From c7ea370de124c9f5eba9e18db0234be43b8efc64 Mon Sep 17 00:00:00 2001 From: Nicolas Carlier Date: Tue, 28 Jan 2020 20:00:42 +0000 Subject: [PATCH] feat(): ACME support + configuration refactoring --- README.md | 78 ++++++++++++----------- docker-compose.yml | 27 ++++---- etc/default/webhookd.env | 43 +++++++++++++ main.go | 39 +++++++----- pkg/api/index.go | 10 +-- pkg/api/router.go | 3 + pkg/auth/auth.go | 4 +- pkg/config/config.go | 76 ++++------------------ pkg/config/flag-builder.go | 62 ++++++++++++++++++ pkg/config/helper.go | 69 ++++++++++++++++++++ pkg/config/test/flag-builder_test.go | 21 +++++++ pkg/middleware/hsts.go | 13 ++++ pkg/model/work_request.go | 5 +- pkg/server/server.go | 89 ++++++++++++++++++++++++++ pkg/strcase/snake.go | 94 ++++++++++++++++++++++++++++ pkg/tools/script_resolver.go | 2 +- pkg/worker/work_log.go | 5 +- pkg/worker/work_runner_test.go | 9 +-- 18 files changed, 499 insertions(+), 150 deletions(-) create mode 100644 etc/default/webhookd.env create mode 100644 pkg/config/flag-builder.go create mode 100644 pkg/config/helper.go create mode 100644 pkg/config/test/flag-builder_test.go create mode 100644 pkg/middleware/hsts.go create mode 100644 pkg/server/server.go create mode 100644 pkg/strcase/snake.go diff --git a/README.md b/README.md index 0067a2f..7cc7890 100644 --- a/README.md +++ b/README.md @@ -38,44 +38,20 @@ $ docker run -d --name=webhookd \ ## Configuration -You can configure the daemon by: +Webhookd can be configured by using command line parameters or by setting environment variables. -### Setting environment variables: +Type `webhookd -h` to display all parameters and related environment variables. -| Variable | Default | Description | -|----------|---------|-------------| -| `APP_LISTEN_ADDR` | `:8080` | HTTP service address | -| `APP_PASSWD_FILE` | `.htpasswd` | Password file for HTTP basic authentication | -| `APP_NB_WORKERS` | `2` | The number of workers to start | -| `APP_HOOK_TIMEOUT` | `10` | Hook maximum delay before timeout (in second) | -| `APP_SCRIPTS_DIR` | `./scripts` | Scripts directory | -| `APP_SCRIPTS_GIT_URL` | none | GIT repository that contains scripts (Note: this is only used by the Docker image or by using the Docker entrypoint script) | -| `APP_SCRIPTS_GIT_KEY` | none | GIT SSH private key used to clone the repository (Note: this is only used by the Docker image or by using the Docker entrypoint script) | -| `APP_LOG_DIR` | `/tmp` (OS temp dir) | Directory to store execution logs | -| `APP_NOTIFICATION_URI` | none | Notification configuration URI | -| `APP_DEBUG` | `false` | Output debug logs | - -### Using command parameters: - -| Parameter | Default | Description | -|----------|---------|-------------| -| `-l
or --listen
` | `:8080` | HTTP service address | -| `-p or --passwd ` | `.htpasswd` | Password file for HTTP basic authentication -| `-d or --debug` | false | Output debug logs | -| `--nb-workers ` | `2` | The number of workers to start | -| `--scripts ` | `./scripts` | Scripts directory | -| `--timeout ` | `10` | Hook maximum delay before timeout (in second) | -| `--notification-uri ` | | Notification configuration URI | -| `--log-dir ` | `/tmp` | Directory to store execution logs | +All configuration variables are described in [etc/default/webhookd.env](./etc/default/webhookd.env) file. ## Usage ### Directory structure -Webhooks are simple scripts dispatched into a directory structure. +Webhooks are simple scripts within a directory structure. By default inside the `./scripts` directory. -You can override the default using the `APP_SCRIPTS_DIR` environment variable. +You can override the default using the `WHD_SCRIPTS_DIR` environment variable or `-script` parameter. *Example:* @@ -177,7 +153,7 @@ done By default a webhook has