Ailur/fulgens
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Ailur:master
Branches Tags
Ailur:master
Ailur:v0.7.7
Ailur:v0.7.6
Ailur:v0.7.5
Ailur:v0.7.4
Ailur:v0.7.3
Ailur:v0.7.2
Ailur:v0.7.1
Ailur:v0.7.0
Ailur:v0.6.1
Ailur:v0.6.0
Ailur:v0.5.7
Ailur:v0.5.6
Ailur:v0.5.5
Ailur:v0.5.4
Ailur:v0.5.3
Ailur:v0.5.2
Ailur:v0.5.1
Ailur:v0.5.0
Ailur:v0.4.5
Ailur:v0.4.4
Ailur:v0.4.3
Ailur:v0.4.2
Ailur:v0.4.1
Ailur:v0.4.0
Ailur:v0.3.2
Ailur:v0.3.1
Ailur:v0.3.0
Ailur:v0.2.0
Ailur:v0.1.1
Ailur:v0.0.6
Ailur:v0.0.5
Ailur:v0.0.4
Ailur:v0.0.3
Ailur:v0.0.2
Ailur:v0.0.1
..
compare: Ailur:v0.4.5
Branches Tags
Ailur:master
Ailur:v0.7.7
Ailur:v0.7.6
Ailur:v0.7.5
Ailur:v0.7.4
Ailur:v0.7.3
Ailur:v0.7.2
Ailur:v0.7.1
Ailur:v0.7.0
Ailur:v0.6.1
Ailur:v0.6.0
Ailur:v0.5.7
Ailur:v0.5.6
Ailur:v0.5.5
Ailur:v0.5.4
Ailur:v0.5.3
Ailur:v0.5.2
Ailur:v0.5.1
Ailur:v0.5.0
Ailur:v0.4.5
Ailur:v0.4.4
Ailur:v0.4.3
Ailur:v0.4.2
Ailur:v0.4.1
Ailur:v0.4.0
Ailur:v0.3.2
Ailur:v0.3.1
Ailur:v0.3.0
Ailur:v0.2.0
Ailur:v0.1.1
Ailur:v0.0.6
Ailur:v0.0.5
Ailur:v0.0.4
Ailur:v0.0.3
Ailur:v0.0.2
Ailur:v0.0.1

No commits in common. "master" and "v0.4.5" have entirely different histories.
master ... v0.4.5

10 changed files with 973 additions and 799 deletions
Show stats Expand all files Collapse all files

4
build.sh
View file

@ -28,6 +28,6 @@ find -L "$searchDir" -type f -name "build.sh" | while read -r buildScript; do
done done
clear clear
fancy "\033[1;105m" "Building Fulgens..." fancy "\033[1;105m" "Building Fulgens..."
go build -C "$path" --ldflags "-s -w" -o "$path/fulgens" || exit 1 go build --ldflags "-s -w" -o "$path/fulgens" || exit 1
clear clear
fancy "\033[1;102m" "Fulgens has been built successfully!" fancy "\033[1;102m" "Fulgensfas has been built successfully!"

70
config.yaml.example
View file

@ -4,6 +4,10 @@
global: { global: {
# IP defines the IP address to bind to. # IP defines the IP address to bind to.
ip: "0.0.0.0", ip: "0.0.0.0",
# httpPort defines the port to bind to for HTTP.
httpPort: "8080",
# httpsPort defines the port to bind to for HTTPS (TLS).
httpsPort: "8443",
# serviceDirectory defines the directory to look for services in. # serviceDirectory defines the directory to look for services in.
serviceDirectory: "./services", serviceDirectory: "./services",
# resourceDirectory defines the directory to look for resources in. # resourceDirectory defines the directory to look for resources in.
@ -15,6 +19,13 @@ global: {
# level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd. # level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd.
level: 5 level: 5
}, },
# https defines the HTTPS settings on a global level - per-route settings override these. It is optional.
https: {
# certificate defines the path to the certificate file (must be a wildcard in order to support multiple subdomains).
certificate: "./certs/localhost.crt",
# key defines the path to the key file (must be a wildcard in order to support multiple subdomains).
key: "./certs/localhost.key"
},
# logging defines the logging settings. # logging defines the logging settings.
logging: { logging: {
# enabled defines whether logging is enabled. # enabled defines whether logging is enabled.
@ -30,23 +41,6 @@ global: {
path: "./databases", path: "./databases",
# connectionString defines the connection string to use for the database (postgres only). # connectionString defines the connection string to use for the database (postgres only).
connectionString: "postgres://user:password@localhost:5432/database" connectionString: "postgres://user:password@localhost:5432/database"
},
# stealth enables stealth mode, which makes the server look like some preset http servers.
# stealth mode overrides all proxy preservations and headers.
stealth: {
# enabled defines whether stealth mode is enabled.
enabled: true,
# server defines the server to pretend to be, possible values are "nginx" or "net/http".
server: "nginx",
# php defines if the server should pretend to be running PHP. This should only be used on nginx.
php: {
# enabled defines whether PHP spoofing is enabled.
enabled: true,
# version defines the version of PHP to pretend to be.
version: "8.2.25"
},
# aspnet defines if the server should pretend to be running ASP.NET. This should only be used on nginx.
aspNet: true
} }
} }
@ -55,8 +49,6 @@ routes: [
{ {
# none is a special subdomain that matches all requests without a subdomain (Host header). # none is a special subdomain that matches all requests without a subdomain (Host header).
subdomain: "none", subdomain: "none",
# port defines the port to use for this route. They do not have to be unique.
port: "8080",
# services defines the services to use for this route. Services must be defined on a per-subdomain basis. # services defines the services to use for this route. Services must be defined on a per-subdomain basis.
# Each service may not be used more than once globally. The server will fail to start if this is violated. # Each service may not be used more than once globally. The server will fail to start if this is violated.
services: ["authentication"] services: ["authentication"]
@ -64,11 +56,7 @@ routes: [
{ {
# any subdomain value that isn't "none" will match that specific subdomain. # any subdomain value that isn't "none" will match that specific subdomain.
subdomain: "www.localhost", subdomain: "www.localhost",
# port defines the port to use for this route. They do not have to be unique. # https defines the HTTPS settings for this route.
port: "8443",
# https defines the HTTPS settings for this route. If this block is missing, HTTPS will not be enabled for this port.
# If https is set once for any subdomain with this port, it will be enabled for all subdomains with this port.
# The connection will fail if the above condition is true, but there is not an HTTPS block for that subdomain.
https: { https: {
# certificate defines the path to the certificate file. # certificate defines the path to the certificate file.
certificate: "./certs/localhost.crt", certificate: "./certs/localhost.crt",
@ -78,8 +66,8 @@ routes: [
# paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis). # paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis).
paths: [ paths: [
{ {
# paths defines the paths to match. They can contain wildcards. # path defines the path to match. They can contain wildcards.
paths: ["/static", "/static/*"], path: "/static/*",
# static defines the static file serving settings for this path. This conflicts with proxy and redirect. # static defines the static file serving settings for this path. This conflicts with proxy and redirect.
# static > proxy > redirect in terms of precedence. # static > proxy > redirect in terms of precedence.
static: { static: {
@ -91,43 +79,39 @@ routes: [
} }
}, },
{ {
# paths defines the paths to match. They can contain wildcards. # path defines the path to match. They can contain wildcards.
paths: ["/proxy", "/proxy/*"], path: "/proxy/*",
# proxy defines the proxy settings for this path. This conflicts with static and redirect. # proxy defines the proxy settings for this path. This conflicts with static and redirect.
# static > proxy > redirect in terms of precedence. # static > proxy > redirect in terms of precedence.
proxy: { proxy: {
# url defines the URL to proxy requests to. # url defines the URL to proxy requests to.
url: "http://localhost:8000", url: "http://localhost:8000",
# stripPrefix defines whether to strip the prefix from the path before proxying. # stripPrefix defines whether to strip the prefix from the path before proxying.
stripPrefix: true, stripPrefix: true
headers: { headers: {
# forbid defines the headers to forbid from being sent to the proxied server. # forbid defines the headers to forbid from being sent to the proxied server.
forbid: [ "User-Agent" ], forbid: ["Authorization"],
# preserveServer defines whether to preserve the server header from the proxied server. # preserve defines the headers to preserve when sending to the client.
preserveServer: true, preserve: [X-Powered-By", "Server"]
# preserveAltSvc defines whether to preserve the Alt-Svc header from the proxied server. # host defines whether the host / :authority header should be sent to the proxied server.
preserveAltSvc: true, host: true,
# preserveXPoweredBy defines whether to preserve the X-Powered-By header from the proxied server.
preserveXPoweredBy: true,
# passHost defines whether the host / :authority header should be sent to the proxied server.
passHost: true,
# xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers. # xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers.
xForward: false xForward: true
} }
}, },
},
{ {
# paths defines the paths to match. They can contain wildcards. # path defines the path to match. They can contain wildcards.
paths: ["/redirect", "/redirect/*"], path: "/redirect/*",
# redirect defines the redirect settings for this path. This conflicts with proxy and static. # redirect defines the redirect settings for this path. This conflicts with proxy and static.
# static > proxy > redirect in terms of precedence. # static > proxy > redirect in terms of precedence.
redirect: { redirect: {
# url defines the URL to redirect to. # url defines the URL to redirect to.
url: "https://www.ailur.dev", url: "https://www.google.com",
# permanent defines whether the redirect is permanent (301) or temporary (302). # permanent defines whether the redirect is permanent (301) or temporary (302).
permanent: true permanent: true
} }
} }
}
] ]
} }
] ]

24
go.mod
View file

@ -3,33 +3,33 @@ module git.ailur.dev/ailur/fulgens
go 1.23.3 go 1.23.3
require ( require (
git.ailur.dev/ailur/fg-library/v3 v3.6.2 git.ailur.dev/ailur/fg-library/v2 v2.1.2
git.ailur.dev/ailur/fg-nucleus-library v1.2.2 git.ailur.dev/ailur/fg-nucleus-library v1.0.5
git.ailur.dev/ailur/pow v1.0.3 git.ailur.dev/ailur/pow v1.0.2
github.com/CAFxX/httpcompression v0.0.9 github.com/CAFxX/httpcompression v0.0.9
github.com/cespare/xxhash/v2 v2.3.0 github.com/cespare/xxhash/v2 v2.3.0
github.com/go-chi/chi/v5 v5.2.1 github.com/go-chi/chi/v5 v5.1.0
github.com/go-playground/validator/v10 v10.25.0 github.com/go-playground/validator/v10 v10.22.1
github.com/golang-jwt/jwt/v5 v5.2.1 github.com/golang-jwt/jwt/v5 v5.2.1
github.com/google/uuid v1.6.0 github.com/google/uuid v1.6.0
github.com/klauspost/compress v1.18.0 github.com/klauspost/compress v1.17.11
github.com/lib/pq v1.10.9 github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.24 github.com/mattn/go-sqlite3 v1.14.24
golang.org/x/crypto v0.29.0
gopkg.in/yaml.v3 v3.0.1 gopkg.in/yaml.v3 v3.0.1
) )
require ( require (
github.com/andybalholm/brotli v1.1.1 // indirect github.com/andybalholm/brotli v1.1.1 // indirect
github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/gabriel-vasile/mimetype v1.4.6 // indirect
github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/kr/pretty v0.3.1 // indirect github.com/kr/pretty v0.3.1 // indirect
github.com/leodido/go-urn v1.4.0 // indirect github.com/leodido/go-urn v1.4.0 // indirect
github.com/rogpeppe/go-internal v1.13.1 // indirect github.com/rogpeppe/go-internal v1.13.1 // indirect
github.com/stretchr/testify v1.10.0 // indirect github.com/stretchr/testify v1.9.0 // indirect
golang.org/x/crypto v0.36.0 // indirect golang.org/x/net v0.31.0 // indirect
golang.org/x/net v0.37.0 // indirect golang.org/x/sys v0.27.0 // indirect
golang.org/x/sys v0.31.0 // indirect golang.org/x/text v0.20.0 // indirect
golang.org/x/text v0.23.0 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
) )

