2019-06-20 18:36:40 -05:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
|
2019-08-27 17:01:29 -05:00
|
|
|
"github.com/anuvu/zot/errors"
|
2019-06-20 18:36:40 -05:00
|
|
|
"github.com/anuvu/zot/pkg/storage"
|
2019-07-10 00:23:59 -05:00
|
|
|
"github.com/gorilla/mux"
|
2019-06-20 18:36:40 -05:00
|
|
|
"github.com/rs/zerolog"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Controller struct {
|
|
|
|
Config *Config
|
2019-07-10 00:23:59 -05:00
|
|
|
Router *mux.Router
|
2019-06-20 18:36:40 -05:00
|
|
|
ImageStore *storage.ImageStore
|
|
|
|
Log zerolog.Logger
|
|
|
|
Server *http.Server
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewController(config *Config) *Controller {
|
|
|
|
return &Controller{Config: config, Log: NewLogger(config)}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) Run() error {
|
2019-08-15 11:34:54 -05:00
|
|
|
// validate configuration
|
|
|
|
if err := c.Config.Validate(c.Log); err != nil {
|
|
|
|
c.Log.Error().Err(err).Msg("configuration validation failed")
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// print the current configuration, but strip secrets
|
|
|
|
c.Log.Info().Interface("params", c.Config.Sanitize()).Msg("configuration settings")
|
|
|
|
|
2019-07-10 00:23:59 -05:00
|
|
|
engine := mux.NewRouter()
|
|
|
|
engine.Use(Logger(c.Log))
|
2019-06-20 18:36:40 -05:00
|
|
|
c.Router = engine
|
|
|
|
_ = NewRouteHandler(c)
|
|
|
|
|
|
|
|
c.ImageStore = storage.NewImageStore(c.Config.Storage.RootDirectory, c.Log)
|
|
|
|
|
|
|
|
addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)
|
|
|
|
server := &http.Server{Addr: addr, Handler: c.Router}
|
|
|
|
c.Server = server
|
|
|
|
|
|
|
|
// Create the listener
|
|
|
|
l, err := net.Listen("tcp", addr)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-08-15 11:34:54 -05:00
|
|
|
if c.Config.HTTP.TLS != nil && c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
|
2019-06-20 18:36:40 -05:00
|
|
|
if c.Config.HTTP.TLS.CACert != "" {
|
2019-08-28 16:05:16 -05:00
|
|
|
clientAuth := tls.VerifyClientCertIfGiven
|
2019-08-15 11:34:54 -05:00
|
|
|
if (c.Config.HTTP.Auth == nil || c.Config.HTTP.Auth.HTPasswd.Path == "") && !c.Config.HTTP.AllowReadAccess {
|
2019-08-28 16:05:16 -05:00
|
|
|
clientAuth = tls.RequireAndVerifyClientCert
|
|
|
|
}
|
|
|
|
|
2019-06-20 18:36:40 -05:00
|
|
|
caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
caCertPool := x509.NewCertPool()
|
2019-08-27 17:01:29 -05:00
|
|
|
if !caCertPool.AppendCertsFromPEM(caCert) {
|
|
|
|
panic(errors.ErrBadCACert)
|
|
|
|
}
|
2019-06-20 18:36:40 -05:00
|
|
|
server.TLSConfig = &tls.Config{
|
2019-08-27 17:01:29 -05:00
|
|
|
ClientAuth: clientAuth,
|
|
|
|
ClientCAs: caCertPool,
|
|
|
|
PreferServerCipherSuites: true,
|
|
|
|
MinVersion: tls.VersionTLS12,
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
2019-08-27 17:01:29 -05:00
|
|
|
server.TLSConfig.BuildNameToCertificate()
|
2019-06-20 18:36:40 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
|
|
|
|
}
|
|
|
|
return server.Serve(l)
|
|
|
|
}
|