zot/pkg/api/controller.go

package api

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net"
	"net/http"

	"github.com/anuvu/zot/pkg/storage"
	"github.com/gorilla/mux"
	"github.com/rs/zerolog"
)

type Controller struct {
	Config     *Config
	Router     *mux.Router
	ImageStore *storage.ImageStore
	Log        zerolog.Logger
	Server     *http.Server
}

func NewController(config *Config) *Controller {
	return &Controller{Config: config, Log: NewLogger(config)}
}

func (c *Controller) Run() error {
	engine := mux.NewRouter()
	engine.Use(Logger(c.Log))
	c.Router = engine
	_ = NewRouteHandler(c)

	c.Log.Info().Interface("params", c.Config).Msg("configuration settings")
	c.ImageStore = storage.NewImageStore(c.Config.Storage.RootDirectory, c.Log)

	addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)
	server := &http.Server{Addr: addr, Handler: c.Router}
	c.Server = server

	// Create the listener
	l, err := net.Listen("tcp", addr)
	if err != nil {
		return err
	}

	clientAuth := tls.VerifyClientCertIfGiven
	if c.Config.HTTP.Auth.HTPasswd.Path == "" {
		clientAuth = tls.RequireAndVerifyClientCert
	}

	if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
		if c.Config.HTTP.TLS.CACert != "" {
			caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
			if err != nil {
				panic(err)
			}
			caCertPool := x509.NewCertPool()
			caCertPool.AppendCertsFromPEM(caCert)
			server.TLSConfig = &tls.Config{
				ClientAuth: clientAuth,
				ClientCAs:  caCertPool,
			}
		}

		return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
	}
	return server.Serve(l)
}
zot: initial commit 2019-06-20 18:36:40 -05:00			`package api`

			`import (`
			`"crypto/tls"`
			`"crypto/x509"`
			`"fmt"`
			`"io/ioutil"`
			`"net"`
			`"net/http"`

			`"github.com/anuvu/zot/pkg/storage"`
router: move to gorilla/mux to support multiple name path components 2019-07-10 00:23:59 -05:00			`"github.com/gorilla/mux"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`"github.com/rs/zerolog"`
			`)`

			`type Controller struct {`
			`Config *Config`
router: move to gorilla/mux to support multiple name path components 2019-07-10 00:23:59 -05:00			`Router *mux.Router`
zot: initial commit 2019-06-20 18:36:40 -05:00			`ImageStore *storage.ImageStore`
			`Log zerolog.Logger`
			`Server *http.Server`
			`}`

			`func NewController(config Config) Controller {`
			`return &Controller{Config: config, Log: NewLogger(config)}`
			`}`

			`func (c *Controller) Run() error {`
router: move to gorilla/mux to support multiple name path components 2019-07-10 00:23:59 -05:00			`engine := mux.NewRouter()`
			`engine.Use(Logger(c.Log))`
zot: initial commit 2019-06-20 18:36:40 -05:00			`c.Router = engine`
			`_ = NewRouteHandler(c)`

			`c.Log.Info().Interface("params", c.Config).Msg("configuration settings")`
			`c.ImageStore = storage.NewImageStore(c.Config.Storage.RootDirectory, c.Log)`

			`addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)`
			`server := &http.Server{Addr: addr, Handler: c.Router}`
			`c.Server = server`

			`// Create the listener`
			`l, err := net.Listen("tcp", addr)`
			`if err != nil {`
			`return err`
			`}`

tls: require mutual auth only when htpasswd not available 2019-07-20 19:30:58 -05:00			`clientAuth := tls.VerifyClientCertIfGiven`
			`if c.Config.HTTP.Auth.HTPasswd.Path == "" {`
			`clientAuth = tls.RequireAndVerifyClientCert`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {`
			`if c.Config.HTTP.TLS.CACert != "" {`
			`caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)`
			`if err != nil {`
			`panic(err)`
			`}`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`
			`server.TLSConfig = &tls.Config{`
tls: require mutual auth only when htpasswd not available 2019-07-20 19:30:58 -05:00			`ClientAuth: clientAuth,`
zot: initial commit 2019-06-20 18:36:40 -05:00			`ClientCAs: caCertPool,`
			`}`
			`}`

			`return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)`
			`}`
			`return server.Serve(l)`
			`}`