48
go.sum
View file

@ -1,9 +1,9 @@
git.ailur.dev/ailur/fg-library/v3 v3.6.2 h1:PNJKxpvbel2iDeB9+/rpYRyMoim6JjRHOXPYFYky7Ng= git.ailur.dev/ailur/fg-library/v2 v2.1.2 h1:Gk8ztytJfV2GYhsnfTDRWmvTzJ3Cn19V5p2suFCvu4E=
git.ailur.dev/ailur/fg-library/v3 v3.6.2/go.mod h1:ArNsafpqES2JuxQM5aM+bNe0FwHLIsL6pbjpiWvDwGs= git.ailur.dev/ailur/fg-library/v2 v2.1.2/go.mod h1:gBnZQDV70YON6cnuwB+Jawm2EABbf9dGlV0Qw4obtxs=
git.ailur.dev/ailur/fg-nucleus-library v1.2.2 h1:JbclmxGSoL+ByGZAl0W6PqWRoyBBGTrKrizWDJ7rdI0= git.ailur.dev/ailur/fg-nucleus-library v1.0.5 h1:0YVSHFOeydGR/pfq5AfiKQ5gWuxSnx8u2K8mHvEDDTI=
git.ailur.dev/ailur/fg-nucleus-library v1.2.2/go.mod h1:stxiTyMv3Fa7GzpyLbBUh3ahlb7110p0NnCl8ZTjwBs= git.ailur.dev/ailur/fg-nucleus-library v1.0.5/go.mod h1:nKYjJ+zJD1YcrEGWlyyA5r6CrzW8DWHVAnL9hkn2tNw=
git.ailur.dev/ailur/pow v1.0.3 h1:LjLSol4ax+M+SoajVjbBoDjfmjH6pKu3fDka7bl2KGY= git.ailur.dev/ailur/pow v1.0.2 h1:8tb6mXZdyQYjrKRW+AUmWMi5wJoHh9Ch3oRqiJr/ivs=
git.ailur.dev/ailur/pow v1.0.3/go.mod h1:ClAmIdHQ/N9wTq5S4YWhQ5d9CPUBcEjVuOkT07zBdJ4= git.ailur.dev/ailur/pow v1.0.2/go.mod h1:fjFb1z5KtF6V14HRhGWiDmmJKggO8KyAP20Lr5OJI/g=
github.com/CAFxX/httpcompression v0.0.9 h1:0ue2X8dOLEpxTm8tt+OdHcgA+gbDge0OqFQWGKSqgrg= github.com/CAFxX/httpcompression v0.0.9 h1:0ue2X8dOLEpxTm8tt+OdHcgA+gbDge0OqFQWGKSqgrg=
github.com/CAFxX/httpcompression v0.0.9/go.mod h1:XX8oPZA+4IDcfZ0A71Hz0mZsv/YJOgYygkFhizVPilM= github.com/CAFxX/httpcompression v0.0.9/go.mod h1:XX8oPZA+4IDcfZ0A71Hz0mZsv/YJOgYygkFhizVPilM=
github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
@ -15,18 +15,18 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8= github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8= github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/google/brotli/go/cbrotli v0.0.0-20230829110029-ed738e842d2f h1:jopqB+UTSdJGEJT8tEqYyE29zN91fi2827oLET8tl7k= github.com/google/brotli/go/cbrotli v0.0.0-20230829110029-ed738e842d2f h1:jopqB+UTSdJGEJT8tEqYyE29zN91fi2827oLET8tl7k=
@ -34,8 +34,8 @@ github.com/google/brotli/go/cbrotli v0.0.0-20230829110029-ed738e842d2f/go.mod h1
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@ -64,21 +64,21 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/valyala/gozstd v1.20.1 h1:xPnnnvjmaDDitMFfDxmQ4vpx0+3CdTg2o3lALvXTU/g= github.com/valyala/gozstd v1.20.1 h1:xPnnnvjmaDDitMFfDxmQ4vpx0+3CdTg2o3lALvXTU/g=
github.com/valyala/gozstd v1.20.1/go.mod h1:y5Ew47GLlP37EkTB+B4s7r6A5rdaeB7ftbl9zoYiIPQ= github.com/valyala/gozstd v1.20.1/go.mod h1:y5Ew47GLlP37EkTB+B4s7r6A5rdaeB7ftbl9zoYiIPQ=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