a timeout of 10 seconds. This timeout is globally configurable by setting the environment variable: -`APP_HOOK_TIMEOUT` (in seconds). +`WHD_HOOK_TIMEOUT` (in seconds). You can override this global behavior per request by setting the HTTP header: `X-Hook-Timeout` (in seconds). @@ -212,7 +188,7 @@ $ curl http://localhost:8080/echo/2 ### Post hook notifications The output of the script is collected and stored into a log file -(configured by the `APP_LOG_DIR` environment variable). +(configured by the `WHD_LOG_DIR` environment variable). Once the script is executed, you can send the result and this log file to a notification channel. Currently, only two channels are supported: `Email` and `HTTP`. @@ -220,7 +196,7 @@ Currently, only two channels are supported: `Email` and `HTTP`. Notifications configuration can be done as follow: ```bash -$ export APP_NOTIFICATION_URI=http://requestb.in/v9b229v9 +$ export WHD_NOTIFICATION_URI=http://requestb.in/v9b229v9 $ # or $ webhookd --notification-uri=http://requestb.in/v9b229v9 ``` @@ -237,7 +213,7 @@ echo "notify: Hello World" # Will be notified echo "Goodbye" # Will not be notified ``` -You can overide the notification prefix by adding `prefix` as a query parameter to the configuration URL. +You can override the notification prefix by adding `prefix` as a query parameter to the configuration URL. **Example:** http://requestb.in/v9b229v9?prefix="foo:" @@ -291,7 +267,7 @@ Please note that by default, the daemon will try to load the `.htpasswd` file. But you can override this behavior by specifying the location of the file: ```bash -$ APP_PASSWD_FILE=/etc/webhookd/users.htpasswd +$ export WHD_PASSWD_FILE=/etc/webhookd/users.htpasswd $ # or $ webhookd -p /etc/webhookd/users.htpasswd ``` @@ -302,6 +278,36 @@ Once configured, you must call webhooks using basic authentication: $ curl -u api:test -XPOST "http://localhost:8080/echo?msg=hello" ``` +### TLS + +You can activate TLS to secure communications: + +```bash +$ export WHD_TLS_LISTEN_ADDR=:8443 +$ # or +$ webhookd -tls-listen-addr=:8443 +``` + +This will disable HTTP port. + +By default webhookd is expecting a certificate and key file (`./server.pem` and `./server.key`). +You can provide your own certificate and key with `-tls-cert-file` and `-tls-key-file`. + +Webhookd also support [ACME](https://ietf-wg-acme.github.io/acme/) protocol. +You can activate ACME by setting a fully qualified domain name: + +```bash +$ export WHD_TLS_LISTEN_ADDR=:8443 +$ export WHD_TLS_DOMAIN=hook.example.com +$ # or +$ webhookd -tls-listen-addr=:8443 -tls-domain=hook.example.com +``` + +**Note:** +On *nix, if you want to listen on ports 80 and 443, don't forget to use `setcap` to privilege the binary: + +```bash +sudo setcap CAP_NET_BIND_SERVICE+ep webhookd +``` + --- - - diff --git a/docker-compose.yml b/docker-compose.yml index 93bcbac..4fd4838 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,19 +1,14 @@ version: "3.5" services: - - webhookd: - hostname: webhookd - image: ncarlier/webhookd:latest - container_name: webhookd - restart: always - networks: - - default - ports: - - "8080:8080" - environment: - - APP_SCRIPTS_DIR=/scripts - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ~/docker/webhookd/scripts:/scripts - - ~/docker/webhookd/logs:/tmp + webhookd: + hostname: webhookd + image: ncarlier/webhookd:latest + container_name: webhookd + restart: always + ports: + - "8080:8080" + environment: + - WHD_SCRIPTS_DIR=/scripts + volumes: + - ./scripts:/scripts diff --git a/etc/default/webhookd.env b/etc/default/webhookd.env new file mode 100644 index 0000000..d3e5dfc --- /dev/null +++ b/etc/default/webhookd.env @@ -0,0 +1,43 @@ +### +# Webhookd configuration +### + +# Output debug logs, default is false +#WHD_DEBUG=false + +# HTTP