert/key pair.
|
||||||
// The router's Attach functions should be used *before* the router is Started.
|
func (r *Router) customTLS(
|
||||||
//
|
certFile string,
|
||||||
// When the router's work is finished, Stop should be called on it to close connections gracefully.
|
keyFile string,
|
||||||
//
|
) (func() error, error) {
|
||||||
// The provided context will be used as the base context for all requests passing
|
// Load certificates from disk.
|
||||||
// through the underlying http.Server, so this should be a long-running context.
|
cer, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
func New(ctx context.Context) (Router, error) {
|
if err != nil {
|
||||||
gin.SetMode(gin.TestMode)
|
err = gtserror.Newf(
|
||||||
|
"failed to load keypair from %s and %s, ensure they are "+
|
||||||
// create the actual engine here -- this is the core request routing handler for gts
|
"PEM-encoded and can be read by this process: %w",
|
||||||
engine := gin.New()
|
certFile, keyFile, err,
|
||||||
engine.MaxMultipartMemory = maxMultipartMemory
|
)
|
||||||
engine.HandleMethodNotAllowed = true
|
|
||||||
|
|
||||||
// set up IP forwarding via x-forward-* headers.
|
|
||||||
trustedProxies := config.GetTrustedProxies()
|
|
||||||
if err := engine.SetTrustedProxies(trustedProxies); err != nil {
|
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// set template functions
|
// Override server's TLSConfig.
|
||||||
LoadTemplateFunctions(engine)
|
r.srv.TLSConfig = &tls.Config{
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
// load templates onto the engine
|
Certificates: []tls.Certificate{cer},
|
||||||
if err := LoadTemplates(engine); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// use the passed-in command context as the base context for the server,
|
// Update listen function to use custom TLS.
|
||||||
// since we'll never want the server to live past the command anyway
|
listen := func() error { return r.srv.ListenAndServeTLS("", "") }
|
||||||
baseCtx := func(_ net.Listener) context.Context {
|
return listen, nil
|
||||||
return ctx
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bindAddress := config.GetBindAddress()
|
// letsEncryptTLS modifies the router's underlying http
|
||||||
port := config.GetPort()
|
// server to use LetsEncrypt via an ACME Autocert manager.
|
||||||
addr := fmt.Sprintf("%s:%d", bindAddress, port)
|
//
|
||||||
|
// It also starts a listener on the configured LetsEncrypt
|
||||||
s := &http.Server{
|
// port to validate LE requests.
|
||||||
Addr: addr,
|
func (r *Router) letsEncryptTLS() (func() error, error) {
|
||||||
Handler: engine, // use gin engine as handler
|
acm := &autocert.Manager{
|
||||||
ReadTimeout: readTimeout,
|
|
||||||
ReadHeaderTimeout: readHeaderTimeout,
|
|
||||||
WriteTimeout: writeTimeout,
|
|
||||||
IdleTimeout: idleTimeout,
|
|
||||||
BaseContext: baseCtx,
|
|
||||||
}
|
|
||||||
|
|
||||||
// We need to spawn the underlying server slightly differently depending on whether lets encrypt is enabled or not.
|
|
||||||
// In either case, the gin engine will still be used for routing requests.
|
|
||||||
leEnabled := config.GetLetsEncryptEnabled()
|
|
||||||
|
|
||||||
var m *autocert.Manager
|
|
||||||
if leEnabled {
|
|
||||||
// le IS enabled, so roll up an autocert manager for handling letsencrypt requests
|
|
||||||
host := config.GetHost()
|
|
||||||
leCertDir := config.GetLetsEncryptCertDir()
|
|
||||||
leEmailAddress := config.GetLetsEncryptEmailAddress()
|
|
||||||
m = &autocert.Manager{
|
|
||||||
Prompt: autocert.AcceptTOS,
|
Prompt: autocert.AcceptTOS,
|
||||||
HostPolicy: autocert.HostWhitelist(host),
|
HostPolicy: autocert.HostWhitelist(config.GetHost()),
|
||||||
Cache: autocert.DirCache(leCertDir),
|
Cache: autocert.DirCache(config.GetLetsEncryptCertDir()),
|
||||||
Email: leEmailAddress,
|
Email: config.GetLetsEncryptEmailAddress(),
|
||||||
}
|
|
||||||
s.TLSConfig = m.TLSConfig()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return &router{
|
// Override server's TLSConfig.
|
||||||
engine: engine,
|
r.srv.TLSConfig = acm.TLSConfig()
|
||||||
srv: s,
|
|
||||||
certManager: m,
|
// Prepare a fallback handler for LetsEncrypt.
|
||||||
}, nil
|
//
|
||||||
|
// This will redirect all non-LetsEncrypt http
|
||||||
|
// reqs to https, preserving path and query params.
|
||||||
|
var fallback http.HandlerFunc = func(
|
||||||
|
w http.ResponseWriter,
|
||||||
|
r *http.Request,
|
||||||
|
) {
|
||||||
|
// Rewrite target to https.