618
main.go
View file

@ -1,18 +1,18 @@
package main package main
import ( import (
library "git.ailur.dev/ailur/fg-library/v2"
"errors" "errors"
library "git.ailur.dev/ailur/fg-library/v3"
"io" "io"
"log" "log"
"mime" "mime"
"os" "os"
"os/signal"
"plugin" "plugin"
"strconv" "strconv"
"strings" "strings"
"sync" "sync"
"syscall" "time"
"crypto/tls" "crypto/tls"
"database/sql" "database/sql"
@ -40,9 +40,18 @@ import (
type Config struct { type Config struct {
Global struct { Global struct {
IP string `yaml:"ip" validate:"required,ip_addr"` IP string `yaml:"ip" validate:"required,ip_addr"`
HTTPPort string `yaml:"httpPort" validate:"required"`
HTTPSPort string `yaml:"httpsPort" validate:"required"`
ServiceDirectory string `yaml:"serviceDirectory" validate:"required"` ServiceDirectory string `yaml:"serviceDirectory" validate:"required"`
ResourceDirectory string `yaml:"resourceDirectory" validate:"required"` ResourceDirectory string `yaml:"resourceDirectory" validate:"required"`
Compression CompressionSettings `yaml:"compression"` Compression struct {
Algorithm string `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"`
Level float64 `yaml:"level" validate:"omitempty,min=1,max=22"`
} `yaml:"compression"`
HTTPS struct {
CertificatePath string `yaml:"certificate" validate:"required"`
KeyPath string `yaml:"key" validate:"required"`
} `yaml:"https"`
Logging struct { Logging struct {
Enabled bool `yaml:"enabled"` Enabled bool `yaml:"enabled"`
File string `yaml:"file" validate:"required_if=Enabled true"` File string `yaml:"file" validate:"required_if=Enabled true"`
@ -62,12 +71,7 @@ type Config struct {
ASPNet bool `yaml:"aspNet"` ASPNet bool `yaml:"aspNet"`
} }
} `yaml:"global" validate:"required"` } `yaml:"global" validate:"required"`
Routes []Route `yaml:"routes"` Routes []struct {
Services map[string]interface{} `yaml:"services"`
}
type Route struct {
Port string `yaml:"port" validate:"required"`
Subdomain string `yaml:"subdomain" validate:"required"` Subdomain string `yaml:"subdomain" validate:"required"`
Services []string `yaml:"services"` Services []string `yaml:"services"`
Paths []struct { Paths []struct {
@ -90,7 +94,12 @@ type Route struct {
CertificatePath string `yaml:"certificate" validate:"required"` CertificatePath string `yaml:"certificate" validate:"required"`
KeyPath string `yaml:"key" validate:"required"` KeyPath string `yaml:"key" validate:"required"`
} `yaml:"https"` } `yaml:"https"`
Compression CompressionSettings `yaml:"compression"` Compression struct {
Algorithm string `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"`
Level float64 `yaml:"level" validate:"omitempty,min=1,max=22"`
} `yaml:"compression"`
} `yaml:"routes"`
Services map[string]interface{} `yaml:"services"`
} }
type HeaderSettings struct { type HeaderSettings struct {
@ -105,77 +114,27 @@ type HeaderSettings struct {
type Service struct { type Service struct {
ServiceID uuid.UUID ServiceID uuid.UUID
ServiceMetadata library.Service ServiceMetadata library.Service
ServiceMainFunc func(*library.ServiceInitializationInformation) ServiceMainFunc func(library.ServiceInitializationInformation)
Inbox chan library.InterServiceMessage Inbox chan library.InterServiceMessage
} }
type CompressionSettings struct { type CompressionSettings struct {
Algorithm string `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"` Level int
Level int `yaml:"level" validate:"omitempty,min=1,max=22"` Algorithm string
} }
type RouterAndCompression struct { func checkCompressionAlgorithm(algorithm string, handler http.Handler, request *http.Request) http.Handler {
Router *chi.Mux var compressionLevel int
Compression CompressionSettings compressionSettings, ok := compression[request.Host]
}
type PortRouter struct {
https struct {
enabled bool
httpSettings map[string]*tls.Certificate
}
routers map[string]RouterAndCompression
}
func NewPortRouter() *PortRouter {
return &PortRouter{
routers: make(map[string]RouterAndCompression),
https: struct {
enabled bool
httpSettings map[string]*tls.Certificate
}{enabled: false, httpSettings: make(map[string]*tls.Certificate)},
}
}
func (pr *PortRouter) Register(router *chi.Mux, compression CompressionSettings, subdomain string, certificate ...*tls.Certificate) {
pr.routers[subdomain] = RouterAndCompression{Router: router, Compression: compression}
if len(certificate) > 0 {
pr.https.enabled = true
pr.https.httpSettings[subdomain] = certificate[0]
}
}
func (pr *PortRouter) Router(w http.ResponseWriter, r *http.Request) {
host := strings.Split(r.Host, ":")[0]
router, ok := pr.routers[host]
if !ok { if !ok {
router, ok = pr.routers["none"] compressionLevel = int(config.Global.Compression.Level)
}
if router.Compression.Algorithm != "none" {
compressRouter(router.Compression, router.Router).ServeHTTP(w, r)
} else { } else {
router.Router.ServeHTTP(w, r) compressionLevel = compressionSettings.Level
} }
}
func (pr *PortRouter) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { switch algorithm {
cert, ok := pr.https.httpSettings[hello.ServerName]
if !ok {
return nil, errors.New("certificate not found")
} else {
return cert, nil
}
}
func (pr *PortRouter) HTTPSEnabled() bool {
return pr.https.enabled
}
func compressRouter(settings CompressionSettings, handler http.Handler) http.Handler {
switch settings.Algorithm {
case "gzip": case "gzip":
encoder, err := gzip.New(gzip.Options{Level: settings.Level}) encoder, err := gzip.New(gzip.Options{Level: compressionLevel})
if err != nil { if err != nil {
slog.Error("Error creating gzip encoder: " + err.Error()) slog.Error("Error creating gzip encoder: " + err.Error())
return handler return handler
@ -187,7 +146,7 @@ func compressRouter(settings CompressionSettings, handler http.Handler) http.Han
} }
return gzipHandler(handler) return gzipHandler(handler)
case "brotli": case "brotli":
encoder, err := brotli.New(brotli.Options{Quality: settings.Level}) encoder, err := brotli.New(brotli.Options{Quality: compressionLevel})
if err != nil { if err != nil {
slog.Error("Error creating brotli encoder: " + err.Error()) slog.Error("Error creating brotli encoder: " + err.Error())
return handler return handler
@ -199,7 +158,7 @@ func compressRouter(settings CompressionSettings, handler http.Handler) http.Han
} }
return brotliHandler(handler) return brotliHandler(handler)
case "zstd": case "zstd":
encoder, err := zstd.New(kpzstd.WithEncoderLevel(kpzstd.EncoderLevelFromZstd(settings.Level))) encoder, err := zstd.New(kpzstd.WithEncoderLevel(kpzstd.EncoderLevelFromZstd(compressionLevel)))
if err != nil { if err != nil {
slog.Error("Error creating zstd encoder: " + err.Error()) slog.Error("Error creating zstd encoder: " + err.Error())
return handler return handler
@ -392,17 +351,7 @@ func newFileServer(root string, directoryListing bool, path string) http.Handler
} }
} }
absolutePath, err := filepath.Abs(filepath.Join(root, filepath.FromSlash(r.URL.Path))) file, err := os.Open(filepath.Join(root, filepath.FromSlash(r.URL.Path)))
if err != nil {
serverError(w, 500)
}
if !strings.HasPrefix(absolutePath, root) {
serverError(w, 403)
return
}
file, err := os.Open(absolutePath)
if err != nil { if err != nil {
serverError(w, 500) serverError(w, 500)
return return
@ -521,18 +470,35 @@ func serverError(w http.ResponseWriter, status int) {
} }
} }
func hostRouter(w http.ResponseWriter, r *http.Request) {
host := strings.Split(r.Host, ":")[0]
router, ok := subdomains[host]
if !ok {
router, ok = subdomains["none"]
if !ok {
serverError(w, 404)
slog.Error("No subdomain found for " + host)
}
}
compressionSettings, ok := compression[host]
if !ok {
checkCompressionAlgorithm(config.Global.Compression.Algorithm, router, r).ServeHTTP(w, r)
} else {
checkCompressionAlgorithm(compressionSettings.Algorithm, router, r).ServeHTTP(w, r)
}
}
var ( var (
validate *validator.Validate validate *validator.Validate
lock sync.RWMutex lock sync.RWMutex
config Config config Config
registeredServices = make(map[string]Service) registeredServices = make(map[string]Service)
activeServices = make(map[uuid.UUID]Service) activeServices = make(map[uuid.UUID]Service)
portRouters = make(map[string]*PortRouter) certificates = make(map[string]*tls.Certificate)
broadcastService = uuid.MustParse("00000000-0000-0000-0000-000000000000") compression = make(map[string]CompressionSettings)
databaseService = uuid.MustParse("00000000-0000-0000-0000-000000000001") subdomains = make(map[string]*chi.Mux)
logService = uuid.MustParse("00000000-0000-0000-0000-000000000002")
blobService = uuid.MustParse("00000000-0000-0000-0000-000000000003")
authService = uuid.MustParse("00000000-0000-0000-0000-000000000004")
) )
func loadTLSCertificate(certificatePath, keyPath string) (*tls.Certificate, error) { func loadTLSCertificate(certificatePath, keyPath string) (*tls.Certificate, error) {
@ -544,113 +510,218 @@ func loadTLSCertificate(certificatePath, keyPath string) (*tls.Certificate, erro
} }
} }
var globalPGConn *sql.DB func getTLSCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
cert, ok := certificates[hello.ServerName]
func createPgSchema(id uuid.UUID) error { if !ok {
_, err := globalPGConn.Exec("CREATE SCHEMA IF NOT EXISTS \"" + id.String() + "\"") if config.Global.HTTPS.CertificatePath == "" || config.Global.HTTPS.KeyPath == "" {
if err != nil { return nil, errors.New("no certificate found")
return err } else {
return certificates["none"], nil
}
} else {
return cert, nil
} }
return nil
} }
func svInit(message library.InterServiceMessage) { func svInit(message library.InterServiceMessage) {
var dummyInfo = &library.ServiceInitializationInformation{Outbox: activeServices[message.ServiceID].Inbox} // Service database initialization message
if !activeServices[message.ServiceID].ServiceMetadata.Permissions.Database { // Check if the service has the necessary permissions
message.Respond(library.Unauthorized, errors.New("database access not permitted"), dummyInfo) if activeServices[message.ServiceID].ServiceMetadata.Permissions.Database {
return // Check if we are using sqlite or postgres
} if config.Global.Database.Type == "sqlite" {
// Open the database and return the connection
var db library.Database
switch config.Global.Database.Type {
case "sqlite":
pluginConn, err := sql.Open("sqlite3", filepath.Join(config.Global.Database.Path, message.ServiceID.String()+".db")) pluginConn, err := sql.Open("sqlite3", filepath.Join(config.Global.Database.Path, message.ServiceID.String()+".db"))
if err != nil { if err != nil {
message.Respond(library.InternalError, err, dummyInfo) // Report an error
return activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: err,
} }
} else {
_, err = pluginConn.Exec("PRAGMA journal_mode=WAL") // Report a successful activation
if err != nil { activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
message.Respond(library.InternalError, err, dummyInfo) ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
return ForServiceID: message.ServiceID,
} MessageType: 2,
SentAt: time.Now(),
db = library.Database{ Message: library.Database{
DB: pluginConn, DB: pluginConn,
DBType: library.Sqlite, DBType: library.Sqlite,
},
} }
case "postgres": }
err := createPgSchema(message.ServiceID) } else if config.Global.Database.Type == "postgres" {
// Connect to the database
conn, err := sql.Open("postgres", config.Global.Database.ConnectionString)
if err != nil { if err != nil {
message.Respond(library.InternalError, err, dummyInfo) // Report an error
return activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: err,
} }
connectionString := config.Global.Database.ConnectionString
if strings.Contains(config.Global.Database.ConnectionString, "?") {
connectionString += "&"
} else { } else {
connectionString += "?" // Try to create the schema
_, err = conn.Exec("CREATE SCHEMA IF NOT EXISTS \"" + message.ServiceID.String() + "\"")
if err != nil {
// Report an error
activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: err,
}
} else {
// Create a new connection to the database
var connectionString string
if strings.Contains(config.Global.Database.ConnectionString, "?") {
connectionString = config.Global.Database.ConnectionString + "&search_path=\"" + message.ServiceID.String() + "\""
} else {
connectionString = config.Global.Database.ConnectionString + "?search_path=\"" + message.ServiceID.String() + "\""
} }
connectionString += "search_path=\"" + message.ServiceID.String() + "\""
pluginConn, err := sql.Open("postgres", connectionString) pluginConn, err := sql.Open("postgres", connectionString)
if err != nil { if err != nil {
message.Respond(library.InternalError, err, dummyInfo) // Report an error
return activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: err,
} }
} else {
db = library.Database{ // Test the connection
err = pluginConn.Ping()
if err != nil {
// Report an error
activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: err,
}
} else {
// Report a successful activation
activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 2,
SentAt: time.Now(),
Message: library.Database{
DB: pluginConn, DB: pluginConn,
DBType: library.Postgres, DBType: library.Postgres,
},
} }
default:
message.Respond(library.InternalError, errors.New("database type not supported"), dummyInfo)
return
} }
err := db.DB.Ping()
if err != nil {
message.Respond(library.InternalError, err, dummyInfo)
return
} }
}
message.Respond(library.Success, db, dummyInfo) }
}
} else {
// Report an error
activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("database access not permitted"),
}
}
} }
func tryAuthAccess(message library.InterServiceMessage) { func tryAuthAccess(message library.InterServiceMessage) {
// We need to check if the service is allowed to access the Authentication service
serviceMetadata, ok := activeServices[message.ServiceID] serviceMetadata, ok := activeServices[message.ServiceID]
var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox} if ok && serviceMetadata.ServiceMetadata.Permissions.Authenticate {
if !ok || !serviceMetadata.ServiceMetadata.Permissions.Authenticate { // Send message to Authentication service
message.Respond(library.Unauthorized, errors.New("authentication not permitted"), dummyInfo) service, ok := activeServices[uuid.MustParse("00000000-0000-0000-0000-000000000004")]
return if ok {
}
service, ok := activeServices[authService]
if !ok {
message.Respond(library.InternalError, errors.New("authentication service not found"), dummyInfo)
return
}
service.Inbox <- message service.Inbox <- message
} else {
// Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("authentication service not found"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
}
} else {
// Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("authentication not permitted"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
}
} }