listen address, default is ":8080" +# Example: `localhost:8080` or `:8080` for all interfaces +#WHD_LISTEN_ADDR=":8080" + +# Hook execution logs location, default is OS temporary directory +#WHD_LOG_DIR="/tmp" + +# Number of workers to start, default is 2 +#WHD_NB_WORKERS=2 + +# Notification URI, disabled by default +# Example: `http://requestb.in/v9b229v9` or `mailto://foo@bar.com?smtp=smtp-relay-localnet:25` +#WHD_NOTIFICATION_URI= + +# Password file for HTTP basic authentication, default is ".htpasswd" +#WHD_PASSWD_FILE=".htpasswd" + +# Scripts location, default is "scripts" +#WHD_SCRIPTS="scripts" + +# Maximum hook execution time in second, default is 10 +#WHD_HOOK_TIMEOUT=10 + +# TLS listend address, disabled by default +# Example: `localhost:8443` or `:8443` for all interfaces +#WHD_TLS_LISTEN_ADDR= + +# TLS key file, default is "./server.key" +#WHD_TLS_KEY_FILE="./server.key" + +# TLS certificate file, default is "./server.crt" +#WHD_TLS_CERT_FILE="./server.pem" + +# TLS domain name used by ACME, key and cert files are ignored if set +# Example: `hook.example.org` +#WHD_TLS_DOMAIN= diff --git a/main.go b/main.go index 77154ee..eb00e09 100644 --- a/main.go +++ b/main.go @@ -13,10 +13,14 @@ import ( "github.com/ncarlier/webhookd/pkg/config" "github.com/ncarlier/webhookd/pkg/logger" "github.com/ncarlier/webhookd/pkg/notification" + "github.com/ncarlier/webhookd/pkg/server" "github.com/ncarlier/webhookd/pkg/worker" ) func main() { + conf := &config.Config{} + config.HydrateFromFlags(conf) + flag.Parse() if *version { @@ -24,30 +28,28 @@ func main() { return } - conf := config.Get() - level := "info" - if *conf.Debug { + if conf.Debug { level = "debug" } logger.Init(level) - logger.Debug.Println("Starting webhookd server...") - - server := &http.Server{ - Addr: *conf.ListenAddr, - Handler: api.NewRouter(config.Get()), - ErrorLog: logger.Error, + if conf.LogDir == "" { + conf.LogDir = os.TempDir() } + logger.Debug.Println("Starting webhookd server...") + + srv := server.NewServer(conf) + // Configure notification - if err := notification.Init(*conf.NotificationURI); err != nil { + if err := notification.Init(conf.NotificationURI); err != nil { logger.Error.Fatalf("Unable to create notification channel: %v\n", err) } // Start the dispatcher. - logger.Debug.Printf("Starting the dispatcher (%d workers)...\n", *conf.NbWorkers) - worker.StartDispatcher(*conf.NbWorkers) + logger.Debug.Printf("Starting the dispatcher (%d workers)...\n", conf.NbWorkers) + worker.StartDispatcher(conf.NbWorkers) done := make(chan bool) quit := make(chan os.Signal, 1) @@ -61,17 +63,20 @@ func main() { ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - server.SetKeepAlivesEnabled(false) - if err := server.Shutdown(ctx); err != nil { + if err := srv.Shutdown(ctx); err != nil { logger.Error.Fatalf("Could not gracefully shutdown the server: %v\n", err) } close(done) }() - logger.Info.Println("Server is ready to handle requests at", *conf.ListenAddr) + addr := conf.ListenAddr + if conf.TLSListenAddr != "" { + addr = conf.TLSListenAddr + } + logger.Info.Println("Server is ready to handle requests at", addr) api.Start() - if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { - logger.Error.Fatalf("Could not listen on %s: %v\n", *conf.ListenAddr, err) + if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed { + logger.Error.Fatalf("Could not listen on %s : %v\n", addr, err) } <-done diff --git a/pkg/api/index.go b/pkg/api/index.go index 7140f6c..455dd3a 100644 --- a/pkg/api/index.go +++ b/pkg/api/index.go @@ -20,6 +20,7 @@ import ( var ( defaultTimeout int scriptDir string + outputDir string ) func atoiFallback(str string, fallback int) int { @@ -31,8 +32,9 @@ func atoiFallback(str string, fallback int) int { // index is the main