0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
zot/pkg/api/controller.go

98 lines
2.5 KiB
Go
Raw Normal View History

2019-06-20 18:36:40 -05:00
package api
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net"
"net/http"
"os"
2019-06-20 18:36:40 -05:00
2019-08-27 17:01:29 -05:00
"github.com/anuvu/zot/errors"
"github.com/anuvu/zot/pkg/log"
2019-06-20 18:36:40 -05:00
"github.com/anuvu/zot/pkg/storage"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
2019-06-20 18:36:40 -05:00
)
type Controller struct {
Config *Config
Router *mux.Router
2019-06-20 18:36:40 -05:00
ImageStore *storage.ImageStore
Log log.Logger
2019-06-20 18:36:40 -05:00
Server *http.Server
}
func NewController(config *Config) *Controller {
return &Controller{Config: config, Log: log.NewLogger(config.Log.Level, config.Log.Output)}
2019-06-20 18:36:40 -05:00
}
func (c *Controller) Run() error {
2019-08-15 11:34:54 -05:00
// validate configuration
if err := c.Config.Validate(c.Log); err != nil {
c.Log.Error().Err(err).Msg("configuration validation failed")
return err
}
// print the current configuration, but strip secrets
c.Log.Info().Interface("params", c.Config.Sanitize()).Msg("configuration settings")
engine := mux.NewRouter()
engine.Use(log.SessionLogger(c.Log), handlers.RecoveryHandler(handlers.RecoveryLogger(c.Log),
handlers.PrintRecoveryStack(false)))
c.ImageStore = storage.NewImageStore(c.Config.Storage.RootDirectory, c.Config.Storage.GC,
c.Config.Storage.Dedupe, c.Log)
if c.ImageStore == nil {
// we can't proceed without at least a image store
os.Exit(1)
}
2019-06-20 18:36:40 -05:00
c.Router = engine
c.Router.UseEncodedPath()
2019-06-20 18:36:40 -05:00
_ = NewRouteHandler(c)
addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)
server := &http.Server{Addr: addr, Handler: c.Router}
c.Server = server
// Create the listener
l, err := net.Listen("tcp", addr)
if err != nil {
return err
}
2019-08-15 11:34:54 -05:00
if c.Config.HTTP.TLS != nil && c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
2019-06-20 18:36:40 -05:00
if c.Config.HTTP.TLS.CACert != "" {
clientAuth := tls.VerifyClientCertIfGiven
2019-08-15 11:34:54 -05:00
if (c.Config.HTTP.Auth == nil || c.Config.HTTP.Auth.HTPasswd.Path == "") && !c.Config.HTTP.AllowReadAccess {
clientAuth = tls.RequireAndVerifyClientCert
}
2019-06-20 18:36:40 -05:00
caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
if err != nil {
panic(err)
}
2019-06-20 18:36:40 -05:00
caCertPool := x509.NewCertPool()
2019-08-27 17:01:29 -05:00
if !caCertPool.AppendCertsFromPEM(caCert) {
panic(errors.ErrBadCACert)
}
2019-06-20 18:36:40 -05:00
server.TLSConfig = &tls.Config{
2019-08-27 17:01:29 -05:00
ClientAuth: clientAuth,
ClientCAs: caCertPool,
PreferServerCipherSuites: true,
MinVersion: tls.VersionTLS12,
2019-06-20 18:36:40 -05:00
}
server.TLSConfig.BuildNameToCertificate() // nolint: staticcheck
2019-06-20 18:36:40 -05:00
}
return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)
}
2019-06-20 18:36:40 -05:00
return server.Serve(l)
}