func tryStorageAccess(message library.InterServiceMessage) { func tryStorageAccess(message library.InterServiceMessage) {
// We need to check if the service is allowed to access the Blob Storage service
serviceMetadata, ok := activeServices[message.ServiceID] serviceMetadata, ok := activeServices[message.ServiceID]
var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox} if ok && serviceMetadata.ServiceMetadata.Permissions.BlobStorage {
if !ok || !serviceMetadata.ServiceMetadata.Permissions.BlobStorage { // Send message to Blob Storage service
message.Respond(library.Unauthorized, errors.New("storage access not permitted"), dummyInfo) service, ok := activeServices[uuid.MustParse("00000000-0000-0000-0000-000000000003")]
return if ok {
}
service, ok := activeServices[blobService]
if !ok {
message.Respond(library.InternalError, errors.New("storage service not found"), dummyInfo)
return
}
service.Inbox <- message service.Inbox <- message
} else {
// Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("blob storage service not found"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
}
} else {
// Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("blob storage is not permitted"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
}
} }
func tryLogger(message library.InterServiceMessage) { func tryLogger(message library.InterServiceMessage) {
@ -675,38 +746,75 @@ func tryLogger(message library.InterServiceMessage) {
} }
} }
func processInterServiceMessage(listener library.Listener) { func processInterServiceMessage(channel chan library.InterServiceMessage) {
for { for {
message := listener.AcceptMessage() message := <-channel
switch message.ForServiceID { if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000000") {
case broadcastService:
// Broadcast message // Broadcast message
for _, service := range activeServices { for _, service := range activeServices {
service.Inbox <- message service.Inbox <- message
} }
case databaseService: } else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000001") {
// Database service // Service initialization service
switch message.MessageType { switch message.MessageType {
case 0: case 0:
// This has been deprecated, ignore it
// Send "true" back
activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 0,
SentAt: time.Now(),
Message: true,
}
case 1:
svInit(message) svInit(message)
} }
case logService: } else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000002") {
tryLogger(message) tryLogger(message)
case blobService: } else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000003") {
tryStorageAccess(message) tryStorageAccess(message)
case authService: } else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000004") {
tryAuthAccess(message) tryAuthAccess(message)
default:
serviceMetadata, ok := activeServices[message.ServiceID]
var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox}
if !ok || !serviceMetadata.ServiceMetadata.Permissions.InterServiceCommunication {
message.Respond(library.Unauthorized, errors.New("inter-service communication not permitted"), dummyInfo)
} else { } else {
serviceMetadata, ok := activeServices[message.ServiceID]
if ok && serviceMetadata.ServiceMetadata.Permissions.InterServiceCommunication {
// Send message to specific service
service, ok := activeServices[message.ForServiceID] service, ok := activeServices[message.ForServiceID]
if !ok { if !ok {
message.Respond(library.BadRequest, errors.New("service not found"), dummyInfo) // Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("requested service not found"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
} }
service.Inbox <- message service.Inbox <- message
} else {
// Send error message
service, ok := activeServices[message.ServiceID]
if ok {
service.Inbox <- library.InterServiceMessage{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"),
ForServiceID: message.ServiceID,
MessageType: 1,
SentAt: time.Now(),
Message: errors.New("inter-service communication not permitted"),
}
} else {
// This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
os.Exit(1)
}
} }
} }
} }
@ -773,21 +881,25 @@ func parseConfig(path string) Config {
return config return config
} }
func checkHTTPS(route Route, subdomainRouter *chi.Mux, compressionSettings CompressionSettings) { func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
// Check if HTTPS is enabled for _, route := range config.Routes {
if route.HTTPS.KeyPath != "" && route.HTTPS.CertificatePath != "" { if route.Compression.Level != 0 {
certificate, err := loadTLSCertificate(route.HTTPS.CertificatePath, route.HTTPS.KeyPath) compression[route.Subdomain] = CompressionSettings{
if err != nil { Level: int(route.Compression.Level),
slog.Error("Error loading TLS certificate: " + err.Error()) Algorithm: route.Compression.Algorithm,
os.Exit(1)
} }
portRouters[route.Port].Register(subdomainRouter, compressionSettings, route.Subdomain, certificate)
} else {
portRouters[route.Port].Register(subdomainRouter, compressionSettings, route.Subdomain)
} }
}
func checkServices(route Route, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux) { // Create the subdomain router
subdomainRouter := chi.NewRouter()
subdomainRouter.NotFound(func(w http.ResponseWriter, r *http.Request) {
serverError(w, 404)
})
subdomains[route.Subdomain] = subdomainRouter
subdomains[route.Subdomain].Use(logger)
subdomains[route.Subdomain].Use(serverChanger)
// Check the services // Check the services
if route.Services != nil { if route.Services != nil {
// Iterate through the services // Iterate through the services
@ -800,43 +912,14 @@ func checkServices(route Route, globalOutbox chan library.InterServiceMessage, s
if ok { if ok {
slog.Error("Service with ID " + service + " is already active, will not activate again") slog.Error("Service with ID " + service + " is already active, will not activate again")
os.Exit(1) os.Exit(1)
} else {
// Initialize the service
initializeService(registeredService, globalOutbox, subdomainRouter, &route.Subdomain)
} }
// Initialize the service
initializeService(registeredService, globalOutbox, subdomainRouter)
} else { } else {
slog.Warn("Service with ID " + service + " is not registered") slog.Warn("Service with ID " + service + " is not registered")
} }
} }
} }
}
func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
for _, route := range config.Routes {
var compressionSettings CompressionSettings
if route.Compression != (CompressionSettings{}) {
compressionSettings = route.Compression
} else {
compressionSettings = config.Global.Compression
}
// Create the subdomain router
subdomainRouter := chi.NewRouter()
subdomainRouter.NotFound(func(w http.ResponseWriter, r *http.Request) {
serverError(w, 404)
})
// Set the port router
_, ok := portRouters[route.Port]
if !ok {
portRouters[route.Port] = NewPortRouter()
}
// Check if HTTPS is enabled
checkHTTPS(route, subdomainRouter, compressionSettings)
// Check the services
checkServices(route, globalOutbox, subdomainRouter)
// Iterate through the paths // Iterate through the paths
for _, pathBlock := range route.Paths { for _, pathBlock := range route.Paths {
@ -870,6 +953,15 @@ func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
} }
} }
} }
// Add the TLS certificate
if route.HTTPS.CertificatePath != "" && route.HTTPS.KeyPath != "" {
certificate, err := loadTLSCertificate(route.HTTPS.CertificatePath, route.HTTPS.KeyPath)
if err != nil {
slog.Error("Error loading TLS certificate: " + err.Error() + ", TLS will not be available for subdomain " + route.Subdomain)
}
certificates[route.Subdomain] = certificate
}
} }
} }
@ -892,13 +984,13 @@ func registerServices() (err error) {
// Load the service information // Load the service information
serviceInformation, err := service.Lookup("ServiceInformation") serviceInformation, err := service.Lookup("ServiceInformation")
if err != nil { if err != nil {
return errors.New("service " + path + " lacks necessary service information") return errors.New("service lacks necessary information")
} }
// Load the main function // Load the main function
mainFunc, err := service.Lookup("Main") mainFunc, err := service.Lookup("Main")
if err != nil { if err != nil {
return errors.New("service " + path + " lacks necessary main function") return errors.New("service lacks necessary main function")
} }
// Register the service // Register the service
@ -908,7 +1000,7 @@ func registerServices() (err error) {
ServiceID: serviceInformation.(*library.Service).ServiceID, ServiceID: serviceInformation.(*library.Service).ServiceID,
Inbox: inbox, Inbox: inbox,
ServiceMetadata: *serviceInformation.(*library.Service), ServiceMetadata: *serviceInformation.(*library.Service),
ServiceMainFunc: mainFunc.(func(*library.ServiceInitializationInformation)), ServiceMainFunc: mainFunc.(func(library.ServiceInitializationInformation)),
} }
lock.Unlock() lock.Unlock()
@ -921,25 +1013,23 @@ func registerServices() (err error) {
return err return err
} }
func initializeService(service Service, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux, subdomain *string) { func initializeService(service Service, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux) {
// Get the plugin from the map // Get the plugin from the map
slog.Info("Activating service " + strings.ToLower(service.ServiceMetadata.Name) + " with ID " + service.ServiceMetadata.ServiceID.String()) slog.Info("Activating service " + strings.ToLower(service.ServiceMetadata.Name) + " with ID " + service.ServiceMetadata.ServiceID.String())
serviceInitializationInformation := library.NewServiceInitializationInformation(nil, globalOutbox, service.Inbox, nil, config.Services[strings.ToLower(service.ServiceMetadata.Name)].(map[string]interface{}), nil) serviceInitializationInformation := library.ServiceInitializationInformation{
Domain: strings.ToLower(service.ServiceMetadata.Name),
serviceInitializationInformation.Service = &service.ServiceMetadata Configuration: config.Services[strings.ToLower(service.ServiceMetadata.Name)].(map[string]interface{}),
Outbox: globalOutbox,
Inbox: service.Inbox,
Router: subdomainRouter,
}
// Check if they want a resource directory // Check if they want a resource directory
if service.ServiceMetadata.Permissions.Resources { if service.ServiceMetadata.Permissions.Resources {
serviceInitializationInformation.ResourceDir = os.DirFS(filepath.Join(config.Global.ResourceDirectory, service.ServiceMetadata.ServiceID.String())) serviceInitializationInformation.ResourceDir = os.DirFS(filepath.Join(config.Global.ResourceDirectory, service.ServiceMetadata.ServiceID.String()))
} }
// Check if they want a router
if service.ServiceMetadata.Permissions.Router {
serviceInitializationInformation.Router = subdomainRouter
serviceInitializationInformation.Domain = subdomain
}
// Add the service to the active services // Add the service to the active services
lock.Lock() lock.Lock()
activeServices[service.ServiceMetadata.ServiceID] = service activeServices[service.ServiceMetadata.ServiceID] = service
@ -983,14 +1073,16 @@ func main() {
slog.Error("Error creating database directory: " + err.Error()) slog.Error("Error creating database directory: " + err.Error())
os.Exit(1) os.Exit(1)
} }
} else {
// Set the global database connection
var err error
globalPGConn, err = sql.Open("postgres", config.Global.Database.ConnectionString)
if err != nil {
slog.Error("Error connecting to database: " + err.Error())
os.Exit(1)
} }
// Check if the root TLS certificate exists
if config.Global.HTTPS.CertificatePath != "" && config.Global.HTTPS.KeyPath != "" {
certificate, err := loadTLSCertificate(config.Global.HTTPS.CertificatePath, config.Global.HTTPS.KeyPath)
if err != nil {
slog.Error("Error loading TLS certificate: " + err.Error() + ", TLS will not be available unless specified in the subdomains")
}
certificates["none"] = certificate
} }
// Walk through the service directory and load the plugins // Walk through the service directory and load the plugins
@ -1005,47 +1097,39 @@ func main() {
// Initialize the service discovery, health-check, and logging services // Initialize the service discovery, health-check, and logging services
// Since these are core services, always allocate them the service IDs 0, 1, and 2 // Since these are core services, always allocate them the service IDs 0, 1, and 2
// These are not dynamically loaded, as they are integral to the system functioning // These are not dynamically loaded, as they are integral to the system functioning
go processInterServiceMessage(library.NewListener(globalOutbox)) go processInterServiceMessage(globalOutbox)
// Start the storage service // Start the storage service
// initializeService(registeredServices["storage"], globalOutbox, nil, nil) initializeService(registeredServices["storage"], globalOutbox, nil)
// Iterate through the subdomains and create the routers as well as the compression levels and service maps // Iterate through the subdomains and create the routers as well as the compression levels and service maps
iterateThroughSubdomains(globalOutbox) iterateThroughSubdomains(globalOutbox)
// Start the servers // Start the server
slog.Info("Starting servers") slog.Info("Starting server on " + config.Global.IP + " with ports " + config.Global.HTTPPort + " and " + config.Global.HTTPSPort)
for port, router := range portRouters {
if !router.HTTPSEnabled() {
go func() { go func() {
// Start the HTTP server
err = http.ListenAndServe(config.Global.IP+":"+port, logger(serverChanger(http.HandlerFunc(router.Router))))
slog.Error("Error starting server: " + err.Error())
os.Exit(1)
}()
} else {
// Create the TLS server // Create the TLS server
server := &http.Server{ server := &http.Server{
Addr: config.Global.IP + ":" + port, Addr: config.Global.IP + ":" + config.Global.HTTPSPort,
Handler: logger(serverChanger(http.HandlerFunc(router.Router))), Handler: http.HandlerFunc(hostRouter),
TLSConfig: &tls.Config{ TLSConfig: &tls.Config{
GetCertificate: router.GetCertificate, GetCertificate: getTLSCertificate,
}, },
} }
go func() {
// Start the TLS server // Start the TLS server
err = server.ListenAndServeTLS("", "") err = server.ListenAndServeTLS("", "")
slog.Error("Error starting HTTPS server: " + err.Error()) slog.Error("Error starting HTTPS server: " + err.Error())
os.Exit(1) os.Exit(1)
}() }()
}
}
slog.Info("Servers started. Fulgens is now running. Press Ctrl+C to stop the server.") // Start the HTTP server
err = http.ListenAndServe(config.Global.IP+":"+config.Global.HTTPPort, http.HandlerFunc(hostRouter))
// Wait for a signal to stop the server if err != nil {
signalChannel := make(chan os.Signal, 1) slog.Error("Error starting server: " + err.Error())
signal.Notify(signalChannel, os.Interrupt, syscall.SIGTERM) } else {
<-signalChannel // This should never happen
slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
}
os.Exit(1)
} }