handler of the API. func index(conf *config.Config) http.Handler { - defaultTimeout = *conf.Timeout - scriptDir = *conf.ScriptDir + defaultTimeout = conf.Timeout + scriptDir = conf.ScriptDir + outputDir = conf.LogDir return http.HandlerFunc(webhookHandler) } @@ -77,7 +79,7 @@ func triggerWebhook(w http.ResponseWriter, r *http.Request) { // Create work timeout := atoiFallback(r.Header.Get("X-Hook-Timeout"), defaultTimeout) - work := model.NewWorkRequest(p, script, string(body), params, timeout) + work := model.NewWorkRequest(p, script, string(body), outputDir, params, timeout) // Put work in queue worker.WorkQueue <- *work @@ -125,7 +127,7 @@ func getWebhookLog(w http.ResponseWriter, r *http.Request) { } // Retrieve log file - logFile, err := worker.RetrieveLogFile(id, name) + logFile, err := worker.RetrieveLogFile(id, name, outputDir) if err != nil { logger.Error.Println(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/pkg/api/router.go b/pkg/api/router.go index bfff429..4305ce2 100644 --- a/pkg/api/router.go +++ b/pkg/api/router.go @@ -25,6 +25,9 @@ func NewRouter(conf *config.Config) *http.ServeMux { handler = route.HandlerFunc(conf) handler = middleware.Method(handler, route.Methods) handler = middleware.Cors(handler) + if conf.TLSListenAddr != "" { + handler = middleware.HSTS(handler) + } handler = middleware.Logger(handler) handler = middleware.Tracing(nextRequestID)(handler) diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 0d831a8..b6582be 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -14,9 +14,9 @@ type Authenticator interface { // NewAuthenticator creates new authenticator form the configuration func NewAuthenticator(conf *config.Config) Authenticator { - authenticator, err := NewHtpasswdFromFile(*conf.PasswdFile) + authenticator, err := NewHtpasswdFromFile(conf.PasswdFile) if err != nil { - logger.Debug.Printf("unable to load htpasswd file: \"%s\" (%s)\n", *conf.PasswdFile, err) + logger.Debug.Printf("unable to load htpasswd file: \"%s\" (%s)\n", conf.PasswdFile, err) return nil } return authenticator diff --git a/pkg/config/config.go b/pkg/config/config.go index f60c9f3..9286c62 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1,69 +1,17 @@ package config -import ( - "flag" - "os" - "strconv" -) - // Config contain global configuration type Config struct { - ListenAddr *string - NbWorkers *int - Debug *bool - Timeout *int - ScriptDir *string - PasswdFile *string - LogDir *string - NotificationURI *string -} - -var config = &Config{ - ListenAddr: flag.String("listen", getEnv("LISTEN_ADDR", ":8080"), "HTTP service address"), - NbWorkers: flag.Int("nb-workers", getIntEnv("NB_WORKERS", 2), "The number of workers to start"), - Debug: flag.Bool("debug", getBoolEnv("DEBUG", false), "Output debug logs"), - Timeout: flag.Int("timeout", getIntEnv("HOOK_TIMEOUT", 10), "Hook maximum delay (in second) before timeout"), - ScriptDir: flag.String("scripts", getEnv("SCRIPTS_DIR", "scripts"), "Scripts directory"), - PasswdFile: flag.String("passwd", getEnv("PASSWD_FILE", ".htpasswd"), "Password file encoded with htpasswd"), - LogDir: flag.String("log-dir", getEnv("LOG_DIR", os.TempDir()), "Webhooks execution log directory"), - NotificationURI: flag.String("notification-uri", getEnv("NOTIFICATION_URI", ""), "Notification URI"), -} - -func init() { - // set shorthand parameters - const shorthand = " (shorthand)" - usage := flag.Lookup("listen").Usage + shorthand - flag.StringVar(config.ListenAddr, "l", *config.ListenAddr, usage) - usage = flag.Lookup("debug").Usage + shorthand - flag.BoolVar(config.Debug, "d", *config.Debug, usage) - usage = flag.Lookup("passwd").Usage + shorthand - flag.StringVar(config.PasswdFile, "p", *config.PasswdFile, usage) -} - -// Get global configuration -func