|
||||||
|
target := "https://" + r.Host + r.URL.Path
|
||||||
|
if len(r.URL.RawQuery) > 0 {
|
||||||
|
target += "?" + r.URL.RawQuery
|
||||||
|
}
|
||||||
|
|
||||||
|
http.Redirect(w, r, target, http.StatusTemporaryRedirect)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Take our own copy of the HTTP server,
|
||||||
|
// and update it to serve LetsEncrypt
|
||||||
|
// requests via the autocert manager.
|
||||||
|
leSrv := (*r.srv) //nolint:govet
|
||||||
|
leSrv.Handler = acm.HTTPHandler(fallback)
|
||||||
|
leSrv.Addr = fmt.Sprintf("%s:%d",
|
||||||
|
config.GetBindAddress(),
|
||||||
|
config.GetLetsEncryptPort(),
|
||||||
|
)
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
// Start the LetsEncrypt autocert manager HTTP server.
|
||||||
|
log.Infof(nil, "letsencrypt listening on %s", leSrv.Addr)
|
||||||
|
if err := leSrv.ListenAndServe(); err != nil &&
|
||||||
|
err != http.ErrServerClosed {
|
||||||
|
log.Fatalf(nil, "letsencrypt: listen: %s", err)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
// Update listen function to use LetsEncrypt TLS.
|
||||||
|
listen := func() error { return r.srv.ListenAndServeTLS("", "") }
|
||||||
|
return listen, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
// GoToSocial
|
||||||
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||||
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package router
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
const requestTimeout = 10 * time.Minute
|
||||||
|
|
||||||
|
type timeoutHandler struct {
|
||||||
|
*gin.Engine
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServeHTTP wraps the embedded Gin engine's ServeHTTP
|
||||||
|
// function with an injected context which times out
|
||||||
|
// non-upgraded inbound requests after 10 minutes.
|
||||||
|
func (th timeoutHandler) ServeHTTP(
|
||||||
|
w http.ResponseWriter,
|
||||||
|
r *http.Request,
|
||||||
|
) {
|
||||||
|
if upgr := r.Header.Get("Upgrade"); upgr != "" {
|
||||||
|
// Upgrade to wss (probably).
|
||||||
|
// Leave well enough alone.
|
||||||
|
th.Engine.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create timeout ctx.
|
||||||
|
toCtx, cancelCtx := context.WithTimeout(
|
||||||
|
r.Context(),
|
||||||
|
requestTimeout,
|
||||||
|
)
|
||||||
|
defer cancelCtx()
|
||||||
|
|
||||||
|
// Serve the request using a shallow copy
|
||||||
|
// with the new context, without replacing
|
||||||
|
// the underlying request, since the latter
|
||||||
|
// may be used later outside of the Gin
|
||||||
|
// engine for post-request cleanup tasks.
|
||||||
|
th.Engine.ServeHTTP(w, r.WithContext(toCtx))
|
||||||
|
}
|
|
@ -74,7 +74,7 @@ func New(db db.DB, processor *processing.Processor) *Module {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Module) Route(r router.Router, mi ...gin.HandlerFunc) {
|
func (m *Module) Route(r *router.Router, mi ...gin.HandlerFunc) {
|
||||||
// Group all static files from assets dir at /assets,
|
// Group all static files from assets dir at /assets,
|
||||||
// so that they can use the same cache control middleware.
|
// so that they can use the same cache control middleware.
|
||||||
webAssetsAbsFilePath, err := filepath.Abs(config.GetWebAssetBaseDir())
|
webAssetsAbsFilePath, err := filepath.Abs(config.GetWebAssetBaseDir())
|
||||||
|
|
|
@ -33,7 +33,7 @@ import (
|
||||||
//
|
//
|
||||||
// If the environment variable GTS_WEB_TEMPLATE_BASE_DIR set, it will take that
|
// If the environment variable GTS_WEB_TEMPLATE_BASE_DIR set, it will take that
|
||||||
// value as the template base directory instead.
|
// value as the template base directory instead.
|
||||||
func NewTestRouter(db db.DB) router.Router {
|
func NewTestRouter(db db.DB) *router.Router {
|
||||||
if alternativeTemplateBaseDir := os.Getenv("GTS_WEB_TEMPLATE_BASE_DIR"); alternativeTemplateBaseDir != "" {
|
if alternativeTemplateBaseDir := os.Getenv("GTS_WEB_TEMPLATE_BASE_DIR"); alternativeTemplateBaseDir != "" {
|
||||||
config.Config(func(cfg *config.Configuration) {
|
config.Config(func(cfg *config.Configuration) {
|
||||||
cfg.WebTemplateBaseDir = alternativeTemplateBaseDir
|
cfg.WebTemplateBaseDir = alternativeTemplateBaseDir
|
||||||
|
|
Loading…
Reference in New Issue