401
services-src/auth/main.go
View file

@ -2,7 +2,7 @@ package main
import ( import (
// Fulgens libraries // Fulgens libraries
library "git.ailur.dev/ailur/fg-library/v3" library "git.ailur.dev/ailur/fg-library/v2"
authLibrary "git.ailur.dev/ailur/fg-nucleus-library" authLibrary "git.ailur.dev/ailur/fg-nucleus-library"
"git.ailur.dev/ailur/pow" "git.ailur.dev/ailur/pow"
@ -25,6 +25,9 @@ import (
"io/fs" "io/fs"
"net/http" "net/http"
// Extra libraries
"golang.org/x/crypto/argon2"
// External libraries // External libraries
"github.com/cespare/xxhash/v2" "github.com/cespare/xxhash/v2"
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
@ -36,7 +39,6 @@ var ServiceInformation = library.Service{
Name: "Authentication", Name: "Authentication",
Permissions: library.Permissions{ Permissions: library.Permissions{
Authenticate: false, // This service *is* the authentication service Authenticate: false, // This service *is* the authentication service
Router: true, // This service does require a router
Database: true, // This service does require database access Database: true, // This service does require database access
BlobStorage: false, // This service does not require blob storage BlobStorage: false, // This service does not require blob storage
InterServiceCommunication: true, // This service does require inter-service communication InterServiceCommunication: true, // This service does require inter-service communication
@ -45,34 +47,15 @@ var ServiceInformation = library.Service{
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"), ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"),
} }
var ( func logFunc(message string, messageType uint64, information library.ServiceInitializationInformation) {
loggerService = uuid.MustParse("00000000-0000-0000-0000-000000000002")
)
func checkScopes(scopes []string) (bool, string, error) {
var clientKeyShare bool
for _, scope := range scopes {
if scope != "openid" && scope != "clientKeyShare" {
return false, "", errors.New("invalid scope")
} else {
if scope == "clientKeyShare" {
clientKeyShare = true
}
}
}
// Marshal the scopes
scopeString, err := json.Marshal(scopes)
if err != nil {
return clientKeyShare, "", err
}
return clientKeyShare, string(scopeString), nil
}
func logFunc(message string, messageType library.MessageCode, information *library.ServiceInitializationInformation) {
// Log the message to the logger service // Log the message to the logger service
information.SendISMessage(loggerService, messageType, message) information.Outbox <- library.InterServiceMessage{
ServiceID: ServiceInformation.ServiceID,
ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000002"), // Logger service
MessageType: messageType,
SentAt: time.Now(),
Message: message,
}
} }
func ensureTrailingSlash(url string) string { func ensureTrailingSlash(url string) string {
@ -108,7 +91,7 @@ func sha256Base64(s string) string {
return encoded return encoded
} }
func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]interface{}, templatePath string, information *library.ServiceInitializationInformation) { func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]interface{}, templatePath string, information library.ServiceInitializationInformation) {
var err error var err error
var requestedTemplate *template.Template var requestedTemplate *template.Template
// Output ls of the resource directory // Output ls of the resource directory
@ -133,7 +116,7 @@ func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]inter
} }
} }
func renderString(statusCode int, w http.ResponseWriter, data string, information *library.ServiceInitializationInformation) { func renderString(statusCode int, w http.ResponseWriter, data string, information library.ServiceInitializationInformation) {
w.Header().Set("Content-Type", "text/plain") w.Header().Set("Content-Type", "text/plain")
w.WriteHeader(statusCode) w.WriteHeader(statusCode)
_, err := w.Write([]byte(data)) _, err := w.Write([]byte(data))
@ -142,7 +125,7 @@ func renderString(statusCode int, w http.ResponseWriter, data string, informatio
} }
} }
func renderJSON(statusCode int, w http.ResponseWriter, data map[string]interface{}, information *library.ServiceInitializationInformation) { func renderJSON(statusCode int, w http.ResponseWriter, data map[string]interface{}, information library.ServiceInitializationInformation) {
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
w.WriteHeader(statusCode) w.WriteHeader(statusCode)
err := json.NewEncoder(w).Encode(data) err := json.NewEncoder(w).Encode(data)
@ -188,12 +171,11 @@ func verifyJwt(token string, publicKey ed25519.PublicKey, mem *sql.DB) ([]byte,
return userId, claims, true return userId, claims, true
} }
func Main(information *library.ServiceInitializationInformation) { func Main(information library.ServiceInitializationInformation) {
var conn library.Database var conn library.Database
var mem *sql.DB var mem *sql.DB
var publicKey ed25519.PublicKey var publicKey ed25519.PublicKey
var privateKey ed25519.PrivateKey var privateKey ed25519.PrivateKey
// Load the configuration // Load the configuration
privacyPolicy := information.Configuration["privacyPolicy"].(string) privacyPolicy := information.Configuration["privacyPolicy"].(string)
hostName := information.Configuration["url"].(string) hostName := information.Configuration["url"].(string)
@ -205,14 +187,22 @@ func Main(information *library.ServiceInitializationInformation) {
identifier := information.Configuration["identifier"].(string) identifier := information.Configuration["identifier"].(string)
adminKey := information.Configuration["adminKey"].(string) adminKey := information.Configuration["adminKey"].(string)
// Start the ISM processor
go information.StartISProcessor()
// Initiate a connection to the database // Initiate a connection to the database
conn, err := information.GetDatabase() // Call service ID 1 to get the database connection information
if err != nil { information.Outbox <- library.InterServiceMessage{
logFunc(err.Error(), 3, information) ServiceID: ServiceInformation.ServiceID,
ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"), // Service initialization service
MessageType: 1, // Request connection information
SentAt: time.Now(),
Message: nil,
} }
// Wait for the response
response := <-information.Inbox
if response.MessageType == 2 {
// This is the connection information
// Set up the database connection
conn = response.Message.(library.Database)
if conn.DBType == library.Sqlite { if conn.DBType == library.Sqlite {
// Create the global table // Create the global table
// Uniqueness check is a hack to ensure we only have one global row // Uniqueness check is a hack to ensure we only have one global row
@ -249,7 +239,7 @@ func Main(information *library.ServiceInitializationInformation) {
} }
} }
// Set up the in-memory cache // Set up the in-memory cache
mem, err = sql.Open("sqlite3", "file:"+ServiceInformation.ServiceID.String()+"?mode=memory&cache=shared") mem, err := sql.Open("sqlite3", "file:"+ServiceInformation.ServiceID.String()+"?mode=memory&cache=shared")
if err != nil { if err != nil {
logFunc(err.Error(), 3, information) logFunc(err.Error(), 3, information)
} }
@ -266,6 +256,10 @@ func Main(information *library.ServiceInitializationInformation) {
if err != nil { if err != nil {
logFunc(err.Error(), 3, information) logFunc(err.Error(), 3, information)
} }
_, err = mem.Exec("DROP TABLE IF EXISTS challengeResponse")
if err != nil {
logFunc(err.Error(), 3, information)
}
// Create the sessions table // Create the sessions table
_, err = mem.Exec("CREATE TABLE sessions (id BLOB NOT NULL, session TEXT NOT NULL, device TEXT NOT NULL DEFAULT '?')") _, err = mem.Exec("CREATE TABLE sessions (id BLOB NOT NULL, session TEXT NOT NULL, device TEXT NOT NULL DEFAULT '?')")
if err != nil { if err != nil {
@ -281,10 +275,20 @@ func Main(information *library.ServiceInitializationInformation) {
if err != nil { if err != nil {
logFunc(err.Error(), 3, information) logFunc(err.Error(), 3, information)
} }
// Create the challenge-response table
_, err = mem.Exec("CREATE TABLE challengeResponse (challenge TEXT NOT NULL UNIQUE, userId BLOB NOT NULL, expires INTEGER NOT NULL)")
if err != nil {
logFunc(err.Error(), 3, information)
}
} else {
// This is an error message
// Log the error message to the logger service
logFunc(response.Message.(error).Error(), 3, information)
}
// Set up the signing keys // Set up the signing keys
// Check if the global table has the keys // Check if the global table has the keys
err = conn.DB.QueryRow("SELECT key FROM global LIMIT 1").Scan(&privateKey) err := conn.DB.QueryRow("SELECT key FROM global LIMIT 1").Scan(&privateKey)
if err != nil { if err != nil {
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
// Generate a new key // Generate a new key
@ -313,10 +317,11 @@ func Main(information *library.ServiceInitializationInformation) {
} }
if testAppIsInternalApp { if testAppIsInternalApp {
_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", ServiceInformation.ServiceID[:], ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester") _, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", ServiceInformation.ServiceID, ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
} else { } else {
testAppCreator := uuid.New() testAppCreator := uuid.New()
_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", testAppCreator[:], ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", testAppCreator, ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
} }
if err != nil { if err != nil {
testAppIsAvailable = false testAppIsAvailable = false
@ -390,6 +395,7 @@ func Main(information *library.ServiceInitializationInformation) {
router.Get("/authorize", func(w http.ResponseWriter, r *http.Request) { router.Get("/authorize", func(w http.ResponseWriter, r *http.Request) {
if r.URL.Query().Get("client_id") != "" { if r.URL.Query().Get("client_id") != "" {
if conn.DBType == library.Sqlite {
var name string var name string
var creator []byte var creator []byte
err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator) err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator)
@ -403,7 +409,6 @@ func Main(information *library.ServiceInitializationInformation) {
return return
} }
// Check if the app is internal
if !bytes.Equal(creator, ServiceInformation.ServiceID[:]) { if !bytes.Equal(creator, ServiceInformation.ServiceID[:]) {
renderTemplate(200, w, map[string]interface{}{ renderTemplate(200, w, map[string]interface{}{
"identifier": identifier, "identifier": identifier,
@ -415,6 +420,32 @@ func Main(information *library.ServiceInitializationInformation) {
"name": name, "name": name,
}, "autoAccept.html", information) }, "autoAccept.html", information)
} }
} else {
var name string
var creator uuid.UUID
err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
renderString(404, w, "App not found", information)
} else {
logFunc(err.Error(), 2, information)
renderString(500, w, "Sorry, something went wrong on our end. Error code: 03. Please report to the administrator.", information)
}
return
}
if creator != ServiceInformation.ServiceID {
renderTemplate(200, w, map[string]interface{}{
"identifier": identifier,
"name": name,
}, "authorize.html", information)
} else {
renderTemplate(200, w, map[string]interface{}{
"identifier": identifier,
"name": name,
}, "autoAccept.html", information)
}
}
} else { } else {
http.Redirect(w, r, "/dashboard", 301) http.Redirect(w, r, "/dashboard", 301)
} }
@ -490,7 +521,7 @@ func Main(information *library.ServiceInitializationInformation) {
router.Post("/api/changePassword", func(w http.ResponseWriter, r *http.Request) { router.Post("/api/changePassword", func(w http.ResponseWriter, r *http.Request) {
type changePassword struct { type changePassword struct {
Session string `json:"session"` Session string `json:"session"`
NewPublicKey string `json:"newPublicKey"` NewPassword string `json:"newPassword"`
} }
var data changePassword var data changePassword
err = json.NewDecoder(r.Body).Decode(&data) err = json.NewDecoder(r.Body).Decode(&data)
@ -507,14 +538,34 @@ func Main(information *library.ServiceInitializationInformation) {
return return
} }
// Update the public key // Generate a new salt
_, err = conn.DB.Exec("UPDATE users SET publicKey = $1 WHERE id = $2", data.NewPublicKey, userId) // We want it to be binary data, not alphanumerical, so we don't use randomChars
salt := make([]byte, 16)
_, err = rand.Read(salt)
if err != nil { if err != nil {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "04"}, information) renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "04"}, information)
logFunc(err.Error(), 2, information) logFunc(err.Error(), 2, information)
return return
} }
// Decode the new password
newPassword, err := base64.StdEncoding.DecodeString(data.NewPassword)
if err != nil {
renderJSON(400, w, map[string]interface{}{"error": "Invalid JSON"}, information)
return
}
// Hash the password
hashedPassword := argon2.IDKey(newPassword, salt, 64, 4096, 1, 32)
// Update the password
_, err = conn.DB.Exec("UPDATE users SET password = $1, salt = $2 WHERE id = $3", hashedPassword, salt, userId)
if err != nil {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "05"}, information)
logFunc(err.Error(), 2, information)
return
}
// Invalidate all sessions // Invalidate all sessions
_, err = mem.Exec("DELETE FROM sessions WHERE id = ?", userId) _, err = mem.Exec("DELETE FROM sessions WHERE id = ?", userId)
if err != nil { if err != nil {
@ -594,7 +645,7 @@ func Main(information *library.ServiceInitializationInformation) {
return return
} }
_, err = conn.DB.Exec("INSERT INTO users (id, created, username, publicKey) VALUES ($1, $2, $3, $4)", userID[:], time.Now().Unix(), data.Username, publicKey) _, err = conn.DB.Exec("INSERT INTO users (id, created, username, publicKey) VALUES ($1, $2, $3, $4)", userID, time.Now().Unix(), data.Username, publicKey)
if err != nil { if err != nil {
if strings.Contains(err.Error(), "UNIQUE constraint failed") { if strings.Contains(err.Error(), "UNIQUE constraint failed") {
renderJSON(409, w, map[string]interface{}{"error": "Username already taken"}, information) renderJSON(409, w, map[string]interface{}{"error": "Username already taken"}, information)
@ -616,13 +667,37 @@ func Main(information *library.ServiceInitializationInformation) {