Get() *Config { - return config -} - -func getEnv(key, fallback string) string { - if value, ok := os.LookupEnv("APP_" + key); ok { - return value - } - return fallback -} - -func getIntEnv(key string, fallback int) int { - strValue := getEnv(key, strconv.Itoa(fallback)) - if value, err := strconv.Atoi(strValue); err == nil { - return value - } - return fallback -} - -func getBoolEnv(key string, fallback bool) bool { - strValue := getEnv(key, strconv.FormatBool(fallback)) - if value, err := strconv.ParseBool(strValue); err == nil { - return value - } - return fallback + ListenAddr string `flag:"listen-addr" desc:"HTTP listen address" default:":8080"` + TLSListenAddr string `flag:"tls-listen-addr" desc:"TLS listen address"` + TLSCertFile string `flag:"tls-cert-file" desc:"TLS certificate file" default:"server.pem"` + TLSKeyFile string `flag:"tls-key-file" desc:"TLS key file" default:"server.key"` + TLSDomain string `flag:"tls-domain" desc:"TLS domain name used by ACME"` + NbWorkers int `flag:"nb-workers" desc:"Number of workers to start" default:"2"` + Debug bool `flag:"debug" desc:"Output debug logs" default:"false"` + Timeout int `flag:"timeout" desc:"Maximum hook execution time in second" default:"10"` + ScriptDir string `flag:"scripts" desc:"Scripts location" default:"scripts"` + PasswdFile string `flag:"passwd-file" desc:"Password file for basic HTTP authentication" defult:".htpasswd"` + LogDir string `flag:"log-dir" desc:"Hook execution logs location" default:""` + NotificationURI string `flag:"notification-uri" desc:"Notification URI"` } diff --git a/pkg/config/flag-builder.go b/pkg/config/flag-builder.go new file mode 100644 index 0000000..8f4811f --- /dev/null +++ b/pkg/config/flag-builder.go @@ -0,0 +1,62 @@ +package config + +import ( + "errors" + "reflect" + "strconv" +) + +// ErrInvalidSpecification indicates that a specification is of the wrong type. +var ErrInvalidSpecification = errors.New("specification must be a struct pointer") + +// HydrateFromFlags hydrate object form flags +func HydrateFromFlags(conf interface{}) error { + rv := reflect.ValueOf(conf) + for rv.Kind() == reflect.Ptr || rv.Kind() == reflect.Interface { + rv = rv.Elem() + } + typ := rv.Type() + + for i := 0; i < typ.NumField(); i++ { + fieldType := typ.Field(i) + field := rv.Field(i) + + var key, desc, val string + if tag, ok := fieldType.Tag.Lookup("flag"); ok { + key = tag + } else { + continue + } + if tag, ok := fieldType.Tag.Lookup("desc"); ok { + desc = tag + } + if tag, ok := fieldType.Tag.Lookup("default"); ok { + val = tag + } + + switch fieldType.Type.Kind() { + case reflect.String: + field.SetString(val) + ptr, _ := field.Addr().Interface().(*string) + setFlagEnvString(ptr, key, desc, val) + case reflect.Bool: + bVal, err := strconv.ParseBool(val) + if err != nil { + return err + } + field.SetBool(bVal) + ptr, _ := field.Addr().Interface().(*bool) + setFlagEnvBool(ptr, key, desc, bVal) + case reflect.Int: + i64Val, err := strconv.ParseInt(val, 10, 32) + if err != nil { + return err + } + iVal := int(i64Val) + field.SetInt(i64Val) + ptr, _ := field.Addr().Interface().(*int) + setFlagEnvInt(ptr, key, desc, iVal) + } + } + return nil +} diff --git a/pkg/config/helper.go b/pkg/config/helper.go new file mode 100644 index 0000000..cf4fb44 --- /dev/null +++ b/pkg/config/helper.go @@ -0,0 +1,69 @@ +package config + +import ( + "flag" + "fmt" + "os" + "strconv" + "strings" + "time" + + "github.com/ncarlier/webhookd/pkg/strcase" +) + +const envPrefix = "WHD" + +// setFlagEnvString set string value from flag or env with fallback +func setFlagEnvString(p *string, key, desc, fallback string) { + if val := envValue(key); val != nil { + fallback = *val + } + flag.StringVar(p, key, fallback, envDesc(key, desc)) +} + +// setFlagEnvBool set bool value from flag or env with fallback +func setFlagEnvBool(p *bool, key, desc string, fallback bool) { + if val := envValue(key); val != nil { + fallback, _ = strconv.ParseBool(*val) + } + flag.BoolVar(p, key, fallback, envDesc(key, desc)) +} + +// setFlagEnvInt set int value from flag or env with fallback +func setFlagEnvInt(p *int, key, desc string, fallback int) { + if val := envValue(key); val != nil { + fallback, _ = strconv.Atoi(*val) + } + flag.IntVar(p, key, fallback, envDesc(key, desc)) +} + +// setFlagEnvDuration set duration value form flag or env with fallback +func setFlagEnvDuration(p *time.Duration, key, desc string, fallback time.Duration) { + if val := envValue(key); val != nil { + fallback, _ = time.ParseDuration(*val) + } + flag.DurationVar(p, key, fallback, envDesc(key, desc)) +} + +// setFlagString set string value from flag with fallback +func setFlagString(p *string, key, desc, fallback string) { + flag.StringVar(p, key, fallback, desc) +} + +// setFlagBool set bool value from flag with fallback +func setFlagBool(p *bool, key, desc string, fallback bool) { + flag.BoolVar(p, key, fallback, desc) +} + +func envDesc(key, desc string) string { + envKey := strings.ToUpper(strcase.ToSnake(key)) + return fmt.Sprintf("%s (env: %s_%s)", desc, envPrefix, envKey) +} + +func envValue(key string) *string { + envKey := strings.ToUpper(strcase.ToSnake(key)) + if value, ok := os.LookupEnv(envPrefix + "_" + envKey); ok { + return &value + } + return nil +} diff --git a/pkg/config/test/flag-builder_test.go b/pkg/config/test/flag-builder_test.go new file mode 100644 index 0000000..b1701af --- /dev/null +++ b/pkg/config/test/flag-builder_test.go @@ -0,0 +1,21 @@ +package config_test + +import ( + "flag" + "testing" + + "github.com/ncarlier/webhookd/pkg/assert" + "github.com/ncarlier/webhookd/pkg/config" +) + +func TestFlagBuilder(t *testing.T) { + flag.Parse() + conf := &config.Config{} + err := config.HydrateFromFlags(conf) + assert.Nil(t, err, "error should be nil") + assert.Equal(t, ":8080", conf.ListenAddr, "") + assert.Equal(t, 2, conf.NbWorkers, "") + assert.Equal(t, 10, conf.Timeout, "") + assert.Equal(t, "scripts", conf.ScriptDir, "") + assert.Equal(t, false, conf.Debug, "") +} diff --git a/pkg/middleware/hsts.go b/pkg/middleware/hsts.go new file mode 100644 index 0000000..41ca0b6 --- /dev/null +++ b/pkg/middleware/hsts.go @@ -0,0 +1,13 @@ +package middleware + +import ( + "net/http" +) + +// HSTS is a middleware to enabling HSTS on HTTP requests +func HSTS(inner http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Strict-Transport-Security", "max-age=15768000 ; includeSubDomains") + return + }) +} diff --git a/pkg/model/work_request.go b/pkg/model/work_request.go index 6345b2b..acb3f40 100644 --- a/pkg/model/work_request.go +++ b/pkg/model/work_request.go @@ -11,7 +11,6 @@ import ( "sync/atomic" "time" - "github.com/ncarlier/webhookd/pkg/config" "github.com/ncarlier/webhookd/pkg/logger" "github.com/ncarlier/webhookd/pkg/tools" ) @@ -48,7 +47,7 @@ type WorkRequest struct { } // NewWorkRequest creats new work request -func NewWorkRequest(name, script, payload string, args []string, timeout int) *WorkRequest { +func NewWorkRequest(name, script, payload, output string, args []string, timeout int) *WorkRequest { w := &WorkRequest{ ID: atomic.AddUint64(&workID, 1), Name: name, @@ -59,7 +58,7 @@ func NewWorkRequest(name, script, payload string, args []string, timeout int) *W MessageChan: make(chan []byte), Status: Idle, } - w.LogFilename = path.Join(*config.Get().LogDir, fmt.Sprintf("%s_%d_%s.txt", tools.ToSnakeCase(w.Name), w.ID, time.Now().Format("20060102_1504"))) + w.LogFilename = path.Join(output, fmt.Sprintf("%s_%d_%s.txt", tools.ToSnakeCase(w.Name), w.ID, time.Now().Format("20060102_1504"))) return