} }
// Insert the session // Insert the session
_, err = mem.Exec("INSERT INTO sessions (id, session, device) VALUES (?, ?, ?)", userID[:], session, r.Header.Get("User-Agent")) _, err = mem.Exec("INSERT INTO sessions (id, session, device) VALUES (?, ?, ?)", userID, session, r.Header.Get("User-Agent"))
// Return success, as well as the session token // Return success, as well as the session token
renderJSON(200, w, map[string]interface{}{"key": session}, information) renderJSON(200, w, map[string]interface{}{"key": session}, information)
}) })
router.Post("/api/loginChallenge", func(w http.ResponseWriter, r *http.Request) { router.Post("/api/loginChallenge", func(w http.ResponseWriter, r *http.Request) {
type login struct {
Username string `json:"username"`
}
var data login
err = json.NewDecoder(r.Body).Decode(&data)
if err != nil {
renderJSON(400, w, map[string]interface{}{"error": "Invalid JSON"}, information)
return
}
// Get the id for the user
var userId []byte
err = conn.DB.QueryRow("SELECT id FROM users WHERE username = $1", data.Username).Scan(&userId)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
renderJSON(401, w, map[string]interface{}{"error": "Invalid username"}, information)
} else {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "12"}, information)
logFunc(err.Error(), 2, information)
}
return
}
// Generate a new challenge // Generate a new challenge
challenge, err := randomChars(512) challenge, err := randomChars(512)
if err != nil { if err != nil {
@ -631,27 +706,22 @@ func Main(information *library.ServiceInitializationInformation) {
return return
} }
// Issue a new JWT token with the challenge // Insert the challenge with one minute expiration
token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{ _, err = mem.Exec("INSERT INTO challengeResponse (challenge, userId, expires) VALUES (?, ?, ?)", challenge, userId, time.Now().Unix()+60)
"challenge": challenge,
"exp": time.Now().Add(time.Second * 20).Unix(),
})
tokenString, err := token.SignedString(privateKey)
if err != nil { if err != nil {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "51"}, information) renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "53"}, information)
logFunc(err.Error(), 2, information) logFunc(err.Error(), 2, information)
return return
} }
// Return the challenge // Return the challenge
renderJSON(200, w, map[string]interface{}{"challenge": challenge, "verifier": tokenString}, information) renderJSON(200, w, map[string]interface{}{"challenge": challenge}, information)
}) })
router.Post("/api/login", func(w http.ResponseWriter, r *http.Request) { router.Post("/api/login", func(w http.ResponseWriter, r *http.Request) {
type login struct { type login struct {
Username string `json:"username"` Username string `json:"username"`
Signature string `json:"signature"` Signature string `json:"signature"`
Verifier string `json:"verifier"`
} }
var data login var data login
@ -663,8 +733,8 @@ func Main(information *library.ServiceInitializationInformation) {
// Try to select the user // Try to select the user
var userId []byte var userId []byte
var userPublicKey []byte var publicKey []byte
err = conn.DB.QueryRow("SELECT id, publicKey FROM users WHERE username = $1", data.Username).Scan(&userId, &userPublicKey) err = conn.DB.QueryRow("SELECT id, publicKey FROM users WHERE username = $1", data.Username).Scan(&userId, &publicKey)
if err != nil { if err != nil {
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
renderJSON(401, w, map[string]interface{}{"error": "Invalid username"}, information) renderJSON(401, w, map[string]interface{}{"error": "Invalid username"}, information)
@ -683,43 +753,33 @@ func Main(information *library.ServiceInitializationInformation) {
} }
// Verify the challenge // Verify the challenge
token, err := jwt.Parse(data.Verifier, func(token *jwt.Token) (interface{}, error) { // Select the current challenge from the database
return publicKey, nil var challenge string
}) err = mem.QueryRow("SELECT challenge FROM challengeResponse WHERE userId = ?", userId).Scan(&challenge)
if err != nil { if err != nil {
renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier"}, information) if errors.Is(err, sql.ErrNoRows) {
return renderJSON(401, w, map[string]interface{}{"error": "Invalid challenge"}, information)
} else {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "52"}, information)
logFunc(err.Error(), 2, information)
} }
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no claims"}, information)
return
}
expired, err := claims.GetExpirationTime()
if err != nil {
renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no expiry"}, information)
return
}
if expired.Before(time.Now()) {
renderJSON(401, w, map[string]interface{}{"error": "Expired verifier"}, information)
return
}
challenge, ok := claims["challenge"].(string)
if !ok {
renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no challenge"}, information)
return return
} }
// Check if the challenge is correct by verifying the signature // Check if the challenge is correct by verifying the signature
if !ed25519.Verify(userPublicKey, []byte(challenge), signature) { if !ed25519.Verify(publicKey, []byte(challenge), signature) {
renderJSON(401, w, map[string]interface{}{"error": "Invalid signature"}, information) renderJSON(401, w, map[string]interface{}{"error": "Invalid signature"}, information)
return return
} }
// Delete the challenge
_, err = mem.Exec("DELETE FROM challengeResponse WHERE userId = ?", userId)
if err != nil {
renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "53"}, information)
logFunc(err.Error(), 2, information)
return
}
// Create a new session // Create a new session
// We want the session token to be somewhat legible, so we use randomChars // We want the session token to be somewhat legible, so we use randomChars
// As a trade-off for this, we use a longer session token // As a trade-off for this, we use a longer session token
@ -1175,6 +1235,7 @@ func Main(information *library.ServiceInitializationInformation) {
}) })
router.Post("/api/oauth/add", func(w http.ResponseWriter, r *http.Request) { router.Post("/api/oauth/add", func(w http.ResponseWriter, r *http.Request) {
// Conveniently, we use this one for ISB as well, so we can re-use the struct // Conveniently, we use this one for ISB as well, so we can re-use the struct
var data authLibrary.OAuthInformation var data authLibrary.OAuthInformation
err = json.NewDecoder(r.Body).Decode(&data) err = json.NewDecoder(r.Body).Decode(&data)
@ -1210,9 +1271,27 @@ func Main(information *library.ServiceInitializationInformation) {
} }
// Validate the scopes // Validate the scopes
clientKeyShare, scopes, err := checkScopes(data.Scopes) var clientKeyShare bool
for _, scope := range data.Scopes {
if scope != "openid" && scope != "clientKeyShare" {
renderJSON(400, w, map[string]interface{}{"error": "Invalid scope"}, information)
return
} else {
if scope == "clientKeyShare" {
clientKeyShare = true
} else if scope != "openid" {
logFunc("An impossible logic error has occurred, please move away from radiation or use ECC RAM", 1, information)
renderJSON(400, w, map[string]interface{}{"error": "Invalid scope"}, information)
return
}
}
}
// Marshal the scopes
scopes, err := json.Marshal(data.Scopes)
if err != nil { if err != nil {
renderJSON(400, w, map[string]interface{}{"error": err.Error()}, information) renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "36"}, information)
logFunc(err.Error(), 2, information)
return return
} }
@ -1555,7 +1634,17 @@ func Main(information *library.ServiceInitializationInformation) {
if err != nil { if err != nil {
logFunc(err.Error(), 1, information) logFunc(err.Error(), 1, information)
} else { } else {
logFunc("Cleanup complete, deleted "+strconv.FormatInt(affectedCount, 10)+" entries", 0, information) affected, err := mem.Exec("DELETE FROM challengeResponse WHERE expires < ?", time.Now().Unix())
if err != nil {
logFunc(err.Error(), 1, information)
} else {
affectedCount2, err := affected.RowsAffected()
if err != nil {
logFunc(err.Error(), 1, information)
} else {
logFunc("Cleanup complete, deleted "+strconv.FormatInt(affectedCount+affectedCount2, 10)+" entries", 0, information)
}
}
} }
} }
} }
@ -1564,78 +1653,136 @@ func Main(information *library.ServiceInitializationInformation) {
go func() { go func() {
for { for {
// Wait for a message // Wait for a message
message := information.AcceptMessage() message := <-information.Inbox
if message.ServiceID != uuid.MustParse("00000000-0000-0000-0000-000000000001") {
// Check the message type // Check the message type
switch message.MessageType { switch message.MessageType {
case 0: case 0:
// A service would like to have the hostname // A service would like to know our hostname
// Send it to them // Send it to them
message.Respond(library.Success, hostName, information) information.Outbox <- library.InterServiceMessage{
MessageType: 0,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: hostName,
SentAt: time.Now(),
}
case 1: case 1:
// A service would like to register a new OAuth entry // A service would like to register a new OAuth entry
// Validate the scopes // Generate a new secret
clientKeyShare, scopes, err := checkScopes(message.Message.(authLibrary.OAuthInformation).Scopes) // It must be able to be sent via JSON, so we can't have pure-binary data
secret, err := randomChars(512)
if err != nil { if err != nil {
message.Respond(library.BadRequest, err, information) information.Outbox <- library.InterServiceMessage{
return MessageType: 1,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "36",
SentAt: time.Now(),
} }
// Check if the service already has an OAuth entry
var appId, secret string
err = conn.DB.QueryRow("SELECT appId, secret FROM oauth WHERE appId = $1", message.ServiceID.String()).Scan(&appId, &secret)
if err == nil && appId == message.ServiceID.String() {
// Update the entry to thew new scopes and redirect URI
if clientKeyShare {
_, err = conn.DB.Exec("UPDATE oauth SET name = $1, redirectUri = $2, scopes = $3, keyShareUri = $4 WHERE appId = $5", message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri, message.ServiceID.String())
} else {
_, err = conn.DB.Exec("UPDATE oauth SET name = $1, redirectUri = $2, scopes = $3 WHERE appId = $4", message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.ServiceID.String())
}
if err != nil {
message.Respond(library.InternalError, err, information)
logFunc(err.Error(), 2, information) logFunc(err.Error(), 2, information)
return return
} }
message.Respond(library.Success, authLibrary.OAuthResponse{ // Generate a new appId
AppID: appId, // It must be able to be sent via JSON, so we can't have pure-binary data
SecretKey: secret, appId, err := randomChars(32)
}, information) if err != nil {
information.Outbox <- library.InterServiceMessage{
MessageType: 1,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "37",
SentAt: time.Now(),
}
logFunc(err.Error(), 2, information)
return return
} }
// Generate a new secret // Validate the scopes
// It must be able to be sent via JSON, so we can't have pure-binary data var clientKeyShare bool
secret, err = randomChars(512) for _, scope := range message.Message.(authLibrary.OAuthInformation).Scopes {
if scope != "openid" && scope != "clientKeyShare" {
information.Outbox <- library.InterServiceMessage{
MessageType: 2,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "Invalid scope",
SentAt: time.Now(),
}
return
} else {
if scope == "clientKeyShare" {
clientKeyShare = true
} else if scope != "openid" {
logFunc("An impossible logic error has occurred, please move away from radiation or use ECC RAM", 1, information)
information.Outbox <- library.InterServiceMessage{
MessageType: 2,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "Invalid scope",
SentAt: time.Now(),
}
return
}
}
}
// Marshal the scopes
scopes, err := json.Marshal(message.Message.(authLibrary.OAuthInformation).Scopes)
if err != nil { if err != nil {
message.Respond(library.InternalError, err, information) information.Outbox <- library.InterServiceMessage{
MessageType: 1,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "38",
SentAt: time.Now(),
}
logFunc(err.Error(), 2, information) logFunc(err.Error(), 2, information)
return return
} }
// Insert the oauth entry // Insert the oauth entry
if clientKeyShare { if clientKeyShare {
_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ($1, $2, $3, $4, $5, $6, $7)", message.ServiceID.String(), secret, ServiceInformation.ServiceID[:], message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri) _, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ($1, $2, $3, $4, $5, $6, $7)", appId, secret, ServiceInformation.ServiceID, message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri)
} else { } else {
_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes) VALUES ($1, $2, $3, $4, $5, $6)", message.ServiceID.String(), secret, ServiceInformation.ServiceID[:], message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes) _, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes) VALUES ($1, $2, $3, $4, $5, $6)", appId, secret, ServiceInformation.ServiceID, message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes)
} }
if err != nil { if err != nil {
message.Respond(library.InternalError, err, information) information.Outbox <- library.InterServiceMessage{
MessageType: 1,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: "39",
SentAt: time.Now(),
}
logFunc(err.Error(), 2, information) logFunc(err.Error(), 2, information)
return return
} }
// Return the appId and secret // Return the appId and secret
message.Respond(library.Success, authLibrary.OAuthResponse{ information.Outbox <- library.InterServiceMessage{
MessageType: 0,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: authLibrary.OAuthResponse{
AppID: appId, AppID: appId,
SecretKey: secret, SecretKey: secret,
}, information) },
SentAt: time.Now(),
}
case 2: case 2:
// A service would like to have the public key // A service would like to have the public key
// Send it to them // Send it to them
message.Respond(library.Success, publicKey, information) information.Outbox <- library.InterServiceMessage{
MessageType: 2,
ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
Message: publicKey,
SentAt: time.Now(),
}
}
} }
} }
}() }()