w } diff --git a/pkg/server/server.go b/pkg/server/server.go new file mode 100644 index 0000000..0c45acf --- /dev/null +++ b/pkg/server/server.go @@ -0,0 +1,89 @@ +package server + +import ( + "context" + "net/http" + "os" + "os/user" + "path/filepath" + + "github.com/ncarlier/webhookd/pkg/api" + "github.com/ncarlier/webhookd/pkg/config" + "github.com/ncarlier/webhookd/pkg/logger" + + "golang.org/x/crypto/acme/autocert" +) + +func cacheDir() (dir string) { + if u, _ := user.Current(); u != nil { + dir = filepath.Join(os.TempDir(), "webhookd-acme-cache-"+u.Username) + if err := os.MkdirAll(dir, 0700); err == nil { + return dir + } + } + return "" +} + +// Server is a HTTP server wrapper used to manage TLS +type Server struct { + self *http.Server + tls bool + certFile string + keyFile string +} + +// ListenAndServe start HTTP(s) server +func (s *Server) ListenAndServe() error { + if s.tls { + return s.self.ListenAndServeTLS(s.certFile, s.keyFile) + } else { + return s.self.ListenAndServe() + } +} + +// Shutdown stop HTTP(s) server +func (s *Server) Shutdown(ctx context.Context) error { + s.self.SetKeepAlivesEnabled(false) + return s.self.Shutdown(ctx) +} + +// NewServer create new HTTP(s) server +func NewServer(cfg *config.Config) *Server { + server := &Server{} + if cfg.TLSListenAddr == "" { + // Simple HTTP server + server.self = &http.Server{ + Addr: cfg.ListenAddr, + Handler: api.NewRouter(cfg), + ErrorLog: logger.Error, + } + server.tls = false + } else { + // HTTPs server + if cfg.TLSDomain == "" { + server.self = &http.Server{ + Addr: cfg.TLSListenAddr, + Handler: api.NewRouter(cfg), + ErrorLog: logger.Error, + } + server.certFile = cfg.TLSCertFile + server.keyFile = cfg.TLSKeyFile + } else { + m := &autocert.Manager{ + Cache: autocert.DirCache(cacheDir()), + Prompt: autocert.AcceptTOS, + HostPolicy: autocert.HostWhitelist(cfg.TLSDomain), + } + server.self = &http.Server{ + Addr: cfg.TLSListenAddr, + Handler: api.NewRouter(cfg), + ErrorLog: logger.Error, + TLSConfig: m.TLSConfig(), + } + server.certFile = "" + server.keyFile = "" + } + server.tls = true + } + return server +} diff --git a/pkg/strcase/snake.go b/pkg/strcase/snake.go new file mode 100644 index 0000000..4243953 --- /dev/null +++ b/pkg/strcase/snake.go @@ -0,0 +1,94 @@ +/* + * The MIT License (MIT) + * + * Copyright (c) 2015 Ian Coleman + * Copyright (c) 2018 Ma_124, + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, Subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or Substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +// Package strcase converts strings to snake_case or CamelCase +package strcase + +import ( + "strings" +) + +// ToSnake converts a string to snake_case +func ToSnake(s string) string { + return ToDelimited(s, '_') +} + +// ToScreamingSnake converts a string to SCREAMING_SNAKE_CASE +func ToScreamingSnake(s string) string { + return ToScreamingDelimited(s, '_', true) +} + +// ToKebab converts a string to kebab-case +func ToKebab(s string) string { + return ToDelimited(s, '-') +} + +// ToScreamingKebab converts a string to SCREAMING-KEBAB-CASE +func ToScreamingKebab(s string) string { + return ToScreamingDelimited(s, '-', true) +} + +// ToDelimited converts a string to delimited.snake.case (in this case `del = '.'