3
services-src/auth/resources/static/js/logout.js
View file

@ -1,8 +1,7 @@
// @license magnet:?xt=urn:btih:0ef1b8170b3b615170ff270def6427c317705f85&dn=lgpl-3.0.txt LGPL-3.0 // @license magnet:?xt=urn:btih:0ef1b8170b3b615170ff270def6427c317705f85&dn=lgpl-3.0.txt LGPL-3.0
// This sad excuse for a script is used so LibreJS doesn't scream at me // This sad excuse for a script is used so LibreJS doesn't scream at me
localStorage.removeItem("DONOTSHARE-clientKey") localStorage.clear()
localStorage.removeItem("DONOTSHARE-secretKey")
window.location.replace("/login" + window.location.search) window.location.replace("/login" + window.location.search)
// @license-end // @license-end

1
services-src/auth/resources/wasm/login/main.go
View file

@ -192,7 +192,6 @@ func main() {
signupBody := map[string]interface{}{ signupBody := map[string]interface{}{
"username": username, "username": username,
"signature": base64.StdEncoding.EncodeToString(signature), "signature": base64.StdEncoding.EncodeToString(signature),
"verifier": responseMap["verifier"].(string),
} }
// Marshal the body // Marshal the body

2
services-src/auth/resources/wasm/testApp/main.go
View file

@ -236,7 +236,7 @@ func main() {
// Redirect to the client key exchange endpoint // Redirect to the client key exchange endpoint
js.Global().Get("swipe").Get("classList").Call("add", "swipe-animate") js.Global().Get("swipe").Get("classList").Call("add", "swipe-animate")
time.Sleep(sleepTime) time.Sleep(sleepTime)
// js.Global().Get("window").Get("location").Call("replace", "/clientKeyShare?ecdhPublicKey="+base64.URLEncoding.EncodeToString(privateKey.PublicKey().Bytes())+"&accessToken="+responseMap["access_token"].(string)) js.Global().Get("window").Get("location").Call("replace", "/clientKeyShare?ecdhPublicKey="+base64.URLEncoding.EncodeToString(privateKey.PublicKey().Bytes())+"&accessToken="+responseMap["access_token"].(string))
return return
} else if response.StatusCode != 500 { } else if response.StatusCode != 500 {
statusBox.Set("innerText", responseMap["error"].(string)) statusBox.Set("innerText", responseMap["error"].(string))

241
services-src/storage/main.go
View file

@ -1,15 +1,14 @@
package main package main
import ( import (
library "git.ailur.dev/ailur/fg-library/v3" library "git.ailur.dev/ailur/fg-library/v2"
nucleusLibrary "git.ailur.dev/ailur/fg-nucleus-library" nucleusLibrary "git.ailur.dev/ailur/fg-nucleus-library"
"io"
"bytes" "errors"
"os" "os"
"time"
"database/sql" "database/sql"
"errors"
"path/filepath" "path/filepath"
"github.com/google/uuid" "github.com/google/uuid"
@ -19,40 +18,47 @@ var ServiceInformation = library.Service{
Name: "Storage", Name: "Storage",
Permissions: library.Permissions{ Permissions: library.Permissions{
Authenticate: false, // This service does not require authentication Authenticate: false, // This service does not require authentication
Router: false, // This service does not serve web pages
Database: true, // This service requires database access to store quotas Database: true, // This service requires database access to store quotas
BlobStorage: false, // This service *is* the blob storage BlobStorage: false, // This service *is* the blob storage
InterServiceCommunication: true, // This service does require inter-service communication InterServiceCommunication: true, // This service does require inter-service communication
Resources: false, // This service does not require access to its resource directory
}, },
ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000003"), ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000003"),
} }
var ( var conn library.Database
loggerService = uuid.MustParse("00000000-0000-0000-0000-000000000002")
)
func logFunc(message string, messageType library.MessageCode, information *library.ServiceInitializationInformation) { func logFunc(message string, messageType uint64, information library.ServiceInitializationInformation) {
// Log the message to the logger service // Log the error message to the logger service
information.SendISMessage(loggerService, messageType, message) information.Outbox <- library.InterServiceMessage{
ServiceID: ServiceInformation.ServiceID,
ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000002"), // Logger service
MessageType: messageType,
SentAt: time.Now(),
Message: message,
}
} }
func respondError(message library.InterServiceMessage, err error, information *library.ServiceInitializationInformation, myFault bool) { func respondError(message string, information library.ServiceInitializationInformation, myFault bool, serviceID uuid.UUID) {
// Respond with an error message // Respond with an error message
var errCode = library.BadRequest var err uint64 = 1
if myFault { if myFault {
// Log the error message to the logger service // Log the error message to the logger service
logFunc(err.Error(), 2, information) logFunc(message, 2, information)
errCode = library.InternalError err = 2
}
information.Outbox <- library.InterServiceMessage{
ServiceID: ServiceInformation.ServiceID,
ForServiceID: serviceID,
MessageType: err,
SentAt: time.Now(),
Message: errors.New(message),
} }
message.Respond(errCode, err, information)
} }
func checkUserExists(userID uuid.UUID, conn library.Database) bool { func checkUserExists(userID uuid.UUID) bool {
// Check if a user exists in the database // Check if a user exists in the database
var userCheck []byte var userCheck []byte
err := conn.DB.QueryRow("SELECT id FROM users WHERE id = $1", userID[:]).Scan(&userCheck) err := conn.DB.QueryRow("SELECT id FROM users WHERE id = $1", userID).Scan(&userCheck)
if err != nil { if err != nil {
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
return false return false
@ -60,99 +66,74 @@ func checkUserExists(userID uuid.UUID, conn library.Database) bool {
return false return false
} }
} else { } else {
return bytes.Equal(userCheck, userID[:]) return uuid.Must(uuid.FromBytes(userCheck)) == userID
} }
} }
// addQuota can be used with a negative quota to remove quota from a user // addQuota can be used with a negative quota to remove quota from a user
func addQuota(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) { func addQuota(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
// Add more quota to a user // Add more quota to a user
userID := message.Message.(nucleusLibrary.Quota).User if checkUserExists(message.Message.(nucleusLibrary.Quota).User) {
if checkUserExists(userID, conn) {
_, err := conn.DB.Exec("UPDATE users SET quota = quota + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, message.Message.(nucleusLibrary.Quota).User) _, err := conn.DB.Exec("UPDATE users SET quota = quota + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, message.Message.(nucleusLibrary.Quota).User)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
} else { } else {
_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int))+message.Message.(nucleusLibrary.Quota).Bytes) _, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", message.Message.(nucleusLibrary.Quota).User, int64(information.Configuration["defaultQuota"].(float64))+message.Message.(nucleusLibrary.Quota).Bytes)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
} }
// Success
message.Respond(library.Success, nil, information)
} }
// And so does addReserved // And so does addReserved
func addReserved(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) { func addReserved(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
// Add more reserved space to a user // Add more reserved space to a user
userID := message.Message.(nucleusLibrary.Quota).User if checkUserExists(message.Message.(nucleusLibrary.Quota).User) {
if checkUserExists(userID, conn) {
// Check if the user has enough space // Check if the user has enough space
quota, err := getQuota(information, userID, conn) quota, err := getQuota(message.Message.(nucleusLibrary.Quota).User)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
used, err := getUsed(userID, information, conn) used, err := getUsed(message.Message.(nucleusLibrary.Quota).User, information)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
if used+message.Message.(nucleusLibrary.Quota).Bytes > quota { if used+message.Message.(nucleusLibrary.Quota).Bytes > quota {
respondError(message, errors.New("insufficient storage"), information, false) respondError("insufficient storage", information, false, message.ServiceID)
return return
} }
_, err = conn.DB.Exec("UPDATE users SET reserved = reserved + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, userID[:]) _, err = conn.DB.Exec("UPDATE users SET reserved = reserved + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, message.Message.(nucleusLibrary.Quota).User)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
} else { } else {
// Check if the user has enough space // Check if the user has enough space
if int64(information.Configuration["defaultQuota"].(int)) < message.Message.(nucleusLibrary.Quota).Bytes { if int64(information.Configuration["defaultQuota"].(float64)) < message.Message.(nucleusLibrary.Quota).Bytes {
respondError(message, errors.New("insufficient storage"), information, false) respondError("insufficient storage", information, false, message.ServiceID)
return return
} }
_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, $3)", userID[:], int64(information.Configuration["defaultQuota"].(int)), message.Message.(nucleusLibrary.Quota).Bytes) _, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, $3)", message.Message.(nucleusLibrary.Quota).User, int64(information.Configuration["defaultQuota"].(float64)), message.Message.(nucleusLibrary.Quota).Bytes)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
} }
// Success
message.Respond(library.Success, nil, information)
} }
func getQuota(information *library.ServiceInitializationInformation, userID uuid.UUID, conn library.Database) (int64, error) { func getQuota(userID uuid.UUID) (int64, error) {
// Get the quota for a user // Get the quota for a user
var quota int64 var quota int64
err := conn.DB.QueryRow("SELECT quota FROM users WHERE id = $1", userID[:]).Scan(&quota) err := conn.DB.QueryRow("SELECT quota FROM users WHERE id = $1", userID).Scan(&quota)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int)))
if err != nil { if err != nil {
return 0, err return 0, err
} }
return int64(information.Configuration["defaultQuota"].(int)), nil
} else {
return 0, err
}
}
return quota, nil return quota, nil
} }
func getUsed(userID uuid.UUID, information *library.ServiceInitializationInformation, conn library.Database) (int64, error) { func getUsed(userID uuid.UUID, information library.ServiceInitializationInformation) (int64, error) {
// Get the used space for a user by first getting the reserved space from file storage // Get the used space for a user by first getting the reserved space from file storage
_, err := os.Stat(filepath.Join(information.Configuration["path"].(string), userID.String()))
if os.IsNotExist(err) {
// Create the directory
err = os.Mkdir(filepath.Join(information.Configuration["path"].(string), userID.String()), 0755)
if err != nil {
return 0, err
}
}
var used int64 var used int64
err = filepath.Walk(filepath.Join(information.Configuration["path"].(string), userID.String()), func(path string, entry os.FileInfo, err error) error { err := filepath.Walk(filepath.Join(information.Configuration["path"].(string), userID.String()), func(path string, entry os.FileInfo, err error) error {
if err != nil { if err != nil {
return err return err
} }
@ -167,167 +148,147 @@ func getUsed(userID uuid.UUID, information *library.ServiceInitializationInforma
// Then add the reserved space from the database // Then add the reserved space from the database
var reserved int64 var reserved int64
err = conn.DB.QueryRow("SELECT reserved FROM users WHERE id = $1", userID[:]).Scan(&reserved) err = conn.DB.QueryRow("SELECT reserved FROM users WHERE id = $1", userID).Scan(&reserved)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int)))
if err != nil { if err != nil {
return 0, err return 0, err
} }
return 0, nil
} else {
return 0, err
}
}
return used + reserved, nil return used + reserved, nil
} }
func modifyFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) { func modifyFile(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
// Check if the file already exists // Check if the file already exists
path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name) path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name)
logFunc(path, 0, information)
_, err := os.Stat(path) _, err := os.Stat(path)
if err == nil { if os.IsNotExist(err) {
// Delete the file // Delete the file
err = os.Remove(path) err = os.Remove(path)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
} else if !os.IsNotExist(err) {
respondError(message, err, information, true)
} }
// Check if the user has enough space // Check if the user has enough space
quota, err := getQuota(information, message.Message.(nucleusLibrary.File).User, conn) quota, err := getQuota(message.Message.(nucleusLibrary.File).User)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
used, err := getUsed(message.Message.(nucleusLibrary.File).User, information, conn) used, err := getUsed(message.Message.(nucleusLibrary.File).User, information)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
if used+message.Message.(nucleusLibrary.File).Reader.N > quota { if used+int64(len(message.Message.(nucleusLibrary.File).Bytes)) > quota {
respondError(message, errors.New("insufficient storage"), information, false) respondError("insufficient storage", information, false, message.ServiceID)
return return
} }
// Add a file to the user's storage // Add a file to the user's storage
file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0644) file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0644)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
// Write the file // Write the file
_, err = io.Copy(file, message.Message.(nucleusLibrary.File).Reader) _, err = file.Write(message.Message.([]byte))
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
// Close the file // Close the file
err = file.Close() err = file.Close()
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
// Success
message.Respond(library.Success, nil, information)
} }
func getFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage) { func getFile(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
// Check if the file exists // Check if the file exists
path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name) path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name)
_, err := os.Stat(path) _, err := os.Stat(path)
if os.IsNotExist(err) { if os.IsNotExist(err) {
println("file not found: " + path) respondError("file not found", information, false, message.ServiceID)
respondError(message, errors.New("file not found"), information, false)
return return
} }
// Open the file // Open the file
file, err := os.Open(path) file, err := os.Open(path)
if err != nil { if err != nil {
respondError(message, err, information, true) respondError(err.Error(), information, true, message.ServiceID)
} }
// Respond with the file // Respond with the file
// It's their responsibility to close the file // It's their responsibility to close the file
message.Respond(library.Success, file, information) information.Outbox <- library.InterServiceMessage{
} ServiceID: ServiceInformation.ServiceID,
ForServiceID: message.ServiceID,
func deleteFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage) { MessageType: 1,
// Check if the file exists SentAt: time.Now(),
path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name) Message: file,
_, err := os.Stat(path)
if os.IsNotExist(err) {
respondError(message, errors.New("file not found"), information, false)
return
} }
// Delete the file
err = os.Remove(path)
if err != nil {
respondError(message, err, information, true)
}
// Success
message.Respond(library.Success, nil, information)
} }
// processInterServiceMessages listens for incoming messages and processes them // processInterServiceMessages listens for incoming messages and processes them
func processInterServiceMessages(information *library.ServiceInitializationInformation, conn library.Database) { func processInterServiceMessages(information library.ServiceInitializationInformation) {
// Listen for incoming messages // Listen for incoming messages
for { for {
message := information.AcceptMessage() message := <-information.Inbox
switch message.MessageType { switch message.MessageType {
case 1: case 1:
// Add quota // Add quota
addQuota(information, message, conn) addQuota(information, message)
case 2: case 2:
// Add reserved // Add reserved
addReserved(information, message, conn) addReserved(information, message)
case 3: case 3:
// Modify file // Modify file
modifyFile(information, message, conn) modifyFile(information, message)
case 4: case 4:
// Get file // Get file
getFile(information, message) getFile(information, message)
case 5:
deleteFile(information, message)
default: default:
// Respond with an error message // Respond with an error message
respondError(message, errors.New("invalid message type"), information, false) respondError("invalid message type", information, false, message.ServiceID)
} }
} }
} }
func Main(information *library.ServiceInitializationInformation) { func Main(information library.ServiceInitializationInformation) {
// Start up the ISM processor // Initiate a connection to the database
go information.StartISProcessor() // Call service ID 1 to get the database connection information
information.Outbox <- library.InterServiceMessage{
// Get the database connection ServiceID: ServiceInformation.ServiceID,
conn, err := information.GetDatabase() ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"), // Service initialization service
if err != nil { MessageType: 1, // Request connection information
logFunc(err.Error(), 3, information) SentAt: time.Now(),
Message: nil,
} }
// Wait for the response
response := <-information.Inbox
if response.MessageType == 2 {
// This is the connection information
// Set up the database connection
conn = response.Message.(library.Database)
// Create the quotas table if it doesn't exist // Create the quotas table if it doesn't exist
if conn.DBType == library.Sqlite { if conn.DBType == library.Sqlite {
_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB PRIMARY KEY, quota BIGINT, reserved BIGINT)") _, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS quotas (id BLOB PRIMARY KEY, quota BIGINT, reserved BIGINT)")
if err != nil { if err != nil {
logFunc(err.Error(), 3, information) logFunc(err.Error(), 3, information)
} }
} else { } else {
_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BYTEA PRIMARY KEY, quota BIGINT, reserved BIGINT)") _, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id UUID PRIMARY KEY, quota BIGINT, reserved BIGINT)")
if err != nil { if err != nil {
logFunc(err.Error(), 3, information) logFunc(err.Error(), 3, information)
} }
} }
} else {
// This is an error message
// Log the error message to the logger service
logFunc(response.Message.(error).Error(), 3, information)
}
// Listen for incoming messages // Listen for incoming messages
go processInterServiceMessages(information, conn) go processInterServiceMessages(information)
} }