`) +func ToDelimited(s string, del uint8) string { + return ToScreamingDelimited(s, del, false) +} + +// ToScreamingDelimited converts a string to SCREAMING.DELIMITED.SNAKE.CASE (in this case `del = '.'; screaming = true`) or delimited.snake.case (in this case `del = '.'; screaming = false`) +func ToScreamingDelimited(s string, del uint8, screaming bool) string { + // s = addWordBoundariesToNumbers(s) + s = strings.Trim(s, " ") + n := "" + for i, v := range s { + // treat acronyms as words, eg for JSONData -> JSON is a whole word + nextCaseIsChanged := false + if i+1 < len(s) { + next := s[i+1] + if (v >= 'A' && v <= 'Z' && next >= 'a' && next <= 'z') || (v >= 'a' && v <= 'z' && next >= 'A' && next <= 'Z') { + nextCaseIsChanged = true + } + } + + if i > 0 && n[len(n)-1] != del && nextCaseIsChanged { + // add underscore if next letter case type is changed + if v >= 'A' && v <= 'Z' { + n += string(del) + string(v) + } else if v >= 'a' && v <= 'z' { + n += string(v) + string(del) + } + } else if v == ' ' || v == '_' || v == '-' { + // replace spaces/underscores with delimiters + n += string(del) + } else { + n = n + string(v) + } + } + + if screaming { + n = strings.ToUpper(n) + } else { + n = strings.ToLower(n) + } + return n +} diff --git a/pkg/tools/script_resolver.go b/pkg/tools/script_resolver.go index 5983e1b..2b9d9d0 100644 --- a/pkg/tools/script_resolver.go +++ b/pkg/tools/script_resolver.go @@ -12,7 +12,7 @@ import ( func ResolveScript(dir, name string) (string, error) { script := path.Clean(path.Join(dir, fmt.Sprintf("%s.sh", name))) if !strings.HasPrefix(script, dir) { - return "", errors.New("Invalid script path: " + name) + return "", errors.New("Invalid script path: " + script) } if _, err := os.Stat(script); os.IsNotExist(err) { return "", errors.New("Script not found: " + script) diff --git a/pkg/worker/work_log.go b/pkg/worker/work_log.go index 6e64a81..a82dd02 100644 --- a/pkg/worker/work_log.go +++ b/pkg/worker/work_log.go @@ -6,13 +6,12 @@ import ( "path" "path/filepath" - "github.com/ncarlier/webhookd/pkg/config" "github.com/ncarlier/webhookd/pkg/tools" ) // RetrieveLogFile retrieve work log with its name and id -func RetrieveLogFile(id, name string) (*os.File, error) { - logPattern := path.Join(*config.Get().LogDir, fmt.Sprintf("%s_%s_*.txt", tools.ToSnakeCase(name), id)) +func RetrieveLogFile(id, name, base string) (*os.File, error) { + logPattern := path.Join(base, fmt.Sprintf("%s_%s_*.txt", tools.ToSnakeCase(name), id)) files, err := filepath.Glob(logPattern) if err != nil { return nil, err diff --git a/pkg/worker/work_runner_test.go b/pkg/worker/work_runner_test.go index 084ae36..caf5f2e 100644 --- a/pkg/worker/work_runner_test.go +++ b/pkg/worker/work_runner_test.go @@ -1,6 +1,7 @@ package worker import ( + "os" "strconv" "testing" @@ -29,7 +30,7 @@ func TestWorkRunner(t *testing.T) { "user_agent=test", } payload := "{\"foo\": \"bar\"}" - work := model.NewWorkRequest("test", script, payload, args, 5) + work := model.NewWorkRequest("test", script, payload, os.TempDir(), args, 5) assert.NotNil(t, work, "") printWorkMessages(work) err := run(work) @@ -39,7 +40,7 @@ func TestWorkRunner(t *testing.T) { // Test that we can retrieve log file afterward id := strconv.FormatUint(work.ID, 10) - logFile, err := RetrieveLogFile(id, "test") + logFile, err := RetrieveLogFile(id, "test", os.TempDir()) defer logFile.Close() assert.Nil(t, err, "Log file should exists") assert.NotNil(t, logFile, "Log file should be retrieve") @@ -48,7 +49,7 @@ func TestWorkRunner(t *testing.T) { func TestWorkRunnerWithError(t *testing.T) { logger.Init("debug") script := "../../tests/test_error.sh" - work := model.NewWorkRequest("test", script, "", []string{}, 5) + work := model.NewWorkRequest("test", script, "", os.TempDir(), []string{}, 5) assert.NotNil(t, work, "") printWorkMessages(work) err := run(work) @@ -60,7 +61,7 @@ func TestWorkRunnerWithError(t *testing.T) { func TestWorkRunnerWithTimeout(t *testing.T) { logger.Init("debug") script := "../../tests/test_timeout.sh" - work := model.NewWorkRequest("test", script, "", []string{}, 1) + work := model.NewWorkRequest("test", script, "", os.TempDir(), []string{}, 1) assert.NotNil(t, work, "") printWorkMessages(work) err := run(work)